Closed Bug 443577 Opened 16 years ago Closed 16 years ago

browser keeps crashing every once in a while unexpectedly [@ extent_tree_ad_s_RB_REMOVE ... free - winAccess][@ arena_dalloc_small ... free - sqlite3VdbeDelete][@ sqlite3_close]

Categories

(Toolkit :: Storage, defect)

Product:
Toolkit
Component:
Storage
Version:
1.9.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: toufic_mouallem, Unassigned)

References

Details

(Keywords: crash, fixed1.9.0.11)

Crash Data

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

sometimes i can work for a long time without a crash and sometimes i can't work for a straight 5 minutes without experiencing a crash ... 
my browser crashes EVERY single day and this has been going on for a long time.
it should be noted that of all the times firefox crashed, the crash manager only appeared once and firefox has crashed over 50 times... literally 50 times!

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



AppName: firefox.exe	 AppVer: 1.9.0.3071	 ModName: mozcrt19.dll
ModVer: 8.0.0.0	 Offset: 00006c6c

AppName: firefox.exe	 AppVer: 1.9.0.3071	 ModName: js3250.dll
ModVer: 4.0.0.0	 Offset: 0000d5fd
Do you use a tablet PC ?
Do you also crash if you run Firefox in the firefox safemode ?
- http://kb.mozillazine.org/Safe_mode

Did you submit a crash report with the mozilla crash reporter ?
In that case enter about:crashes as URL in Firefox and post 1-3 crash ids .

i use a desktop computer.
firefox crashes in safe mode as well.

i have submitted crash reports and these are their ID's:
69ace8b8-4a10-11dd-8f71-001cc4e2bf68
3067142b-4a0b-11dd-9c84-001cc45a2ce4
d552d121-4943-11dd-83dd-0013211cbf8a
Looks like sqlite in all 3 stacks :

0  	mozcrt19.dll  	extent_tree_ad_s_RB_REMOVE  	 jemalloc.c:1988
1 	mozcrt19.dll 	arena_run_dalloc 	jemalloc.c:3228
2 	mozcrt19.dll 	arena_dalloc 	jemalloc.c:4200
3 	mozcrt19.dll 	free 	jemalloc.c:6009
4 	sqlite3.dll 	winAccess 	mozilla/db/sqlite3/src/sqlite3.c:19956
5 	sqlite3.dll 	winDelete 	
----------------------------------------------------------------------------
0  	mozcrt19.dll  	arena_dalloc_small  	 jemalloc.c:4094
1 	mozcrt19.dll 	arena_dalloc 	jemalloc.c:4196
2 	mozcrt19.dll 	free 	jemalloc.c:6009
3 	sqlite3.dll 	sqlite3VdbeDelete 	mozilla/db/sqlite3/src/sqlite3.c:36119
4 	sqlite3.dll 	sqlite3_finalize 	mozilla/db/sqlite3/src/sqlite3.c:36733
5 	sqlite3.dll 	sqlite3_exec 	mozilla/db/sqlite3/src/sqlite3.c:55883
6 	xul.dll 	mozStorageConnection::ExecuteSimpleSQL 	mozilla/storage/src/mozStorageConnection.cpp:326
7 	xul.dll 	xul.dll@0x85b013 	
8 	xul.dll 	mozStorageTransaction::mozStorageTransaction 	mozStorageHelper.h:76
9 	xul.dll 	nsCookieService::SetCookieStringInternal 	mozilla/netwerk/cookie/src/nsCookieService.cpp:717
10 	xul.dll 	nsCookieService::SetCookieStringFromHttp 	mozilla/netwerk/cookie/src/nsCookieService.cpp:676
.....

---------------------------------------------------------------------------
0  	sqlite3.dll  	sqlite3_close  	 mozilla/db/sqlite3/src/sqlite3.c:72158
1 	xul.dll 	mozStorageConnection::Close 	mozilla/storage/src/mozStorageConnection.cpp:205
2 	xul.dll 	mozStorageConnection::~mozStorageConnection 	mozilla/storage/src/mozStorageConnection.cpp:85
3 	xul.dll 	mozStorageConnection::Release 	mozilla/storage/src/mozStorageConnection.cpp:73
4 	xul.dll 	nsCOMPtr_base::~nsCOMPtr_base 	nsAutoPtr.h:956
5 	xul.dll 	mozStorageStatement::Release 	mozilla/storage/src/mozStorageStatement.cpp:88
6 	xul.dll 	nsCOMPtr_base::~nsCOMPtr_base 	nsAutoPtr.h:956
7 	xul.dll 	mozStorageStatementParams::Release 	mozilla/storage/src/mozStorageStatementWrapper.cpp:751
8 	xul.dll 	nsCOMPtr_base::~nsCOMPtr_base 	nsAutoPtr.h:956
Component: General → Storage
Keywords: crash
Product: Firefox → Toolkit
QA Contact: general → storage
Version: unspecified → 1.9.0 Branch
Are we sure it isn't also a jemalloc bug?
(In reply to comment #4)
> Are we sure it isn't also a jemalloc bug?

No, there isn't enough information available to be sure of that.  However, I don't think a jemalloc bug is the most likely cause, given what is known.  One of the crashes looks like it could be due to a double free, one looks like it could be due to memory corruption, and one does not appear to directly involve jemalloc.
another crash newly reported has the id:
015edc70-4ab1-11dd-8a35-001cc45a2ce4

it is very strange that crash reporter only showed 4 times and all the other crashes didn't show crash reporter
For ease of looking these up...
bp-69ace8b8-4a10-11dd-8f71-001cc4e2bf68
bp-3067142b-4a0b-11dd-9c84-001cc45a2ce4
bp-d552d121-4943-11dd-83dd-0013211cbf8a
bp-015edc70-4ab1-11dd-8a35-001cc45a2ce4
(future note: adding bp- before the crash report id will have bugzilla create the right link)

I'd be interested in knowing if these are still happening in 3.0.1 sine we upgrade sqlite to the latest available version (we have something that is a few months old for 3.0).
thanks for the note..

i am currently using version 3.0 the one from firefox.com
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
here's the Windows info about a Firefox crash which didn't trigger Crash Reporter:

AppName: firefox.exe	 AppVer: 1.9.0.3071	 ModName: mozcrt19.dll
ModVer: 8.0.0.0	 Offset: 00005cb2
I wonder if this is related to bug 444446?

If you keep seeing this, would you be willing to e-mail me your cookies db (not gonna have you attached it because personal information may be in there) so I can do some checking on it as well?
The bug in SQLite that causes this particular crash has been fixed.  Two other bugs that can also cause crashes when writing to corrupt database files were also found and fixed. See http://www.sqlite.org/cvstrac/tktview?tn=3209 for additional information.

While working on this problem I have come to realize that there are probably other undiscovered bugs in SQLite that can cause crashes when attempting to modify corrupt database files.  We'll be doing additional testing on this in the coming weeks.

The crash problem has been solved, but we still do not know how the database became corrupt in the first place.  Is that something we need to be concerned about?  (I'm guessing it is.)

Shawn, please communicate with me by email to figure out how to get you a new build of SQLite that contains the fix so that you can put that change into the FF tree.
I assume those fixes will make it into 3.6.0 due out next week?  If so, we can likely wait for that.

Both the cookie and the urlclassifier databases run with synchronous=OFF, so my guess is that is how it got corrupted.
Shawn, i was wondering how can i get version 3.0.1 of Firefox since u wrote about it in a previous post?
It's not yet released (soon though), and it doesn't contain the fix mentioned in comment 11.
There is a user on the german Firefox Forum with the same crash: bp-d4ac9d68-4d31-11dd-aa87-001a4bd43ef6
Summary: browser keeps crashing every once in a while unexpectedly → browser keeps crashing every once in a while unexpectedly [@ extent_tree_ad_s_RB_REMOVE ... free - winAccess][@ arena_dalloc_small ... free - sqlite3VdbeDelete][@ sqlite3_close]
Fixed by upgrading to sqlite 3.6.0
Depends on: 445042
Status: UNCONFIRMED → NEW
Ever confirmed: true
i just thought i'd say .. since i've updated to firefox 3.0.1 i haven't experienced any crashes, YET..
i'll be sure to reply if i experience another one again
(In reply to comment #17)
> i just thought i'd say .. since i've updated to firefox 3.0.1 i haven't
> experienced any crashes, YET..
> i'll be sure to reply if i experience another one again
The fix isn't in 3.0.1, so you may still hit it.
No longer depends on: 445042
Depends on: 449443
Fixed by the sqlite upgrade on mozilla-central.  I've nominated that for branch
as well.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
nevermind - sqlite got backed out
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
sqlite upgrade stuck this time.  Resolving as FIXED.
Status: REOPENED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
Fixed in 1.9.0.10 with bug 488710
Keywords: fixed1.9.0.10
Is there a corrupt Places db available that can be used to verify this fix for 1.9.0?
Crash Signature: [@ extent_tree_ad_s_RB_REMOVE ... free - winAccess] [@ arena_dalloc_small ... free - sqlite3VdbeDelete] [@ sqlite3_close]
You need to log in before you can comment on or make changes to this bug.