Closed
Bug 85822
Opened 23 years ago
Closed 23 years ago
crash in [@ nsHttpTransaction::Cancel] [@ nsHttpConnection::ReportProgress] [cancelation not thread-safe]
Categories
(Core :: Networking: HTTP, defect, P1)
Core
Networking: HTTP
Tracking
()
VERIFIED
FIXED
mozilla0.9.2
People
(Reporter: jrgmorrison, Assigned: darin.moz)
References
()
Details
(4 keywords)
Crash Data
Attachments
(3 files)
1.18 KB,
patch
|
Details | Diff | Splinter Review | |
14.43 KB,
patch
|
Details | Diff | Splinter Review | |
14.46 KB,
patch
|
Details | Diff | Splinter Review |
I get a crash in an abbreviated ibench test, using a build I pulled in the past couple of hours. Go to http://cowtools.mcom.com/minibench/standard/ Click on the link 'Go for a ride'. Crash is here; mConnection is null. http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpTransac tion.cpp PRInt32 priorVal = PR_AtomicSet(&mTransactionDone, 1); if (priorVal == 0) { mConnection->OnTransactionComplete(status); NS_RELEASE(mConnection); } Stack is : nsHttpTransaction::Cancel(nsHttpTransaction * const 0x0212ed20, unsigned int 2152398850) line 647 + 4 bytes nsHttpChannel::Cancel(nsHttpChannel * const 0x01f99e68, unsigned int 2152398850) line 1592 nsLoadGroup::Cancel(nsLoadGroup * const 0x00000000, unsigned int 2152398850) line 242 nsDocLoaderImpl::Stop(nsDocLoaderImpl * const 0x00000000) line 278 + 14 bytes nsURILoader::Stop(nsURILoader * const 0x00c01de8, nsISupports * 0x00000000) line 536 + 6 bytes nsDocShell::Stop(nsDocShell * const 0x00c01de8) line 2211 nsWebShell::StopDocumentLoad(nsWebShell * const 0x01f5cb2c) line 647 nsObserverBase::NotifyWebShell(nsObserverBase * const 0x00b82b80, nsISupports * 0x00000000, const char * 0x0012f5e4, nsCharsetSource kCharsetFromMetaTag) line 91 + 11 bytes nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x00b82b78, nsISupports * 0x01fb5220, const nsStringArray * 0x00000000, const nsStringArray * 0x01000009) line 247 + 42 bytes nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x00b82b78, nsISupports * 0x01fb5220, const unsigned short * 0x0012f944, const nsStringArray * 0x0012f9d4, const nsStringArray * 0x0012f9dc) line 136 nsObserverTopic::Notify(nsObserverTopic * const 0x02f69248, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 0x01fb5220, nsIParser * 0x00000002) line 1576 CObserverService::Notify(CObserverService * const 0x02f69248, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 0x01fb5220, const nsString & {...}, nsIParser * 0x02fb41e8) line 1733 + 19 bytes CNavDTD::WillHandleStartTag(CNavDTD * const 0x02f69248, CToken * 0x02f7b258, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}) line 1387 + 28 bytes CNavDTD::HandleStartToken(CNavDTD * const 0x02f69248, CToken * 0x00000000) line 1635 CNavDTD::HandleToken(CNavDTD * const 0x00000001, CToken * 0x02f7b258, nsIParser * 0x02fb41e8) line 887 + 10 bytes CNavDTD::BuildModel(CNavDTD * const 0x02192b58, nsIParser * 0x02fb41e8, nsITokenizer * 0x02176db0, nsITokenObserver * 0x00000000, nsIContentSink * 0x020bc5e8) line 539 + 8 bytes nsParser::BuildModel(nsParser * const 0x02f69248) line 1994 nsParser::ResumeParse(nsParser * const 0x02f69248, int 1, int 0) line 1871 + 10 bytes nsParser::OnDataAvailable(nsParser * const 0x00004000, nsIRequest * 0x01f99e68, nsISupports * 0x00000000, nsIInputStream * 0x020b3418, unsigned int 0, unsigned int 16384) line 2325 + 11 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x0212d6b8, nsIRequest * 0x01f99e68, nsISupports * 0x00000000, nsIInputStream * 0x020b3418, unsigned int 0, unsigned int 16384) line 237 + 21 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x020b3418, nsIRequest * 0x01f99e68, nsISupports * 0x00000000, nsIInputStream * 0x00000000, unsigned int 0, unsigned int 16384) line 56 + 24 bytes nsHttpChannel::OnDataAvailable(nsHttpChannel * const 0x01f99e6c, nsIRequest * 0x0212ed20, nsISupports * 0x00000000, nsIInputStream * 0x02f68894, unsigned int 0, unsigned int 16384) line 2134 + 23 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x02f69248) line 175 + 24 bytes PL_HandleEvent(PLEvent * 0x02f56874) line 591 PL_ProcessPendingEvents(PLEventQueue * 0x1002aa55) line 520 + 6 bytes _md_EventReceiverProc(HWND__ * 0x00bd0e18, unsigned int 4200147, unsigned int 12663256, long 0) line 1071 + 10 bytes nsAppShellService::Run(nsAppShellService * const 0x00c139d8) line 418 main1(int 1, char * * 0x003226d0, nsISupports * 0x00322718) line 1110 + 9 bytes main(int 1, char * * 0x003226d0) line 1408 + 25 bytes WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00400000, char * 0x0013349f, HINSTANCE__ * 0x00400000) line 1426 + 21 bytes MOZILLA! WinMainCRTStartup + 308 bytes KERNEL32! 77e87903()
Reporter | ||
Comment 1•23 years ago
|
||
One thing to note: the page pointed to by that link, is a very short document that run an onload handler to set a cookie and then redirect to another page.
Keywords: crash
Reporter | ||
Comment 2•23 years ago
|
||
Ooops. I get a similar (almost identical) crash when running the 'official' ibench test. 00000000() nsHttpConnection::OnTransactionComplete(nsHttpConnection * const 0x03065100, unsigned int 2152398850) line 221 nsHttpTransaction::Cancel(nsHttpTransaction * const 0x0311f708, unsigned int 2152398850) line 647 nsHttpChannel::Cancel(nsHttpChannel * const 0x0237f988, unsigned int 2152398850) line 1592 nsLoadGroup::Cancel(nsLoadGroup * const 0x00000000, unsigned int 2152398850) line 242 nsDocLoaderImpl::Stop(nsDocLoaderImpl * const 0x00000000) line 278 + 14 bytes nsURILoader::Stop(nsURILoader * const 0x00c01de8, nsISupports * 0x00000000) line 536 + 6 bytes nsDocShell::Stop(nsDocShell * const 0x00c01de8) line 2211 nsWebShell::StopDocumentLoad(nsWebShell * const 0x0218c184) line 647 nsObserverBase::NotifyWebShell(nsObserverBase * const 0x00b82b80, nsISupports * 0x00000000, const char * 0x0012f5e4, nsCharsetSource kCharsetFromMetaTag) line 91 + 11 bytes nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x00b82b78, nsISupports * 0x0312e1c8, const nsStringArray * 0x00000000, const nsStringArray * 0x01000009) line 247 + 42 bytes nsMetaCharsetObserver::Notify(nsMetaCharsetObserver * const 0x00b82b78, nsISupports * 0x0312e1c8, const unsigned short * 0x0012f944, const nsStringArray * 0x0012f9d4, const nsStringArray * 0x0012f9dc) line 136 nsObserverTopic::Notify(nsObserverTopic * const 0x03065100, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 0x0312e1c8, nsIParser * 0x00000002) line 1576 CObserverService::Notify(CObserverService * const 0x03065100, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}, void * 0x0312e1c8, const nsString & {...}, nsIParser * 0x031336b0) line 1733 + 19 bytes CNavDTD::WillHandleStartTag(CNavDTD * const 0x03065100, CToken * 0x03169250, nsHTMLTag eHTMLTag_meta, nsIParserNode & {...}) line 1387 + 28 bytes CNavDTD::HandleStartToken(CNavDTD * const 0x03065100, CToken * 0x00000000) line 1635 CNavDTD::HandleToken(CNavDTD * const 0x00000001, CToken * 0x03169250, nsIParser * 0x031336b0) line 887 + 10 bytes CNavDTD::BuildModel(CNavDTD * const 0x0217bcd0, nsIParser * 0x031336b0, nsITokenizer * 0x0208b8e8, nsITokenObserver * 0x00000000, nsIContentSink * 0x022e3318) line 539 + 8 bytes nsParser::BuildModel(nsParser * const 0x03065100) line 1994 nsParser::ResumeParse(nsParser * const 0x03065100, int 1, int 0) line 1871 + 10 bytes nsParser::OnDataAvailable(nsParser * const 0x00004000, nsIRequest * 0x0237f988, nsISupports * 0x00000000, nsIInputStream * 0x023b4a50, unsigned int 0, unsigned int 16384) line 2325 + 11 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x02191fa8, nsIRequest * 0x0237f988, nsISupports * 0x00000000, nsIInputStream * 0x023b4a50, unsigned int 0, unsigned int 16384) line 237 + 21 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x023b4a50, nsIRequest * 0x0237f988, nsISupports * 0x00000000, nsIInputStream * 0x00000000, unsigned int 0, unsigned int 16384) line 56 + 24 bytes nsHttpChannel::OnDataAvailable(nsHttpChannel * const 0x0237f98c, nsIRequest * 0x0311f708, nsISupports * 0x00000000, nsIInputStream * 0x0236798c, unsigned int 0, unsigned int 16384) line 2134 + 23 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x03065100) line 175 + 24 bytes PL_HandleEvent(PLEvent * 0x021669d4) line 591 PL_ProcessPendingEvents(PLEventQueue * 0x1002aa55) line 520 + 6 bytes _md_EventReceiverProc(HWND__ * 0x00bd0e78, unsigned int 4200147, unsigned int 12663256, long 0) line 1071 + 10 bytes nsAppShellService::Run(nsAppShellService * const 0x00c139d8) line 418 main1(int 1, char * * 0x003226d0, nsISupports * 0x00322718) line 1110 + 9 bytes main(int 1, char * * 0x003226d0) line 1408 + 25 bytes WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00400000, char * 0x0013349f, HINSTANCE__ * 0x00400000) line 1426 + 21 bytes MOZILLA! WinMainCRTStartup + 308 bytes KERNEL32! 77e87903()
I see the same crash as your first stack when having to click a link a second time because the first fails/hangs. Second stack is the one from recent bug 85806
Assignee | ||
Comment 4•23 years ago
|
||
OK.. patch in hand.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.2
Different stack, same endpoint (on linux): Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 22172)] 0x63656c62 in ?? () (gdb) where #0 0x63656c62 in ?? () #1 0x4086f0bd in nsHttpTransaction::Cancel () from /home/tor/mopt/dist/bin/components/libnecko.so #2 0x40871a1a in nsHttpChannel::ProcessRedirection () from /home/tor/mopt/dist/bin/components/libnecko.so #3 0x408701e0 in nsHttpChannel::ProcessResponse () from /home/tor/mopt/dist/bin/components/libnecko.so #4 0x408747ec in nsHttpChannel::OnStartRequest () from /home/tor/mopt/dist/bin/components/libnecko.so #5 0x40886497 in nsOnStartRequestEvent::HandleEvent () from /home/tor/mopt/dist/bin/components/libnecko.so #6 0x40842243 in nsARequestObserverEvent::HandlePLEvent () from /home/tor/mopt/dist/bin/components/libnecko.so #7 0x400cca7b in PL_HandleEvent () at eval.c:41 #8 0x400cc989 in PL_ProcessPendingEvents () at eval.c:41 #9 0x400cdaeb in nsEventQueueImpl::ProcessPendingEvents () at eval.c:41 #10 0x4074f166 in event_processor_callback () from /home/tor/mopt/dist/bin/components/libwidget_gtk.so #11 0x4074eeb5 in our_gdk_io_invoke () from /home/tor/mopt/dist/bin/components/libwidget_gtk.so #12 0x4037001e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #13 0x403717f3 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #14 0x40371dd9 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #15 0x40371f8c in g_main_run () from /usr/lib/libglib-1.2.so.0 #16 0x40286803 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #17 0x4074f696 in nsAppShell::Run () from /home/tor/mopt/dist/bin/components/libwidget_gtk.so #18 0x40733ad6 in nsAppShellService::Run () from /home/tor/mopt/dist/bin/components/libnsappshell.so #19 0x0804fa8f in main1 () at eval.c:41 #20 0x0805032f in main () at eval.c:41 #21 0x404bc177 in __libc_start_main (main=0x80501e0 <main>, argc=1, ubp_av=0xbffff8bc, init=0x804bd88 <_init>, fini=0x805209c <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff8ac) at ../sysdeps/generic/libc-start.c:129
Updated•23 years ago
|
Severity: normal → blocker
Assignee | ||
Updated•23 years ago
|
OS: Windows 2000 → All
Priority: -- → P1
Hardware: PC → All
Assignee | ||
Updated•23 years ago
|
Summary: crash in nsHttpTransaction::Cancel, clicking on link → crash in nsHttpTransaction::Cancel [cancelation not thread-safe]
Comment 8•23 years ago
|
||
Is bug 85937 related to this one? I reported it and included a talkback id so someone can check the stack trace. jake
Comment 10•23 years ago
|
||
adding smoketest and regression keywords...this is crashing with today's linux builds. Here is the Talkback data for a couple of my crashes: Incident ID 31726090 Stack Signature 0x00000000 a01523ae Bug ID Trigger Time 2001-06-14 12:07:29 User Comments netscape japan site i think...just clicked bookmark and boom! Build ID 2001061411 Product ID MozillaTrunk Platform ID LinuxIntel Stack Trace 0x00000000 nsHttpTransaction::Cancel() nsHttpChannel::Cancel() nsLoadGroup::Cancel() nsDocLoaderImpl::Stop() nsURILoader::Stop() nsDocShell::Stop() nsWebShell::StopDocumentLoad() nsObserverBase::NotifyWebShell() nsMetaCharsetObserver::Notify() nsMetaCharsetObserver::Notify() nsObserverTopic::Notify() CObserverService::Notify() CNavDTD::WillHandleStartTag() CNavDTD::HandleStartToken() CNavDTD::HandleToken() CNavDTD::BuildModel() nsParser::BuildModel() nsParser::ResumeParse() nsParser::OnDataAvailable() nsDocumentOpenInfo::OnDataAvailable() nsStreamListenerTee::OnDataAvailable() nsHttpChannel::OnDataAvailable() nsOnDataAvailableEvent::HandleEvent() nsARequestObserverEvent::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xe52a (0x4033e52a) libglib-1.2.so.0 + 0xfbe6 (0x4033fbe6) libglib-1.2.so.0 + 0x101a1 (0x403401a1) libglib-1.2.so.0 + 0x10341 (0x40340341) libgtk-1.2.so.0 + 0x8c209 (0x40267209) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x181eb (0x404371eb) and Incident ID 31726299 Stack Signature 0x4050c1bf ffb85f5f Bug ID Trigger Time 2001-06-14 12:12:35 User Comments set homepage to netscape.com with new profile while offline, went online and reloaded page and boom! Build ID 2001061411 Product ID MozillaTrunk Platform ID LinuxIntel Stack Trace 0x4050c1bf nsHttpTransaction::Cancel() nsHttpChannel::Cancel() imgRequest::Cancel() imgRequest::RemoveProxy() imgRequestProxy::Cancel() nsImageFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsLineBox::DeleteLineList() nsBlockFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsTableFrame::Destroy() nsFrameList::DestroyFrames() nsContainerFrame::Destroy() nsTableOuterFrame::Destroy() nsFrameList::DestroyFrames() nsCSSFrameConstructor::WipeContainingBlock() nsCSSFrameConstructor::ContentAppended() StyleSetImpl::ContentAppended() PresShell::ContentAppended() nsDocument::ContentAppended() nsHTMLDocument::ContentAppended() HTMLContentSink::NotifyAppend() SinkContext::CloseContainer() HTMLContentSink::CloseContainer() CNavDTD::CloseContainer() CNavDTD::CloseContainersTo() CNavDTD::CloseContainersTo() CNavDTD::DidBuildModel() nsParser::DidBuildModel() nsParser::ResumeParse() nsParser::ContinueParsing() HTMLContentSink::ScriptEvaluated() nsScriptLoader::FireScriptEvaluated() nsScriptLoader::ProcessRequest() nsScriptLoader::OnStreamComplete() nsStreamLoader::OnStopRequest() nsStreamListenerTee::OnStopRequest() nsHttpChannel::OnStopRequest() nsOnStopRequestEvent::HandleEvent() nsARequestObserverEvent::HandlePLEvent() PL_HandleEvent() PL_ProcessEventsBeforeID() processQueue() nsVoidArray::EnumerateForwards() nsAppShell::ProcessBeforeID() handle_gdk_event() libgdk-1.2.so.0 + 0x1700b (0x4031200b) libglib-1.2.so.0 + 0xfbe6 (0x4033fbe6) libglib-1.2.so.0 + 0x101a1 (0x403401a1) libglib-1.2.so.0 + 0x10341 (0x40340341) libgtk-1.2.so.0 + 0x8c209 (0x40267209) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x181eb (0x404371eb) This is a smoketest blocker.
Keywords: regression,
smoketest
Comment 11•23 years ago
|
||
Is anyone seeing this on win32 or mac? I didn't crash at all with today's builds for those platforms...just linux. Just wanted to be sure because the platform and os are set to all.
Summary: crash in nsHttpTransaction::Cancel [cancelation not thread-safe] → crash in [@ nsHttpTransaction::Cancel] [cancelation not thread-safe]
Assignee | ||
Comment 12•23 years ago
|
||
Assignee | ||
Comment 13•23 years ago
|
||
Assignee | ||
Comment 14•23 years ago
|
||
any help i could get testing these patches would be greatly appreciated.
Comment 15•23 years ago
|
||
Linux was the only platform that crashed for me. Mac and Win32 today were OK.
Comment 16•23 years ago
|
||
These patches seem to really help the stability of my build.
Reporter | ||
Comment 17•23 years ago
|
||
The patches fix the crash for me (for the two ways that I could force the crash previously). [To answer Jay's question: this is an all platform crash. It was initially reported for win2k].
Comment 18•23 years ago
|
||
after darin clarified some things on irc r/sr=blizzard on both patches
Assignee | ||
Comment 19•23 years ago
|
||
Reporter | ||
Comment 20•23 years ago
|
||
*** Bug 85926 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 21•23 years ago
|
||
dougt says: r/rs=
Assignee | ||
Comment 22•23 years ago
|
||
a=blizzard
Assignee | ||
Comment 23•23 years ago
|
||
*** Bug 85206 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 24•23 years ago
|
||
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 25•23 years ago
|
||
*** Bug 85823 has been marked as a duplicate of this bug. ***
Comment 26•23 years ago
|
||
This crash is no longer occurring for me with the latest Linux build 2001061414. I was never crashing here with my Win98 or Mac machines, so someone else will need to verify this fix on those platforms if they were seeing this crash. I know somebody mentioned there were crashes on Win2k, but I don't have a machine, so help veifying that would be good too.
Comment 27•23 years ago
|
||
jpatel@netscape.com: I crashed on win2k with this bug (3x in 5min). After I updated my build with the fix I cannot reproduce this crash (opt and debug)
Comment 28•23 years ago
|
||
This seems to be working now, yesterdays build (2001061304) crashed frequently, but since I got the latest build (2001061404), I've been running for an hour with no crashes. I'm also using Win2k. Good work!
Comment 29•23 years ago
|
||
*** Bug 86444 has been marked as a duplicate of this bug. ***
Comment 31•23 years ago
|
||
Adding [@ nsHttpConnection::ReportProgress] to summary for future reference.
Summary: crash in [@ nsHttpTransaction::Cancel] [cancelation not thread-safe] → crash in [@ nsHttpTransaction::Cancel] [[@ nsHttpConnection::ReportProgress] [cancelation not thread-safe]
Updated•23 years ago
|
Summary: crash in [@ nsHttpTransaction::Cancel] [[@ nsHttpConnection::ReportProgress] [cancelation not thread-safe] → crash in [@ nsHttpTransaction::Cancel] [@ nsHttpConnection::ReportProgress] [cancelation not thread-safe]
Comment 32•23 years ago
|
||
Verified on: Win2K: 2001-07-27-00-0.9.2 2001-07-27-12-trunk Mac: 2001-07-26-21-0.9.2 Linux: 2001-07-26-23-0.9.2
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@ nsHttpTransaction::Cancel]
[@ nsHttpConnection::ReportProgress]
You need to log in
before you can comment on or make changes to this bug.
Description
•