Closed Bug 725280 Opened 12 years ago Closed 12 years ago

OOM crash in nsIDNServiceConstructor

Categories

(Core :: Networking: DNS, defect)

12 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 709860
Tracking Status
firefox12 --- affected

People

(Reporter: scoobidiver, Assigned: sworkman)

Details

(Keywords: crash, topcrash, Whiteboard: startupcrash)

Crash Data

It's a startup crash that first appeared in 12.0a1/20120125 with a bunch of other crash signatures that contain mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc.

The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=cfaee7b043f7&tochange=005488525c43
It might be a regression from bug 622232.

Signature 	mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsIDNServiceConstructor More Reports Search
UUID	e250b6df-cb36-455b-aca5-70ab22120204
Date Processed	2012-02-04 18:50:28
Uptime	0
Last Crash	1 seconds before submission
Install Age	14 seconds since version was first installed.
Install Time	2012-02-04 18:50:10
Product	Firefox
Version	13.0a1
Build ID	20120201031146
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 42 stepping 7
Crash Reason	EXCEPTION_BREAKPOINT
Crash Address	0x6ecb195f
Processor Notes 	WARNING: JSON file missing Add-ons
EMCheckCompatibility	False

Frame 	Module 	Signature [Expand] 	Source
0 	mozalloc.dll 	mozalloc_abort 	memory/mozalloc/mozalloc_abort.cpp:79
1 	mozalloc.dll 	mozalloc_handle_oom 	memory/mozalloc/mozalloc_oom.cpp:60
2 	mozalloc.dll 	moz_xrealloc 	
3 	xul.dll 	nsIDNServiceConstructor 	netwerk/build/nsNetModule.cpp:352
4 	xul.dll 	mozilla::GenericFactory::CreateInstance 	obj-firefox/xpcom/build/GenericFactory.cpp:48
5 	xul.dll 	nsComponentManagerImpl::CreateInstanceByContractID 	xpcom/components/nsComponentManager.cpp:1064
6 	xul.dll 	nsComponentManagerImpl::GetServiceByContractID 	xpcom/components/nsComponentManager.cpp:1466
7 	xul.dll 	nsCOMPtr_base::assign_from_gs_contractid 	obj-firefox/xpcom/build/nsCOMPtr.cpp:132
8 	xul.dll 	nsDNSService::Init 	netwerk/dns/nsDNSService2.cpp:455
9 	xul.dll 	nsDNSServiceConstructor 	netwerk/build/nsNetModule.cpp:85
10 	xul.dll 	mozilla::GenericFactory::CreateInstance 	obj-firefox/xpcom/build/GenericFactory.cpp:48
11 	xul.dll 	nsComponentManagerImpl::CreateInstanceByContractID 	xpcom/components/nsComponentManager.cpp:1064
12 	xul.dll 	nsComponentManagerImpl::GetServiceByContractID 	xpcom/components/nsComponentManager.cpp:1466
13 	xul.dll 	CallGetService 	obj-firefox/xpcom/build/nsComponentManagerUtils.cpp:94
14 	xul.dll 	nsCOMPtr_base::assign_from_gs_contractid_with_error 	obj-firefox/xpcom/build/nsCOMPtr.cpp:141
15 	xul.dll 	nsIOService::Init 	netwerk/base/src/nsIOService.cpp:202
16 	xul.dll 	nsIOService::GetInstance 	netwerk/base/src/nsIOService.cpp:334
17 	xul.dll 	nsIOServiceConstructor 	netwerk/build/nsNetModule.cpp:82
18 	xul.dll 	mozilla::GenericFactory::CreateInstance 	obj-firefox/xpcom/build/GenericFactory.cpp:48
19 	xul.dll 	nsComponentManagerImpl::CreateInstanceByContractID 	xpcom/components/nsComponentManager.cpp:1064
20 	xul.dll 	nsComponentManagerImpl::GetServiceByContractID 	xpcom/components/nsComponentManager.cpp:1466
21 	xul.dll 	nsCOMPtr_base::assign_from_gs_contractid 	obj-firefox/xpcom/build/nsCOMPtr.cpp:132
22 	xul.dll 	nsCOMPtr<nsIIOService>::nsCOMPtr<nsIIOService> 	obj-firefox/dist/include/nsCOMPtr.h:615
23 	xul.dll 	NS_NewURI 	
24 	xul.dll 	nsAppShellService::CreateHiddenWindow 	xpfe/appshell/src/nsAppShellService.cpp:132
25 	xul.dll 	nsAppStartup::CreateHiddenWindow 	toolkit/components/startup/nsAppStartup.cpp:189
26 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3462
27 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
28 	firefox.exe 	firefox.exe@0x4033 	
29 	firefox.exe 	__tmainCRTStartup 	crtexe.c:594
30 	firefox.exe 	_SEH_epilog4 	
31 	kernel32.dll 	BaseThreadInitThunk 	
32 	ntdll.dll 	__RtlUserThreadStart 	
33 	ntdll.dll 	RtlFindClearRuns 	
34 	kernel32.dll 	LoadStringByReference 	
35 	kernel32.dll 	LoadStringByReference 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28unsigned%20int%29%20|%20moz_xrealloc%20|%20nsIDNServiceConstructor
It's #13 top crasher in 12.0a2.
Keywords: topcrash
This only appears in 12, not on the trunk. Nobody has looked at it and it's high enough that I think it probably should be looked at. Tracking for 12.
Sheila, sorry I was looking into this on Tue but didn't have much to add yet.  Let me collate what I found so far and update here later.
Assignee: nobody → sworkman
Status: NEW → ASSIGNED
I discussed this with bsmedberg and jfkthame outside the bug and it seems very likely that the stack trace is corrupted a little due to compiler optimization: most likely moz_xmalloc is being called instead of moz_xrealloc, since it's a new object being created.  That being said, it doesn't help with the diagnosis of the problem.

I don't think it's the suggested patch causing the problem, since that patch was backed out after landing due to build bustage.  In any case, that patch shouldn't come into effect until the first page has completed loading, so it's also unlikely (albeit not impossible) that it could have caused it had it not been backed out.

Bsmedberg and jfkthame have suggested that it may be something that has corrupted the heap, writing the past of the end of allocated memory.  It's also possible that there's a bug in jemalloc, but I don't know enough about it to say more than that.  Since there's nothing obvious in the code as is, and the suggested patch was backed out, and nothing else looks obvious from the range of commits (from their descriptions at least), reproducing the issue and getting some debug data is next.

However, there's no obvious way to reproduce it; nothing to help in the comments, and nothing to help in the particular stack trace (not that I can see anyway).  I've tried just running Aurora from 2/25 (since a lot of crashes were seen with that build), but no crash in my VM.

Going to build on Windows and test using valgrind - a stab in the dark, but worth trying in the meantime.
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsIDNServiceConstructor] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsIDNServiceConstructor] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | nsIDNServiceConstructor]
No longer blocks: 622232
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Keywords: regression
Resolution: --- → DUPLICATE
Removing tracking flag for FF12 due to duplicate status. Will make the other bug tracking.
You need to log in before you can comment on or make changes to this bug.