Closed Bug 599354 Opened 9 years ago Closed 6 months ago
crash under Windows XP in Base
Thread Start @ Rtlp Worker Callout (malware-related?)
Build : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100924 Firefox/4.0b7pre This is a residual crash signature that is present in 3.0, 3.5, 3.6, 4.0beta. It happens only on Windows XP. It #60 top crasher in 4.0b6 for the last 2 weeks. Here are some comments of users that are very angry because it happens every time: "3.6.10 CRASHES ABOUT EVERY 120 SECONDS!!!! ARGH!" "I don't know what happened, I have to turn my computer off,after every time I use it to get back on line. I do not know the address of the page I was on." "When trying to upgrade to 3.6 from 3.5 Firefox crashes and I have to reset again. This has happened numerous times. What can you do to fix this problem. It has been going on for days. It is getting very ridiculous. Firefox may be a thing of the past for me." The crashing thread says nothing about the implicated firefox process, even in looking at the others threads. Signature RtlpWorkerCallout UUID 73f53bcc-69a9-423f-bc7f-788782100924 Time 2010-09-24 01:43:10.190693 Uptime 69 Last Crash 2159450 seconds (3.6 weeks) before submission Install Age 577030 seconds (6.7 days) since version was first installed. Product Firefox Version 3.5.13 Build ID 20100914130356 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Dodatek Service Pack 3 CPU x86 CPU Info AuthenticAMD family 15 model 95 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 Crashing Thread Frame Module Signature [Expand] Source 0 @0x1a2d0f 1 ntdll.dll RtlpWorkerCallout 2 ntdll.dll RtlpExecuteWorkerRequest 3 ntdll.dll RtlpApcCallout 4 ntdll.dll RtlpExecuteWorkerRequest 5 kernel32.dll BaseThreadStart More reports at : http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=RtlpWorkerCallout
Having a quick look a the Modules of some random Reports there a quite some unversioned DLLs listed, like sshnas21.dll grtklxk.dll cdklgvz.dll Since all Branches seem affected, I presume this is caused by some Malware Stuff.
The current 4.0 crashes in https://crash-stats.mozilla.com/report/list?signature=RtlpWorkerCallout have a 100% correlation with tapi32.dll but looking into reports, I also see a few with unversioned DLLs like dadkeyb.dll or RocketDock.dll or a Syncor11.dll with version 0.1.2.3 that somehow looks interesting, but some don't look suspicious from a fast glance over modules. Still, this is #190 on yesterday's 4.0* topcrash list with ~25 crashes per ADU and a rising tendency.
Summary: crash under Windows XP [@ RtlpWorkerCallout ] → crash under Windows XP [@ RtlpWorkerCallout ] (malware-related?)
This is still rising on both 3.6 and 4.0, we might want to take a look at what this really is.
It is now #17 top crasher in 4.0 over the last 3 days. I see no unversioned DLLs in correlations.
On the rise together with bug 647366 (@ RtlpTpWorkCallback) in the last few days, #10 on 4.0*, #11 on 3.6* now (yesterday's data).
not going to track this for Firefox 5, because there's nothing we can do for this in the timeframe we have. Initiatives to improve this situation are actually outside of this bug and our release cycle.
Crash Signature: [@ RtlpWorkerCallout ]
Just over 50% of these crashes happen in < 1 min. Adding the whiteboard tag.
Crash Signature: [@ RtlpWorkerCallout ] → [@ RtlpWorkerCallout ] [@ RtlpWorkerCallout | RtlpExecuteWorkerRequest | RtlpApcCallout | RtlpExecuteWorkerRequest | BaseThreadStart]
Summary: crash under Windows XP [@ RtlpWorkerCallout ] (malware-related?) → crash under Windows XP in BaseThreadStart @ RtlpWorkerCallout (malware-related?)
Still high in crash stats - #21 on Fx12.
This showed up in the explosive report for 13 today: https://crash-analysis.mozilla.com/rkaiser/2012-07-24/2012-07-24.firefox.13.explosiveness.html
It's #66 top browser crasher in 15.0.1.
Looking up online it's malware. The 2 dlls are malware, look up the sshnas21.dll.
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.