Closed Bug 1690592 Opened 5 years ago Closed 5 years ago

Shutdown null deref crash in [@ mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
Unspecified
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1691517

People

(Reporter: mccr8, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/d8e2d9ac-5e81-4881-9bf1-574f40200831

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:421
1 xul.dll mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:83:7'>::Run xpcom/threads/nsThreadUtils.h:577
2 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1234
3 xul.dll NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:461
4 xul.dll mozilla::ShutdownXPCOM xpcom/build/XPCOMInit.cpp:671
5 xul.dll ScopedXPCOMStartup::~ScopedXPCOMStartup toolkit/xre/nsAppRunner.cpp:1289
6 xul.dll XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:4980
7 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:5017
8 firefox.exe NS_internal_main browser/app/nsBrowserApp.cpp:331
9 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:131

I was looking at crashes with this signature, and I came across a number of them that are crashing here:

NS_GetMainThread(getter_AddRefs(mainIThread));
nsThread* mainThread = static_cast<nsThread*>(mainIThread.get());
mainThread->SetRunningEventDelay(TimeDuration(), TimeStamp());

I guess mainThread is null.

We're at the NS_ProcessPendingEvents here:

// Shutdown all remaining threads.  This method does not return until
// all threads created using the thread manager (with the exception of
// the main thread) have exited.
nsThreadManager::get().Shutdown();

// Process our last round of events, and then mark that we've finished main
// thread event processing.
NS_ProcessPendingEvents(thread);

The thread manager shutdown calls process pending events at least a couple of times, so I'm not sure why we're calling it yet again in ShutdownXPCOM. Anyways, it looks like if we ever do still have things left when we get to that NS_ProcessPendingEvents, we'll just crash. So it seems like we should just delete it.

I only see 100 crashes on null with this signature in the last month, so I guess this particular variant is not that common.

Bug 1687191 is similar, and there's a Pernosco trace, but if the line numbers are the same, that is a shutdown crash at a later point.

See Also: → 1687191
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
See Also: 1687191
You need to log in before you can comment on or make changes to this bug.