Crash in [@ nsNntpCacheStreamListener::OnStartRequest(nsIRequest*, nsISupports*)] closing stand-alone windows.

RESOLVED FIXED in Thunderbird 3.0rc1

Status

MailNews Core
Networking: NNTP
--
critical
RESOLVED FIXED
16 years ago
6 years ago

People

(Reporter: stephend@netscape.com (gone - use stephen.donner@gmail.com instead), Assigned: Bienvenu)

Tracking

({crash, fixed-seamonkey2.0.1, topcrash})

Trunk
Thunderbird 3.0rc1
crash, fixed-seamonkey2.0.1, topcrash
Bug Flags:
blocking-thunderbird3 -

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment, 2 obsolete attachments)

Build ID: 2002-03-12-08, Linux RedHat 7.2

Summary: Crash in [ @ nsNntpCacheStreamListener::OnStartRequest] closing
stand-alone windows.

Steps to Reproduce:

DISCLAIMER: Not very reproducable, and the server was being extremely slow when
I was doing this, so bear with me.

1.  Double-click on multiple news postings.
2.  Before they come up entirely, close their windows.

Expected Results:

Window should close.

Actual Results:

Crash in nsNntpCacheStreamListener::OnStartRequest
Here's the full stack, but it's not particularly useful.

nsNntpCacheStreamListener::OnStartRequest() 
Process() 
nsStorageTransport::AsyncRead() 
AsyncRead() 
nsNNTPProtocol::ReadFromMemCache() 
nsNNTPProtocol::OnCacheEntryAvailable() 
XPTC_InvokeByIndex() 
EventHandler() 
PL_HandleEvent() 
PL_ProcessEventsBeforeID() 
processQueue() 
nsVoidArray::EnumerateForwards() 
nsAppShell::ProcessBeforeID() 
handle_gdk_event() 
libgdk-1.2.so.0 + 0x1710f (0x4036910f) 
libglib-1.2.so.0 + 0x10055 (0x40398055) 
libglib-1.2.so.0 + 0x10659 (0x40398659) 
libglib-1.2.so.0 + 0x107e8 (0x403987e8) 
libgtk-1.2.so.0 + 0x9127b (0x402b427b) 
nsAppShell::Run() 
nsAppShellService::Run() 
netscape-bin + 0x84a9 (0x080504a9) 
netscape-bin + 0x8cf7 (0x08050cf7) 
libc.so.6 + 0x1c306 (0x404f5306) 
Keywords: crash

Comment 2

16 years ago
Are there other crashes in talkback, with the same stack?  Any other data?
It was from a Windows XP user, but they didn't place their email or steps to
reproduce in the stack

 2002031805   MozillaTrunk   Windows NT 5.1 build 2600   2002-03-21 04:13:42  
nsNntpCacheStreamListener::OnStartRequest d753d45d
Okay, people are still seeing this.  I'm seeing crashes in Talkback stacks as
recent as 8/26/2002.
x86 Registers:
EAX: 00000000 EBX: 60012450 ECX: 00000000 EDX: 0012fd08
ESI: 03f418e0 EDI: 00000000 ESP: 0012fcec EBP: 0012fd0c
EIP: 60c4fe2a cf PF af ZF sf of IF df nt RF vm   IOPL: 0
CS: 001b DS: 0023 SS: 0023 ES: 0023 FS: 0038 GS: 0000

Code Around the PC:
60c4fe2a 8b08             mov     ecx,[eax]
60c4fe2c ff5124           call    dword ptr [ecx+0x24]
60c4fe2f 8b45fc           mov     eax,[ebp-0x4]
60c4fe32 3bc7             cmp     eax,edi
60c4fe34 740a             jz      60c4fe40
60c4fe36 8b08             mov     ecx,[eax]
60c4fe38 57               push    edi
60c4fe39 ff7508           push    dword ptr [ebp+0x8]
60c4fe3c 50               push    eax
60c4fe3d ff5144           call    dword ptr [ecx+0x44]
60c4fe40 ff7510           push    dword ptr [ebp+0x10]
60c4fe43 8b760c           mov     esi,[esi+0xc]
60c4fe46 ff7508           push    dword ptr [ebp+0x8]
60c4fe49 8b491c           mov     ecx,[ecx+0x1c]

Comment 6

15 years ago
The crash occurs at line 721:

mChannelToUse->GetLoadGroup(getter_AddRefs(loadGroup));

Looks like mChannelToUse is null.

NOTE: The assembler is not exactly identical to what I have on my system, but
I'm pretty certain this is the crash.

Comment 7

15 years ago
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and
<http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss
bugs are of critical or possibly higher severity.  Only changing open bugs to
minimize unnecessary spam.  Keywords to trigger this would be crash, topcrash,
topcrash+, zt4newcrash, dataloss.
Severity: major → critical

Comment 8

15 years ago
not very many crashes, and mostly by one user. marking topcrash- 

Recent stack:
 Stack trace(Frame) 

	 nsNntpCacheStreamListener::OnStartRequest()
[/builds/client/linux22/seamonkey/mozilla/mailnews/news/src/nsNNTPProtocol.cpp 
line 717] 
	 nsInputStreamPump::OnStateStart()
[/builds/client/linux22/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp
 line 354] 
	 nsInputStreamPump::OnInputStreamReady()
[/builds/client/linux22/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp
 line 319] 
	 nsInputStreamReadyEvent::EventHandler()  
	 PL_HandleEvent()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c  line 659] 
	 PL_ProcessPendingEvents()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c  line 594] 
	 nsEventQueueImpl::ProcessPendingEvents()
[/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsEventQueue.cpp  line 391] 
	 event_processor_callback()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp  line 194] 
	 our_gdk_io_invoke()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp  line 75] 
	 libglib-1.2.so.0 + 0xee00 (0x40289e00)  
	 libglib-1.2.so.0 + 0x104c8 (0x4028b4c8)  
	 libglib-1.2.so.0 + 0x10ad3 (0x4028bad3)  
	 libglib-1.2.so.0 + 0x10c6c (0x4028bc6c)  
	 libgtk-1.2.so.0 + 0x8d7f7 (0x401ac7f7)  
	 nsAppShell::Run()
[/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp  line 336] 
	 nsAppShellService::Run()
[/builds/client/linux22/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp
 line 479] 
	 main1()
[/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp  line
1657] 
	 main()
[/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp  line
1642] 
	 libc.so.6 + 0x15a51 (0x403a3a51)   
Keywords: topcrash-
Summary: Crash in [ @ nsNntpCacheStreamListener::OnStartRequest] closing stand-alone windows. → Crash in [@ nsNntpCacheStreamListener::OnStartRequest] closing stand-alone windows.

Comment 9

13 years ago
This crash is still around, but not in huge numbers for any particular release:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=nsNntpCacheStreamListener%3A%3AOnStartRequest&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=
(Assignee)

Comment 10

13 years ago
I see a lot of these in current talkback queries.
Assignee: sspitzer → bienvenu
Product: MailNews → Core
Also see Bug 281212, it contains steps how to reproduce this bug (or at least
one variant of a nsNntpCacheStreamListener::OnStartRequest crasher).
low on the 2.0.0.6 list, currently #88 in talkcback

TB34590930 doing... "Absolutely nothing. Computer was locked and thunderbird was inactive (open on a newsgroup page). This install was only upgraded to 2.0.0.6 in the last hour. Thunderbird has never crashed before on this machine.

nsNntpCacheStreamListener::OnStartRequest  [mozilla/mailnews/news/src/nsNNTPProtocol.cpp, line 659]
nsInputStreamPump::OnStateStart  [mozilla/netwerk/base/src/nsInputStreamPump.cpp, line 442]
nsOutputStreamReadyEvent::EventHandler  [mozilla/xpcom/io/nsStreamUtils.cpp, line 121]

interesting... TB34298317 "going offline and reading news posts" 

one more: TB34397104 
QA Contact: stephend → networking.news
This is now #3 crash for windows trunk 3.0b1 http://crash-stats.mozilla.com/report/list?product=Thunderbird&version=Thunderbird%3A3.0b1&version=Thunderbird%3A3.0b1pre&platform=windows&query_search=signature&query_type=contains&query=&date=&range_value=2&range_unit=weeks&do_query=1&signature=nsNntpCacheStreamListener%3A%3AOnStartRequest%28nsIRequest*%2C%20nsISupports*%29

one example bp-a52b67e7-8784-4a96-8299-e2be92081210 "closing thunderbird and it crashed"
Keywords: topcrash- → topcrash
(Assignee)

Comment 14

9 years ago
seems possible this has to do with the changes to the way nntp does connection caching... bug 66150 - I'll look for this crash. I haven't seen it myself
bp-1bd8d97c-8241-4d71-b14e-7479a2081224 has a comment "when connecting a news group, I click the "go offline" button, then it crashes
Hardware: x86 → All

Comment 16

9 years ago
I crashed with bp-410922bb-93a2-46e7-b702-ba5972090102.

That's on mChannelToUse->GetLoadGroup(getter_AddRefs(loadGroup));

Should we just null check mChannelToUse?
Product: Core → MailNews Core
http://crash-stats.mozilla.com/report/index/d792ecfb-2348-4333-922f-6733a2090306 "Checking the failing^Hmailing list for news.php.net which frequently times out."

Would be nice to fix this for TB3. This is topcrash #20 for TB3.0b2
Flags: wanted-thunderbird3?
#13 crash in 3.0b3pre
Flags: wanted-thunderbird3? → blocking-thunderbird3?

Comment 19

8 years ago
I crashed twice in that method in the last 30 minutes reading news on news.mozilla.org (using "N" goto next unread message)

incidents:
http://crash-stats.mozilla.com/report/index/9335f28c-e789-4a30-847c-2991e2090720
http://crash-stats.mozilla.com/report/index/7b2637db-ed68-470d-ba3a-2ebf52090720?p=1

and a while ago the same:
http://crash-stats.mozilla.com/report/index/3cfca427-1b8b-4398-a137-799072090715

Updated

8 years ago
Duplicate of this bug: 506257

Comment 21

8 years ago
bp-b7963bd8-3726-42cc-95f2-29c922090722 has a user comment:
"i guess i was traversing thru a newsgroup with large number of headers > 500 very quickly with 'T' for marking thread as reading and moving to next thread. mail was open in 2nd tab."

Bug 506257 states it's reproduceable by "switching through the news pressing Space for about 10-20 seconds" and provides those crash IDs on SeaMonkey 2.0 Beta 1:
bp-026c4afa-e569-4aba-962f-f59032090724
bp-5d3f40a5-023e-49c5-b9cf-cb8282090724
bp-285275dc-dc20-4319-816c-77d9d2090724

Currently that signature is #13 topcrasher for Thunderbird 3.0 Beta 3:
http://crash-stats.mozilla.com/topcrasher/byversion/Thunderbird/3.0b3

Here's a Mac stack, so it's happening on all platforms: bp-dd29e64d-f474-4f4c-a7c3-b10592090723

SeaMonkey 2.0 Beta 1 shows it as #10 topcrasher right now: http://crash-stats.mozilla.com/topcrasher/byversion/SeaMonkey/2.0b1
OS: Linux → All

Comment 22

8 years ago
Hi,
I was the one with the space key on a xp system using an external news server.
I tried to reproduce it with my local hamster, a local news server.
SM did not crash but was busy for about one minute (netbook),
Hamster is set to allow 100 NNTP connections (instead of 4) per user due to errors i recieved due to this Bug ... recursion sucks...
Is there some testing that can be done?
(Assignee)

Comment 23

8 years ago
Created attachment 390596 [details] [diff] [review]
possible fix

I hit this crash once, and these two checks should fix the crash I saw...
Attachment #390596 - Flags: superreview?(neil)
Attachment #390596 - Flags: review?(Pidgeot18)
Comment on attachment 390596 [details] [diff] [review]
possible fix

nsNntpCacheStreamListener::OnStartRequest(nsIRequest *request, nsISupports * aCtxt)
Why does it only go wrong in OnStartRequest?

How are we getting to OnStartRequest before we're initialised?
(Assignee)

Comment 25

8 years ago
I'm not sure what's happening, actually. It's hard to reproduce this crash, so it's hard to debug it.

Comment 26

8 years ago
Yesterday i tried and found SM crashing by pressing space once again (no, this time it was curiosity that killed the ...seamonkey).
This time i took a lokal nntp-server, i had around 92 open connections from SM to to my NNTP-server, SM was busy for a minute and crshed.

bp-0eb43fa6-e3c6-4eba-b774-6ea122090408
Im sorry i can't convice my neighbours to do some testing by now...

Comment 27

8 years ago
It might be useful if SM could forget about the headers i've clicked when i decided for the last header to read the message...
btw. i read news in online mode, having the header loaded. 
So every time a header is clicked, the 'load message' command gets to a cache, right? Might it be useful to reduce this cache to a number of 1 so only one maessage is loaded?


## about:me
The only programs i ever wrote,were Sinclair BASIC and PASCAL in school, and C looks very mystic to me, sorry. But i'll try to do a little more testing from time to time, lot of headache, lot of time...
(In reply to comment #27)
> It might be useful if SM could forget about the headers i've clicked when i
> decided for the last header to read the message...
> btw. i read news in online mode, having the header loaded. 
> So every time a header is clicked, the 'load message' command gets to a cache,
> right? Might it be useful to reduce this cache to a number of 1 so only one
> maessage is loaded?

That would be a result as bug 424148 (which may be a duplicate of an older bug), which is simply a result of us failing to cancel the message loads in the URI. We do have a memory cache (in addition to the offline cache, of course), but the existence or lack thereof isn't causing the problem you specifically are seeing (we'd still load the message anyways).
(Assignee)

Comment 29

8 years ago
pinging for review
Whiteboard: [has patch, needs review jcranmer, neil]
(Assignee)

Updated

8 years ago
Flags: blocking-thunderbird3? → blocking-thunderbird3-
update crash sig for crash-stats to nsNntpCacheStreamListener::OnStartRequest(nsIRequest*, nsISupports*)
Summary: Crash in [@ nsNntpCacheStreamListener::OnStartRequest] closing stand-alone windows. → Crash in [@ nsNntpCacheStreamListener::OnStartRequest(nsIRequest*, nsISupports*)] closing stand-alone windows.
First crash for b4 had this signature :-)
(Assignee)

Comment 32

8 years ago
yes, for some reason, I'm not getting traction on the null check fix review requests...
(In reply to comment #32)
> yes, for some reason, I'm not getting traction on the null check fix review
> requests...

I asked on IRC about why the checks were only in OnStartRequest and not in OnStopRequest as well and never really got an answer on that... Unfortunately, it seems that the one hour of missing logs corresponds to the hour I asked the question :-( .
#14 crash for 3.0b4

bsmedberg is affected occasionally, eg http://crash-stats.mozilla.com/report/index/b3708bfc-6d0e-4b80-9165-09b992090924
(Assignee)

Comment 35

8 years ago
I can add a check to OnStopRequest, though I never hit a case where mChannelToUse was null there...I got your question and Neil's confused. I don't know the answer to Neil's question.
(Assignee)

Comment 36

8 years ago
Created attachment 407795 [details] [diff] [review]
check for null channel in both start and stop request
Attachment #390596 - Attachment is obsolete: true
Attachment #407795 - Flags: superreview?(neil)
Attachment #407795 - Flags: review?(Pidgeot18)
Attachment #390596 - Flags: superreview?(neil)
Attachment #390596 - Flags: review?(Pidgeot18)
Attachment #407795 - Flags: review?(Pidgeot18) → review+
Whiteboard: [has patch, needs review jcranmer, neil] → [has patch, needs review neil]
Comment on attachment 407795 [details] [diff] [review]
check for null channel in both start and stop request

sr=me if you add in plenty of assertions to remind us that the underlying cause of this bug has not been fixed.
Attachment #407795 - Flags: superreview?(neil) → superreview+
(Assignee)

Comment 38

8 years ago
Created attachment 408464 [details] [diff] [review]
fix for landing

this is what I'll check in - adds some assertions.
Attachment #407795 - Attachment is obsolete: true
Attachment #408464 - Flags: approval-thunderbird3+
(Assignee)

Updated

8 years ago
Whiteboard: [has patch, needs review neil] → [has patch, ready to land trunk and branchl]
Target Milestone: --- → Thunderbird 3.0rc1
(Assignee)

Comment 39

8 years ago
fixed on trunk and branch
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Whiteboard: [has patch, ready to land trunk and branchl]
Blocks: 531794

Updated

8 years ago
Keywords: fixed-seamonkey2.0.1

Comment 40

8 years ago
OK, SM2.0.1 doesn't crash anymore when i switch fast through the news BUT after going fast through the news, SM won't display any message instead of crashing.  When this happens 'download chosen message' (in german 'gewählte Nachrichten abrufen') doesn't do so.
Crash Signature: [@ nsNntpCacheStreamListener::OnStartRequest(nsIRequest*, nsISupports*)]
You need to log in before you can comment on or make changes to this bug.