Closed
Bug 484550
Opened 16 years ago
Closed 13 years ago
crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] - [@ nsFolderCompactState::Release]
Categories
(MailNews Core :: Backend, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: crash, topcrash-, Whiteboard: fixed by Bug 619358)
Crash Data
3.0b2 topcrash
crash [@ arena_dalloc_small | arena_dalloc ][@ nsFolderCompactState::`vector deleting destructor']
bp-0ed9f42d-4260-49ed-819a-40cae2090320
0 mozcrt19.dll arena_dalloc_small jemalloc.c:4270
1 mozcrt19.dll arena_dalloc jemalloc.c:4393
2 mozcrt19.dll free jemalloc.c:6219
3 thunderbird.exe nsFolderCompactState::`vector deleting destructor'
4 thunderbird.exe nsFolderCompactState::Release nsMsgCompose.cpp:3238
5 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base nsCOMPtr.cpp:81
6 thunderbird.exe nsMsgDBFolder::AutoCompact nsMsgDBFolder.cpp:1764
7 thunderbird.exe nsMsgLocalMailFolder::EndMove nsLocalMailFolder.cpp:2725
8 thunderbird.exe nsCopyMessageStreamListener::EndCopy nsCopyMessageStreamListener.cpp:179
9 thunderbird.exe nsCopyMessageStreamListener::OnStopRequest nsCopyMessageStreamListener.cpp:190
10 thunderbird.exe nsImapCacheStreamListener::OnStopRequest nsImapProtocol.cpp:8115
11 thunderbird.exe nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:576
12 thunderbird.exe nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:401
13 xpcom_core.dll nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:111
Reporter | ||
Comment 1•15 years ago
|
||
another compact, topcrash in both 3.0b2 and 3.0b3
requesting blocking
Flags: blocking-thunderbird3?
Comment 2•15 years ago
|
||
this looks like it could be either heap corruption, or a double free. I suspect this has to do with compacting imap offline stores, from that stack trace.
Reporter | ||
Comment 3•15 years ago
|
||
it's only #30 in 3.0b3 ranking and doesn't appear in top 100 of 3.0b4pre. so topcrash- and removing blocking-thunderbird3?
Comment 4•15 years ago
|
||
I've start bumping these crashes on 3.1a during getting backtrace for Bug 505971
Comment 5•15 years ago
|
||
And this maybe just coincidence and I'm actually hit two different bugs, first was catched by windbg only here is stacktrace
thunderbird!gfxFont::Draw+0x73
thunderbird!nsFontCache::GetMetricsFor+0xff
thunderbird!nsThebesDeviceContext::GetMetricsFor+0x45
thunderbird!nsThebesRenderingContext::SetFont+0x28
thunderbird!nsLayoutUtils::SetFontFromStyle+0x32
thunderbird!nsTreeBodyFrame::GetItemWithinCellAt+0x3a
thunderbird!nsTreeBodyFrame::GetCellAt+0xc4
thunderbird!nsTreeBodyFrame::GetCursor+0x2a
thunderbird!nsEventStateManager::UpdateCursor+0x5a
thunderbird!nsEventStateManager::PreHandleEvent+0x2bc
thunderbird!PresShell::HandleEventInternal+0x17a
thunderbird!PresShell::HandlePositionedEvent+0xc3
thunderbird!PresShell::HandleEvent+0x4d2
thunderbird!nsViewManager::HandleEvent+0x2f
thunderbird!nsViewManager::DispatchEvent+0x60d
thunderbird!HandleEvent+0x36
thunderbird!nsWindow::DispatchEvent+0x2d
thunderbird!nsWindow::DispatchWindowEvent+0x13
thunderbird!nsWindow::DispatchMouseEvent+0x414
thunderbird!ChildWindow::DispatchMouseEvent+0x5d
Reporter | ||
Comment 6•15 years ago
|
||
in crash-stats' new parlance, this is
arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)
ex. bp-aa11fec3-0c4a-4e8c-b3ef-122092091111
Summary: crash [@ arena_dalloc_small | arena_dalloc ][@ nsFolderCompactState::`vector deleting destructor'] → crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
Reporter | ||
Comment 7•14 years ago
|
||
recent example
bp-9b3bdfa5-4d3c-415e-9111-3ea432101108 v3.1.6
0 mozcrt19.dll arena_dalloc_small objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:4104
1 mozcrt19.dll arena_dalloc objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:4227
2 mozcrt19.dll free objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:6017
3 thunderbird.exe nsFolderCompactState::`vector deleting destructor'
4 thunderbird.exe nsFolderCompactState::Release mailnews/compose/src/nsMsgCompose.cpp:3375
5 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81
6 thunderbird.exe nsMsgDBFolder::AutoCompact mailnews/base/util/nsMsgDBFolder.cpp:1848
7 thunderbird.exe nsMsgLocalMailFolder::EndMove mailnews/local/src/nsLocalMailFolder.cpp:2871
xref
- (fixed) Bug 492662 - crash [@ nsFolderCompactState::FinishCompact()]
- Bug 406851 - When folders get compacted, Thunderbird crashes [@ nsFolderCompactState::EndCopy(nsISupports*, unsigned int)] and index gets corrupted when BitDefender is running
Summary: crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] → crash [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)] - [@ nsFolderCompactState::Release]
Reporter | ||
Comment 8•14 years ago
|
||
timeless,
anythoughts on related? or different?
nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState()
bp-57b6ca7d-df4d-411c-a6f4-b87e32101202 (jkclifford)
EXCEPTION_ACCESS_VIOLATION_READ
0x8
0 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81
1 thunderbird.exe nsFolderCompactState::~nsFolderCompactState mailnews/base/src/nsMsgFolderCompactor.cpp:97
2 thunderbird.exe nsFolderCompactState::`vector deleting destructor'
3 thunderbird.exe nsFolderCompactState::Release mailnews/compose/src/nsMsgCompose.cpp:3375
4 xpcom_core.dll nsCOMPtr_base::~nsCOMPtr_base objdir-tb/mozilla/xpcom/build/nsCOMPtr.cpp:81
5 thunderbird.exe nsMsgDBFolder::AutoCompact mailnews/base/util/nsMsgDBFolder.cpp:1848
6 thunderbird.exe nsMsgLocalMailFolder::EndMove mailnews/local/src/nsLocalMailFolder.cpp:2871
7 thunderbird.exe nsCopyMessageStreamListener::EndCopy mailnews/base/src/nsCopyMessageStreamListener.cpp:179
8 thunderbird.exe nsCopyMessageStreamListener::OnStopRequest mailnews/base/src/nsCopyMessageStreamListener.cpp:190
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
Reporter | ||
Comment 10•13 years ago
|
||
bienvienu,
This crash has greatly increased numbers for v3.1.10+v3.1.11 [1], and coincidentally NO crashes for v5 [2]. So, perhaps the "gap" of v3.1.10+v3.1.11 for Bug 673904 - crash during compact [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`scalar deleting - is taken up by increase numbers of this bug, but I don't know why. But this would also mean that bug 673904's numbers might be inflated and not totally a result of switching on compact in v5.
[1] https://crash-stats.mozilla.com/report/list?product=Thunderbird&query_search=signature&query_type=contains&query=Compact&reason_type=contains&date=07%2F25%2F2011%2010%3A34%3A38&range_value=6&range_unit=weeks&hang_type=any&process_type=any&do_query=1&admin=1&signature=arena_dalloc_small%20%7C%20arena_dalloc%20%7C%20free%20%7C%20nsFolderCompactState%3A%3A%60vector%20deleting%20destructor%27%27%28unsigned%20int%29
[2] https://crash-stats.mozilla.com/query/query?product=Thunderbird&version=Thunderbird%3A8.0a1&version=Thunderbird%3A7.0a2&version=Thunderbird%3A7.0a1&version=Thunderbird%3A6.0a2&version=Thunderbird%3A6.0&version=Thunderbird%3A5.0b2pre&version=Thunderbird%3A5.0b2&version=Thunderbird%3A5.0b1&version=Thunderbird%3A5.0&range_value=4&range_unit=weeks&date=07%2F25%2F2011+11%3A00%3A03&query_search=signature&query_type=exact&query=arena_dalloc_small+%7C+arena_dalloc+%7C+free+%7C+nsFolderCompactState%3A%3A%60vector+deleting+destructor%27%27%28unsigned+int%29&reason=&build_id=&hang_type=any&do_query=1
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release] → [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
Reporter | ||
Comment 11•13 years ago
|
||
because this is gone in version 5, perhaps a more plausible interpretation (vs comment 10) is this crash was fixed by Bug 619358
and also gone in version 5 is nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState()
Status: NEW → RESOLVED
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release] → [@ arena_dalloc_small | arena_dalloc | free | nsFolderCompactState::`vector deleting destructor''(unsigned int)]
[@ nsFolderCompactState::Release]
[@ nsCOMPtr_base::~nsCOMPtr_base() | nsFolderCompactState::~nsFolderCompactState() ]
Closed: 13 years ago
Depends on: 619358
Resolution: --- → FIXED
Whiteboard: fixed by Bug 619358
You need to log in
before you can comment on or make changes to this bug.
Description
•