Closed
Bug 420678
Opened 16 years ago
Closed 16 years ago
Repeated crashes [@arena_dalloc_small]
Categories
(Core :: General, defect, P2)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: sciguyryan, Assigned: jasone)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
6.08 KB,
patch
|
jasone
:
review+
pavlov
:
superreview+
beltzner
:
approval1.9+
|
Details | Diff | Splinter Review |
I have gotten lots of crashes at arena_dalloc_small in the last few days and its not number 25 on the prebeta 4 top crash list (http://crash-stats.mozilla.com/report/list?range_unit=weeks&version=Firefox%3A3.0b4pre&range_value=2&signature=arena_dalloc_small) 783deea8-e8ff-11dc-8b9d-001a4bd46e84, e7395670-e85e-11dc-a53c-001a4bd46e84 and ccfc652e-e6e9-11dc-b70f-001a4bd43ef6 are the three I can find off the top of my head. I cannot seem to repeat this unfortunately so I have no test for it.
Reporter | ||
Updated•16 years ago
|
Summary: Repeated crashes [@arena_dalloc_small] and [] → Repeated crashes [@arena_dalloc_small]
I see the same problem. Ever since I updated from Firefox 2 to the Pre-Beta-5 Nightlies, I get a large number of crashes, making Firefox almost unusable. Many of these crashes point to arena_dalloc_small and it is now number 6 in the list of reported crashes for 3.0b5pre. Let me know if there is anything I can do to further investigate this problem.
Reporter | ||
Comment 2•16 years ago
|
||
Okay. This has gone up to '5 on the top crashers now. I'm requesting a blocking to see if there is anything that can be done here. Unfortunately the seemingly random nature of this crash is going to cause issues in investigating I think.
Severity: major → critical
Flags: blocking1.9?
re comment 1, do you have *any* extensions installed? or any plugins? i don't see any plugins in the modules list for this crash: Signature arena_dalloc_small UUID 783deea8-e8ff-11dc-8b9d-001a4bd46e84 Time 2008-03-02 19:02:34-08:00 Uptime 0 Product Firefox Version 3.0b4pre Build ID 2008030206 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info AuthenticAMD family 6 model 8 stepping 1 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x6f706d77 Comments Crashing Thread Frame Signature Source 0 arena_dalloc_small jemalloc.c:3992 1 arena_dalloc jemalloc.c:4180 2 free jemalloc.c:5915 3 XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2539 4 XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1470 5 js_Invoke 6 js_InternalInvoke 7 js_TryMethod 8 js_DefaultValue but maybe I'm missing something.
Reporter | ||
Comment 4•16 years ago
|
||
Yeah. I have got plugins and extensions installed but after disabling them the browser still periodically crashes. It should be noted that it normally happens after closing say Gmail - a few seconds later the browser crashes.
I also have a few plugins and extensions installed - nothing spectacular though. I have disabled some of them for a while without any change. Also, I frequently see Firefox crashing without Breakpad even catching it. That might be unrelated though.
it's possible, but unlikely that running under windbg http://developer.mozilla.org/en/docs/How_to_get_a_stacktrace_with_WinDbg may give hints... at the very least if you catch this crash under a debugger someone on irc should be able to talk you through getting a js stack trace.
Comment 7•16 years ago
|
||
Jason the info here is sketchy - but the crash is in jemalloc - any way we can diagnose better?
Assignee: nobody → jasone
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
Assignee | ||
Comment 8•16 years ago
|
||
If we're lucky, enabling the MALLOC_SEATBELTS code that's in bug 418510 will tell us that this is a common memory allocation error, like a double free.
Assignee | ||
Comment 9•16 years ago
|
||
If anyone has discovered a repeatable test case for this crash I'll be happy to take a look.
Comment 10•16 years ago
|
||
these aren't double frees, they are binary extensions allocating using the wrong allocator to allocate objects and they're just getting freed in this spot.
Comment 11•16 years ago
|
||
I too have experienced Firefox suddenly closing for no reason. Unfortunately, I've not noticed anything specific that I'm doing at the time. It appears to be random. It happens daily, though not so much as to make Firefox unusable--but it's very annoying! Most recently it crashed when I entered an item into the snopes search box that's on my toolbar...
Comment 12•16 years ago
|
||
most of the comments coming in on this one show some interaction with the URL bar/tabs or windows opening... > Typing an address into the navigation bar > Typed m a i l into the address bar with two other tabs open > it just crashed when i was typing in something... > I was trying to write a url in the address bar and a slight variation > i just try to select a bookmark a little fast in bookmark toolbar Then there are a few another arena_dalloc_small crashes with some different stacks but those are likely for other bugs...
Comment 13•16 years ago
|
||
in http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&range_unit=weeks&version=Firefox%3A3.0b5&signature=arena_dalloc_small&range_value=1 sort on address and look at the 0x6f706d77 to see URL typing and stack frame like Frame Signature Source 0 arena_dalloc_small jemalloc.c:3992 1 arena_dalloc jemalloc.c:4180 2 free jemalloc.c:5915 3 XPCWrappedNative::CallMethod(XPCCallContext&, set of problems.
Comment 14•16 years ago
|
||
Stuart what's the final plan for binary extensions with this issue?
Assignee | ||
Comment 15•16 years ago
|
||
Stuart asked me to make malloc_usable_size() detect pointers that do not reside within memory regions managed by jemalloc. The patch does this. My understanding is that Stuart will add a call to malloc_usable_size() before calling free() for any objects that are allocated by extensions, in order to be able to catch mixed allocator use. The patch should perform adequately for the intended purpose, but if we were to do such validation for *all* calls to free(), I would want to make more extensive changes to avoid the overhead of extra locking and red-black tree searches.
Comment 16•16 years ago
|
||
jason's patch except using alloca() for arenas_snapshot. This seems to work fine and the rest of the patch looks OK to me.
Attachment #314637 -
Attachment is obsolete: true
Attachment #315240 -
Flags: superreview+
Attachment #315240 -
Flags: review?(jasone)
Assignee | ||
Updated•16 years ago
|
Attachment #315240 -
Flags: review?(jasone) → review+
Updated•16 years ago
|
Attachment #315240 -
Flags: approval1.9?
Comment 17•16 years ago
|
||
Comment on attachment 315240 [details] [diff] [review] use alloca instead of variable sized array a1.9=beltzner
Attachment #315240 -
Flags: approval1.9? → approval1.9+
Comment 18•16 years ago
|
||
ok, I've checked in this patch. Because this particular bug is crashing with binary extensions, and extension authors need to update for Firefox 3 anyways, I'm going to mark this particular bug WONTFIX. We should continue to blacklist crashy extensions. I am going to put in a workaround for plugins that uses this code to keep them from crashing in bug 422024.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
Comment 19•16 years ago
|
||
I still see a lot of these crashes (4 over the last 3 days - not heavily using Firefox during these days) even though I have disabled all incompatible extensions. My current extension list: Adblock Plus German Dictionary Firebug Gmail Notifier US English Dictionary I have a few more extensions installed, but they are all disabled because they are not compatible with Firefox 3.
Comment 20•16 years ago
|
||
if we have checked in patches that might address parts of the problem seems like this should be "fixed" not "wontfix" and then open up additional bugs for the remaining parts of the problem, but I'm not sure that the resolution of this bug number matters much at this point. pav suggests blocklisting versions of anything thats still crashing so lets figure some of that out in bug 434752 > from comment 19 which versions of those extensions are you using? Please add that data to bug 434752 if you can. Firebug in particular was known to not be compatible until just recently so that might be one to check on for sure. check on https://bugzilla.mozilla.org/show_bug.cgi?id=411814 for more details about firebug gmail notifier might also have binary components in the collection of google tools that have known compatiblity problems so getting version info on what you were using there would be good as well
Comment 21•16 years ago
|
||
I have a friend who's still seeing crashes like this with no extensions enabled. I've filed bug 436375 on it.
Updated•13 years ago
|
Crash Signature: [@arena_dalloc_small]
You need to log in
before you can comment on or make changes to this bug.
Description
•