Crash in [@ OOM | large | NS_ABORT_OOM | MimeInlineTextHTMLParsed_parse_line]
Categories
(Thunderbird :: General, defect)
Tracking
(thunderbird105 affected)
| Tracking | Status | |
|---|---|---|
| thunderbird105 | --- | affected |
People
(Reporter: worcester12345, Unassigned)
References
Details
(Keywords: crash, steps-wanted)
Crash Data
100.0b1 (64-bit)
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/d2525a38-c3a3-4088-9dfb-d051c0220413
MOZ_CRASH Reason: MOZ_CRASH(OOM)
Top 10 frames of crashing thread:
0 xul.dll NS_ABORT_OOM xpcom/base/nsDebugImpl.cpp:616
1 xul.dll MimeInlineTextHTMLParsed_parse_line mailnews/mime/src/mimeTextHTMLParsed.cpp:149
2 xul.dll MimeInlineText_convert_and_parse_line mailnews/mime/src/mimetext.cpp:321
3 xul.dll mime_LineBuffer mailnews/mime/src/mimebuf.cpp:205
4 xul.dll MimeInlineText_parse_decoded_buffer mailnews/mime/src/mimetext.cpp:271
5 xul.dll MimeLeaf_parse_buffer mailnews/mime/src/mimeleaf.cpp:142
6 xul.dll mime_LineBuffer mailnews/mime/src/mimebuf.cpp:205
7 xul.dll MimeObject_parse_buffer mailnews/mime/src/mimeobj.cpp:223
8 xul.dll mime_display_stream_write mailnews/mime/src/mimemoz2.cpp:859
9 xul.dll nsStreamConverter::OnDataAvailable mailnews/mime/src/nsStreamConverter.cpp:811
|
||
Comment 1•3 years ago
|
||
also [@ OOM | large | NS_ABORT_OOM | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line ] bp-1323cbe8-8d70-40cd-b0de-bf8080220413
|
Reporter | |
Comment 2•3 years ago
|
||
Just seeing this again tonight:
https://crash-stats.mozilla.org/report/index/39c9958d-683e-42d8-b8bb-530940220422#tab-bugzilla
|
|
||
Comment 4•3 years ago
|
||
|
|
||
Comment 6•2 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #4)
0 xul.dll NS_ABORT_OOM(unsigned long long) xpcom/base/nsDebugImpl.cpp:674
1 xul.dll MimeInlineTextHTMLParsed_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimeTextHTMLParsed.cpp:168
2 xul.dll MimeInlineText_convert_and_parse_line(char*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:321
3 xul.dll mime_LineBuffer(char const*, int, char**, int*, unsigned int*, bool, int ()(char, unsigned int, void*), void*) mailnews/mime/src/mimebuf.cpp:205
4 xul.dll MimeInlineText_parse_decoded_buffer(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:271
5 xul.dll MimeDecoderWrite(MimeDecoderData*, char const*, int, int*) mailnews/mime/src/mimeenc.cpp:753
6 xul.dll MimeLeaf_parse_buffer(char const*, int, MimeObject*) mailnews/mime/src/mimeleaf.cpp:139
7 xul.dll mime_LineBuffer(char const*, int, char**, int*, unsigned int*, bool, int ()(char, unsigned int, void*), void*) mailnews/mime/src/mimebuf.cpp:205
8 xul.dll MimeObject_parse_buffer(char const*, int, MimeObject*) mailnews/mime/src/mimeobj.cpp:223
9 xul.dll mime_display_stream_write(_nsMIMESession*, char const*, int) mailnews/mime/src/mimemoz2.cpp:859
10 xul.dll nsStreamConverter::OnDataAvailable(nsIRequest*, nsIInputStream*, unsigned long long, unsigned int) mailnews/mime/src/nsStreamConverter.cpp:811
11 xul.dll nsInputStreamPump::OnStateTransfer() netwerk/base/nsInputStreamPump.cpp:549
12 xul.dll nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) netwerk/base/nsInputStreamPump.cpp:378
13 xul.dll NS_NewCancelableRunnableFunction<`lambda at /builds/worker/checkouts/gecko/xpcom/io/nsPipe3.cpp:72:35'>::FuncCancelableRunnable::Run() xpcom/threads/nsThreadUtils.h:650
14 xul.dll mozilla::RunnableTask::Run() xpcom/threads/TaskController.cpp:538
15 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) xpcom/threads/TaskController.cpp:851
16 xul.dll mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) xpcom/threads/TaskController.cpp:683
17 xul.dll mozilla::TaskController::ProcessPendingMTTask(bool) xpcom/threads/TaskController.cpp:461
|
|
||
Comment 7•1 year ago
|
||
Crash rate for version 115 is roughly double or triple, with signature OOM | large | NS_ABORT_OOM | nsTSubstring<T>::AllocFailed | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line - https://crash-stats.mozilla.org/signature/?signature=OOM%20|%20large%20|%20NS_ABORT_OOM%20|%20nsTSubstring<T>::AllocFailed%20|%20nsTSubstring<T>::Append%20|%20MimeInlineTextHTMLParsed_parse_line&product=Thunderbird&date=>=2023-07-27T09:49:00.000Z&date=<2023-10-27T09:49:00.000Z&_sort=-date#summary
78% are startup crashes < 1 minute uptime.
This user https://support.mozilla.org/en-US/questions/1428582 is one of them - bp-1a3da0a9-8e35-4e75-8bc2-0b6b80231022
|
||
Comment 8•1 year ago
|
||
Idk, perhaps we end up with some bogus huge size, and we should add some reasonability check.
https://searchfox.org/comm-central/rev/3d6b7b66a79551eb77bfe54d2673fae9132b5c21/mailnews/mime/src/mimeTextHTMLParsed.cpp#163
|
|
||
Comment 9•1 year ago
|
||
|
|
||
Comment 10•1 year ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #8)
Idk, perhaps we end up with some bogus huge size, and we should add some reasonability check.
https://searchfox.org/comm-central/rev/3d6b7b66a79551eb77bfe54d2673fae9132b5c21/mailnews/mime/src/mimeTextHTMLParsed.cpp#163
an example of OOM | small bp-2aea2296-595a-441d-a6d7-91aa60231015
|
|
||
Comment 11•1 year ago
|
||
Also since 122.0b4 we have crashes on beta of the sort OOM | large | NS_ABORT_OOM | GatherLine bp-865799b7-79b2-4731-ab22-826870240130
0 xul.dll NS_ABORT_OOM(unsigned long long) xpcom/base/nsDebugImpl.cpp:674 context
1 xul.dll GatherLine(char const*, int, MimeObject*) mailnews/mime/src/nsSimpleMimeConverterStub.cpp:62 cfi
2 xul.dll MimeInlineText_convert_and_parse_line(char*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:321 cfi
3 xul.dll convert_and_send_buffer(char*, int, bool, int ()(char, unsigned int, void*), void*) mailnews/mime/src/mimebuf.cpp:132 inlined
3 xul.dll mime_LineBuffer(char const*, int, char**, int*, unsigned int*, bool, int ()(char, unsigned int, void*), void*) mailnews/mime/src/mimebuf.cpp:205 cfi
4 xul.dll MimeInlineText_parse_decoded_buffer(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:271 cfi
5 xul.dll mime_decode_base64_buffer(MimeDecoderData*, char const*, int, int*) mailnews/mime/src/mimeenc.cpp:287 inlined
5 xul.dll MimeDecoderWrite(MimeDecoderData*, char const*, int, int*) mailnews/mime/src/mimeenc.cpp:742 cfi
6 xul.dll MimeLeaf_parse_buffer(char const*, int, MimeObject*) mailnews/mime/src/mimeleaf.cpp:139 cfi
7 xul.dll convert_and_send_buffer(char*, int, bool, int ()(char, unsigned int, void*), void*) mailnews/mime/src/mimebuf.cpp:132
Perhaps it is a different bug?
|
||
Comment 12•1 year ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #8)
Idk, perhaps we end up with some bogus huge size, and we should add some reasonability check.
Yup, that's what it looks like to me. My money would be on something further up the callstack failing, but not correctly handling the error, and just passing a bogus length down through the layers.
I don't think a reasonability check is the right way to go - that's just papering over the issue and there could be other more insideous problems caused by it too.
We could put reasonability checks all the way up the call stack. Maybe MOZ_RELEASE_ASSERT()? Basically, I'd want it to crash in release builds - it would crash lower down anyway, so if we can get it to crash at the first point a bogus value enters the callstack, the crash reports will better tell us what's gone wrong.
Probably the better approach would be to audit our way back up the callstack, looking for borked code. It's probably something simple, but could take a while to do...
|
|
||
Comment 13•1 year ago
|
||
Just noticed nsStreamConverter::OnStopRequest() calls the standard mBridgeStream complete() function even if the passed-in status is a failure:
https://hg.mozilla.org/releases/comm-esr115/file/33f0ab5fb689db8eeebb23c0eae3bff1b7aec37e/mailnews/mime/src/nsStreamConverter.cpp#l883
Probably worth investigating too. Might be fine, but smells a bit off.
|
|
||
Comment 14•1 year ago
|
||
I've emailed a few crash reporters.
|
|
Reporter | |
Comment 15•1 year ago
|
||
(In reply to Ben Campbell from comment #12)
(In reply to Magnus Melin [:mkmelin] from comment #8)
...
Probably the better approach would be to audit our way back up the callstack, looking for borked code. It's probably something simple, but could take a while to do...
Has anybody ever thrown this stuff into one or more of those AI tools, to see what it comes up with?
|
|
||
Updated•1 year ago
|
|
|
||
Comment 16•1 year ago
|
||
The most common user comments mention operating in the Trash folder - deleting or opening a message while in Trash.
- https://crash-stats.mozilla.org/report/index/0afff1c4-1317-4570-9f2f-603dd0241014
- https://crash-stats.mozilla.org/report/index/6240baee-c0b1-4032-bf48-b541e0241004
- https://crash-stats.mozilla.org/report/index/d7f239b6-0f31-4183-8cf3-009680240924
#8 crash for 128.3.2
|
|
||
Comment 17•6 months ago
|
||
Comment 8 was 2024-10-14. Since then...
This hasn't been a topcrash since 2024-11-15. The majority of crashes seem to be gone after 128.4.3esr https://crash-stats.mozilla.org/signature/?signature=OOM%20%7C%20large%20%7C%20NS_ABORT_OOM%20%7C%20nsTSubstring%3CT%3E%3A%3AAllocFailed%20%7C%20nsTSubstring%3CT%3E%3A%3AAppend%20%7C%20MimeInlineTextHTMLParsed_parse_line&date=%3E%3D2024-10-21T15%3A07%3A00.000Z&date=%3C2025-04-21T15%3A07%3A00.000Z.
However, crashes continue for OOM | large | NS_ABORT_OOM | nsTSubstring<T>::AllocFailed | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line in subsequent esr, 65% of which are startup. https://crash-stats.mozilla.org/signature/?signature=OOM%20%7C%20large%20%7C%20NS_ABORT_OOM%20%7C%20nsTSubstring%3CT%3E%3A%3AAllocFailed%20%7C%20nsTSubstring%3CT%3E%3A%3AAppend%20%7C%20MimeInlineTextHTMLParsed_parse_line&date=%3E%3D2025-01-21T15%3A31%3A00.000Z&date=%3C2025-04-21T15%3A31%3A00.000Z
Bugs fixed in 128.4.3esr are https://bugzilla.mozilla.org/buglist.cgi?bug_id=1925929%2C1926810%2C1924058%2C1927612%2C1923526%2C1924918%2C1923585%2C1927282%2C520582%2C1872595%2C1917179%2C1928252%2C1927971%2C1924291%2C1842419%2C1927486%2C1925747&list_id=17521124. It definitely was not helped by bug 1924623, which comes to esr later.
It may be noteworthy that so far there are no crashes in 137.0.*.
|
|
||
Comment 18•6 months ago
|
||
Bug 1924291 may have fixed/helped here.
|
|
||
Comment 19•6 months ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #18)
Bug 1924291 may have fixed/helped here.
Thanks. It's hard to judge with 100% certainty (because of changing update rates and some users moving from 115 to 128) but I agree that's what helped OOM | large | NS_ABORT_OOM | nsTSubstring<T>::AllocFailed | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line. On the other hand I think OOM | large | NS_ABORT_OOM | nsTSubstring<T>::AllocFailed | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line was not helped by Bug 1924291.
Crash report: https://crash-stats.mozilla.org/report/index/95272984-462d-4501-9d08-21fc80250412 128.9.1esr Mac
MOZ_CRASH Reason:
MOZ_CRASH(OOM)
Top 10 frames:
0 XUL NS_ABORT_OOM(unsigned long) xpcom/base/nsDebugImpl.cpp:673
1 XUL MimeInlineTextHTMLParsed_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimeTextHTMLParsed.cpp:165
2 XUL MimeInlineText_convert_and_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:322
3 XUL MimeInlineText_rotate_convert_and_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:453
4 XUL convert_and_send_buffer(char*, int, bool, int (*)(char const*, int, MimeObjec... mailnews/mime/src/mimebuf.cpp:94
4 XUL mime_LineBuffer mailnews/mime/src/mimebuf.cpp:169
5 XUL MimeInlineText_parse_decoded_buffer(char const*, int, MimeClosure) mailnews/mime/src/mimetext.cpp:274
6 XUL MimeLeaf_parse_buffer(char const*, int, MimeClosure) mailnews/mime/src/mimeleaf.cpp:142
7 XUL convert_and_send_buffer(char*, int, bool, int (*)(char const*, int, MimeObjec... mailnews/mime/src/mimebuf.cpp:94
7 XUL mime_LineBuffer mailnews/mime/src/mimebuf.cpp:169
The most recent "release" crash is bp-4f7d681c-f6e9-4a44-916f-360980250421 137.0.2
The last beta crash is bp-b1081c41-0438-419c-8434-4a35c0250213 134.0b2. Historically This signature has had on average zero beta crashes per month.
OOM | large | NS_ABORT_OOM | nsTSubstring<T>::AllocFailed | nsTSubstring<T>::Append | MimeInlineTextHTMLParsed_parse_line bp-dec491db-fb39-464e-bcb2-65b3f0250422
Crash report: https://crash-stats.mozilla.org/report/index/dec491db-fb39-464e-bcb2-65b3f0250422 128.9.1esr
MOZ_CRASH Reason:
MOZ_CRASH(OOM)
Top 10 frames:
0 xul.dll NS_ABORT_OOM(unsigned int) xpcom/base/nsDebugImpl.cpp:673
1 xul.dll nsTSubstring<char16_t>::AllocFailed(unsigned int) xpcom/string/nsTSubstring.h:1217
1 xul.dll nsTSubstring<char16_t>::Append(nsTSubstring<char16_t> const&) xpcom/string/nsTSubstring.cpp:850
2 xul.dll MimeInlineTextHTMLParsed_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimeTextHTMLParsed.cpp:165
3 xul.dll MimeInlineText_convert_and_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:322
4 xul.dll MimeInlineText_rotate_convert_and_parse_line(char const*, int, MimeObject*) mailnews/mime/src/mimetext.cpp:453
5 xul.dll convert_and_send_buffer(char*, int, bool, int (*)(char const*, int, MimeObjec... mailnews/mime/src/mimebuf.cpp:94
5 xul.dll mime_LineBuffer(char const*, int, char**, int*, unsigned int*, bool, int (*)(... mailnews/mime/src/mimebuf.cpp:169
6 xul.dll MimeInlineText_parse_decoded_buffer(char const*, int, MimeClosure) mailnews/mime/src/mimetext.cpp:274
7 xul.dll mime_decode_base64_buffer(MimeDecoderData*, char const*, int, int*) mailnews/mime/src/mimeenc.cpp:287
The last beta crash is bp-0fe7bc8f-8ba8-4aeb-afb0-23c040250225 134.0b4. Historically this signature has had at least a couple beta crashes per month
|
|
||
Comment 20•19 days ago
|
||
- bp-6b11c409-0313-483a-953f-9c5550250826 It shuts down by itself as soon as I launch it. Before, I tried to put the messages from 2023 in a 2023 "archives" folder. I had to do it by email. It agreed to put them (in 2 times), but it did not remove them from incoming mail. I had to delete them in two times, and that's when it started to go wrong.
- bp-ab68de6d-6869-41d6-8f47-99db60250923 Delete some sent messages and then was looking through the list when it crashed.
Description
•