Closed
Bug 95410
Opened 23 years ago
Closed 23 years ago
N621 crash [@ nsLargeHeapChunk::UpdateLargestFreeBlock]
Categories
(MailNews Core :: Backend, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla0.9.9
People
(Reporter: greer, Assigned: pavlov)
References
Details
(Keywords: crash, qawanted, topcrash)
Crash Data
Attachments
(2 files)
Topcrash reports show users crashing at with this stack among others. I will
include an attachment with a cross-section of stack traces. This one may prove
hard to reproduce. The most common crashes seem to be associated with sending
mail, but this may need to be reassigned.
nsLargeHeapChunk::UpdateLargestFreeBlock()
[nsLargeHeapAllocator.cp]
nsLargeHeapAllocator::AllocatorFreeBlock()
[nsLargeHeapAllocator.cp]
free() [nsAllocatorManager.cp]
realloc() [nsAllocatorManager.cp]
PR_Realloc() [prmem.c line 57]
nsMemoryImpl::Realloc() [nsMemoryImpl.cpp line 315]
nsMemory::Realloc() [nsMemoryImpl.cpp line 550]
HaveDecodedRow() [nsGIFDecoder2.cpp line 424]
output_row() [GIF2.cpp line 198]
do_lzw() [GIF2.cpp line 397]
gif_write() [GIF2.cpp line 823]
nsGIFDecoder2::ProcessData() [nsGIFDecoder2.cpp line 205]
ReadDataOut() [nsGIFDecoder2.cpp line 153]
nsPipe::ReadSegments() [nsPipe2.cpp line 411]
nsGIFDecoder2::WriteFrom() [nsGIFDecoder2.cpp line 220]
imgRequest::OnDataAvailable() [imgRequest.cpp line 739]
ProxyListener::OnDataAvailable() [imgLoader.cpp line 386]
nsHttpChannel::OnDataAvailable() [nsHttpChannel.cpp line 2148]
nsOnDataAvailableEvent::HandleEvent() [nsStreamListenerProxy.cpp
line 177]
nsARequestObserverEvent::HandlePLEvent()
[nsRequestObserverProxy.cpp line 63]
PL_HandleEvent() [plevent.c line 590]
Comments:
(34031217) opening another application
(34021229) Comments: Trying to reply to AOL instant messenger email
confirmation. After typing OK as the body of my reply clicking on the "send"
button caused the application to quit with the error type 2 message displayed
(34017272) Comments: sending e-mail using Communicator
(34013472) URL: www.netscape.com
(34013472) Comments: Trying to check to see if RealPlayer was installed.
(34003013) Comments: I was sending a reply to AOL confirming my instant
messenger
(33997560) Comments: a Geocities site was loading.... Netscape went CRASH
(33989399) Comments: Trying to send email I composed
(33968104) Comments: I was sending an email
(33965794) Comments: attempting to send email to a list of 60 people
(33948793) Comments: reading mail
(33947307) Comments: sending email
(33943401) Comments: opening a web link
(33940815) Comments: replying and sending an email
(33932701) Comments: Loading AOL Instant Messenger
(33932593) Comments: It's definitely a consistent problem! Netscape Comm
6.1 crashed as soon as I hit "Send" losing the E-mail.
(33931814) Comments: I'd just hit "send" after Replying to an E-mail.
(33924410) Comments: sending e-mail
(33915547) Comments: replying to the same email - adios going back to other
browser
(33915436) Comments: replying to email
(33915340) Comments: sending email
(33905008) Comments: i was sending an email
(33887583) Comments: composing an email on a DEADLINE--this is the second
crash and I'm becoming VERY irritated!!
(33885923) Comments: Again I was trying to import my mail from
Eudora...grumble grumble...
(33882017) Comments: Trying to import my mail messages from Eudora...for
the third time today. C'mon guys it's not that difficult to do!
(33872956) Comments: Sending mail
Comment 2•23 years ago
|
||
gifdecodder --> image lib --> pavlov
The comments from today's data are similar to those previously listed, but
today we also have the following stack.
nsLargeHeapChunk::UpdateLargestFreeBlock()
[nsLargeHeapAllocator.cp]
nsLargeHeapAllocator::AllocatorMakeBlock()
[nsLargeHeapAllocator.cp]
malloc() [nsAllocatorManager.cp]
PR_Malloc() [prmem.c line 38]
nsZipArchive::InflateItem() [nsZipArchive.cpp line 1125]
nsZipArchive::ReadInit() [nsZipArchive.cpp line 481]
nsJARInputStream::Init() [nsJARInputStream.cpp line 120]
nsJAR::GetInputStream() [nsJAR.cpp line 338]
nsJARChannel::GetInputStream() [nsJARChannel.cpp line 670]
nsFileTransport::Process() [nsFileTransport.cpp line 672]
nsFileTransport::Run() [nsFileTransport.cpp line 636]
nsThreadPoolRunnable::Run() [nsThread.cpp line 870]
nsThread::Main() [nsThread.cpp line 105]
_PR_UserRunThread() [pruthr.c line 489]
_PR_UserDestroyThread() [pruthr.c line 360]
Attaching comments below to help find reproducible steps.
Comment 5•23 years ago
|
||
Pav/Gagan - How close are we to fixing this one? Looks a good one to take, when
its baked.
Assignee | ||
Comment 6•23 years ago
|
||
accepting
Assignee | ||
Comment 7•23 years ago
|
||
Simon and I looked at this... this looks like heap corruption in many different
places.
We need a reproducable testcase. I don't believe this is imagelib specific as
the talkback stacks show this happening in numerous places.
Status: ASSIGNED → NEW
Assignee | ||
Comment 8•23 years ago
|
||
I've filed bug 100470 and posted a patch in there which hopefully will help some
of this... It cleans up the GIF decoder a little bit and more carefully checks
all allocations and properly returns errors when it is supposed to.
I don't know that this will solve the problem, but one can hope.
Assignee | ||
Comment 9•23 years ago
|
||
marking nsbranch-. I don't have a mac or any way to reproduce this.
Assignee | ||
Updated•23 years ago
|
Target Milestone: mozilla0.9.5 → ---
Reporter | ||
Comment 10•23 years ago
|
||
Still happening in N620. Updating summary.
Today's comments:
N620 : 13
(37849264) - MacOS version 8.6: updating profile
(37768593) - MacOS version 8.6: I am attempting to move from 4.5 to
6.2. So far 4.5 is a lot better. This is frustrating. Nothing seems to
work This upgrade is a total zero.
(37712970) - MacOS version 9.1: www.summitcds.org/merrill opening the
page
(37807816) - MacOS version 9.2.1: Transferring a few hundred emails
from one IMAP folder to another on another IMAP account.
(37760075) - MacOS version 9.2.1: http://darkice.sourceforge.net Had
loaded the page started typing into the adress field then chose
preferences from the edit menu
(37597518) - MacOS version 9.1: going to fast on the internet. Closing
files to fast.
Summary: N610 crash [@ nsLargeHeapChunk::UpdateLargestFreeBlock()] → N620 crash [@ nsLargeHeapChunk::UpdateLargestFreeBlock()]
Comment 11•23 years ago
|
||
what are the chances this will be addressed before M1.0?
No longer blocks: 107067
Comment 12•23 years ago
|
||
Do we have more recent data? Without steps to repro, the chances of us fixing
this are small.
Reporter | ||
Comment 13•23 years ago
|
||
Here's what I see from today's raw data:
- N621 : 0
- M097 : 1
2001122106 (2413510) - clicking submit on keyword search in bugzilla
MacOS version 8.6
- M098 : 0
- Trunk : 0
It looks like we are data poor and that might be a good thing. M098 is still
pretty fresh, but it looks like this one may have dropped off the charts.
Assignee | ||
Updated•23 years ago
|
Target Milestone: --- → Future
Comment 14•23 years ago
|
||
updating summary with N621, since this is also at topcrasher with Netscape 6.21:
nsLargeHeapChunk::UpdateLargestFreeBlock 29
95410 NEW pavlov@netscape.com --- 2001-11-14
BBID range: 1568018 - 1961900
Min/Max Seconds since last crash: 1 - 261460
Min/Max Runtime: 1 - 445889
Crash data range: 2002-01-12 to 2002-01-22
Build ID range: 2001113009 to 2001113009
Keyword List :
Stack Trace:
nsLargeHeapChunk::UpdateLargestFreeBlock()
[nsLargeHeapAllocator.cp]
nsLargeHeapAllocator::AllocatorResizeBlock()
[nsLargeHeapAllocator.cp]
realloc()
[nsAllocatorManager.cp]
PR_Realloc()
[prmem.c line 73]
nsMemoryImpl::Realloc()
[nsMemoryImpl.cpp line 315]
nsMemory::Realloc()
[nsMemoryImpl.cpp line 550]
HaveDecodedRow()
[nsGIFDecoder2.cpp line 424]
output_row()
[GIF2.cpp line 198]
do_lzw()
[GIF2.cpp line 397]
gif_write()
[GIF2.cpp line 823]
nsGIFDecoder2::ProcessData()
[nsGIFDecoder2.cpp line 205]
ReadDataOut()
[nsGIFDecoder2.cpp line 153]
nsInputStreamTee::WriteSegmentFun()
[nsInputStreamTee.cpp line 78]
nsPipe::ReadSegments()
[nsPipe2.cpp line 411]
nsInputStreamTee::ReadSegments()
[nsInputStreamTee.cpp line 134]
nsGIFDecoder2::WriteFrom()
[nsGIFDecoder2.cpp line 220]
imgRequest::OnDataAvailable()
[imgRequest.cpp line 793]
ProxyListener::OnDataAvailable()
[imgLoader.cpp line 465]
nsStreamListenerTee::OnDataAvailable()
[nsStreamListenerTee.cpp line 56] (1961900) URL: www.boston.com
(1961900) Comments: going inside the site
(1947673) Comments: Staring up Netscape.
(1947514) Comments: on spanish site downloading roms for 64 emulator
(1872231) URL: diney.go.com
(1872231) Comments: clicking on a link to go to disney's animal kingdom homepage
(1854167) Comments: Restart an increase memory
(1754393) Comments: surfing
(1702982) Comments: unattended
(1682006) Comments: searching
(1673589) Comments: Emailing!
(1651458) Comments: Nothing at all! Using Photoshop>>>>
(1605926)
Comments: I was reading & posting in a delphi forum. delphi.comI am not at all
sure what happened. But I know I never problems with this much frequency with
Netscape 4.72.
(1573238) Comments: Looking flash movie
(1568018) Comments: clicked on return from a web Swedish web site
Since that release, I only see a few incidents with M097 and only a couple with
MozillaTrunk builds in the last 30 days.
M097 incident:
Incident ID 2413510
Stack Signature nsLargeHeapChunk::UpdateLargestFreeBlock() b8e9cafa
Trigger Time 2002-02-02 00:25:17
Email Address
URL visited
User Comments clicking submit on keyword search in bugzilla
Build ID 2001122106
Product ID MozillaBranch
Platform
Operating System MacOS
Module
Trigger Reason PowerPC access violation
Stack Trace
nsLargeHeapChunk::UpdateLargestFreeBlock() [nsLargeHeapAllocator.cp]
nsLargeHeapAllocator::AllocatorMakeBlock() [nsLargeHeapAllocator.cp]
malloc() [nsAllocatorManager.cp]
PR_Malloc() [prmem.c, line 54]
nsMemoryImpl::Alloc() [nsMemoryImpl.cpp, line 320]
nsMemory::Alloc() [nsMemory.cpp, line 81]
nsStr::Alloc() [nsStr.cpp, line 695]
nsStr::Realloc() [nsStr.cpp, line 723]
nsStr::EnsureCapacity() [nsStr.cpp, line 117]
nsStr::GrowCapacity() [nsStr.cpp, line 147]
nsCString::SetCapacity() [nsString.cpp, line 200]
nsCString::SetLength() [nsString.cpp, line 180]
nsACString::do_AppendFromReadable() [nsAString.cpp, line 877]
nsACString::do_AppendFromElementPtr() [nsAString.cpp, line 887]
nsCAutoString::nsCAutoString() [nsString.cpp, line 1363]
Necko.shlb + 0x31368 (0x1be6b4f8)
Necko.shlb + 0x2fc90 (0x1be69e20)
uriloader.shlb + 0x8b4 (0x1a6eeaf4)
Necko.shlb + 0x54a04 (0x1be8eb94)
Necko.shlb + 0x65fe0 (0x1bea0170)
Necko.shlb + 0x4d96c (0x1be87afc)
Necko.shlb + 0x5924c (0x1be933dc)
MozillaTrunk incident:
Incident ID 2594573
Stack Signature nsLargeHeapChunk::UpdateLargestFreeBlock() ccf8da6a
Trigger Time 2002-02-06 12:51:23
Email Address
URL visited
User Comments
Build ID 2002013108
Product ID MozillaTrunk
Platform
Operating System MacOS
Module
Trigger Reason PowerPC unmapped memory exception
Stack Trace
nsLargeHeapChunk::UpdateLargestFreeBlock() [nsLargeHeapAllocator.cp]
nsLargeHeapAllocator::AllocatorFreeBlock() [nsLargeHeapAllocator.cp]
free() [nsAllocatorManager.cp]
PL_DHashFreeTable() [pldhash.c, line 69]
PL_DHashTableFinish() [pldhash.c, line 328]
content.shlb + 0x2bbefc (0x3abdcf0c)
content.shlb + 0x2cc6cc (0x3abed6dc)
content.shlb + 0x26727c (0x3ab8828c)
content.shlb + 0x267ca0 (0x3ab88cb0)
content.shlb + 0x96888 (0x3a9b7898)
content.shlb + 0x96de0 (0x3a9b7df0)
nsCOMPtr_base::~nsCOMPtr_base() [nsCOMPtr.cpp, line 64]
layout.shlb + 0xdef4 (0x3a6e4ea4)
layout.shlb + 0xccb0 (0x3a6e3c60)
layout.shlb + 0xe170 (0x3a6e5120)
content.shlb + 0x89630 (0x3a9aa640)
content.shlb + 0x89820 (0x3a9aa830)
XPConnect.shlb + 0x38578 (0x3daa0f88)
dom.shlb + 0x5c4c (0x3c7e7a3c)
js_GC() [jsgc.c, line 1334]
js_ForceGC() [jsgc.c, line 961]
JS_GC() [jsapi.c, line 1634]
dom.shlb + 0x5a80 (0x3c7e7870)
nsTimerImpl::Process() [nsTimerImpl.cpp, line 248]
handleMyEvent() [nsTimerImpl.cpp, line 286]
PL_HandleEvent() [plevent.c, line 590]
PL_ProcessPendingEvents() [plevent.c, line 520]
I admit we don't have a lot of info about this crash...and no way to reproduce,
but we know it's still happening. Adding qawanted keyword to see if anyone can
reproduce this somehow.
Keywords: qawanted
Summary: N620 crash [@ nsLargeHeapChunk::UpdateLargestFreeBlock()] → N621 crash [@ nsLargeHeapChunk::UpdateLargestFreeBlock]
Comment 15•23 years ago
|
||
The problem here is that the stack doesn't show us where the bug is. The bug is
some kind of random heap-trashing bug, which could be anywhere in the code.
Comment 17•23 years ago
|
||
This may have been fixed by the fix for bug 124517. We need to see talkback data
for builds after 12 Feb.
Comment 18•23 years ago
|
||
I searched talkback and the last report with this stack signature is from build
2002020603. I'm guessing this is fixed.
Assignee | ||
Comment 19•23 years ago
|
||
marking fixed
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Target Milestone: Future → mozilla0.9.9
QA Contact: esther → stephend
2002-02-06-03 is still the last build that this stack crashes in.
Looking through the comments, they are pretty much everyday operations, and if
the crash was still there, this would've shown up again in the Talkback logs.
Verified FIXED (for lack of a 100% testcase)...
Status: RESOLVED → VERIFIED
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
Updated•13 years ago
|
Crash Signature: [@ nsLargeHeapChunk::UpdateLargestFreeBlock]
You need to log in
before you can comment on or make changes to this bug.
Description
•