Closed
Bug 180922
Opened 22 years ago
Closed 12 years ago
nsDNSEventProc crashes using a null nsDNSService::gService
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: timeless, Assigned: timeless)
References
Details
(Keywords: crash)
(void) DestroyWindow(nsDNSService::gService->mDNSWindow);
+ nsDNSService::gService 0x00000000
nsDNSEventProc(HWND__ * 0x003508b0, unsigned int 1224, unsigned int 0, long 0)
line 1971 + 6 bytes
USER32! 77e13eb0()
USER32! 77e1591b()
USER32! 77e1595d()
NTDLL! 77f9fb83()
nsDNSService::Run(nsDNSService * const 0x0054fdc4) line 1453 + 21 bytes
nsThread::Main(void * 0x0055b690) line 123 + 26 bytes
_PR_NativeRunThread(void * 0x0055c9b0) line 433 + 13 bytes
MSVCRTD! 1020c323()
KERNEL32! 77e92ca8()
Main thread:
USER32! 77e1484c()
USER32! 77e1a5b7()
nsDNSService::ShutdownInternal() line 1863
nsDNSService::Observe(nsDNSService * const 0x0054fdc8, nsISupports * 0x004a6a44,
const char * 0x00341240, const unsigned short * 0x00000000) line 1310
nsObserverService::NotifyObservers(nsObserverService * const 0x004c36b0,
nsISupports * 0x004a6a44, const char * 0x00341240, const unsigned short *
0x00000000) line 213
NS_ShutdownXPCOM(nsIServiceManager * 0x00000000) line 694
main(int 3, char * * 0x004a43c4) line 949 + 8 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87903()
Ok, here's a list of events,
A. js created the dns service,
B. the dns server registers an observer for xpcom shutdown
C. the dns service thread was started
D. xpconnect/js garbage collected it.
E. dnsservice destructor sets its global reference to null
F. <something has to go wrong here>
G. xpcom shutdown
H. xpcom has a record of dnsservice and tells it about shutdown
I. dnsservice proxies across threads using windows telling itself to cleanup
J. dnsservice thread tries to unregister its window, but doing that requires a
self reference which crashes.
Note that this should never happen in the real world since the only thing that
should create the dns service is xpcom.
Ok. I'm going to need some eyes. nsDNSService really looks well behaved, its
destructor does call ShutdownInternal. And ShutdownInternal seems to unregister
the observers.
:( mDNSServiceLock is inited right now, so unless it was inited after the class
was destroyed (possible, i haven't spent enough time looking through this code)
i'm still without a good explanation.
fwiw, here's the stuff nsDNSService::ShutdownInternal() line 1863
on the main thread sees:
mDNSCondVar 0x0055eb60
+ mDNSWindow 0x003508b0
PR_SUCCESS 0
- this 0x0054fdc0
+ nsIDNSService {...}
+ nsIRunnable {...}
+ nsIObserver {...}
+ mRefCnt {...}
+ _mOwningThread {...}
+ gService 0x00000000
gNeedLateInitialization 0
+ gHashTableOps {...}
+ mPrefService {...}
mDNSServiceLock 0x0054fd10
mDNSCondVar 0x0055eb60
+ mHashTable {...}
+ mPendingQ {...}
+ mEvictionQ {...}
mEvictionQCount 0
mMaxCachedLookups 32
mExpirationInterval 300
+ mMyIPAddress 0x00000000 ""
+ mThread {...}
mState 3
+ mIDNConverter {...}
mLastReset 2859408607
mResetMaxInterval 74573
+ mDNSWindow 0x003508b0
+ mMsgIDBitVector 0x0054fe38
mCount 0.00000000000000
mTimes 0.00000000000000
mSquaredTimes 0.00000000000000
+ mOut 0x00000000
+ windowClass 0x02078818 "Mozilla:DNSWindowClass"
|
||
Comment 2•22 years ago
|
||
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and
<http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss
bugs are of critical or possibly higher severity. Only changing open bugs to
minimize unnecessary spam. Keywords to trigger this would be crash, topcrash,
topcrash+, zt4newcrash, dataloss.
Severity: minor → critical
|
||
Comment 3•12 years ago
|
||
We're not seeing nsDNSEventProc or nsDNSService::ShutdownInternal in crash reports from the last 4 weeks at all and there's no STR, so I consider this WFM.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•