Closed
Bug 282743
Opened 19 years ago
Closed 19 years ago
ABBA deadlock componentmanager monitor/jsgc claimscope
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
Details
Attachments
(1 obsolete file)
main thread: nspr4.dll!PR_Lock(PRLock * lock=0x002aee20) Line 240 C nspr4.dll!PR_EnterMonitor(PRMonitor * mon=0x002aee08) Line 99 + 0x6 C xpcom_core.dll!nsAutoMonitor::nsAutoMonitor(PRMonitor * mon=0x002aee08) Line 250 + 0x7 C++ > xpcom_core.dll!nsComponentManagerImpl::GetServiceByContractID(const char * aContractID=0x012d65ac, const nsID & aIID={...}, void * * result=0x0012f764) Line 2354 C++ xpcom_core.dll!nsGetServiceByContractID::operator()(const nsID & aIID= {...}, void * * aInstancePtr=0x0012f764) Line 183 + 0xf C++ xpcom_core.dll!nsCOMPtr_base::assign_from_helper(const nsCOMPtr_helper & helper={...}, const nsID & iid={...}) Line 114 + 0x10 C++ gklayout.dll!nsCOMPtr<nsIObserverService>::nsCOMPtr<nsIObserverService> (const nsCOMPtr_helper & helper={...}) Line 591 C++ gklayout.dll!nsEventStateManager::~nsEventStateManager() Line 296 C++ gklayout.dll!nsEventStateManager::`scalar deleting destructor'() + 0x8 C++ gklayout.dll!nsJSEventListener::Release() Line 73 + 0x18 C++ gklayout.dll!nsPresContext::~nsPresContext() Line 214 + 0x9 C++ gklayout.dll!nsPresContext::Release() Line 253 + 0x1b C++ xpcom_core.dll!nsCOMPtr_base::~nsCOMPtr_base() Line 82 C++ gklayout.dll!nsDOMEvent::~nsDOMEvent() Line 136 + 0x24 C++ gklayout.dll!nsDOMEvent::`scalar deleting destructor'() + 0x8 C++ gklayout.dll!nsDOMEvent::Release() Line 139 + 0x18 C++ xpc3250.dll!XPCJSRuntime::GCCallback(JSContext * cx=0x00a1e7e8, JSGCStatus status=JSGC_END) Line 557 C++ jsd3250.dll!jsds_GCCallbackProc(JSContext * cx=0x00a1e7e8, JSGCStatus status=JSGC_END) Line 522 + 0x7 C++ js3250.dll!js_GC(JSContext * cx=0x00a1e7e8, unsigned int gcflags=0) Line 1448 C js3250.dll!js_ForceGC(JSContext * cx=0x00a1e7e8, unsigned int gcflags=0) Line 1028 + 0x19 C js3250.dll!JS_GC(JSContext * cx=0x00a1e7e8) Line 1747 + 0x8 C js3250.dll!JS_MaybeGC(JSContext * cx=0x00a1e7e8) Line 1766 + 0x6 C gklayout.dll!nsJSContext::ScriptEvaluated(int aTerminated=0) Line 1875 + 0xc C++ gklayout.dll!nsJSContext::ScriptExecuted() Line 1946 C++ xpc3250.dll!AutoScriptEvaluate::~AutoScriptEvaluate() Line 107 C++ xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x0012f764, unsigned short methodIndex=4217, const nsXPTMethodInfo * info=0x0012f798, nsXPTCMiniVariant * nativeParams=0x00000000) Line 1588 + 0x11 C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=7, const nsXPTMethodInfo * info=0x01f3c5f0, nsXPTCMiniVariant * params=0x0012fa4c) Line 450 C++ xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x019edec0, unsigned int methodIndex=7, unsigned int * args=0x0012fb08, unsigned int * stackBytesToPop=0x0012faf8) Line 117 + 0x12 C++ xpcom_core.dll!SharedStub() Line 147 C++ appcomps.dll!nsBrowserStatusFilter::OnSecurityChange(nsIWebProgress * aWebProgress=0x0292328c, nsIRequest * aRequest=0x0245ad60, unsigned int aState=4) Line 263 C++ docshell.dll!nsDocLoaderImpl::OnSecurityChange(nsISupports * aContext=0x0245ad60, unsigned int aState=4) Line 1500 + 0xd C++ pipboot.dll!nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest * aRequest=0x0245ad60) Line 1104 C++ pipboot.dll!nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress * aWebProgress=0x02789740, nsIRequest * aRequest=0x0245ad60, unsigned int aProgressStateFlags=0, unsigned int aStatus=0) Line 839 + 0xb C++ docshell.dll!nsDocLoaderImpl::FireOnStateChange(nsIWebProgress * aProgress=0x0292328c, nsIRequest * aRequest=0x0245ad60, int aStateFlags=65552, unsigned int aStatus=0) Line 1234 + 0x12 C++ docshell.dll!nsDocLoaderImpl::doStopURLLoad(nsIRequest * request=0x0245ad60, unsigned int aStatus=0) Line 805 C++ docshell.dll!nsDocLoaderImpl::OnStopRequest(nsIRequest * aRequest=0x0245ad60, nsISupports * aCtxt=0x00000000, unsigned int aStatus=0) Line 653 C++ necko.dll!nsLoadGroup::RemoveRequest(nsIRequest * request=0x0292327c, nsISupports * ctxt=0x00000000, unsigned int aStatus=0) Line 701 + 0xd C++ necko.dll!nsHttpChannel::OnStopRequest(nsIRequest * request=0x05e50588, nsISupports * ctxt=0x00000000, unsigned int status=0) Line 3782 C++ necko.dll!nsInputStreamPump::OnStateStop() Line 505 C++ necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x05ecf3b0) Line 342 C++ xpcom_core.dll!nsOutputStreamReadyEvent::EventHandler(PLEvent * plevent=0x05e17edc) Line 119 C++ xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x05e17edc) Line 693 C xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x009fe900) Line 627 + 0x6 C xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x002f06a6, unsigned int uMsg=49514, unsigned int wParam=0, long lParam=10479872) Line 1434 C user32.dll!_InternalCallWinProc@20() + 0x28 user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 user32.dll!_DispatchMessageWorker@8() + 0xdc user32.dll!_DispatchMessageW@4() + 0xf gkwidget.dll!nsAppShell::Run() Line 159 C++ appcomps.dll!nsAppStartup::Run() Line 216 C++ mozilla.exe!main1(int argc=2, char * * argv=0x002a4dc0, nsISupports * nativeApp=0x012e7388) Line 1321 + 0x9 C++ mozilla.exe!main(int argc=2, char * * argv=0x002a4dc0) Line 1813 + 0x13 C++ mozilla.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * __formal=0x00400000, char * args=0x0015235a, HINSTANCE__ * __formal=0x00400000) Line 1841 + 0x17 C++ mozilla.exe!WinMainCRTStartup() Line 390 + 0x1b C kernel32.dll!_BaseProcessStart@4() + 0x23 monitor @ nsComponentManagerImpl::GetServiceByContractID there's /some/ sort of lock @ js_GC other thread: > nspr4.dll!_PR_MD_WAIT_CV(_MDCVar * cv=0x009e4204, _MDLock * lock=0x009baf7c, unsigned int timeout=4294967295) Line 282 C nspr4.dll!_PR_WaitCondVar(PRThread * thread=0x009ff478, PRCondVar * cvar=0x009e4190, PRLock * lock=0x009baf60, unsigned int timeout=4294967295) Line 205 C nspr4.dll!PR_WaitCondVar(PRCondVar * cvar=0x009e4190, unsigned int timeout=4294967295) Line 551 + 0xd C js3250.dll!ClaimScope(JSScope * scope=0x00eef910, JSContext * cx=0x7ffda000) Line 504 C js3250.dll!js_LockScope(JSContext * cx=0x01a10cd0, JSScope * scope=0x02996cd0) Line 1055 + 0xf C js3250.dll!js_LockObj(JSContext * cx=0x01a10cd0, JSObject * obj=0x02970070) Line 1207 C js3250.dll!js_FindProperty(JSContext * cx=0x01a10cd0, long id=33141104, JSObject * * objp=0x00eefb6c, JSObject * * pobjp=0x00eefb1c, JSProperty * * propp=0x00eefb24) Line 2528 + 0xc C js3250.dll!js_Interpret(JSContext * cx=0x00000002, long * result=0x00eefa40) Line 3686 + 0x18 C js3250.dll!js_Invoke(JSContext * cx=0x009ff478, unsigned int argc=2, unsigned int flags=15661632) Line 1313 + 0xa C js3250.dll!js_InternalInvoke(JSContext * cx=0x01a10cfc, JSObject * obj=0x029701e0, long fval=43450488, unsigned int flags=0, unsigned int argc=1, long * argv=0x00eefd28, long * rval=0x00eefd0c) Line 1390 + 0xe C js3250.dll!JS_CallFunctionValue(JSContext * cx=0x01a10cd0, JSObject * obj=0x029701e0, long fval=43450488, unsigned int argc=1, long * argv=0x00eefd28, long * rval=0x00eefd0c) Line 3767 + 0x1a C xpc3250.dll!nsXPCWrappedJSClass::CallQueryInterfaceOnJSObject (XPCCallContext & ccx={...}, JSObject * jsobj=0x029701e0, const nsID & aIID= {...}) Line 271 + 0x17 C++ xpc3250.dll!nsXPCWrappedJSClass::DelegatedQueryInterface(nsXPCWrappedJS * self=0x02999308, const nsID & aIID={...}, void * * aInstancePtr=0x00eefe40) Line 589 C++ xpc3250.dll!nsXPCWrappedJS::QueryInterface(const nsID & aIID={...}, void * * aInstancePtr=0x00eefe40) Line 97 + 0xa C++ xpcom_core.dll!nsComponentManagerImpl::GetServiceByContractID(const char * aContractID=0x00b92680, const nsID & aIID={...}, void * * result=0x00eefe40) Line 2362 + 0xb C++ xpcom_core.dll!nsGetServiceByContractID::operator()(const nsID & aIID= {...}, void * * aInstancePtr=0x00eefe40) Line 183 + 0xf C++ xpcom_core.dll!nsCOMPtr_base::assign_from_helper(const nsCOMPtr_helper & helper={...}, const nsID & iid={...}) Line 114 + 0x10 C++ necko.dll!nsCOMPtr<nsIHttpChannelSink>::nsCOMPtr<nsIHttpChannelSink> (const nsCOMPtr_helper & helper={...}) Line 591 C++ necko.dll!nsHttpTransaction::ReadRequestSegment(nsIInputStream * stream=0x05e7d738, void * closure=0x05f4c2a8, const char * buf=0x02ba0b98, unsigned int offset=0, unsigned int count=421, unsigned int * countRead=0x00eefef0) Line 359 C++ xpcom_core.dll!nsStringInputStream::ReadSegments(unsigned int (nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned int *)* writer=0x00b79da0, void * closure=0x05f4c2a8, unsigned int aCount=421, unsigned int * result=0x00eefef0) Line 248 C++ necko.dll!nsHttpTransaction::ReadSegments(nsAHttpSegmentReader * reader=0x02b710a8, unsigned int count=4096, unsigned int * countRead=0x00eefef0) Line 404 C++ necko.dll!nsHttpConnection::OnSocketWritable() Line 549 + 0xf C++ necko.dll!nsHttpConnection::OnOutputStreamReady(nsIAsyncOutputStream * out=0x05e9ee90) Line 760 C++ necko.dll!nsSocketOutputStream::OnSocketReady(unsigned int condition=45551796) Line 483 C++ necko.dll!nsSocketTransport::OnSocketReady(PRFileDesc * fd=0x02682278, short outFlags=2) Line 1392 C++ necko.dll!nsSocketTransportService::Run() Line 540 + 0x19 C++ xpcom_core.dll!nsThread::Main(void * arg=0x02a72c30) Line 134 C++ nspr4.dll!_PR_NativeRunThread(void * arg=0x02b9be98) Line 458 C xpcom_core.dll!nsCOMPtr_base::assign_from_qi(nsQueryInterface qi={...}, const nsID & iid={...}) Line 98 + 0xa C++ msvcr71.dll!__endthreadex() + 0xa0 condvar @ ClaimScope monitor @ nsComponentManagerImpl::GetServiceByContractID we're using some changes to nsHttpTransaction, but the general problem is possible without our changes (it just takes more luck and cycles, we're good at finding problems with fewer cycles). i seem to recall discussing this problem w/ someone before, but i can't find a bug for it. this is really a blocker for our current product release cycle.
Assignee: dougt → timeless
Status: NEW → ASSIGNED
Attachment #174717 -
Flags: superreview?(dbaron)
Attachment #174717 -
Flags: review?(dbradley)
Comment 2•19 years ago
|
||
Comment on attachment 174717 [details] [diff] [review] release monitor before QI looks fine.
Attachment #174717 -
Flags: review?(dbradley) → review+
Comment 3•19 years ago
|
||
Comment on attachment 174717 [details] [diff] [review] release monitor before QI sr=bzbarsky
Attachment #174717 -
Flags: superreview?(dbaron) → superreview+
Comment on attachment 174717 [details] [diff] [review] release monitor before QI sr=dbaron, but could the same problem occur with AddRef on an XPCWrappedNative in some sort of double- or multiple-wrapping situation?
Comment 5•19 years ago
|
||
Comment on attachment 174717 [details] [diff] [review] release monitor before QI >Index: nsComponentManager.cpp >=================================================================== >RCS file: /cvsroot/mozilla/xpcom/components/nsComponentManager.cpp,v >retrieving revision 1.259 >diff -up50 -r1.259 nsComponentManager.cpp More than enough context, doncha think? ;-) > if (entry->mServiceObject) { >- return entry->mServiceObject->QueryInterface(aIID, result); >+ nsCOMPtr<nsISupports> serviceObject = entry->mServiceObject; >+ // We need to not be holding the service manager's monitor while calling >+ // QueryInterface, because it invokes user code which could try to re-enter >+ // the service manager, or try to grab some other lock/monitor/condvar >+ // and deadlock, e.g. bug 282743. >+ mon.Exit(); >+ return serviceObject->QueryInterface(aIID, result); > } Wouldn't this read better if the comment were above the nsCOMPtr decl? Or even better in the order above, but with a blank line between the nsCOMPtr initialized declaration and the comment? /be
Comment on attachment 174717 [details] [diff] [review] release monitor before QI mozilla/xpcom/components/nsComponentManager.cpp 1.260 mozilla/xpcom/components/nsComponentManager.cpp 1.261
Attachment #174717 -
Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•