Closed Bug 805425 Opened 9 years ago Closed 9 years ago

shutdown crash when doing DNS logging


(Core :: Networking: DNS, defect)

Not set





(Reporter: jaas, Assigned: jaas)


(Keywords: crash)


(1 file)

If you do NSPR DNS logging you will often crash on shutdown:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
[Switching to process 207 thread 0x1b07]
0x00007fff91fce650 in strlen ()
(gdb) bt
#0  0x00007fff91fce650 in strlen ()
#1  0x000000010060cd13 in cvt_s (ss=0x129020948, str=0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, width=0, prec=-1, flags=0) at /Users/josh/src/mozilla/ff_trunk_debug/nsprpub/pr/src/io/prprf.c:370
#2  0x000000010060ac4d in dosprintf (ss=0x129020948, fmt=0x104d64710 "].\n", ap=0x129020e00) at /Users/josh/src/mozilla/ff_trunk_debug/nsprpub/pr/src/io/prprf.c:998
#3  0x000000010060b51c in PR_vsnprintf (out=0x129020c37 "Lookup completed for host [\002)\001", outlen=456, fmt=0x104d646f3 "Lookup completed for host [%s].\n", ap=0x129020e00) at /Users/josh/src/mozilla/ff_trunk_debug/nsprpub/pr/src/io/prprf.c:1202
#4  0x0000000100608be2 in PR_LogPrint (fmt=0x104d646f3 "Lookup completed for host [%s].\n") at /Users/josh/src/mozilla/ff_trunk_debug/nsprpub/pr/src/io/prlog.c:465
#5  0x00000001014a89c3 in nsHostResolver::ThreadFunc (arg=0x10052f300) at /Users/josh/src/mozilla/ff_trunk_debug/netwerk/dns/nsHostResolver.cpp:995
#6  0x00000001006386e3 in _pt_root (arg=0x112fb31c0) at /Users/josh/src/mozilla/ff_trunk_debug/nsprpub/pr/src/pthreads/ptthread.c:156
#7  0x00007fff91fe0742 in _pthread_start ()
#8  0x00007fff91fcd181 in thread_start ()

It appears to be because of this line in nsHostResolver.cpp:

LOG(("Lookup completed for host [%s].\n", rec->host));

(gdb) print rec
$1 = (nsHostRecord *) 0x1424f8fb0
(gdb) print rec->host
$2 = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>
Attached patch fix v1.0Splinter Review
This ought to fix it. I could reproduce the crash pretty easily without this patch, wasn't able to do it with this patch.
Attachment #675131 - Flags: review?(sworkman)
Alternatively we could move that logging statement into OnLookupComplete, but I don't think it really matters.
Comment on attachment 675131 [details] [diff] [review]
fix v1.0

Review of attachment 675131 [details] [diff] [review]:

::: netwerk/dns/nsHostResolver.cpp
@@ +996,1 @@
>          resolver->OnLookupComplete(rec, status, ai);

I think this should work. NS_ADDREF is called when the record is created and when a lookup is issued. NS_RELEASE should be called in nsHostResolver::OnLookupComplete and during Shutdown (in HostDB_ClearEntry).  This is probably the same race condition documented in bug 463724 between nsHostResolver::Shutdown and the DNS threads being shutdown, if PR_GetAddrInfoByName takes a long time, e.g. on a high-delay network. BUT, that should be fine here, as the 2nd ref added for lookup is not removed until OnLookupComplete finishes, which is called in the context of one of the threads. So, seems like it should be fine :)
Attachment #675131 - Flags: review?(sworkman) → review+
Severity: normal → critical
Keywords: crash
Closed: 9 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
You need to log in before you can comment on or make changes to this bug.