Crashes in nnotes.DbCompactExtended@20+60

hcl-bot · November 24, 2009, 4:35am

Dears,after upgrade from 6.5.4 to 8.0.2 FP1, we’re facing quite an increase (1000%) of Notes client crashes. Analysis with “Lotus Notes/Domino Fault Database” has shown, that more than 50% of the crashes are caused by automatic compacting of local replica of user’s mailbox at start up.

So far, we’ve tested FP1, FP2, FP3, upgrade the ODS to 48, recreate local replicas, but no improvement.

We use 6.5 mail template. Windows XP with Czech locale.

Has anybody same experience?

Backtrace looks on all clients the same:

############################################################

FATAL THREAD 2/3 [ntaskldr: 094c: 0bf4]

FP=0x03c9f0b4, PC=0x6081a47c, SP=0x03c9e7a4

stkbase=03ca0000, total stksize=262144, used stksize=6236

EAX=0x00000000, EBX=0x00000000, ECX=0x00000000, EDX=0x02c46c18

ESI=0x03c9f8c4, EDI=0x00000000, CS=0x0000001b, SS=0x00000023

DS=0x00000023, ES=0x00000023, FS=0x0000003b, GS=0x00000000 Flags=0x00010246

Exception code: c0000005 (ACCESS_VIOLATION)

############################################################

@[ 1] 0x6081a47c nnotes.DbCompactExtended@20+60 (3c9f8c4,0,0,0,0)

@[ 2] 0x6081bec3 nnotes.NSFDbCompactExtended4@24+131 (3c9f8c4,0,0,0,0,0)

@[ 3] 0x6081befe nnotes.NSFDbCompactExtended3@20+30 (3c9f8c4,0,0,0,0)

@[ 4] 0x6081bfca nnotes.NSFDbCompactExtended2@16+26 (3c9f8c4,0,0,0)

@[ 5] 0x6081bfe6 nnotes.NSFDbCompactExtended@12+22 (3c9f8c4,0,0)

@[ 6] 0x630843c7 ntlupdat.UpdateCollections@44+615 (3c9f8c4,10110000,0,0,0,0,0,0,0,0,0)

@[ 7] 0x63082184 ntlupdat.PerformRequest@20+404 (3c9f860,10110000,0,0,0)

@[ 8] 0x63082f1d ntlupdat.Update+2365 (2c54514,4c5c3a43,7375746f,746f4e5c,0)

@[ 9] 0x630835c2 ntlupdat.AddInMain@12+370 (0,0,0)

@[10] 0x63083659 ntlupdat.TaskEntry@8+25 (0,0)

@[11] 0x004014c1 ntaskldr.EntryFuncWrapper+17 (2c54514,0)

@[12] 0x601047fd nnotes.ThreadWrapper@4+173 (0)

[13] 0x7c80b729 kernel32.GetModuleFileNameA+442 (60104750)

############################################################

PASS 2 : FATAL THREAD with STACK FRAMES 2/3 [ntaskldr: 094c: 0bf4]

FP=03c9f0b4, PC=6081a47c, SP=03c9e7a4

stkbase=03ca0000, total stksize=262144, used stksize=6236

Exception code: c0000005 (ACCESS_VIOLATION)

############################################################

Disassembly of c. 10 instructions before and after faulting address 6081a47c:



    6081a45a 895df8           mov     [ebp+0xf8],ebx            ss:054d98d6=????????

    6081a45d 895dc8           mov     [ebp+0xc8],ebx            ss:054d98d6=????????

    6081a460 895d84           mov     [ebp+0x84],ebx            ss:054d98d6=????????

    6081a463 895dfc           mov     [ebp+0xfc],ebx            ss:054d98d6=????????

    6081a466 895dd8           mov     [ebp+0xd8],ebx            ss:054d98d6=????????

    6081a469 885d94           mov     [ebp+0x94],bl                   ss:054d98d6=??

    6081a46c e83fbe7fff       call    600162b0

    6081a471 8945cc           mov     [ebp+0xcc],eax            ss:054d98d6=????????

    6081a474 a16cc8ec60       mov     eax,[60ecc86c]            ds:60ecc86c=00000000

    6081a479 895db0           mov     [ebp+0xb0],ebx            ss:054d98d6=????????

FAULT ->6081a47c 66817832ff00 cmp word ptr [eax+0x32],0xff ds:0183a823=0000

    6081a482 895dc0           mov     [ebp+0xc0],ebx            ss:054d98d6=????????

    6081a485 895db4           mov     [ebp+0xb4],ebx            ss:054d98d6=????????

    6081a488 895dc4           mov     [ebp+0xc4],ebx            ss:054d98d6=????????

    6081a48b 7605             jbe     6081a492

    6081a48d e89e9e96ff       call    60184330

    6081a492 8b7508           mov     esi,[ebp+0x8]             ss:054d98d6=????????

    6081a495 56               push    esi

    6081a496 e8d5857fff       call    60012a70

    6081a49b 85c0             test    eax,eax

    6081a49d 7411             jz      6081a4b0

    6081a49f be20020000       mov     esi,0x220

hcl-bot · November 24, 2009, 12:03pm

Subject: Seems more related to ntaskldr

@[ 6] 0x630843c7 ntlupdat.UpdateCollections@44+615 (3c9f8c4,10110000,0,0,0,0,0,0,0,0,0)@[ 7] 0x63082184 ntlupdat.PerformRequest@20+404 (3c9f860,10110000,0,0,0)

@[ 8] 0x63082f1d ntlupdat.Update+2365 (2c54514,4c5c3a43,7375746f,746f4e5c,0)

@[ 9] 0x630835c2 ntlupdat.AddInMain@12+370 (0,0,0)

@[10] 0x63083659 ntlupdat.TaskEntry@8+25 (0,0)

@[11] 0x004014c1 ntaskldr.EntryFuncWrapper+17 (2c54514,0)

Maybe a conflict between the 2 tasks (Bad handle on the file)

JYR

hcl-bot · November 25, 2009, 2:36am

Subject: Buffer overflow or failed space allocation?

To me it looks more like (in order of probability):

a) buffer overflow over an _nsf (at 0x60ECC86C) pointer of nnotes.dll or

b) failure during memory allocation or initialization of the same variable, which is not check afterwards for NULL value.

c) race condition related to b)

d) race condition with Symantec’s SEP11

Any help appretiated. Hynek