Closed Bug 417485 Opened 18 years ago Closed 18 years ago

Crash @ JS_GetStringChars after a few seconds

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: bugzilla-graveyard, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Attachments

(2 files)

Mac OS X crash log
33.21 KB, text/plain
Details
camino-debug-by-date crash log
46.62 KB, text/plain
Details
1) Visit URL. 2) Wait about five to ten seconds. 3) Crash. Camino 2008021300 crashes. Haven't tried other builds as yet. Here's the relevant portion of the crash log: Process: Camino [50338] Path: /Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/Camino Identifier: org.mozilla.camino Version: 2.0a1pre (2008.02.13) Code Type: PPC (Native) Parent Process: launchd [130] Date/Time: 2008-02-14 09:58:00.264 -0500 OS Version: Mac OS X 10.5.2 (9C31) Report Version: 6 Exception Type: EXC_CRASH (SIGBUS) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 1 Thread 0: 0 libSystem.B.dylib 0x91af9cb8 __kill + 12 1 talkback.dylib 0x07772e2c FCProcessSignal(int, UNIX_EXCEPTION_CONTEXT*) + 196 2 talkback.dylib 0x077754f0 fcStackDumpCollectorCreator(unsigned long, char*, int, char**) + 356 3 libSystem.B.dylib 0x91af7bc0 _sigtramp + 64 Thread 1 Crashed: 0 libSystem.B.dylib 0x91ac1310 select$DARWIN_EXTSN$NOCANCEL + 8 1 libnspr4.dylib 0x00fbf000 pt_TestAbort + 16 2 libnspr4.dylib 0x00fc5c1c poll + 444 3 libnspr4.dylib 0x00fc1c6c PR_Poll + 908 4 org.mozilla.camino 0x000de08c nsSocketTransportService::Poll(int, unsigned int*) + 204 5 org.mozilla.camino 0x000de65c nsSocketTransportService::DoPollIteration(int) + 524 6 org.mozilla.camino 0x000de908 nsSocketTransportService::OnProcessNextEvent(nsIThreadInternal*, int, unsigned int) + 120 7 libxpcom_core.dylib 0x00f0dec4 nsThread::ProcessNextEvent(int, int*) + 276 8 libxpcom_core.dylib 0x00ecba58 NS_ProcessNextEvent_P(nsIThread*, int) + 72 9 org.mozilla.camino 0x000df000 nsSocketTransportService::Run() + 176 10 libxpcom_core.dylib 0x00f0df44 nsThread::ProcessNextEvent(int, int*) + 404 11 libxpcom_core.dylib 0x00ecba58 NS_ProcessNextEvent_P(nsIThread*, int) + 72 12 libxpcom_core.dylib 0x00f0e29c nsThread::ThreadFunc(void*) + 156 13 libnspr4.dylib 0x00fc345c _pt_root + 220 14 libSystem.B.dylib 0x91ab9b98 _pthread_start + 316
Keywords: crash
Confirming on the aero-net-news. Works: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b4pre) Gecko/2008021204 Minefield/3.0b4pre Crashes: bp-3bb35242-db48-11dc-8a7c-001a4bd43ed6 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b4pre) Gecko/2008021304 Minefield/3.0b4pre Range: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-02-12-04&maxdate=2008-02-13-04&cvsroot=%2Fcvsroot There's a ton of crap in there, so...but based on the method crashing in the Camino crash log and what file that method lives in, and when that file was touched, bug 412320 seems like the most likely candidate. Note that the Mac OS X crash reporter and the mozCrashReporter seem to have a completely different idea of which thread crashed in Minefield; filed bug 417601 on that.
Blocks: gqi
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9?
Keywords: regression, zt4newcrash
Attached file Mac OS X crash log
Note that the Minefield Mac OS X crash log is also plagued by stripped symbols being reported as something else, so I tend to trust Chris's Camino log more since we've worked around that stripping in Camino already. I'm rebuilding my trunk debug right now and can post a hopefully-even-more-accurate log soon.
> since we've worked around that stripping in Camino already. I'm rebuilding my > trunk debug right now and can post a hopefully-even-more-accurate log soon. Well, that's fun; my debug build won't crash on either URL :/
Actually, I can't reproduce this at all in any of today's builds; maybe it was fixed sometime yesterday? Chris, can you still see this with a current nightly?
(not Chris) I can't reproduce it either, with Camino 2.0a1pre (1.9b4pre 2008021420), fresh form the Tinderbox. (with a previous build, 24hours old, both sites crashed)
Yeah, same here. Looks like something fixed this since last night's nightly. Maybe the fix for bug 412207?
So, after not seeing the crash in today's build, I did a pull-by-date to match cl's official build (because the stack/thread differences bothered me; bug 417601), and crashed. Thread 0 Crashed: 0 libmozjs.dylib 0x0f2cdc32 JS_GetStringChars + 18 (jsapi.c:5240) IOW, the same thread breakpad/crash-stats said Minefield crashed in. The exception-handlers seem to be be causing an off-by-1 error with at least this particular crash (Chris, I'd be curious to see if your Thread 2 began with that JS_GetStringChars function).
Since everyone seems to agree this is gone now and the wrong stack was being fingered, cancelling the blocking? and closing WFM. (If someone knows/wants to track down the actual fix and dupe, by all means do so.)
Status: NEW → RESOLVED
Closed: 18 years ago
Flags: blocking1.9?
Resolution: --- → WORKSFORME
Summary: Crash @ nsSocketTransportService::Poll after a few seconds → Crash @ JS_GetStringChars after a few seconds
I just hit this again tonight. Here's the relevant portion and the stacks on either side of the crashed thread: Process: Camino [52511] Path: /Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/Camino Identifier: org.mozilla.camino Version: 2.0a1pre (2008.02.14) Code Type: PPC (Native) Parent Process: launchd [130] Date/Time: 2008-02-17 22:23:40.593 -0500 OS Version: Mac OS X 10.5.2 (9C31) Report Version: 6 Exception Type: EXC_CRASH (SIGSEGV) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 1 Application Specific Information: Java information: Version: Java HotSpot(TM) Client VM (1.5.0_13-119 mixed mode) Virtual Machine version: Java HotSpot(TM) Client VM (1.5.0_13-119) for macosx-ppc, built on Sep 28 2007 23:55:48 by root with gcc 4.0.1 (Apple Inc. build 5465) Exception type: Bus Error (0xa) at pc=0x006a4b0c Current thread (0x132016b0): JavaThread "AWT-AppKit" [_thread_in_native, id=-1607679884] Stack: [0xbf800000,0xc0000000) Java Threads: ( => current thread ) 0x13211100 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=252268032] 0x1320f4a0 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=51654144] 0x1320ac90 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=192242176] 0x1320a280 JavaThread "CompilerThread0" daemon [_thread_blocked, id=189313536] 0x13209d80 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=255876096] 0x132094a0 JavaThread "Finalizer" daemon [_thread_blocked, id=253799936] 0x132090b0 JavaThread "Reference Handler" daemon [_thread_blocked, id=344072192] =>0x132016b0 JavaThread "AWT-AppKit" [_thread_in_native, id=-1607679884] Other Threads: 0x13208830 VMThread [id=189778432] 0x1320c3e0 WatcherThread [id=291613696] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 576K, used 459K [0x1a580000, 0x1a620000, 0x1ac80000) eden space 512K, 83% used [0x1a580000, 0x1a5eaec8, 0x1a600000) from space 64K, 49% used [0x1a610000, 0x1a617f18, 0x1a620000) to space 64K, 0% used [0x1a600000, 0x1a600000, 0x1a610000) tenured generation total 2436K, used 1637K [0x1ac80000, 0x1aee1000, 0x1e580000) the space 2436K, 67% used [0x1ac80000, 0x1ae19770, 0x1ae19800, 0x1aee1000) compacting perm gen total 8192K, used 6917K [0x1e580000, 0x1ed80000, 0x22580000) the space 8192K, 84% used [0x1e580000, 0x1ec41580, 0x1ec41600, 0x1ed80000) No shared spaces configured. Virtual Machine arguments: JVM args: -Xbootclasspath/p:/Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/plugins/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar -Dnetscape.oji.plugin.home=/Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/plugins/MRJPlugin.plugin/Contents/MacOS -Xbootclasspath/a:/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/deploy.jar:/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/plugin.jar:/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/ext/apple_provider.jar -Xbootclasspath/p:/Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/plugins/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar -Djep.pluginhome=/Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/plugins/JavaEmbeddingPlugin.bundle -Djep.version=0.9.6.3 -Djep.version.applet=true -Djep.debug.visibility.applet=true -Djep.debug.release.applet=true -Djep.debug.updates.applet=true -DtrustProxy=true vfprintf Java command: <unknown> launcher type: generic Thread 0: 0 libSystem.B.dylib 0x91af9cb8 __kill + 12 1 talkback.dylib 0x02a06e2c FCProcessSignal(int, UNIX_EXCEPTION_CONTEXT*) + 196 2 talkback.dylib 0x02a094f0 fcStackDumpCollectorCreator(unsigned long, char*, int, char**) + 356 3 libSystem.B.dylib 0x91af7bc0 _sigtramp + 64 Thread 1 Crashed: 0 libSystem.B.dylib 0x91ac1310 select$DARWIN_EXTSN$NOCANCEL + 8 1 libSystem.B.dylib 0x91b1754c select + 68 2 libnspr4.dylib 0x00fc7c1c poll + 444 3 libnspr4.dylib 0x00fc3c6c PR_Poll + 908 4 org.mozilla.camino 0x000de60c nsSocketTransportService::Poll(int, unsigned int*) + 204 5 org.mozilla.camino 0x000debdc nsSocketTransportService::DoPollIteration(int) + 524 6 org.mozilla.camino 0x000dee88 nsSocketTransportService::OnProcessNextEvent(nsIThreadInternal*, int, unsigned int) + 120 7 libxpcom_core.dylib 0x00f0fec4 nsThread::ProcessNextEvent(int, int*) + 276 8 libxpcom_core.dylib 0x00ecda58 NS_ProcessNextEvent_P(nsIThread*, int) + 72 9 org.mozilla.camino 0x000df580 nsSocketTransportService::Run() + 176 10 libxpcom_core.dylib 0x00f0ff44 nsThread::ProcessNextEvent(int, int*) + 404 11 libxpcom_core.dylib 0x00ecda58 NS_ProcessNextEvent_P(nsIThread*, int) + 72 12 libxpcom_core.dylib 0x00f1029c nsThread::ThreadFunc(void*) + 156 13 libnspr4.dylib 0x00fc545c _pt_root + 220 14 libSystem.B.dylib 0x91ab9b98 _pthread_start + 316 Thread 2: 0 libSystem.B.dylib 0x91a779f8 semaphore_timedwait_signal_trap + 8 1 libSystem.B.dylib 0x91abae3c _pthread_cond_wait + 1320 2 libnspr4.dylib 0x00fbf5a4 pt_TimedWait + 164 3 libnspr4.dylib 0x00fbfa6c PR_WaitCondVar + 156 4 libxpcom_core.dylib 0x00f14368 TimerThread::Run() + 312 5 libxpcom_core.dylib 0x00f0ff44 nsThread::ProcessNextEvent(int, int*) + 404 6 libxpcom_core.dylib 0x00ecda58 NS_ProcessNextEvent_P(nsIThread*, int) + 72 7 libxpcom_core.dylib 0x00f1029c nsThread::ThreadFunc(void*) + 156 8 libnspr4.dylib 0x00fc545c _pt_root + 220 9 libSystem.B.dylib 0x91ab9b98 _pthread_start + 316 Not sure what the deal is there...
And I just saw this again, very similar stack as before: Process: Camino [66114] Path: /Applications/Internet/Camino Official Nightlies/Trunk/Camino.app/Contents/MacOS/Camino Identifier: org.mozilla.camino Version: 2.0a1pre (2008.03.01) Code Type: PPC (Native) Parent Process: launchd [130] Date/Time: 2008-03-01 15:39:12.023 -0500 OS Version: Mac OS X 10.5.2 (9C31) Report Version: 6 Exception Type: EXC_CRASH (SIGBUS) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 1 Thread 0: 0 libSystem.B.dylib 0x91af9cb8 __kill + 12 1 talkback.dylib 0x02a2ce2c FCProcessSignal(int, UNIX_EXCEPTION_CONTEXT*) + 196 2 talkback.dylib 0x02a2f4f0 fcStackDumpCollectorCreator(unsigned long, char*, int, char**) + 356 3 libSystem.B.dylib 0x91af7bc0 _sigtramp + 64 Thread 1 Crashed: 0 libSystem.B.dylib 0x91ac1310 select$DARWIN_EXTSN$NOCANCEL + 8 1 libnspr4.dylib 0x00ff4000 pt_TestAbort + 16 2 libnspr4.dylib 0x00ffac1c poll + 444 3 libnspr4.dylib 0x00ff6c6c PR_Poll + 908 4 org.mozilla.camino 0x000e001c nsSocketTransportService::Poll(int, unsigned int*) + 204 5 org.mozilla.camino 0x000e068c nsSocketTransportService::DoPollIteration(int) + 524 6 org.mozilla.camino 0x000e0938 nsSocketTransportService::OnProcessNextEvent(nsIThreadInternal*, int, unsigned int) + 120 7 libxpcom_core.dylib 0x00f42784 nsThread::ProcessNextEvent(int, int*) + 276 8 libxpcom_core.dylib 0x00efe368 NS_ProcessNextEvent_P(nsIThread*, int) + 72 9 org.mozilla.camino 0x000e10f0 nsSocketTransportService::Run() + 176 10 libxpcom_core.dylib 0x00f42804 nsThread::ProcessNextEvent(int, int*) + 404 11 libxpcom_core.dylib 0x00efe368 NS_ProcessNextEvent_P(nsIThread*, int) + 72 12 libxpcom_core.dylib 0x00f42b5c nsThread::ThreadFunc(void*) + 156 13 libnspr4.dylib 0x00ff845c _pt_root + 220 14 libSystem.B.dylib 0x91ab9b98 _pthread_start + 316 Thread 2: 0 libSystem.B.dylib 0x91a779f8 semaphore_timedwait_signal_trap + 8 1 libSystem.B.dylib 0x91abae3c _pthread_cond_wait + 1320 2 libnspr4.dylib 0x00ff25a4 pt_TimedWait + 164 3 libnspr4.dylib 0x00ff2a6c PR_WaitCondVar + 156 4 libxpcom_core.dylib 0x00f46c38 TimerThread::Run() + 312 5 libxpcom_core.dylib 0x00f42804 nsThread::ProcessNextEvent(int, int*) + 404 6 libxpcom_core.dylib 0x00efe368 NS_ProcessNextEvent_P(nsIThread*, int) + 72 7 libxpcom_core.dylib 0x00f42b5c nsThread::ThreadFunc(void*) + 156 8 libnspr4.dylib 0x00ff845c _pt_root + 220 9 libSystem.B.dylib 0x91ab9b98 _pthread_start + 316 I don't know if the off-by-one error is still happening in the crash reports, but it seems to me that it's not. It really looks to me like there's a crash in the networking code here. cl
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
I just got the crash in comment 11 to happen again, this time when closing a Bugzilla page. TB42108771Z is the incident report. Same stack as in comment 11. I had opened a Java applet earlier but that tab was ancient history by the time the crash occurred. Who else might know what's going on here? The problem isn't as reproducible as it initially was (neither of the URLs initially used as testcases causes a crash now), but there's definitely still a crash, and the common element to all the crash stacks is the nsSocketTransportService::Poll call in the crashed thread.
And just got #12 to happen again, TB42109498Y, when closing an ESPN page after the browser had been idle for a few minutes. IIRC, the last two or three times I've seen this have all been after the browser had been idle for a few minutes.
Those Talkback reports are bug 420403. (I'm not sure why the Mac OS X crash reports are becoming so crazy and inacurate on trunk, but it's pretty annoying.)
I'm going to close this INCOMPLETE for now, since at least two different *other* bugs have been causing this. The only real crash here we're still not sure about is the one in comment 11, but I haven't hit this at all since then so I'm not too worried about it.
Status: REOPENED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: