Closed Bug 1504356 Opened 6 years ago Closed 6 years ago

nsThread::MaybeRemoveFromThreadList should lock before accessing |isInList|

Categories

(Core :: XPCOM, enhancement)

Product:
Core
Component:
XPCOM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox65 --- fixed

People

(Reporter: erahm, Assigned: erahm)

References

Details

Attachments

(1 file)

Lock ThreadListMutex before accessing thread list
734 bytes, patch
kmag
: review+
Details | Diff | Splinter Review 
A follow up [1] to bug 1479035 removed some language explaining why it was okay to access `isInList` without a lock:

>  // We shouldn't need to lock before checking isInList at this point. We're
>  // destroying the last reference to this object, so there's no way for anyone
>  // else to remove it in the middle of our check. And the not-in-list state is
>  // determined the element's next and previous members pointing to itself, so a
>  // non-atomic update to an adjacent member won't affect the outcome either.

After various bits of refactoring it looks like we should probably be locking prior to the call to `isInList` [2] now.

[1] https://hg.mozilla.org/integration/mozilla-inbound/rev/12f5280f25c862decd0917eebbcf685853575678
[2] https://searchfox.org/mozilla-central/rev/50ba1dd30cf013bddce1ae756f1b3c95b26f0628/xpcom/threads/nsThread.cpp#447
I would also like to mention that this race shows up on TSan reports, e.g.

 6:04.71 pid:2903 ==================
 6:04.71 pid:2903 WARNING: ThreadSanitizer: data race (pid=2903)
 6:04.71 pid:2903   Read of size 8 at 0x7b30001806d8 by main thread:
 6:04.71 pid:2903     #0 mozilla::LinkedListElement<nsThread>::isInList() const /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/LinkedList.h:301:12 (libxul.so+0x148fd25)
 6:04.71 pid:2903     #1 nsThread::MaybeRemoveFromThreadList() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:447 (libxul.so+0x148fd25)
 6:04.71 pid:2903     #2 nsThread::ShutdownInternal(bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:868:3 (libxul.so+0x1491e8e)
 6:04.71 pid:2903     #3 nsThread::Shutdown() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:948:43 (libxul.so+0x149273d)
 6:04.71 pid:2903     #4 decltype (((*{parm#1}).*{parm#2})()) mozilla::detail::RunnableMethodArguments<>::applyImpl<nsIThread, nsresult (nsIThread::*)()>(nsIThread*, nsresult (nsIThread::*)(), mozilla::Tuple<>&, std::integer_sequence<unsigned long>) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1191:12 (libxul.so+0x29961ca)
 6:04.71 pid:2903     #5 _ZN7mozilla6detail23RunnableMethodArgumentsIJEE5applyI9nsIThreadMS4_F8nsresultvEEEDTcl9applyImplfp_fp0_dtdefpT10mArgumentstlSt16integer_sequenceImJEEEEEPT_T0_ /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1197 (libxul.so+0x29961ca)
 6:04.71 pid:2903     #6 mozilla::detail::RunnableMethodImpl<nsCOMPtr<nsIThread>, nsresult (nsIThread::*)(), true, (mozilla::RunnableKind)0>::Run() /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1242 (libxul.so+0x29961ca)
 6:04.71 pid:2903     #7 nsThread::ProcessNextEvent(bool, bool*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:1246:14 (libxul.so+0x14935d9)
 6:04.71 pid:2903     #8 NS_ProcessNextEvent(nsIThread*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:530:10 (libxul.so+0x1496575)
 6:04.71 pid:2903     #9 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/ytausky/dev/mozilla-central/ipc/glue/MessagePump.cpp:125:5 (libxul.so+0x1da9d7c)
 6:04.71 pid:2903     #10 MessageLoop::RunInternal() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:325:10 (libxul.so+0x1cfc27f)
 6:04.71 pid:2903     #11 MessageLoop::RunHandler() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:318 (libxul.so+0x1cfc27f)
 6:04.71 pid:2903     #12 MessageLoop::Run() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:298 (libxul.so+0x1cfc27f)
 6:04.71 pid:2903     #13 nsBaseAppShell::Run() /home/ytausky/dev/mozilla-central/widget/nsBaseAppShell.cpp:158:27 (libxul.so+0x5124165)
 6:04.71 pid:2903     #14 nsAppStartup::Run() /home/ytausky/dev/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:290:30 (libxul.so+0x71e5d1a)
 6:04.71 pid:2903     #15 XREMain::XRE_mainRun() /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4789:22 (libxul.so+0x7310417)
 6:04.71 pid:2903     #16 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4934:8 (libxul.so+0x7311292)
 6:04.71 pid:2903     #17 XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:5026:21 (libxul.so+0x73118b6)
 6:04.71 pid:2903     #18 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/Bootstrap.cpp:49:12 (libxul.so+0x731f627)
 6:04.71 pid:2903     #19 do_main(int, char**, char**) /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:233:22 (firefox+0xc3c86)
 6:04.71 pid:2903     #20 main /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:315 (firefox+0xc3c86)
 6:04.71 pid:2903   Previous write of size 8 at 0x7b30001806d8 by thread T53 (mutexes: write M597):
 6:04.71 pid:2903     #0 mozilla::LinkedListElement<nsThread>::remove() /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/LinkedList.h:251:18 (libxul.so+0x148fdca)
 6:04.71 pid:2903     #1 mozilla::LinkedListElement<nsThread>::removeFrom(mozilla::LinkedList<nsThread> const&) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/LinkedList.h:292 (libxul.so+0x148fdca)
 6:04.71 pid:2903     #2 nsThread::MaybeRemoveFromThreadList() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:451 (libxul.so+0x148fdca)
 6:04.72 pid:2903     #3 nsThread::~nsThread() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:688:3 (libxul.so+0x149119d)
 6:04.72 pid:2903     #4 nsThread::~nsThread() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:684:1 (libxul.so+0x14914c9)
 6:04.72 pid:2903     #5 nsThread::Release() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:201:1 (libxul.so+0x148f2b2)
 6:04.72 pid:2903     #6 nsThreadManager::ReleaseThread(void*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:114:13 (libxul.so+0x1494730)
 6:04.72 pid:2903     #7 _PR_DestroyThreadPrivate /home/ytausky/dev/mozilla-central/nsprpub/pr/src/threads/prtpd.c:237:25 (libnspr4.so+0x44481)
 6:04.72 pid:2903     #8 _pt_root /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:241:9 (libnspr4.so+0x42a43)
 6:04.72 pid:2903   Location is heap block of size 184 at 0x7b30001806c0 allocated by thread T27:
 6:04.72 pid:2903     #0 malloc <null> (firefox+0x4c75c)
 6:04.72 pid:2903     #1 moz_xmalloc /home/ytausky/dev/mozilla-central/memory/mozalloc/mozalloc.cpp:70:17 (firefox+0xc455a)
 6:04.72 pid:2903     #2 operator new(unsigned long) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/mozalloc.h:139:12 (libxul.so+0x1495c3e)
 6:04.72 pid:2903     #3 nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:484 (libxul.so+0x1495c3e)
 6:04.72 pid:2903     #4 NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, nsIRunnable*, unsigned int) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:143:45 (libxul.so+0x1497ac7)
 6:04.72 pid:2903     #5 mozilla::dom::indexedDB::(anonymous namespace)::ConnectionPool::ScheduleTransaction(mozilla::dom::indexedDB::(anonymous namespace)::ConnectionPool::TransactionInfo*, bool) /home/ytausky/dev/mozilla-central/dom/indexedDB/ActorsParent.cpp:12340:11 (libxul.so+0x4c98304)
 6:04.72 pid:2903     #6 mozilla::dom::indexedDB::(anonymous namespace)::ConnectionPool::Start(nsID const&, nsTSubstring<char> const&, long, nsTArray<nsTString<char16_t> > const&, bool, mozilla::dom::indexedDB::(anonymous namespace)::TransactionDatabaseOperationBase*) /home/ytausky/dev/mozilla-central/dom/indexedDB/ActorsParent.cpp:11996:15 (libxul.so+0x4ca055e)
 6:04.72 pid:2903     #7 mozilla::dom::indexedDB::(anonymous namespace)::TransactionDatabaseOperationBase::StartOnConnectionPool(nsID const&, nsTSubstring<char> const&, long, nsTArray<nsTString<char16_t> > const&, bool) /home/ytausky/dev/mozilla-central/dom/indexedDB/ActorsParent.cpp:23306 (libxul.so+0x4ca055e)
 6:04.72 pid:2903     #8 mozilla::dom::indexedDB::(anonymous namespace)::Database::RecvPBackgroundIDBTransactionConstructor(mozilla::dom::indexedDB::PBackgroundIDBTransactionParent*, nsTArray<nsTString<char16_t> >&&, mozilla::dom::IDBTransaction::Mode const&) /home/ytausky/dev/mozilla-central/dom/indexedDB/ActorsParent.cpp:14387:14 (libxul.so+0x4c9d8f0)
 6:04.72 pid:2903     #9 mozilla::dom::indexedDB::PBackgroundIDBDatabaseParent::OnMessageReceived(IPC::Message const&) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/ipc/ipdl/PBackgroundIDBDatabaseParent.cpp:621:20 (libxul.so+0x21ecaad)
 6:04.72 pid:2903     #10 mozilla::ipc::PBackgroundParent::OnMessageReceived(IPC::Message const&) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/ipc/ipdl/PBackgroundParent.cpp:1270:28 (libxul.so+0x229b661)
 6:04.72 pid:2903     #11 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /home/ytausky/dev/mozilla-central/ipc/glue/MessageChannel.cpp:2244:25 (libxul.so+0x1da5cdd)
 6:04.72 pid:2903     #12 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /home/ytausky/dev/mozilla-central/ipc/glue/MessageChannel.cpp:2171:17 (libxul.so+0x1da3faf)
 6:04.72 pid:2903     #13 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /home/ytausky/dev/mozilla-central/ipc/glue/MessageChannel.cpp:2008:5 (libxul.so+0x1da4c90)
 6:04.72 pid:2903     #14 mozilla::ipc::MessageChannel::MessageTask::Run() /home/ytausky/dev/mozilla-central/ipc/glue/MessageChannel.cpp:2041:15 (libxul.so+0x1da53e1)
 6:04.72 pid:2903     #15 nsThread::ProcessNextEvent(bool, bool*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:1246:14 (libxul.so+0x14935d9)
 6:04.72 pid:2903     #16 NS_ProcessNextEvent(nsIThread*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:530:10 (libxul.so+0x1496575)
 6:04.72 pid:2903     #17 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /home/ytausky/dev/mozilla-central/ipc/glue/MessagePump.cpp:364:5 (libxul.so+0x1daa94d)
 6:04.72 pid:2903     #18 MessageLoop::RunInternal() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:325:10 (libxul.so+0x1cfc27f)
 6:04.72 pid:2903     #19 MessageLoop::RunHandler() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:318 (libxul.so+0x1cfc27f)
 6:04.72 pid:2903     #20 MessageLoop::Run() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:298 (libxul.so+0x1cfc27f)
 6:04.72 pid:2903     #21 nsThread::ThreadFunc(void*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:505:11 (libxul.so+0x14901b2)
 6:04.72 pid:2903     #22 _pt_root /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x428c8)
 6:04.72 pid:2903   Mutex M597 (0x7f576c1ce980) created at:
 6:04.72 pid:2903     #0 pthread_mutex_init <null> (firefox+0x2f67a)
 6:04.72 pid:2903     #1 mozilla::detail::MutexImpl::MutexImpl(mozilla::recordreplay::Behavior) /home/ytausky/dev/mozilla-central/mozglue/misc/Mutex_posix.cpp:102:3 (firefox+0xc5029)
 6:04.72 pid:2903     #2 mozilla::OffTheBooksMutex::OffTheBooksMutex(char const*, mozilla::recordreplay::Behavior) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/Mutex.h:47:7 (libxul.so+0x148fc65)
 6:04.72 pid:2903     #3 nsThread::ThreadListMutex() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:401 (libxul.so+0x148fc65)
 6:04.72 pid:2903     #4 nsThread::AddToThreadList() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:435 (libxul.so+0x148fc65)
 6:04.72 pid:2903     #5 nsThread::InitCommon() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:628:3 (libxul.so+0x149077f)
 6:04.72 pid:2903     #6 nsThread::InitCurrentThread() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:745:3 (libxul.so+0x149186f)
 6:04.73 pid:2903     #7 nsThreadManager::Init() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:281:30 (libxul.so+0x1495084)
 6:04.73 pid:2903     #8 NS_InitXPCOM2 /home/ytausky/dev/mozilla-central/xpcom/build/XPCOMInit.cpp:554:31 (libxul.so+0x14c5511)
 6:04.73 pid:2903     #9 ScopedXPCOMStartup::Initialize() /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:1483:8 (libxul.so+0x731127e)
 6:04.73 pid:2903     #10 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4930 (libxul.so+0x731127e)
 6:04.73 pid:2903     #11 XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:5026:21 (libxul.so+0x73118b6)
 6:04.73 pid:2903     #12 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/Bootstrap.cpp:49:12 (libxul.so+0x731f627)
 6:04.73 pid:2903     #13 do_main(int, char**, char**) /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:233:22 (firefox+0xc3c86)
 6:04.73 pid:2903     #14 main /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:315 (firefox+0xc3c86)
 6:04.73 pid:2903   Thread T53 'StartupCache' (tid=3676, finished) created by main thread at:
 6:04.73 pid:2903     #0 pthread_create <null> (firefox+0x2f296)
 6:04.73 pid:2903     #1 _PR_CreateThread /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:433:14 (libnspr4.so+0x40707)
 6:04.73 pid:2903     #2 PR_CreateThread /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:518:12 (libnspr4.so+0x40447)
 6:04.73 pid:2903     #3 mozilla::scache::StartupCache::WriteTimeout(nsITimer*, void*) /home/ytausky/dev/mozilla-central/startupcache/StartupCache.cpp:531:35 (libxul.so+0x73545bc)
 6:04.73 pid:2903     #4 nsTimerImpl::Fire(int) /home/ytausky/dev/mozilla-central/xpcom/threads/nsTimerImpl.cpp:684:7 (libxul.so+0x14ab8d6)
 6:04.73 pid:2903     #5 nsTimerEvent::Run() /home/ytausky/dev/mozilla-central/xpcom/threads/TimerThread.cpp:297:11 (libxul.so+0x148a8df)
 6:04.73 pid:2903     #6 nsThread::ProcessNextEvent(bool, bool*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:1246:14 (libxul.so+0x14935d9)
 6:04.73 pid:2903     #7 NS_ProcessNextEvent(nsIThread*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:530:10 (libxul.so+0x1496575)
 6:04.73 pid:2903     #8 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/ytausky/dev/mozilla-central/ipc/glue/MessagePump.cpp:125:5 (libxul.so+0x1da9d7c)
 6:04.73 pid:2903     #9 MessageLoop::RunInternal() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:325:10 (libxul.so+0x1cfc27f)
 6:04.73 pid:2903     #10 MessageLoop::RunHandler() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:318 (libxul.so+0x1cfc27f)
 6:04.73 pid:2903     #11 MessageLoop::Run() /home/ytausky/dev/mozilla-central/ipc/chromium/src/base/message_loop.cc:298 (libxul.so+0x1cfc27f)
 6:04.73 pid:2903     #12 nsBaseAppShell::Run() /home/ytausky/dev/mozilla-central/widget/nsBaseAppShell.cpp:158:27 (libxul.so+0x5124165)
 6:04.73 pid:2903     #13 nsAppStartup::Run() /home/ytausky/dev/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:290:30 (libxul.so+0x71e5d1a)
 6:04.73 pid:2903     #14 XREMain::XRE_mainRun() /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4789:22 (libxul.so+0x7310417)
 6:04.73 pid:2903     #15 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4934:8 (libxul.so+0x7311292)
 6:04.73 pid:2903     #16 XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:5026:21 (libxul.so+0x73118b6)
 6:04.73 pid:2903     #17 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/Bootstrap.cpp:49:12 (libxul.so+0x731f627)
 6:04.73 pid:2903     #18 do_main(int, char**, char**) /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:233:22 (firefox+0xc3c86)
 6:04.73 pid:2903     #19 main /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:315 (firefox+0xc3c86)
 6:04.73 pid:2903   Thread T27 'IPDL Background' (tid=2971, running) created by main thread at:
 6:04.73 pid:2903     #0 pthread_create <null> (firefox+0x2f296)
 6:04.73 pid:2903     #1 _PR_CreateThread /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:433:14 (libnspr4.so+0x40707)
 6:04.73 pid:2903     #2 PR_CreateThread /home/ytausky/dev/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:518:12 (libnspr4.so+0x40447)
 6:04.73 pid:2903     #3 nsThread::Init(nsTSubstring<char> const&) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:719:8 (libxul.so+0x1491608)
 6:04.73 pid:2903     #4 nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:485:22 (libxul.so+0x1495d58)
 6:04.73 pid:2903     #5 NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, nsIRunnable*, unsigned int) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:143:45 (libxul.so+0x1497ac7)
 6:04.73 pid:2903     #6 nsresult NS_NewNamedThread<16ul>(char const (&) [16ul], nsIThread**, nsIRunnable*, unsigned int) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:75:10 (libxul.so+0x1d90e03)
 6:04.73 pid:2903     #7 (anonymous namespace)::ParentImpl::CreateBackgroundThread() /home/ytausky/dev/mozilla-central/ipc/glue/BackgroundImpl.cpp:1015 (libxul.so+0x1d90e03)
 6:04.73 pid:2903     #8 (anonymous namespace)::ParentImpl::CreateActorHelper::RunOnMainThread() /home/ytausky/dev/mozilla-central/ipc/glue/BackgroundImpl.cpp:1330:30 (libxul.so+0x1d92efe)
 6:04.73 pid:2903     #9 (anonymous namespace)::ParentImpl::CreateActorHelper::Run() /home/ytausky/dev/mozilla-central/ipc/glue/BackgroundImpl.cpp:1351 (libxul.so+0x1d92efe)
 6:04.73 pid:2903     #10 nsThread::ProcessNextEvent(bool, bool*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:1246:14 (libxul.so+0x14935d9)
 6:04.73 pid:2903     #11 NS_ProcessNextEvent(nsIThread*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:530:10 (libxul.so+0x1496575)
 6:04.73 pid:2903     #12 bool mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, nsThread::Shutdown()::$_2>(nsThread::Shutdown()::$_2&&, nsIThread*) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:347:25 (libxul.so+0x14927ec)
 6:04.73 pid:2903     #13 nsThread::Shutdown() /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:954 (libxul.so+0x14927ec)
 6:04.73 pid:2903     #14 decltype (((*{parm#1}).*{parm#2})()) mozilla::detail::RunnableMethodArguments<>::applyImpl<nsIThread, nsresult (nsIThread::*)()>(nsIThread*, nsresult (nsIThread::*)(), mozilla::Tuple<>&, std::integer_sequence<unsigned long>) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1191:12 (libxul.so+0x23b8a2a)
 6:04.74 pid:2903     #15 _ZN7mozilla6detail23RunnableMethodArgumentsIJEE5applyI9nsIThreadMS4_F8nsresultvEEEDTcl9applyImplfp_fp0_dtdefpT10mArgumentstlSt16integer_sequenceImJEEEEEPT_T0_ /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1197 (libxul.so+0x23b8a2a)
 6:04.74 pid:2903     #16 mozilla::detail::RunnableMethodImpl<RefPtr<nsIThread>, nsresult (nsIThread::*)(), true, (mozilla::RunnableKind)0>::Run() /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:1242 (libxul.so+0x23b8a2a)
 6:04.74 pid:2903     #17 nsThread::ProcessNextEvent(bool, bool*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThread.cpp:1246:14 (libxul.so+0x14935d9)
 6:04.74 pid:2903     #18 NS_ProcessNextEvent(nsIThread*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadUtils.cpp:530:10 (libxul.so+0x1496575)
 6:04.74 pid:2903     #19 bool mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, nsThreadManager::SpinEventLoopUntilInternal(nsINestedEventLoopCondition*, bool)::$_4>(nsThreadManager::SpinEventLoopUntilInternal(nsINestedEventLoopCondition*, bool)::$_4&&, nsIThread*) /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsThreadUtils.h:347:25 (libxul.so+0x14960dd)
 6:04.74 pid:2903     #20 nsThreadManager::SpinEventLoopUntilInternal(nsINestedEventLoopCondition*, bool) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:558 (libxul.so+0x14960dd)
 6:04.74 pid:2903     #21 nsThreadManager::SpinEventLoopUntil(nsINestedEventLoopCondition*) /home/ytausky/dev/mozilla-central/xpcom/threads/nsThreadManager.cpp:535:10 (libxul.so+0x1495f5b)
 6:04.74 pid:2903     #22 NS_InvokeByIndex /home/ytausky/dev/mozilla-central/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106 (libxul.so+0x14b2e65)
 6:04.74 pid:2903     #23 XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) /home/ytausky/dev/mozilla-central/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1020:12 (libxul.so+0x2418e1d)
 6:04.74 pid:2903     #24 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:468:15 (libxul.so+0x81ccd20)
 6:04.74 pid:2903     #25 InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:614:12 (libxul.so+0x81cdd49)
 6:04.74 pid:2903     #26 js::CallFromStack(JSContext*, JS::CallArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:620:12 (libxul.so+0x81c3175)
 6:04.74 pid:2903     #27 Interpret(JSContext*, js::RunState&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:3461 (libxul.so+0x81c3175)
 6:04.74 pid:2903     #28 js::RunScript(JSContext*, js::RunState&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:447:12 (libxul.so+0x81b6032)
 6:04.74 pid:2903     #29 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:587:15 (libxul.so+0x81cd338)
 6:04.74 pid:2903     #30 InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:614:12 (libxul.so+0x81cdd49)
 6:04.74 pid:2903     #31 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:633:10 (libxul.so+0x81cde34)
 6:04.74 pid:2903     #32 js::fun_apply(JSContext*, unsigned int, JS::Value*) /home/ytausky/dev/mozilla-central/js/src/vm/JSFunction.cpp:1381:12 (libxul.so+0x766e309)
 6:04.74 pid:2903     #33 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:468:15 (libxul.so+0x81ccd20)
 6:04.74 pid:2903     #34 InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:614:12 (libxul.so+0x81cdd49)
 6:04.74 pid:2903     #35 js::CallFromStack(JSContext*, JS::CallArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:620:12 (libxul.so+0x81c3175)
 6:04.74 pid:2903     #36 Interpret(JSContext*, js::RunState&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:3461 (libxul.so+0x81c3175)
 6:04.74 pid:2903     #37 js::RunScript(JSContext*, js::RunState&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:447:12 (libxul.so+0x81b6032)
 6:04.74 pid:2903     #38 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:587:15 (libxul.so+0x81cd338)
 6:04.74 pid:2903     #39 InternalCall(JSContext*, js::AnyInvokeArgs const&) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:614:12 (libxul.so+0x81cdd49)
 6:04.74 pid:2903     #40 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/ytausky/dev/mozilla-central/js/src/vm/Interpreter.cpp:633:10 (libxul.so+0x81cde34)
 6:04.74 pid:2903     #41 JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /home/ytausky/dev/mozilla-central/js/src/jsapi.cpp:2911:12 (libxul.so+0x7988905)
 6:04.74 pid:2903     #42 nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /home/ytausky/dev/mozilla-central/js/xpconnect/src/XPCWrappedJSClass.cpp:1174:23 (libxul.so+0x240bf0a)
 6:04.74 pid:2903     #43 nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /home/ytausky/dev/mozilla-central/js/xpconnect/src/XPCWrappedJS.cpp:650:24 (libxul.so+0x240aee7)
 6:04.74 pid:2903     #44 PrepareAndDispatch /home/ytausky/dev/mozilla-central/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:127:37 (libxul.so+0x14b3e61)
 6:04.74 pid:2903     #45 SharedStub <null> (libxul.so+0x14b316a)
 6:04.74 pid:2903     #46 XREMain::XRE_mainRun() /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4619:16 (libxul.so+0x7310120)
 6:04.74 pid:2903     #47 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:4934:8 (libxul.so+0x7311292)
 6:04.74 pid:2903     #48 XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/nsAppRunner.cpp:5026:21 (libxul.so+0x73118b6)
 6:04.74 pid:2903     #49 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ytausky/dev/mozilla-central/toolkit/xre/Bootstrap.cpp:49:12 (libxul.so+0x731f627)
 6:04.74 pid:2903     #50 do_main(int, char**, char**) /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:233:22 (firefox+0xc3c86)
 6:04.74 pid:2903     #51 main /home/ytausky/dev/mozilla-central/browser/app/nsBrowserApp.cpp:315 (firefox+0xc3c86)
 6:04.74 pid:2903 SUMMARY: ThreadSanitizer: data race /home/ytausky/dev/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/LinkedList.h:301:12 in mozilla::LinkedListElement<nsThread>::isInList() const
 6:04.74 pid:2903 ==================

        Attachment #9024817 -
        Flags: review?(kmaglione+bmo)

    
  
Assignee: nobody → erahm
Status: NEW → ASSIGNED

    
    

    
  
Comment on attachment 9024817 [details] [diff] [review]
Lock ThreadListMutex before accessing thread list

Review of attachment 9024817 [details] [diff] [review]:
-----------------------------------------------------------------

::: xpcom/threads/nsThread.cpp
@@ +449,1 @@
>      if (isInList()) {

The second isInList() check can go, now. r=me with that.

        Attachment #9024817 -
        Flags: review?(kmaglione+bmo) → review+

    
    

    
  
Pushed by erahm@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e006c77a5e8a
Lock ThreadListMutex before accessing thread list. r=kmag

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/e006c77a5e8a
Status: ASSIGNED → RESOLVED
Closed: 6 years ago

          status-firefox65:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: