Closed
Bug 607723
Opened 14 years ago
Closed 14 years ago
Segfault (null deref) [@ nsPrefetchNode::OnStopRequest]
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 616861
People
(Reporter: cjones, Unassigned)
Details
(Keywords: crash)
Crash Data
This happened after I loaded engadget.com, zoomed and panned around, and clicked a link by accident. It happened a few seconds after the clicked link started loading. Haven't tried to repro.
Program received signal SIGSEGV, Segmentation fault.
0x8172cd12 in nsPrefetchNode::OnStopRequest (this=0x4448cc00, aRequest=<value optimized out>, aContext=<value optimized out>, aStatus=<value optimized out>) at /home/cjones/mozilla/mozilla-central/uriloader/prefetch/nsPrefetchService.cpp:338
(gdb) p mChannel
$1 = {
<nsCOMPtr_base> = {
mRawPtr = 0x0
}, <No data fields>}
(gdb) bt
#0 0x8172cd12 in nsPrefetchNode::OnStopRequest (this=0x4448cc00, aRequest=<value optimized out>, aContext=<value optimized out>, aStatus=<value optimized out>) at /home/cjones/mozilla/mozilla-central/uriloader/prefetch/nsPrefetchService.cpp:338
#1 0x81275ffa in mozilla::net::HttpChannelChild::OnStopRequest (this=0x41be2ae0, statusCode=@0xbed07e2c) at /home/cjones/mozilla/mozilla-central/netwerk/protocol/http/HttpChannelChild.cpp:383
#2 0x812760a6 in mozilla::net::HttpChannelChild::RecvOnStopRequest (this=0x0, statusCode=@0xbed07e2c) at /home/cjones/mozilla/mozilla-central/netwerk/protocol/http/HttpChannelChild.cpp:362
#3 0x818c963c in mozilla::net::PHttpChannelChild::OnMessageReceived (this=0x41be2ae0, __msg=<value optimized out>) at PHttpChannelChild.cpp:553
#4 0x818a2a7c in mozilla::dom::PContentChild::OnMessageReceived (this=0x40d150c8, __msg=...) at PContentChild.cpp:720
#5 0x81853284 in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0x40d150d0, msg=...) at /home/cjones/mozilla/mozilla-central/ipc/glue/AsyncChannel.cpp:262
#6 0x81855cc2 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x40d150d0) at /home/cjones/mozilla/mozilla-central/ipc/glue/RPCChannel.cpp:438
#7 0x81856604 in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (this=<value optimized out>) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/tuple.h:383
#8 RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=<value optimized out>) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/task.h:307
#9 0x818565b0 in Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:449
#10 mozilla::ipc::RPCChannel::DequeueTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:474
#11 0x81928562 in MessageLoop::RunTask (this=0xbed08a34, task=0x42798850) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:343
#12 0x81928986 in MessageLoop::DeferOrRunPendingTask (this=0x40d150d0, pending_task=<value optimized out>) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:351
#13 0x81928bf0 in MessageLoop::DoWork (this=0xbed08a34) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:451
#14 0x81854d68 in mozilla::ipc::DoWorkRunnable::Run (this=<value optimized out>) at /home/cjones/mozilla/mozilla-central/ipc/glue/MessagePump.cpp:70
#15 0x81903624 in nsThread::ProcessNextEvent (this=0x40d0c790, mayWait=<value optimized out>, result=<value optimized out>) at /home/cjones/mozilla/mozilla-central/xpcom/threads/nsThread.cpp:547
#16 0x818de506 in NS_ProcessNextEvent_P (thread=0x40d150d0, mayWait=0) at nsThreadUtils.cpp:250
#17 0x81854be6 in mozilla::ipc::MessagePump::Run (this=0x40d0f0a0, aDelegate=0xbed08a34) at /home/cjones/mozilla/mozilla-central/ipc/glue/MessagePump.cpp:110
#18 0x81854c7c in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x40d0c790, aDelegate=0x1) at /home/cjones/mozilla/mozilla-central/ipc/glue/MessagePump.cpp:229
#19 0x8192864e in MessageLoop::RunInternal (this=0xbed08a34) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:219
#20 0x819286ac in RunHandler (this=0x40d0c790) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:202
#21 MessageLoop::Run (this=0x40d0c790) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:176
#22 0x81816460 in nsBaseAppShell::Run (this=0x423e5500) at /home/cjones/mozilla/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:181
#23 0x8120d78a in XRE_RunAppShell () at /home/cjones/mozilla/mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:631
#24 0x81854c76 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x40d0f0a0, aDelegate=0x423e5500) at /home/cjones/mozilla/mozilla-central/ipc/glue/MessagePump.cpp:215
#25 0x8192864e in MessageLoop::RunInternal (this=0xbed08a34) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:219
#26 0x819286ac in RunHandler (this=0x40d0f0a0) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:202
#27 MessageLoop::Run (this=0x40d0f0a0) at /home/cjones/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:176
#28 0x8120db44 in XRE_InitChildProcess (aArgc=<value optimized out>, aArgv=0x40d150b0, aProcess=GeckoProcessType_Content) at /home/cjones/mozilla/mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:506
#29 0x80004ecc in ChildProcessInit (argc=<value optimized out>, argv=0xbed08b84) at /home/cjones/mozilla/mozilla-central/other-licenses/android/APKOpen.cpp:564
#30 0x000091a4 in main (argc=6, argv=0xbed08b84) at /home/cjones/mozilla/mozilla-central/ipc/app/MozillaRuntimeMainAndroid.cpp:68
|
||
Comment 1•14 years ago
|
||
I suspect this is a result of nsPrefetchService::OnStateChange calling StopPrefetch, which calls CancelChannel and nulls out mChannel.
|
||
Comment 2•14 years ago
|
||
This is the #1 top crash for Fennec 4.0b3.
Severity: normal → critical
tracking-fennec: --- → ?
Version: unspecified → Trunk
|
|
||
Comment 3•14 years ago
|
||
This looks like a dup of bug 616861, and we haven't seen any further crashes on nightlies since that landed, so I'm going to dup this forward.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ nsPrefetchNode::OnStopRequest]
|
|
Assignee | |
Updated•11 years ago
|
tracking-fennec: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•