591695 - Crash Report [@ extent_tree_ad_remove ]

Status: RESOLVED WORKSFORME

(Core :: Memory Allocator, defect)

Description

[Carsten Book [:Tomcat]]

Filed from chofmann's crash list. Windows only crash on Crash Report [@ extent_tree_ad_remove ] with a lot of entries for Firefox 4 Beta 4 - also crashes older branches.

http://crash-stats.mozilla.com/report/list?signature=extent_tree_ad_remove

Comments describe various scenarios but no clear one, will try to find a testcase

Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	mozcrt19.dll 	extent_tree_ad_remove 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:2028
1 	mozcrt19.dll 	huge_dalloc 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4892
2 	mozcrt19.dll 	free 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6066
3 	xul.dll 	_cairo_image_surface_finish 	gfx/cairo/cairo/src/cairo-image-surface.c:795
4 	xul.dll 	_moz_cairo_surface_finish 	gfx/cairo/cairo/src/cairo-surface.c:649
5 	xul.dll 	_moz_cairo_surface_destroy 	gfx/cairo/cairo/src/cairo-surface.c:581
6 	xul.dll 	_cairo_win32_surface_finish 	gfx/cairo/cairo/src/cairo-win32-surface.c:443
7 	xul.dll 	_moz_cairo_surface_finish 	gfx/cairo/cairo/src/cairo-surface.c:649
8 	xul.dll 	_moz_cairo_surface_destroy 	gfx/cairo/cairo/src/cairo-surface.c:581
9 	xul.dll 	_cairo_win32_scaled_font_show_glyphs 	gfx/cairo/cairo/src/cairo-win32-font.c:1480
10 	xul.dll 	_cairo_scaled_font_show_glyphs 	gfx/cairo/cairo/src/cairo-scaled-font.c:2103
11 	xul.dll 	_cairo_surface_show_text_glyphs 	gfx/cairo/cairo/src/cairo-surface.c:2632
12 		@0x469f017

Comment 1

[Benjamin Smedberg]

This crash signature is too generic to fix or block on, it means "memory corruption".

Comment 2

[chris hofmann]

sounds right.  we saw a unusual one day spike on these on beta 4 on 08/27.

date    tl_crashes,  count version, count version,...

20100824 80  ,56 3.6.8,5 4.0b3,5 3.6.3,2 4.0b4,2 3.5.11,1 4.0b2,1 4.0b1,
20100825 81  ,49 3.6.8,7 4.0b3,6 3.6.6,5 4.0b4,4 3.6.3,2 4.0b2,2 3.5.11,
20100826 90  ,47 3.6.8,18 4.0b4,5 3.5.11,4 3.6.6,3 3.6.3,3 3.6,2 4.0b3,
20100827 115  ,48 3.6.8,44 4.0b4,5 3.6.3,5 3.5.11,3 3.6.9,3 3.6.6,2 4.0b3,
20100828 94  ,60 3.6.8,8 4.0b4,8 3.5.11,3 3.6.6,2 4.0b5pre,2 4.0b3,2 4.0b2,
20100829 83  ,54 3.6.8,7 4.0b4,6 3.6.6,3 4.0b3,2 3.6.9,2 3.6.3,2 3.6.2,2 3.6,
20100830 76  ,54 3.6.8,7 4.0b4,4 3.5.11,3 3.6.9,2 3.6.6,2 3.6.3,2 3.6,1 3.6.2,

all 44 of the 4.0b4 crashes that day were of the form of the stack in comment 0. but it looks like those crashes have subsided.

Comment 3

[Scoobidiver (away)]

There is a spike in crashes on Windows 64-bit from 4.0b10pre/20110112.
It is #3 topcrasher on Windows 64-bit in this build.

The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4413ed6ba5a5&tochange=c0e05d518f57

Comment 4

[Mats Palmgren (inactive)]

Like bug 613716, the root problem might be bug 625315.

Comment 5

[Scoobidiver (away)]

> Like bug 613716, the root problem might be bug 625315.
It is still #2 top crasher in 64-bit 4.0b12pre/20110206.

Comment 6

[Makoto Kato [:m_kato]]

(In reply to comment #5)
> > Like bug 613716, the root problem might be bug 625315.
> It is still #2 top crasher in 64-bit 4.0b12pre/20110206.

This for x64 is fixed by bug 625753.  There is still a few crashes on 32-bit version.

Comment 7

[Sheila Mooney]

Appearing at #134 on FF 8.0 with over 1600 crashes in 4 weeks. Still valid but removing the top crash keyword.

Comment 8

[Robert Kaiser]

This signature has been rising on Nightly recently, see https://crash-stats.mozilla.com/report/list?signature=extent_tree_ad_remove

Comment 9

[Mats Palmgren (inactive)]

Looking at some of the crashes for recent FF versions the crash originates
from js::gc so I think that's a separate bug from the Cairo bug in comment 0.
It's probably better to file that as a new bug, and resolve this as WFM if
the Cairo path is gone.

Comment 10

[Tracy Walker [:tracy]]

per comment 9, I've filed bug 856720