[chromium-bugs] Issue 18907 in chromium: Linux: crashes in new OSCP code

Fri, 14 Aug 2009 11:59:48 -0700 


Comment #2 on issue 18907 by [email protected]: Linux: crashes in new OSCP  
code
http://code.google.com/p/chromium/issues/detail?id=18907

I got a crash with a debug build in the debugger.  The stack trace is  
similar.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf5f6bb90 (LWP 23771)]
0x088b5d86 in base::LinkNode<base::LeakTracker<URLRequest>  
>::RemoveFromList (
     this=0xbb562b8)
     at /usr/local/google/home/wtc/chrome2/src/base/linked_list.h:79
79          this->next_->previous_ = this->previous_;
(gdb) where
#0  0x088b5d86 in base::LinkNode<base::LeakTracker<URLRequest>  
>::RemoveFromList
(this=0xbb562b8)
     at /usr/local/google/home/wtc/chrome2/src/base/linked_list.h:79
#1  0x088b697b in ~LeakTracker (this=0xbb562b8)
     at /usr/local/google/home/wtc/chrome2/src/base/leak_tracker.h:65
#2  0x088b42e2 in ~URLRequest (this=0xbb56140)
     at  
/usr/local/google/home/wtc/chrome2/src/net/url_request/url_request.cc:72
#3  0x08889283 in OnReadCompleted (this=0xf1a2d180, request=0xf1a2d280,
     bytes_read=0)
     at /usr/local/google/home/wtc/chrome2/src/net/ocsp/nss_ocsp.cc:255
#4  0x088894a0 in OnResponseStarted (this=0xf1a2d180, request=0xf1a2d280)
     at /usr/local/google/home/wtc/chrome2/src/net/ocsp/nss_ocsp.cc:236
#5  0x088b5815 in URLRequest::ResponseStarted (this=0xf1a2d280)
     at  
/usr/local/google/home/wtc/chrome2/src/net/url_request/url_request.cc:354
#6  0x088c2053 in URLRequestJob::NotifyHeadersComplete (this=0xf1a2d410)
     at  
/usr/local/google/home/wtc/chrome2/src/net/url_request/url_request_job.cc:417
#7  0x0891f62c in URLRequestHttpJob::NotifyHeadersComplete (this=0xf1a2d410)
     at  
/usr/local/google/home/wtc/chrome2/src/net/url_request/url_request_http_job.cc:556
#8  0x0891f6b9 in URLRequestHttpJob::OnStartCompleted (this=0xf1a2d410,
     result=0)
     at  
/usr/local/google/home/wtc/chrome2/src/net/url_request/url_request_http_job.cc:454
#9  0x089213b5 in DispatchToMethod<URLRequestHttpJob, void
(URLRequestHttpJob::*)(int), int> (obj=0xf1a2d410,
     method=0x891f634 <URLRequestHttpJob::OnStartCompleted(int)>,
     a...@0xf5f6a120) at  
/usr/local/google/home/wtc/chrome2/src/base/tuple.h:422
#10 0x08921420 in CallbackImpl<URLRequestHttpJob, void  
(URLRequestHttpJob::*)(int),
Tuple1<int> >::RunWithParams (this=0xf1a2d594, para...@0xf5f6a120)
     at /usr/local/google/home/wtc/chrome2/src/base/task.h:578
#11 0x0883e4ec in CallbackRunner<Tuple1<int> >::Run<int> (this=0xf1a2d594,
     a...@0xf5f6a2d4) at /usr/local/google/home/wtc/chrome2/src/base/task.h:543
#12 0x088622b5 in net::HttpCache::Transaction::DoCallback (this=0xf1a2b478,
     rv=0) at  
/usr/local/google/home/wtc/chrome2/src/net/http/http_cache.cc:704
#13 0x0886236f in net::HttpCache::Transaction::HandleResult  
(this=0xf1a2b478,
     rv=0) at  
/usr/local/google/home/wtc/chrome2/src/net/http/http_cache.cc:710
#14 0x088677b8 in net::HttpCache::Transaction::OnNetworkInfoAvailable (
     this=0xf1a2b478, result=0)
     at /usr/local/google/home/wtc/chrome2/src/net/http/http_cache.cc:1376
#15 0x0886c2a5 in DispatchToMethod<net::HttpCache::Transaction, void
(net::HttpCache::Transaction::*)(int), int> (obj=0xf1a2b478,
     method=0x8866de8  
<net::HttpCache::Transaction::OnNetworkInfoAvailable(int)>,
a...@0xf5f6a990) at /usr/local/google/home/wtc/chrome2/src/base/tuple.h:422
#16 0x0886c2d4 in CallbackImpl<net::HttpCache::Transaction, void
(net::HttpCache::Transaction::*)(int), Tuple1<int> >::RunWithParams  
(this=0xf1a2b54c,
     para...@0xf5f6a990)
     at /usr/local/google/home/wtc/chrome2/src/base/task.h:578
#17 0x0883e4ec in CallbackRunner<Tuple1<int> >::Run<int> (this=0xf1a2b54c,
     a...@0xf5f6ab44) at /usr/local/google/home/wtc/chrome2/src/base/task.h:543
#18 0x08870da9 in net::HttpNetworkTransaction::DoCallback (this=0xf1a2b788,
     rv=0)
     at  
/usr/local/google/home/wtc/chrome2/src/net/http/http_network_transaction.cc:424
#19 0x088799d7 in net::HttpNetworkTransaction::OnIOComplete  
(this=0xf1a2b788,
     result=1199)
     at  
/usr/local/google/home/wtc/chrome2/src/net/http/http_network_transaction.cc:430
#20 0x0887ac4d in DispatchToMethod<net::HttpNetworkTransaction, void
(net::HttpNetworkTransaction::*)(int), int> (obj=0xf1a2b788,
     method=0x88799a4 <net::HttpNetworkTransaction::OnIOComplete(int)>,
     a...@0xf5f6abc0) at  
/usr/local/google/home/wtc/chrome2/src/base/tuple.h:422
#21 0x0887ac7c in CallbackImpl<net::HttpNetworkTransaction, void
(net::HttpNetworkTransaction::*)(int), Tuple1<int> >::RunWithParams  
(this=0xf1a2b7b8,
     para...@0xf5f6abc0)
     at /usr/local/google/home/wtc/chrome2/src/base/task.h:578
#22 0x0883e4ec in CallbackRunner<Tuple1<int> >::Run<int> (this=0xf1a2b7b8,
     a...@0xf5f6ad84) at /usr/local/google/home/wtc/chrome2/src/base/task.h:543
#23 0x088af20a in net::TCPClientSocketLibevent::DoReadCallback (
     this=0xf1a2bc30, rv=1199)
     at
/usr/local/google/home/wtc/chrome2/src/net/socket/tcp_client_socket_libevent.cc:283
#24 0x088af6ae in net::TCPClientSocketLibevent::DidCompleteRead (
     this=0xf1a2bc30)
     at
/usr/local/google/home/wtc/chrome2/src/net/socket/tcp_client_socket_libevent.cc:353
#25 0x088b13b3 in
net::TCPClientSocketLibevent::ReadWatcher::OnFileCanReadWithoutBlocking  
(this=0xf1a2bc54)
     at  
/usr/local/google/home/wtc/chrome2/src/net/socket/tcp_client_socket_libevent.h:56
#26 0x085e2d69 in base::MessagePumpLibevent::OnLibeventNotification (fd=41,
     flags=2, context=0xf1a2bc54)
     at  
/usr/local/google/home/wtc/chrome2/src/base/message_pump_libevent.cc:210
#27 0x0875ec20 in event_process_active (base=0xb8dc288)
---Type <return> to continue, or q <return> to quit---
     at  
/usr/local/google/home/wtc/chrome2/src/third_party/libevent/event.c:385
#28 0x0875eef5 in event_base_loop (base=0xb8dc288, flags=1)
     at  
/usr/local/google/home/wtc/chrome2/src/third_party/libevent/event.c:522
#29 0x085e3438 in base::MessagePumpLibevent::Run (this=0xb8da7d8,
     delegate=0xf5f6b25c)
     at  
/usr/local/google/home/wtc/chrome2/src/base/message_pump_libevent.cc:253
#30 0x085d9a13 in MessageLoop::RunInternal (this=0xf5f6b25c)
     at /usr/local/google/home/wtc/chrome2/src/base/message_loop.cc:199
#31 0x085d9a2d in MessageLoop::RunHandler (this=0xf5f6b25c)
     at /usr/local/google/home/wtc/chrome2/src/base/message_loop.cc:181
#32 0x085d9ad1 in MessageLoop::Run (this=0xf5f6b25c)
     at /usr/local/google/home/wtc/chrome2/src/base/message_loop.cc:155
#33 0x08610910 in base::Thread::ThreadMain (this=0xb8da6c0)
     at /usr/local/google/home/wtc/chrome2/src/base/thread.cc:156
#34 0x085eee5a in ThreadFunc (closure=0xb8da6c0)
     at  
/usr/local/google/home/wtc/chrome2/src/base/platform_thread_posix.cc:26
#35 0xf769e4fb in start_thread () from /lib32/libpthread.so.0
#36 0xf736c09e in clone () from /lib32/libc.so.6
(gdb) list
74        }
75      
76        // Remove |this| from the linked list.
77        void RemoveFromList() {
78          this->previous_->next_ = this->next_;
79          this->next_->previous_ = this->previous_;
80        }
81      
82        LinkNode<T>* previous() const {
83          return previous_;
(gdb) print *this
$1 = {previous_ = 0xbb56220, next_ = 0xf7bebdb0}
(gdb) print *this->next_
$2 = {previous_ = 0x83e58955, next_ = 0x758918ec}
(gdb) print *this->previous_
$3 = {previous_ = 0xbe99500, next_ = 0xf7bebdb0}
(gdb)

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to