Closed Bug 82241 Opened 24 years ago Closed 24 years ago

assertion & crash from pthreads, multiple monitor entry [crash @nsHttpConnection::ActivateConnection]

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: old-mozilla, Assigned: darin.moz)

References

Details

(Keywords: crash)

Attachments

(3 files)

should fix the problem
(deleted), patch
Details | Diff | Splinter Review
revised patch to fix that other crash
(deleted), patch
Details | Diff | Splinter Review
revised patch per bbaetz's comments
(deleted), patch
Details | Diff | Splinter Review
This is from a cvs build, pull completed on Tue May 22 09:39:18 CDT 2001, running on RHL 7.1 x86 on an SMP machine. I've marked it as sev minor because it's not very repeatable and I've no idea how to actually *cause* it to happen, but it's happened twice just doing normal daily browsing with more than one active window. Miraculously it actually produced a core file both times! Sadly GDB can only seem to find the main thread in the core file, and going back to it a second time causes GDB to assert.... I really miss multi-threaded debug on AIX, it's rock solid. :( I've saved the corefile and the entire dist directory so I can do additional poking at the core, or provide it to anyone that wants it. Assertion failure: 0 == mon->entryCount, at pthreads/./ptsynch.c:480 /usr/src/moz/mozilla/dist/bin/run-mozilla.sh: line 72: 24716 Aborted (core dumped) $prog ${1+"$@"} Oh no! /usr/src/moz/mozilla/dist/bin/mozilla-bin just dumped a core file. Do you want to debug this ? You need a lot of memory for this, so watch out ? [y/n] y which: no ddd in (/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/home/cabbey/bin) /usr/bin/gdb /usr/src/moz/mozilla/dist/bin/mozilla-bin core GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Core was generated by `/usr/src/moz/mozilla/dist/bin/mozilla-bin'. Program terminated with signal 6, Aborted. Reading symbols from /usr/src/moz/mozilla/dist/bin/libgkgfx.so...done. Loaded symbols for /usr/src/moz/mozilla/dist/bin/libgkgfx.so [...bunch more libs loaded...] Loaded symbols for /usr/src/moz/mozilla/dist/bin/libnspr4.so Reading symbols from /lib/i686/libpthread.so.0...done. warning: Unable to set global thread event mask: generic error [New Thread 1024 (LWP 24716)] Error while reading shared library symbols: Cannot enable thread event reporting for Thread 1024 (LWP 24716): generic error Reading symbols from /lib/libdl.so.2...done. [...lots more loading....] Loaded symbols for /usr/src/moz/mozilla/dist/bin/components/libmork.so #0 0x42f3ae6d in ?? () (gdb) bt #0 0x42f3ae6d in ?? () #1 0x40bc1da8 in nsCOMPtr<nsIRequest>::assign_from_helper (this=0xbffff280, helper=@0xbffff270, aIID=@0x40bf7320) at ../../../../dist/include/nsCOMPtr.h:971 #2 0x40bc17ed in nsCOMPtr<nsIRequest>::nsCOMPtr (this=0xbffff280, helper=@0xbffff270) at ../../../../dist/include/nsCOMPtr.h:564 #3 0x40bc0c85 in nsCOMPtr<nsIRequest>::Assert_NoQueryNeeded (this=0x413dac8c) at ../../../../dist/include/nsCOMPtr.h:499 #4 0x40bbfde0 in nsGetterAddRefs<nsIRequest>::~nsGetterAddRefs (this=0xbffff2d4, __in_chrg=2) at ../../../../dist/include/nsCOMPtr.h:1053 #5 0x40b98783 in nsHttpConnection::ActivateConnection (this=0x413dac70) at nsHttpConnection.cpp:359 #6 0x40b97cd5 in nsHttpConnection::SetTransaction (this=0x413dac70, transaction=0x422d2868) at nsHttpConnection.cpp:152 #7 0x40b92076 in nsHttpHandler::InitiateTransaction (this=0x41338020, trans=0x422d2868, ci=0x424f4d90, failIfBusy=1) at nsHttpHandler.cpp:380 #8 0x40b931ea in nsHttpHandler::ProcessTransactionQ (this=0x41338020) at nsHttpHandler.cpp:628 #9 0x40b922d2 in nsHttpHandler::ReclaimConnection (this=0x41338020, conn=0x413dac70) at nsHttpHandler.cpp:428 #10 0x40b99c66 in nsHttpTransaction::~nsHttpTransaction (this=0x42de31f0, __in_chrg=3) at nsHttpTransaction.cpp:65 #11 0x40b9ad95 in nsHttpTransaction::Release (this=0x42de31f0) at nsHttpTransaction.cpp:419 #12 0x40b97507 in TransactionReleaseEventHandler (ev=0x8720638) at nsHttpConnection.cpp:53 #13 0x40117fa8 in PL_HandleEvent (self=0x8720638) at plevent.c:590 #14 0x40117dbd in PL_ProcessPendingEvents (self=0x80aed78) at plevent.c:520 #15 0x4011a05e in nsEventQueueImpl::ProcessPendingEvents (this=0x80aed50) at nsEventQueue.cpp:374 #16 0x40964a04 in event_processor_callback (data=0x80aed50, source=5, condition=GDK_INPUT_READ) at nsAppShell.cpp:168 #17 0x409645e3 in our_gdk_io_invoke (source=0x81ea390, condition=G_IO_IN, data=0x8162320) at nsAppShell.cpp:61 #18 0x4045101e in g_io_unix_dispatch () at ../../../dist/include/nsCOMPtr.h:409 #19 0x404527f3 in g_main_dispatch () at ../../../dist/include/nsCOMPtr.h:409 #20 0x40452dd9 in g_main_iterate () at ../../../dist/include/nsCOMPtr.h:409 #21 0x40452f8c in g_main_run () at ../../../dist/include/nsCOMPtr.h:409 #22 0x40367803 in gtk_main () at ../../../dist/include/nsCOMPtr.h:409 #23 0x409650d5 in nsAppShell::Run (this=0x8101be0) at nsAppShell.cpp:360 #24 0x40909e2d in nsAppShellService::Run (this=0x80f8370) at nsAppShellService.cpp:417 #25 0x080596b7 in main1 (argc=1, argv=0xbffff85c, nativeApp=0x0) at nsAppRunner.cpp:1093 #26 0x0805a32b in main (argc=1, argv=0xbffff85c) at nsAppRunner.cpp:1391 #27 0x4059d177 in __libc_start_main (main=0x805a128 <main>, argc=1, ubp_av=0xbffff85c, init=0x8053e90 <_init>, fini=0x8064048 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff84c) at ../sysdeps/generic/libc-start.c:129
*** Bug 54064 has been marked as a duplicate of this bug. ***
Moving to XPCOM and marking NEW based on dupe.
Status: UNCONFIRMED → NEW
Component: Threading → XPCOM
Ever confirmed: true
Keywords: crash
OS: Linux → All
Hardware: PC → All
Summary: assertion from pthreads, multiple monitor entry → assertion & crash from pthreads, multiple monitor entry
hey darin, do you want to look into this one... It sounds like we have a thread-safety issue somewhere in http :-) -- rick
oops... I forgot to reassign this one :-)
Assignee: rpotts → darin
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.2
i suspect that the OnStopRequest event is happening before one of AsyncRead or AsyncWrite returns. in the OnStopRequest i am clearing mWriteRequest and mReadRequest (depending on which event is stopping). but, there is a race condition in the call to Async{Write,Read}. it wants to set m{Read,Write}Request upon return, but OnStopRequest is most likely clearing these nsCOMPtr's half way through the getter_AddRefs assignment.
working on a patch to prevent this race condition... hopefully i can do it without needing a mutex.
Priority: -- → P1
Bumping severity. It happens in my debug build on Win2K regularly.
Severity: minor → major
Summary: assertion & crash from pthreads, multiple monitor entry → assertion & crash from pthreads, multiple monitor entry [crash @nsHttpConnection::ActivateConnection]
Steps to reproduce: =================== - click a tab on the sidebar, e.g., CNN.com - click a story -> quite often this leads to a crash Stack trace On win2K: ===================== nsQueryInterface::operator()(const nsID & {...}, void * * 0x0012d424) line 32 + 23 bytes nsCOMPtr<nsIRequest>::assign_from_helper(const nsCOMPtr_helper & {...}, const nsID & {...}) line 971 + 18 bytes nsCOMPtr<nsIRequest>::nsCOMPtr<nsIRequest>(const nsQueryInterface & {...}) line 565 nsCOMPtr<nsIRequest>::Assert_NoQueryNeeded() line 500 nsGetterAddRefs<nsIRequest>::~nsGetterAddRefs<nsIRequest>() line 1055 nsHttpConnection::ActivateConnection() line 329 nsHttpConnection::SetTransaction(nsHttpTransaction * 0x057b57d0) line 115 nsHttpHandler::InitiateTransaction_Locked(nsHttpTransaction * 0x057b57d0, nsHttpConnectionInfo * 0x057b6650, int 0) line 683 + 12 bytes nsHttpHandler::InitiateTransaction(nsHttpTransaction * 0x057b57d0, nsHttpConnectionInfo * 0x057b6650, int 0) line 353 + 20 bytes nsHttpChannel::Connect(int 1) line 242 nsHttpChannel::AsyncOpen(nsHttpChannel * const 0x057b6710, nsIStreamListener * 0x057b6550, nsISupports * 0x00000000) line 1832 + 10 bytes imgLoader::LoadImage(imgLoader * const 0x02ca75c0, nsIURI * 0x057b6af0, nsILoadGroup * 0x055ed600, imgIDecoderObserver * 0x057b6b70, nsISupports * 0x0572c3e0, imgIRequest * * 0x04350144) line 177 + 44 bytes nsImageFrame::LoadImage(const nsAString & {...}, nsIPresContext * 0x0572c3e0, imgIRequest * * 0x04350144) line 1387 + 61 bytes nsImageFrame::Init(nsImageFrame * const 0x04350110, nsIPresContext * 0x0572c3e0, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsIStyleContext * 0x043500dc, nsIFrame * 0x00000000) line 246 + 49 bytes nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsIStyleContext * 0x043500dc, nsIFrame * 0x00000000, nsIFrame * 0x04350110) line 6684 + 32 bytes nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsIAtom * 0x00ee67c0 {"img"}, int 3, nsIStyleContext * 0x043500dc, nsFrameItems & {...}) line 4966 nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsIAtom * 0x00ee67c0 {"img"}, int 3, nsIStyleContext * 0x043500dc, nsFrameItems & {...}, int 0) line 7220 + 52 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsFrameItems & {...}) line 7133 + 56 bytes nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05743780, nsIFrame * 0x0434fe10, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) line 11400 + 43 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x0434fdac, nsIContent * 0x05743780, nsIFrame * 0x04326b94, nsIStyleContext * 0x0434fd78, nsFrameItems & {...}) line 6365 nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05743780, nsIFrame * 0x04326b94, nsIAtom * 0x00ee4720 {"div"}, int 3, nsIStyleContext * 0x0434fd78, nsFrameItems & {...}, int 0) line 7263 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05743780, nsIFrame * 0x04326b94, nsFrameItems & {...}) line 7133 + 56 bytes nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735070, nsIFrame * 0x04326b94, int 1, nsFrameItems & {...}, int 1) line 12558 + 37 bytes nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x02bf7e14, nsIContent * 0x05735070, nsIFrame * 0x043244c0, nsIStyleContext * 0x043272dc, nsIFrame * 0x04326b94) line 12507 + 36 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x02bf7e14, nsIContent * 0x05735070, nsIFrame * 0x043244c0, nsIStyleContext * 0x043272dc, nsFrameItems & {...}) line 6458 + 43 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735070, nsIFrame * 0x043244c0, nsIAtom * 0x00ee4720 {"div"}, int 3, nsIStyleContext * 0x043272dc, nsFrameItems & {...}, int 0) line 7263 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735070, nsIFrame * 0x043244c0, nsFrameItems & {...}) line 7133 + 56 bytes nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735a40, nsIFrame * 0x043244c0, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) line 11400 + 43 bytes nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735a40, nsIFrame * 0x04324cb4, nsIStyleContext * 0x0432696c, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x043269dc, nsIFrame * & 0x043244c0, int & 0) line 2890 + 40 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x04324cb4, nsIAtom * 0x00eedd10 {"TableRowFrame"}, nsIStyleContext * 0x04324bd4, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3154 + 59 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057754c0, nsIFrame * 0x04324cb4, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3065 + 69 bytes nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057754c0, nsIFrame * 0x04324b34, nsIStyleContext * 0x04324bd4, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04324cb4, int & 1) line 2761 + 42 bytes nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent & {...}, nsIFrame * 0x04324b34, nsIAtom * 0x00eedef0 {"TableFrame"}, nsIStyleContext * 0x043249b4, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3140 + 55 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057758d0, nsIFrame * 0x04324b34, nsTableCreator & {...}, nsFrameItems & {...}, nsIFrame * & 0x00000000) line 3065 + 69 bytes nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057758d0, nsIFrame * 0x0431f8e4, nsIStyleContext * 0x043249b4, nsTableCreator & {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x042e6578, nsIFrame * & 0x04324b34, int & 0) line 2533 + 42 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x02bf7348, nsIContent * 0x057758d0, nsIFrame * 0x0431f8e4, nsIStyleContext * 0x043249b4, nsFrameItems & {...}) line 6506 + 63 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057758d0, nsIFrame * 0x0431f8e4, nsIAtom * 0x00ee9b50 {"table"}, int 3, nsIStyleContext * 0x043249b4, nsFrameItems & {...}, int 0) line 7263 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057758d0, nsIFrame * 0x0431f8e4, nsFrameItems & {...}) line 7133 + 56 bytes nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x055fed40, nsIFrame * 0x0431f8e4, int 1, nsFrameItems & {...}, int 1) line 12558 + 37 bytes nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x02bf70c4, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, nsIStyleContext * 0x02bf7090, nsIFrame * 0x0431f8e4) line 12507 + 36 bytes nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 0x02bf70c4, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, nsIStyleContext * 0x02bf7090, nsFrameItems & {...}) line 6458 + 43 bytes nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, nsIAtom * 0x00ee3fd0 {"body"}, int 3, nsIStyleContext * 0x02bf7090, nsFrameItems & {...}, int 0) line 7263 + 48 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, nsFrameItems & {...}) line 7133 + 56 bytes nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x0575fc80, nsIFrame * 0x02c05ab8, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) line 11400 + 43 bytes nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * 0x05723290, nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x0575fc80, nsIFrame * 0x02c051f4, nsIStyleContext * 0x02bf6b88, nsIFrame * & 0x02c05ab8) line 3483 nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x0571fdb0, nsIPresContext * 0x0572c3e0, nsIContent * 0x00000000, nsIContent * 0x0575fc80, int 0, nsILayoutHistoryState * 0x00000000) line 8469 StyleSetImpl::ContentInserted(StyleSetImpl * const 0x0571e040, nsIPresContext * 0x0572c3e0, nsIContent * 0x00000000, nsIContent * 0x0575fc80, int 0) line 1106 PresShell::InitialReflow(PresShell * const 0x05723290, int 12750, int 8490) line 2546 nsXMLContentSink::StartLayout() line 1600 nsXMLContentSink::DidBuildModel(nsXMLContentSink * const 0x056216d0, int 1) line 298 CWellFormedDTD::DidBuildModel(CWellFormedDTD * const 0x0571c820, unsigned int 0, int 1, nsIParser * 0x056188f0, nsIContentSink * 0x056216d0) line 296 + 20 bytes nsParser::DidBuildModel(unsigned int 0) line 1438 + 60 bytes nsParser::ResumeParse(int 1, int 1) line 1921 nsParser::OnStopRequest(nsParser * const 0x056188f8, nsIRequest * 0x0560cab0, nsISupports * 0x00000000, unsigned int 0) line 2362 + 19 bytes nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x05609280, nsIRequest * 0x0560cab0, nsISupports * 0x00000000, unsigned int 0) line 258 nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x0561c590, nsIRequest * 0x0560cab0, nsISupports * 0x00000000, unsigned int 0) line 25 nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x0560cab4, nsIRequest * 0x05617080, nsISupports * 0x00000000, unsigned int 0) line 2103 nsOnStopRequestEvent::HandleEvent() line 161 nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x0573fb94) line 64 PL_HandleEvent(PLEvent * 0x0573fb94) line 590 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x005515d0) line 520 + 9 bytes _md_EventReceiverProc(HWND__ * 0x016c02da, unsigned int 49443, unsigned int 0, long 5576144) line 1071 + 9 bytes USER32! 77e148dc() USER32! 77e14aa7() USER32! 77e266fd() nsAppShellService::Run(nsAppShellService * const 0x00eaaba0) line 418 main1(int 1, char * * 0x00484470, nsISupports * 0x00000000) line 1139 + 32 bytes main(int 1, char * * 0x00484470) line 1437 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL
Attached patch should fix the problem (deleted) — Splinter Review
Just applied the patch and it worked great. I am not able to reproduce the crash anymore.
great... however, it turns out that my patch causes another crash (though not so frequent), so this isn't the final patch.
Tested and it is working great too.
comments from bbaetz: > Well, I really don't understand all the http threading issues. > > /me forsees fun times while you're away. > > I'd comment in the bug, but bugzilla doesn't appear to like me commenting ATM, > so, cutting random chunks out of the patch, and hoping you know where they > came from: > + NS_ADDREF_THIS(); > + + // fire off the read first so that we'll often detect premature EOF before > + // writing to the socket, though this is not necessary. > + rv = mSocketTransport->AsyncRead(this, nsnull, > + 0, PRUint32(-1), > + nsITransport::DONT_PROXY_OBSERVER | > + nsITransport::DONT_PROXY_LISTENER, > + getter_AddRefs(readReq)); > + if (NS_FAILED(rv)) return rv; > > > You leak /this/ in the error case (for all the error cases in this function). > Is nsCOMPtr<nsIHttpConnection> = this; valid? I'd cc scc and ask, but... > > + // XXX why?? > + //if (!mTransaction) > + // return NS_OK; > > Why what? > > Can you document what mLock needs to protect, somewhere? > > Fix that, let me run with it at work til early tomorrow afternoon, since I'm > really not sure about the threadsafety issues (although the changes look right > to me), and r=bbaetz > > Bradley,
bbaetz: thanks for catching those mistakes. i'll submit a new patch shortly.
sr=waterson. I'm not really all that familiar with this code, but the changes seem sane.
r=bbaetz on the updated patch, with or without changing the NS_ADDREF_THIS() + goto stuff to nsCOMPtr<nsIFoo> kungFooDeathGrip = this. Oh, and moving to http as well + updating QA.
Component: XPCOM → Networking: HTTP
QA Contact: rpotts → benc
a= asa@mozilla.org for checkin to the trunk. (on behalf of drivers)
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified.
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: