If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Possible race condition in mozStorageConnection.cpp

NEW
Unassigned

Status

()

Toolkit
Storage
5 years ago
5 years ago

People

(Reporter: gwagner, Unassigned)

Tracking

unspecified
x86
Mac OS X
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking-b2g:-, b2g18+ affected, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 affected)

Details

(Reporter)

Description

5 years ago
+++ This bug was initially created as a clone of Bug #834995 +++

I got a similar assertion again today:

(gdb) bt
#0  0x41b1508e in SearchTable (table=0x45393548, key=0x4c9ffcd0, keyHash=2323735344, op=PL_DHASH_LOOKUP) at /Volumes/2mac/gaia/b2g18/nooptunagibuild/xpcom/build/pldhash.cpp:394
#1  0x41b15404 in PL_DHashTableOperate (table=0x45393548, key=0x4c9ffcd0, op=PL_DHASH_LOOKUP) at /Volumes/2mac/gaia/b2g18/nooptunagibuild/xpcom/build/pldhash.cpp:587
#2  0x40a38e4c in nsTHashtable<nsBaseHashtableET<nsCStringHashKey, unsigned int> >::GetEntry (this=0x45393548, aKey=...) at ../../../dist/include/nsTHashtable.h:148
#3  0x4172177a in nsBaseHashtable<nsCStringHashKey, mozilla::storage::Connection::FunctionInfo, mozilla::storage::Connection::FunctionInfo>::Get (this=0x45393548, aKey=..., pData=0x0) at ../../dist/include/nsBaseHashtable.h:104
#4  0x41720d64 in mozilla::storage::Connection::CreateFunction (this=0x45393520, aFunctionName=..., aNumArguments=2, aFunction=0x4acd9f00) at /Volumes/2mac/gaia/b2g18/storage/src/mozStorageConnection.cpp:1283
#5  0x41236ed8 in mozilla::dom::indexedDB::IDBTransaction::GetOrCreateConnection (this=0x48ddc3a0, aResult=0x4c9ffd1c) at /Volumes/2mac/gaia/b2g18/dom/indexedDB/IDBTransaction.cpp:375
#6  0x4120f126 in mozilla::dom::indexedDB::AsyncConnectionHelper::Run (this=0x4974abf0) at /Volumes/2mac/gaia/b2g18/dom/indexedDB/AsyncConnectionHelper.cpp:271
#7  0x4124cd8c in mozilla::dom::indexedDB::TransactionThreadPool::TransactionQueue::Run (this=0x4524a0a0) at /Volumes/2mac/gaia/b2g18/dom/indexedDB/TransactionThreadPool.cpp:639
#8  0x41b5c082 in nsThreadPool::Run (this=0x47fbb2e0) at /Volumes/2mac/gaia/b2g18/xpcom/threads/nsThreadPool.cpp:187
#9  0x41b59fb4 in nsThread::ProcessNextEvent (this=0x4acd1a60, mayWait=true, result=0x4c9ffe97) at /Volumes/2mac/gaia/b2g18/xpcom/threads/nsThread.cpp:620
#10 0x41b13caa in NS_ProcessNextEvent_P (thread=0x4acd1a60, mayWait=true) at /Volumes/2mac/gaia/b2g18/nooptunagibuild/xpcom/build/nsThreadUtils.cpp:237
#11 0x41b593d6 in nsThread::ThreadFunc (arg=0x4acd1a60) at /Volumes/2mac/gaia/b2g18/xpcom/threads/nsThread.cpp:258
#12 0x40381254 in _pt_root (arg=0x45270cf0) at /Volumes/2mac/gaia/b2g18/nsprpub/pr/src/pthreads/ptthread.c:156
#13 0x40034e18 in __thread_entry (func=0x4038119d <_pt_root>, arg=0x45270cf0, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217
#14 0x4003496c in pthread_create (thread_out=<value optimized out>, attr=0xbed20690, start_routine=0x4038119d <_pt_root>, arg=0x45270cf0) at bionic/libc/bionic/pthread.c:357
#15 0x00000000 in ?? ()
(gdb) f 4
#4  0x41720d64 in mozilla::storage::Connection::CreateFunction (this=0x45393520, aFunctionName=..., aNumArguments=2, aFunction=0x4acd9f00) at /Volumes/2mac/gaia/b2g18/storage/src/mozStorageConnection.cpp:1283
1283	  NS_ENSURE_FALSE(mFunctions.Get(aFunctionName, NULL), NS_ERROR_FAILURE);
(gdb) p *this
$22 = {<mozIStorageConnection> = {<nsISupports> = {_vptr.nsISupports = 0x42d1caa8}, <No data fields>}, <nsIInterfaceRequestor> = {<nsISupports> = {_vptr.nsISupports = 0x42d1cb38}, <No data fields>}, mRefCnt = {mValue = 2}, 
  sharedAsyncExecutionMutex = {<mozilla::BlockingResourceBase> = {static kResourceTypeName = 0x42d764b8}, mLock = 0x48509dd0}, sharedDBMutex = {<mozilla::BlockingResourceBase> = {static kResourceTypeName = 0x42d764b8}, mMutex = 0x4976d1d8}, 
  threadOpenedOn = {<nsCOMPtr_base> = {mRawPtr = 0x4acd1a60}, <No data fields>}, mDBConn = 0x48511408, mDatabaseFile = {<nsCOMPtr_base> = {mRawPtr = 0x482837d0}, <No data fields>}, mAsyncExecutionThread = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, 
  mAsyncExecutionThreadShuttingDown = false, mTransactionInProgress = false, 
  mFunctions = {<nsBaseHashtable<nsCStringHashKey, mozilla::storage::Connection::FunctionInfo, mozilla::storage::Connection::FunctionInfo>> = {<nsTHashtable<nsBaseHashtableET<nsCStringHashKey, mozilla::storage::Connection::FunctionInfo> >> = {mTable = warning: can't find linker symbol for virtual table for `PLDHashTable' value
warning:   found `mozilla::storage::Connection::Clone(bool, mozIStorageConnection**)::pragmas' instead
{
          ops = 0x42c0c8c8, data = 0x0, hashShift = 0, maxAlphaFrac = 0 '\000', minAlphaFrac = 0 '\000', entrySize = 28, entryCount = 0, removedCount = 0, generation = 0, entryStore = 0x453073c0 ""}}, <No data fields>}, <No data fields>}, 
  mProgressHandler = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mFlags = 131078, mStorageService = {mRawPtr = 0x475d39a0}}
(gdb) p aFunction
$23 = (class mozIStorageFunction *) 0x4acd9f00
(gdb) p *aFunction
$24 = {<nsISupports> = {_vptr.nsISupports = 0x42cc21f8}, <No data fields>}
(gdb) p aFunctionName
$25 = (const nsACString_internal &) @0x4c9ffcd0: {mData = 0x425f73f4 "update_refcount", mLength = 15, mFlags = 1}
(Reporter)

Updated

5 years ago
blocking-b2g: tef+ → ---
status-b2g18: fixed → ---
status-b2g18-v1.0.0: fixed → ---
status-firefox19: wontfix → ---
status-firefox20: fixed → ---
status-firefox21: fixed → ---
tef? as it blocks a blocker.
blocking-b2g: --- → tef?
The bug this blocks is no longer a blocker, not blocking, tracking and willing to consider uplift if low risk fix is available.
blocking-b2g: tef? → -
status-b2g18: --- → affected
status-b2g18-v1.0.0: --- → wontfix
status-b2g18-v1.0.1: --- → affected
tracking-b2g18: --- → +
I don't see anything wrong here... It looks like mFunctions is always used under a lock. What am I missing?
(Reporter)

Comment 4

5 years ago
Might be another outcome of bug 832385.
You need to log in before you can comment on or make changes to this bug.