Closed
Bug 180922
Opened 22 years ago
Closed 12 years ago
nsDNSEventProc crashes using a null nsDNSService::gService
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: timeless, Assigned: timeless)
References
Details
(Keywords: crash)
(void) DestroyWindow(nsDNSService::gService->mDNSWindow); + nsDNSService::gService 0x00000000 nsDNSEventProc(HWND__ * 0x003508b0, unsigned int 1224, unsigned int 0, long 0) line 1971 + 6 bytes USER32! 77e13eb0() USER32! 77e1591b() USER32! 77e1595d() NTDLL! 77f9fb83() nsDNSService::Run(nsDNSService * const 0x0054fdc4) line 1453 + 21 bytes nsThread::Main(void * 0x0055b690) line 123 + 26 bytes _PR_NativeRunThread(void * 0x0055c9b0) line 433 + 13 bytes MSVCRTD! 1020c323() KERNEL32! 77e92ca8()
Main thread: USER32! 77e1484c() USER32! 77e1a5b7() nsDNSService::ShutdownInternal() line 1863 nsDNSService::Observe(nsDNSService * const 0x0054fdc8, nsISupports * 0x004a6a44, const char * 0x00341240, const unsigned short * 0x00000000) line 1310 nsObserverService::NotifyObservers(nsObserverService * const 0x004c36b0, nsISupports * 0x004a6a44, const char * 0x00341240, const unsigned short * 0x00000000) line 213 NS_ShutdownXPCOM(nsIServiceManager * 0x00000000) line 694 main(int 3, char * * 0x004a43c4) line 949 + 8 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e87903() Ok, here's a list of events, A. js created the dns service, B. the dns server registers an observer for xpcom shutdown C. the dns service thread was started D. xpconnect/js garbage collected it. E. dnsservice destructor sets its global reference to null F. <something has to go wrong here> G. xpcom shutdown H. xpcom has a record of dnsservice and tells it about shutdown I. dnsservice proxies across threads using windows telling itself to cleanup J. dnsservice thread tries to unregister its window, but doing that requires a self reference which crashes. Note that this should never happen in the real world since the only thing that should create the dns service is xpcom. Ok. I'm going to need some eyes. nsDNSService really looks well behaved, its destructor does call ShutdownInternal. And ShutdownInternal seems to unregister the observers. :( mDNSServiceLock is inited right now, so unless it was inited after the class was destroyed (possible, i haven't spent enough time looking through this code) i'm still without a good explanation. fwiw, here's the stuff nsDNSService::ShutdownInternal() line 1863 on the main thread sees: mDNSCondVar 0x0055eb60 + mDNSWindow 0x003508b0 PR_SUCCESS 0 - this 0x0054fdc0 + nsIDNSService {...} + nsIRunnable {...} + nsIObserver {...} + mRefCnt {...} + _mOwningThread {...} + gService 0x00000000 gNeedLateInitialization 0 + gHashTableOps {...} + mPrefService {...} mDNSServiceLock 0x0054fd10 mDNSCondVar 0x0055eb60 + mHashTable {...} + mPendingQ {...} + mEvictionQ {...} mEvictionQCount 0 mMaxCachedLookups 32 mExpirationInterval 300 + mMyIPAddress 0x00000000 "" + mThread {...} mState 3 + mIDNConverter {...} mLastReset 2859408607 mResetMaxInterval 74573 + mDNSWindow 0x003508b0 + mMsgIDBitVector 0x0054fe38 mCount 0.00000000000000 mTimes 0.00000000000000 mSquaredTimes 0.00000000000000 + mOut 0x00000000 + windowClass 0x02078818 "Mozilla:DNSWindowClass"
Comment 2•22 years ago
|
||
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and <http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss bugs are of critical or possibly higher severity. Only changing open bugs to minimize unnecessary spam. Keywords to trigger this would be crash, topcrash, topcrash+, zt4newcrash, dataloss.
Severity: minor → critical
Comment 3•12 years ago
|
||
We're not seeing nsDNSEventProc or nsDNSService::ShutdownInternal in crash reports from the last 4 weeks at all and there's no STR, so I consider this WFM.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•