Project

General

Profile

Actions

Bug #1855

closed

spin in nmalloc's mtmagazine_free

Added by vsrinivas over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Rumko (on irc) reported a bug in nmalloc, where Firefox will spin in
mtmagazine_free. A trace:

Program received signal SIGINT, Interrupt.
0x2a53c847 in depot_unlock (ptr=0x2f396d60, flags=<value optimized out>, rbigp=
<value optimized out>)
at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:446
446 pthread_spin_unlock(&dp->lock);
(gdb) bt
#0 0x2a53c847 in depot_unlock (ptr=0x2f396d60, flags=<value optimized out>,
rbigp=<value optimized out>)
at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:446
#1 mtmagazine_free (ptr=0x2f396d60, flags=<value optimized out>, rbigp=<value
optimized out>) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1420
#2 _slabfree (ptr=0x2f396d60, flags=<value optimized out>, rbigp=<value
optimized out>) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1171
#3 0x2a53cc4f in free (ptr=0x2f396d60) at
/usr/src/lib/libc/../libc/stdlib/nmalloc.c:763
#4 0x29a86881 in PR_Free (ptr=0x16) at prmem.c:490
#5 0x289cc22f in ~nsAttrAndChildArray (this=0x34930bfc, __in_chrg=<value
optimized out>) at nsAttrAndChildArray.cpp:135
#6 0x28a6d6fd in ~nsGenericElement (this=0x34930be0, __in_chrg=<value optimized
out>) at nsGenericElement.cpp:1792
#7 0x28b549e0 in ~nsStyledElement (this=0x34930be0, __in_chrg=<value optimized
out>) at ./../../../base/src/nsStyledElement.h:57
#8 ~nsMappedAttributeElement (this=0x34930be0, __in_chrg=<value optimized out>)
at ./../../../base/src/nsMappedAttributeElement.h:59
#9 ~nsGenericHTMLElement (this=0x34930be0, __in_chrg=<value optimized out>) at
nsGenericHTMLElement.h:72
#10 ~nsHTMLAnchorElement (this=0x34930be0, __in_chrg=<value optimized out>) at
nsHTMLAnchorElement.cpp:158
#11 0x28a95f32 in nsNodeUtils::LastRelease (aNode=0x34930be0) at
nsNodeUtils.cpp:288
#12 0x28a75598 in nsGenericElement::Release (this=0x34930be0) at
nsGenericElement.cpp:4153
#13 0x28b54176 in nsHTMLAnchorElement::Release (this=0x34930be0) at
nsHTMLAnchorElement.cpp:162
#14 0x296424c7 in nsXPCOMCycleCollectionParticipant::Unroot (this=0x29a6587c,
p=0x34930be0) at nsCycleCollectionParticipant.cpp:74
#15 0x296bce82 in nsCycleCollector::CollectWhite (this=0x2ac10a80) at
nsCycleCollector.cpp:1774
#16 0x296bcef9 in nsCycleCollector::FinishCollection (this=0x2ac10a80) at
nsCycleCollector.cpp:2620
#17 0x296bcf56 in nsCycleCollector_finishCollection () at
nsCycleCollector.cpp:3147
#18 0x28442eb1 in XPCCycleCollectGCCallback (cx=0x2cf1ecc0, status=JSGC_END) at
nsXPConnect.cpp:404
#19 0x28108038 in js_GC (cx=0x2cf1ecc0, gckind=GC_NORMAL) at jsgc.cpp:3822
#20 0x280b4d58 in JS_GC (cx=0x2cf1ecc0) at jsapi.cpp:2439
#21 0x284440e1 in nsXPConnect::Collect (this=0x2aba0e40) at nsXPConnect.cpp:478
#22 0x296be188 in nsCycleCollector::Collect (this=0x2ac10a80, aTryCollections=1)
at nsCycleCollector.cpp:2434
#23 0x296be354 in nsCycleCollector_collect () at nsCycleCollector.cpp:3129
#24 0x28d0855f in nsJSContext::CC () at nsJSEnvironment.cpp:3621
#25 0x28d085be in nsJSContext::IntervalCC () at nsJSEnvironment.cpp:3709
#26 0x28d0a2f3 in nsJSContext::MaybeCC (aHigherProbability=1) at
nsJSEnvironment.cpp:3687
#27 0x28d0a32f in nsJSContext::CCIfUserInactive () at nsJSEnvironment.cpp:3697
#28 0x28d0a501 in GCTimerFired (aTimer=0x31362880, aClosure=0x0) at
nsJSEnvironment.cpp:3735
#29 0x296ade5d in nsTimerImpl::Fire (this=0x31362880) at nsTimerImpl.cpp:427
#30 0x296ae081 in nsTimerEvent::Run (this=0x367249c0) at nsTimerImpl.cpp:519
#31 0x296a690f in nsThread::ProcessNextEvent (this=0x2ab20f58, mayWait=1,
result=0xbfbfed30) at nsThread.cpp:527
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---#32 0x29641cf8 in
NS_ProcessNextEvent_P (thread=0x0, mayWait=1) at nsThreadUtils.cpp:250
#33 0x294f1f5f in nsBaseAppShell::Run (this=0x2ab806b0) at
nsBaseAppShell.cpp:177
#34 0x29261f5b in nsAppStartup::Run (this=0x2aafa020) at nsAppStartup.cpp:183
#35 0x2842c3a0 in XRE_main (argc=1, argv=0xbfbff6f0, aAppData=0x2aab09a0) at
nsAppRunner.cpp:3483
#36 0x0804a6e8 in main (argc=1, argv=0xbfbff6f0) at nsXULRunnerApp.cpp:485

Actions #1

Updated by vsrinivas over 14 years ago

This was fixed by commit 6c4de62c59ba95420ee712e340c8dd8d0ab4b1f9. nmalloc was not
safe against thread teardown where pthread destructors were in use.

Actions

Also available in: Atom PDF