Closed
Bug 484550
Opened 15 years ago
Closed 13 years ago
crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] - [@ nsFolderCompactState::Release]
Categories
(MailNews Core :: Backend, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: crash, topcrash-, Whiteboard: fixed by Bug 619358)
Crash Data
3.0b2 topcrash crash [@ arena_dalloc_small | arena_dalloc ][@ nsFolderCompactState::`vector deleting destructor'] bp-0ed9f42d-4260-49ed-819a-40cae2090320 0 mozcrt19.dll arena_dalloc_small jemalloc.c:4270 1 mozcrt19.dll arena_dalloc jemalloc.c:4393 2 mozcrt19.dll free jemalloc.c:6219 3 thunderbird.exe nsFolderCompactState::`vector deleting destructor' 4 thunderbird.exe nsFolderCompactState::Release nsMsgCompose.cpp:3238 5 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base nsCOMPtr.cpp:81 6 thunderbird.exe nsMsgDBFolder::AutoCompact nsMsgDBFolder.cpp:1764 7 thunderbird.exe nsMsgLocalMailFolder::EndMove nsLocalMailFolder.cpp:2725 8 thunderbird.exe nsCopyMessageStreamListener::EndCopy nsCopyMessageStreamListener.cpp:179 9 thunderbird.exe nsCopyMessageStreamListener::OnStopRequest nsCopyMessageStreamListener.cpp:190 10 thunderbird.exe nsImapCacheStreamListener::OnStopRequest nsImapProtocol.cpp:8115 11 thunderbird.exe nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:576 12 thunderbird.exe nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:401 13 xpcom_core.dll nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:111
|
Reporter | |
Comment 1•15 years ago
|
||
another compact, topcrash in both 3.0b2 and 3.0b3 requesting blocking
Flags: blocking-thunderbird3?
|
||
Comment 2•15 years ago
|
||
this looks like it could be either heap corruption, or a double free. I suspect this has to do with compacting imap offline stores, from that stack trace.
|
|
Reporter | |
Comment 3•15 years ago
|
||
it's only #30 in 3.0b3 ranking and doesn't appear in top 100 of 3.0b4pre. so topcrash- and removing blocking-thunderbird3?
|
||
Comment 4•15 years ago
|
||
I've start bumping these crashes on 3.1a during getting backtrace for Bug 505971
|
|
||
Comment 5•15 years ago
|
||
And this maybe just coincidence and I'm actually hit two different bugs, first was catched by windbg only here is stacktrace thunderbird!gfxFont::Draw+0x73 thunderbird!nsFontCache::GetMetricsFor+0xff thunderbird!nsThebesDeviceContext::GetMetricsFor+0x45 thunderbird!nsThebesRenderingContext::SetFont+0x28 thunderbird!nsLayoutUtils::SetFontFromStyle+0x32 thunderbird!nsTreeBodyFrame::GetItemWithinCellAt+0x3a thunderbird!nsTreeBodyFrame::GetCellAt+0xc4 thunderbird!nsTreeBodyFrame::GetCursor+0x2a thunderbird!nsEventStateManager::UpdateCursor+0x5a thunderbird!nsEventStateManager::PreHandleEvent+0x2bc thunderbird!PresShell::HandleEventInternal+0x17a thunderbird!PresShell::HandlePositionedEvent+0xc3 thunderbird!PresShell::HandleEvent+0x4d2 thunderbird!nsViewManager::HandleEvent+0x2f thunderbird!nsViewManager::DispatchEvent+0x60d thunderbird!HandleEvent+0x36 thunderbird!nsWindow::DispatchEvent+0x2d thunderbird!nsWindow::DispatchWindowEvent+0x13 thunderbird!nsWindow::DispatchMouseEvent+0x414 thunderbird!ChildWindow::DispatchMouseEvent+0x5d
|
|
Reporter | |
Comment 6•14 years ago
|
||
in crash-stats' new parlance, this is arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int) ex. bp-aa11fec3-0c4a-4e8c-b3ef-122092091111
Summary: crash [@ arena_dalloc_small | arena_dalloc ][@ nsFolderCompactState::`vector deleting destructor'] → crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
|
|
Reporter | |
Comment 7•13 years ago
|
||
recent example bp-9b3bdfa5-4d3c-415e-9111-3ea432101108 v3.1.6 0 mozcrt19.dll arena_dalloc_small objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:4104 1 mozcrt19.dll arena_dalloc objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:4227 2 mozcrt19.dll free objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:6017 3 thunderbird.exe nsFolderCompactState::`vector deleting destructor' 4 thunderbird.exe nsFolderCompactState::Release mailnews/compose/src/nsMsgCompose.cpp:3375 5 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81 6 thunderbird.exe nsMsgDBFolder::AutoCompact mailnews/base/util/nsMsgDBFolder.cpp:1848 7 thunderbird.exe nsMsgLocalMailFolder::EndMove mailnews/local/src/nsLocalMailFolder.cpp:2871 xref - (fixed) Bug 492662 - crash [@ nsFolderCompactState::FinishCompact()] - Bug 406851 - When folders get compacted, Thunderbird crashes [@ nsFolderCompactState::EndCopy(nsISupports*, unsigned int)] and index gets corrupted when BitDefender is running
Summary: crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] → crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] - [@ nsFolderCompactState::Release]
|
|
Reporter | |
Comment 8•13 years ago
|
||
timeless, anythoughts on related? or different? nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState() bp-57b6ca7d-df4d-411c-a6f4-b87e32101202 (jkclifford) EXCEPTION_ACCESS_VIOLATION_READ 0x8 0 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81 1 thunderbird.exe nsFolderCompactState::~nsFolderCompactState mailnews/base/src/nsMsgFolderCompactor.cpp:97 2 thunderbird.exe nsFolderCompactState::`vector deleting destructor' 3 thunderbird.exe nsFolderCompactState::Release mailnews/compose/src/nsMsgCompose.cpp:3375 4 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81 5 thunderbird.exe nsMsgDBFolder::AutoCompact mailnews/base/util/nsMsgDBFolder.cpp:1848 6 thunderbird.exe nsMsgLocalMailFolder::EndMove mailnews/local/src/nsLocalMailFolder.cpp:2871 7 thunderbird.exe nsCopyMessageStreamListener::EndCopy mailnews/base/src/nsCopyMessageStreamListener.cpp:179 8 thunderbird.exe nsCopyMessageStreamListener::OnStopRequest mailnews/base/src/nsCopyMessageStreamListener.cpp:190
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
|
|
Reporter | |
Comment 10•13 years ago
|
||
bienvienu, This crash has greatly increased numbers for v3.1.10+v3.1.11 [1], and coincidentally NO crashes for v5 [2]. So, perhaps the "gap" of v3.1.10+v3.1.11 for Bug 673904 - crash during compact [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`scalar deleting - is taken up by increase numbers of this bug, but I don't know why. But this would also mean that bug 673904's numbers might be inflated and not totally a result of switching on compact in v5. [1] https://crash-stats.mozilla.com/report/list?product=Thunderbird&query_search=signature&query_type=contains&query=Compact&reason_type=contains&date=07%2F25%2F2011%2010%3A34%3A38&range_value=6&range_unit=weeks&hang_type=any&process_type=any&do_query=1&admin=1&signature=arena_dalloc_small%20%7C%20arena_dalloc%20%7C%20free%20%7C%20nsFolderCompactState%3A%3A%60vector%20deleting%20destructor%27%27%28unsigned%20int%29 [2] https://crash-stats.mozilla.com/query/query?product=Thunderbird&version=Thunderbird%3A8.0a1&version=Thunderbird%3A7.0a2&version=Thunderbird%3A7.0a1&version=Thunderbird%3A6.0a2&version=Thunderbird%3A6.0&version=Thunderbird%3A5.0b2pre&version=Thunderbird%3A5.0b2&version=Thunderbird%3A5.0b1&version=Thunderbird%3A5.0&range_value=4&range_unit=weeks&date=07%2F25%2F2011+11%3A00%3A03&query_search=signature&query_type=exact&query=arena_dalloc_small+%7C+arena_dalloc+%7C+free+%7C+nsFolderCompactState%3A%3A%60vector+deleting+destructor%27%27%28unsigned+int%29&reason=&build_id=&hang_type=any&do_query=1
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release] → [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
|
|
Reporter | |
Comment 11•13 years ago
|
||
because this is gone in version 5, perhaps a more plausible interpretation (vs comment 10) is this crash was fixed by Bug 619358 and also gone in version 5 is nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState()
Status: NEW → RESOLVED
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release] → [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
[@ nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState() ]
Closed: 13 years ago
Depends on: 619358
Resolution: --- → FIXED
Whiteboard: fixed by Bug 619358
You need to log in
before you can comment on or make changes to this bug.
Description
•