Closed Bug 82241 Opened 23 years ago Closed 23 years ago

assertion & crash from pthreads, multiple monitor entry [crash @nsHttpConnection::ActivateConnection]

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: old-mozilla, Assigned: darin.moz)

References

Details

(Keywords: crash)

Attachments

(3 files)

should fix the problem
15.96 KB, patch
Details | Diff | Splinter Review
revised patch to fix that other crash
16.50 KB, patch
Details | Diff | Splinter Review
revised patch per bbaetz's comments
16.50 KB, patch
Details | Diff | Splinter Review 
This is from a cvs build, pull completed on Tue May 22 09:39:18 CDT 2001,
running on RHL 7.1 x86 on an SMP machine. I've marked it as sev minor because
it's not very repeatable and I've no idea how to actually *cause* it to happen,
but it's happened twice just doing normal daily browsing with more than one
active window. Miraculously it actually produced a core file both times! Sadly
GDB can only seem to find the main thread in the core file, and going back to it
a second time causes GDB to assert.... I really miss multi-threaded debug on
AIX, it's rock solid. :(  I've saved the corefile and the entire dist directory
so I can do additional poking at the core, or provide it to anyone that wants it.

Assertion failure: 0 == mon->entryCount, at pthreads/./ptsynch.c:480
/usr/src/moz/mozilla/dist/bin/run-mozilla.sh: line 72: 24716 Aborted           
     (core dumped) $prog ${1+"$@"}


Oh no!  /usr/src/moz/mozilla/dist/bin/mozilla-bin just dumped a core file.

Do you want to debug this ? You need a lot of memory for this, so watch out ?
[y/n] y
which: no ddd in (/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/home/cabbey/bin)
/usr/bin/gdb /usr/src/moz/mozilla/dist/bin/mozilla-bin core
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `/usr/src/moz/mozilla/dist/bin/mozilla-bin'.
Program terminated with signal 6, Aborted.
Reading symbols from /usr/src/moz/mozilla/dist/bin/libgkgfx.so...done.
Loaded symbols for /usr/src/moz/mozilla/dist/bin/libgkgfx.so
[...bunch more libs loaded...]
Loaded symbols for /usr/src/moz/mozilla/dist/bin/libnspr4.so
Reading symbols from /lib/i686/libpthread.so.0...done.

warning: Unable to set global thread event mask: generic error
[New Thread 1024 (LWP 24716)]
Error while reading shared library symbols:
Cannot enable thread event reporting for Thread 1024 (LWP 24716): generic error
Reading symbols from /lib/libdl.so.2...done.
[...lots more loading....]
     Loaded symbols for /usr/src/moz/mozilla/dist/bin/components/libmork.so
#0  0x42f3ae6d in ?? ()
(gdb) bt
#0  0x42f3ae6d in ?? ()
#1  0x40bc1da8 in nsCOMPtr<nsIRequest>::assign_from_helper (this=0xbffff280,
helper=@0xbffff270, aIID=@0x40bf7320)
    at ../../../../dist/include/nsCOMPtr.h:971
#2  0x40bc17ed in nsCOMPtr<nsIRequest>::nsCOMPtr (this=0xbffff280,
helper=@0xbffff270) at ../../../../dist/include/nsCOMPtr.h:564
#3  0x40bc0c85 in nsCOMPtr<nsIRequest>::Assert_NoQueryNeeded (this=0x413dac8c)
at ../../../../dist/include/nsCOMPtr.h:499
#4  0x40bbfde0 in nsGetterAddRefs<nsIRequest>::~nsGetterAddRefs
(this=0xbffff2d4, __in_chrg=2)
    at ../../../../dist/include/nsCOMPtr.h:1053
#5  0x40b98783 in nsHttpConnection::ActivateConnection (this=0x413dac70) at
nsHttpConnection.cpp:359
#6  0x40b97cd5 in nsHttpConnection::SetTransaction (this=0x413dac70,
transaction=0x422d2868) at nsHttpConnection.cpp:152
#7  0x40b92076 in nsHttpHandler::InitiateTransaction (this=0x41338020,
trans=0x422d2868, ci=0x424f4d90, failIfBusy=1)
    at nsHttpHandler.cpp:380
#8  0x40b931ea in nsHttpHandler::ProcessTransactionQ (this=0x41338020) at
nsHttpHandler.cpp:628
#9  0x40b922d2 in nsHttpHandler::ReclaimConnection (this=0x41338020,
conn=0x413dac70) at nsHttpHandler.cpp:428
#10 0x40b99c66 in nsHttpTransaction::~nsHttpTransaction (this=0x42de31f0,
__in_chrg=3) at nsHttpTransaction.cpp:65
#11 0x40b9ad95 in nsHttpTransaction::Release (this=0x42de31f0) at
nsHttpTransaction.cpp:419
#12 0x40b97507 in TransactionReleaseEventHandler (ev=0x8720638) at
nsHttpConnection.cpp:53
#13 0x40117fa8 in PL_HandleEvent (self=0x8720638) at plevent.c:590
#14 0x40117dbd in PL_ProcessPendingEvents (self=0x80aed78) at plevent.c:520
#15 0x4011a05e in nsEventQueueImpl::ProcessPendingEvents (this=0x80aed50) at
nsEventQueue.cpp:374
#16 0x40964a04 in event_processor_callback (data=0x80aed50, source=5,
condition=GDK_INPUT_READ) at nsAppShell.cpp:168
#17 0x409645e3 in our_gdk_io_invoke (source=0x81ea390, condition=G_IO_IN,
data=0x8162320) at nsAppShell.cpp:61
#18 0x4045101e in g_io_unix_dispatch () at ../../../dist/include/nsCOMPtr.h:409
#19 0x404527f3 in g_main_dispatch () at ../../../dist/include/nsCOMPtr.h:409
#20 0x40452dd9 in g_main_iterate () at ../../../dist/include/nsCOMPtr.h:409
#21 0x40452f8c in g_main_run () at ../../../dist/include/nsCOMPtr.h:409
#22 0x40367803 in gtk_main () at ../../../dist/include/nsCOMPtr.h:409
#23 0x409650d5 in nsAppShell::Run (this=0x8101be0) at nsAppShell.cpp:360
#24 0x40909e2d in nsAppShellService::Run (this=0x80f8370) at
nsAppShellService.cpp:417
#25 0x080596b7 in main1 (argc=1, argv=0xbffff85c, nativeApp=0x0) at
nsAppRunner.cpp:1093
#26 0x0805a32b in main (argc=1, argv=0xbffff85c) at nsAppRunner.cpp:1391
#27 0x4059d177 in __libc_start_main (main=0x805a128 <main>, argc=1,
ubp_av=0xbffff85c, init=0x8053e90 <_init>, fini=0x8064048 <_fini>,
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff84c) at
../sysdeps/generic/libc-start.c:129
*** Bug 54064 has been marked as a duplicate of this bug. ***
Moving to XPCOM and marking NEW based on dupe.
Status: UNCONFIRMED → NEW
Component: Threading → XPCOM
Ever confirmed: true
Keywords: crash
OS: Linux → All
Hardware: PC → All
Summary: assertion from pthreads, multiple monitor entry → assertion & crash from pthreads, multiple monitor entry
hey darin,

do you want to look into this one...  It sounds like we have a thread-safety
issue somewhere in http :-)

-- rick

oops...  I forgot to reassign this one :-)
Assignee: rpotts → darin
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.2
i suspect that the OnStopRequest event is happening before one of AsyncRead or
AsyncWrite returns.  in the OnStopRequest i am clearing mWriteRequest and
mReadRequest (depending on which event is stopping).  but, there is a race
condition in the call to Async{Write,Read}.  it wants to set m{Read,Write}Request
upon return, but OnStopRequest is most likely clearing these nsCOMPtr's half way
through the getter_AddRefs assignment.
working on a patch to prevent this race condition... hopefully i can do it without
needing a mutex.
Priority: -- → P1
Bumping severity. It happens in my debug build on Win2K regularly.
Severity: minor → major
Summary: assertion & crash from pthreads, multiple monitor entry → assertion & crash from pthreads, multiple monitor entry [crash @nsHttpConnection::ActivateConnection]
Steps to reproduce:
===================
- click a tab on the sidebar, e.g., CNN.com
- click a story
  -> quite often this leads to a crash

Stack trace On win2K:
=====================

nsQueryInterface::operator()(const nsID & {...}, void * * 0x0012d424) line 32 + 
23 bytes
nsCOMPtr<nsIRequest>::assign_from_helper(const nsCOMPtr_helper & {...}, const 
nsID & {...}) line 971 + 18 bytes
nsCOMPtr<nsIRequest>::nsCOMPtr<nsIRequest>(const nsQueryInterface & {...}) line 
565
nsCOMPtr<nsIRequest>::Assert_NoQueryNeeded() line 500
nsGetterAddRefs<nsIRequest>::~nsGetterAddRefs<nsIRequest>() line 1055
nsHttpConnection::ActivateConnection() line 329
nsHttpConnection::SetTransaction(nsHttpTransaction * 0x057b57d0) line 115
nsHttpHandler::InitiateTransaction_Locked(nsHttpTransaction * 0x057b57d0, 
nsHttpConnectionInfo * 0x057b6650, int 0) line 683 + 12 bytes
nsHttpHandler::InitiateTransaction(nsHttpTransaction * 0x057b57d0, 
nsHttpConnectionInfo * 0x057b6650, int 0) line 353 + 20 bytes
nsHttpChannel::Connect(int 1) line 242
nsHttpChannel::AsyncOpen(nsHttpChannel * const 0x057b6710, nsIStreamListener * 
0x057b6550, nsISupports * 0x00000000) line 1832 + 10 bytes
imgLoader::LoadImage(imgLoader * const 0x02ca75c0, nsIURI * 0x057b6af0, 
nsILoadGroup * 0x055ed600, imgIDecoderObserver * 0x057b6b70, nsISupports * 
0x0572c3e0, imgIRequest * * 0x04350144) line 177 + 44 bytes
nsImageFrame::LoadImage(const nsAString & {...}, nsIPresContext * 0x0572c3e0, 
imgIRequest * * 0x04350144) line 1387 + 61 bytes
nsImageFrame::Init(nsImageFrame * const 0x04350110, nsIPresContext * 0x0572c3e0, 
nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, nsIStyleContext * 0x043500dc, 
nsIFrame * 0x00000000) line 246 + 49 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x0572c3e0, 
nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame * 0x0434fe10, 
nsIStyleContext * 0x043500dc, nsIFrame * 0x00000000, nsIFrame * 0x04350110) line 
6684 + 32 bytes
nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057434a0, nsIFrame * 0x0434fe10, nsIAtom * 0x00ee67c0 {"img"}, int 3, 
nsIStyleContext * 0x043500dc, nsFrameItems & {...}) line 4966
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057434a0, nsIFrame * 0x0434fe10, nsIAtom * 0x00ee67c0 {"img"}, int 3, 
nsIStyleContext * 0x043500dc, nsFrameItems & {...}, int 0) line 7220 + 52 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057434a0, nsIFrame 
* 0x0434fe10, nsFrameItems & {...}) line 7133 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05743780, nsIFrame 
* 0x0434fe10, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) 
line 11400 + 43 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const 
nsStyleDisplay * 0x0434fdac, nsIContent * 0x05743780, nsIFrame * 0x04326b94, 
nsIStyleContext * 0x0434fd78, nsFrameItems & {...}) line 6365
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x05743780, nsIFrame * 0x04326b94, nsIAtom * 0x00ee4720 {"div"}, int 3, 
nsIStyleContext * 0x0434fd78, nsFrameItems & {...}, int 0) line 7263 + 48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05743780, nsIFrame 
* 0x04326b94, nsFrameItems & {...}) line 7133 + 56 bytes
nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x05735070, nsIFrame * 0x04326b94, int 1, nsFrameItems & {...}, int 1) line 
12558 + 37 bytes
nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 
0x02bf7e14, nsIContent * 0x05735070, nsIFrame * 0x043244c0, nsIStyleContext * 
0x043272dc, nsIFrame * 0x04326b94) line 12507 + 36 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const 
nsStyleDisplay * 0x02bf7e14, nsIContent * 0x05735070, nsIFrame * 0x043244c0, 
nsIStyleContext * 0x043272dc, nsFrameItems & {...}) line 6458 + 43 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x05735070, nsIFrame * 0x043244c0, nsIAtom * 0x00ee4720 {"div"}, int 3, 
nsIStyleContext * 0x043272dc, nsFrameItems & {...}, int 0) line 7263 + 48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735070, nsIFrame 
* 0x043244c0, nsFrameItems & {...}) line 7133 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x05735a40, nsIFrame 
* 0x043244c0, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) 
line 11400 + 43 bytes
nsCSSFrameConstructor::ConstructTableCellFrame(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x05735a40, nsIFrame * 0x04324cb4, nsIStyleContext * 0x0432696c, nsTableCreator 
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x043269dc, nsIFrame * & 
0x043244c0, int & 0) line 2890 + 40 bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent & 
{...}, nsIFrame * 0x04324cb4, nsIAtom * 0x00eedd10 {"TableRowFrame"}, 
nsIStyleContext * 0x04324bd4, nsTableCreator & {...}, nsFrameItems & {...}, 
nsIFrame * & 0x00000000) line 3154 + 59 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057754c0, nsIFrame * 0x04324cb4, nsTableCreator & {...}, nsFrameItems & {...}, 
nsIFrame * & 0x00000000) line 3065 + 69 bytes
nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057754c0, nsIFrame * 0x04324b34, nsIStyleContext * 0x04324bd4, nsTableCreator 
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x04324cb4, int & 1) line 
2761 + 42 bytes
nsCSSFrameConstructor::TableProcessChild(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent & 
{...}, nsIFrame * 0x04324b34, nsIAtom * 0x00eedef0 {"TableFrame"}, 
nsIStyleContext * 0x043249b4, nsTableCreator & {...}, nsFrameItems & {...}, 
nsIFrame * & 0x00000000) line 3140 + 55 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057758d0, nsIFrame * 0x04324b34, nsTableCreator & {...}, nsFrameItems & {...}, 
nsIFrame * & 0x00000000) line 3065 + 69 bytes
nsCSSFrameConstructor::ConstructTableFrame(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057758d0, nsIFrame * 0x0431f8e4, nsIStyleContext * 0x043249b4, nsTableCreator 
& {...}, int 0, nsFrameItems & {...}, nsIFrame * & 0x042e6578, nsIFrame * & 
0x04324b34, int & 0) line 2533 + 42 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const 
nsStyleDisplay * 0x02bf7348, nsIContent * 0x057758d0, nsIFrame * 0x0431f8e4, 
nsIStyleContext * 0x043249b4, nsFrameItems & {...}) line 6506 + 63 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x057758d0, nsIFrame * 0x0431f8e4, nsIAtom * 0x00ee9b50 {"table"}, int 3, 
nsIStyleContext * 0x043249b4, nsFrameItems & {...}, int 0) line 7263 + 48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x057758d0, nsIFrame 
* 0x0431f8e4, nsFrameItems & {...}) line 7133 + 56 bytes
nsCSSFrameConstructor::ProcessBlockChildren(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x055fed40, nsIFrame * 0x0431f8e4, int 1, nsFrameItems & {...}, int 1) line 
12558 + 37 bytes
nsCSSFrameConstructor::ConstructBlock(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, const nsStyleDisplay * 
0x02bf70c4, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, nsIStyleContext * 
0x02bf7090, nsIFrame * 0x0431f8e4) line 12507 + 36 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, const 
nsStyleDisplay * 0x02bf70c4, nsIContent * 0x055fed40, nsIFrame * 0x02c05ab8, 
nsIStyleContext * 0x02bf7090, nsFrameItems & {...}) line 6458 + 43 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x055fed40, nsIFrame * 0x02c05ab8, nsIAtom * 0x00ee3fd0 {"body"}, int 3, 
nsIStyleContext * 0x02bf7090, nsFrameItems & {...}, int 0) line 7263 + 48 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x055fed40, nsIFrame 
* 0x02c05ab8, nsFrameItems & {...}) line 7133 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x05723290, nsIPresContext 
* 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 0x0575fc80, nsIFrame 
* 0x02c05ab8, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000) 
line 11400 + 43 bytes
nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * 0x05723290, 
nsIPresContext * 0x0572c3e0, nsFrameConstructorState & {...}, nsIContent * 
0x0575fc80, nsIFrame * 0x02c051f4, nsIStyleContext * 0x02bf6b88, nsIFrame * & 
0x02c05ab8) line 3483
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x0571fdb0, 
nsIPresContext * 0x0572c3e0, nsIContent * 0x00000000, nsIContent * 0x0575fc80, 
int 0, nsILayoutHistoryState * 0x00000000) line 8469
StyleSetImpl::ContentInserted(StyleSetImpl * const 0x0571e040, nsIPresContext * 
0x0572c3e0, nsIContent * 0x00000000, nsIContent * 0x0575fc80, int 0) line 1106
PresShell::InitialReflow(PresShell * const 0x05723290, int 12750, int 8490) line 
2546
nsXMLContentSink::StartLayout() line 1600
nsXMLContentSink::DidBuildModel(nsXMLContentSink * const 0x056216d0, int 1) line 
298
CWellFormedDTD::DidBuildModel(CWellFormedDTD * const 0x0571c820, unsigned int 0, 
int 1, nsIParser * 0x056188f0, nsIContentSink * 0x056216d0) line 296 + 20 bytes
nsParser::DidBuildModel(unsigned int 0) line 1438 + 60 bytes
nsParser::ResumeParse(int 1, int 1) line 1921
nsParser::OnStopRequest(nsParser * const 0x056188f8, nsIRequest * 0x0560cab0, 
nsISupports * 0x00000000, unsigned int 0) line 2362 + 19 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x05609280, 
nsIRequest * 0x0560cab0, nsISupports * 0x00000000, unsigned int 0) line 258
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x0561c590, 
nsIRequest * 0x0560cab0, nsISupports * 0x00000000, unsigned int 0) line 25
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x0560cab4, nsIRequest * 
0x05617080, nsISupports * 0x00000000, unsigned int 0) line 2103
nsOnStopRequestEvent::HandleEvent() line 161
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x0573fb94) line 64
PL_HandleEvent(PLEvent * 0x0573fb94) line 590 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x005515d0) line 520 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x016c02da, unsigned int 49443, unsigned int 0, 
long 5576144) line 1071 + 9 bytes
USER32! 77e148dc()
USER32! 77e14aa7()
USER32! 77e266fd()
nsAppShellService::Run(nsAppShellService * const 0x00eaaba0) line 418
main1(int 1, char * * 0x00484470, nsISupports * 0x00000000) line 1139 + 32 bytes
main(int 1, char * * 0x00484470) line 1437 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL

    
    

    
  
Just applied the patch and it worked great. I am not able to reproduce
the crash anymore.

    
    

    
  
great... however, it turns out that my patch causes another crash (though not so
frequent), so this isn't the final patch.

    
    

    
  
Tested and it is working great too.

    
    

    
  
comments from bbaetz:

> Well, I really don't understand all the http threading issues.
> 
> /me forsees fun times while you're away.
> 
> I'd comment in the bug, but bugzilla doesn't appear to like me commenting ATM,
> so, cutting random chunks out of the patch, and hoping you know where they 
> came from:

> +    NS_ADDREF_THIS();
> +    +    // fire off the read first so that we'll often detect premature EOF
before
> +    // writing to the socket, though this is not necessary.
> +    rv = mSocketTransport->AsyncRead(this, nsnull,
> +                                     0, PRUint32(-1),
> +                                     nsITransport::DONT_PROXY_OBSERVER |
> +                                     nsITransport::DONT_PROXY_LISTENER,
> +                                     getter_AddRefs(readReq));
> +    if (NS_FAILED(rv)) return rv;
> 
> 
> You leak /this/ in the error case (for all the error cases in this function).
> Is nsCOMPtr<nsIHttpConnection> = this; valid? I'd cc scc and ask, but...
> 
> +    // XXX why??
> +    //if (!mTransaction)
> +    //    return NS_OK;
> 
> Why what?
> 
> Can you document what mLock needs to protect, somewhere?
> 
> Fix that, let me run with it at work til early tomorrow afternoon, since I'm 
> really not sure about the threadsafety issues (although the changes look right
> to me), and r=bbaetz
> 
> Bradley,

    
    

    
  
bbaetz: thanks for catching those mistakes.  i'll submit a new patch shortly.

    
    

    
  
sr=waterson. I'm not really all that familiar with this code, but the changes
seem sane.

    
    

    
  
r=bbaetz on the updated patch, with or without changing the NS_ADDREF_THIS() +
goto stuff to nsCOMPtr<nsIFoo> kungFooDeathGrip = this.

Oh, and moving to http as well + updating QA.
Component: XPCOM → Networking: HTTP
QA Contact: rpotts → benc

    
    

    
  
a= asa@mozilla.org for checkin to the trunk.
(on behalf of drivers)

    
    

    
  
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Verified.
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: