Subj : Re: infinite loop? To : Edward Chan From : Brendan Eich Date : Tue Nov 04 2003 07:24 pm Edward Chan wrote: >BTW, this is on linux, using build RC4a. > > I've forgotten more than I remember about what bugs were in RC4a, it's quite old. Please try RC5a and see whether that helps. From what follows, I suspect it won't have anything to do with your bug. >----- Thread 28329 ----- >0x42075034: malloc_consolidate + 0x84 (59400010, 40ac82e8, 40022ccf, 40028c20, 84623c0, 84623c0) + 20 >0x420746b7: _int_malloc + 0xd7 (59400010, 2013, 40ac7db4, 0, 2013, a11d9f0) >0x42073d81: __malloc + 0xa1 (2013, 6242ab00, 5d3bb760, 8327fec, a11d9d8, 71fccf56) + 20 >0x082387e3: JS_ArenaAllocate + 0xeb (a11d9f0, 14, 6, 87c0250, 40ac7e4c, a11d9d8) >0x082530b5: js_AllocRawStack + 0x41 (a11d9d8, 5, 40ac7e48, 814cf96, 40ac82ac, 40ac7f38) + 10 >0x08253191: js_AllocStack + 0x39 (a11d9d8, 3, 40ac7e48, 94ffcc0, 9734870, a11d9d8) + 80 >0x08253d56: js_InternalInvoke + 0x4a (a11d9d8, 9734870, 9734898, 0, 1, 40ac827c) + 10 >0x08237e55: JS_CallFunctionValue + 0x21 (a11d9d8, 9734870, 9734898, 1, 40ac827c, 40ac8070) + 20 >0x0814a5c9: jsCallFunctionValue__8TCJSHookP9JSContextP8JSObjectlUiPlT5 + 0x5d (a11d9d8, 9734870, 9734898, 1, 40ac827c, 40ac8070) + 20 >0x0814a0dd: invoke__8TCJSHookP8JSObjectPCcPliPPCcRl + 0xd5 (8ec0e10, 9734870, 8c23584, 40ac827c, 1, 82c0428) + 5a0 >0x080bb531: onCmdMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0xbf1 (8ec0e10, 40ac889c, 40ac888c, 1, 83318a0, 6ee95420) + 10 >0x080ba406: onMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0x4a (8ec0e10, 40ac889c, 40ac888c, 0, 0, 2b) + 340 >0x0814584f: executeEvent__18TCJavaScriptEngineiRC11TCObjectPtrT2 + 0x59b (8794cc8, 6, 59db633c, 59db6344, 82c01b0, 59db633c) + 60 >0x081478d9: run__18TCJavaScriptEngine + 0xe5 (8794cc8, 5c711908, 40ac8964, 8149a12, 82c1da0, 8327fec) >0x08149a27: run__11TCScriptMsg + 0x1f (5c711908, 8416048, 40ac8994, 81f350a, 20, 8416048) + 10 >0x081f361b: __ThreadStaticPoolEntry__12TCThreadPoolPv + 0x11f (8416028, 8416428, 40013808, 81f4a55, 40069c18, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (840e858, 40ac8c74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (40ac8be0, 40ac8be0, 0, 40ac8be0, 1, 0) + bf53740c > > Are you sure this thread is accumulating CPU cycles? If you pstack a lot, do you always see malloc_consolidate at the top of the stack? Are you using the request API properly (JS_BeginRequest, etc.)? Notice that anything in the bowels of malloc is likely to be holding a lock needed by other malloc, calloc, realloc, and free (aka cfree) calls. >----- Thread 28330 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (412c7a0c, 20, 412c7a0c, 40023137, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (412c8be0, 83f9450, 40022e5b, 40028c20, 9f480cf, 9f480cf) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 412c7b34, 4213820c, 689880b8, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 600, 412c7b74, 761bf928, 689886b8, 6e1fdb08) >0x42075a7a: __cfree + 0x9a (689880b8, 8243078, 6f, 761bfc40, 689886ac, 6e1fdb08) >0x0824303a: JS_DHashFreeTable + 0xe (6e1fdb08, 689880b8, 761bf928, 1, 8243090, 8243060) + 20 >0x082435a3: ChangeTable + 0xff (6e1fdb08, 0, 412c7be4, 8284525, 6dad06a0, 4213820c) + 10 >0x08243652: JS_DHashTableOperate + 0xa2 (6e1fdb08, 6f3edfd0, 1, 82ac95d, 8327fec, 6e1ffde0) >0x08251ad4: js_AddRootRT + 0x58 (6e1fdae8, 6f3edfd0, 0, 814d62e, 8327fec, 412c7d68) >0x08251a5d: js_AddRoot + 0x19 (6e1ffde0, 6f3edfd0, 0, 8327fec, 412c7d2c, 412c7d2c) >0x0823525f: JS_AddRoot + 0x13 (6e1ffde0, 6f3edfd0, 0, 814b44a, 412c7d2c, 0) + 30 >0x0814b5ef: AddToLockTable__14TCJSSerializerl + 0x1b3 (412c7d2c, 0, 0, 814d232, 6e1ffde0, 0) + 10 >0x0814d25f: PutVar__14TCJSSerializerPlb + 0x3b (412c7d2c, 412c7cf4, 0, 412c7cf8, 6d722d10, 76016500) + 100 >0x080c6dbf: call__14TCClientJSHookUiPl + 0x18b (6eb4c270, 3, 7621e140, 67c795b0, 0, 7621e14c) >0x080c55f5: tcSendCommand + 0x45 (6e1ffde0, 67c795b0, 3, 7621e140, 412c7e9c, 67c795b0) + d0 >0x08253b5d: js_Invoke + 0x5a1 (6e1ffde0, 3, 0, 412c8004, 1a, 412c808c) + 150 >0x0825b3b3: js_Interpret + 0x6e43 (6e1ffde0, 412c80c8, 6e1b2740, 40028c20, 6b800010, 7621e0e8) + c0 >0x08253bb7: js_Invoke + 0x5fb (6e1ffde0, 2, 2, 6e1b3578, 6e1b3598, 6e1ffde0) + 80 >0x08253da9: js_InternalInvoke + 0x9d (6e1ffde0, 6e1b3598, 6e1b37e0, 0, 2, 412c83cc) + 10 >0x08237e55: JS_CallFunctionValue + 0x21 (6e1ffde0, 6e1b3598, 6e1b37e0, 2, 412c83cc, 412c8300) + 20 >0x0814a5c9: jsCallFunctionValue__8TCJSHookP9JSContextP8JSObjectlUiPlT5 + 0x5d (6e1ffde0, 6e1b3598, 6e1b37e0, 2, 412c83cc, 412c8300) + 20 >0x0814a55d: jsCallFunctionName__8TCJSHookP9JSContextP8JSObjectPCcUiPlT5 + 0x59 (6e1ffde0, 6e1b3598, 82ad770, 2, 412c83cc, 412c8300) + 2b0 >0x080b8eba: onConnect__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0x2fa (6d90a988, 412c889c, 412c888c, 8333350, 0, 0) + 340 >0x08145683: executeEvent__18TCJavaScriptEngineiRC11TCObjectPtrT2 + 0x3cf (6d7a9280, 5, 89cd54c, 89cd554, 82c01b0, 89cd54c) + 60 >0x081478d9: run__18TCJavaScriptEngine + 0xe5 (6d7a9280, 75b081e8, 412c8964, 8149a12, 82c1da0, 8327fec) >0x08149a27: run__11TCScriptMsg + 0x1f (75b081e8, 3, 412c8994, 81f350a, 20, 8416048) + 10 >0x081f361b: __ThreadStaticPoolEntry__12TCThreadPoolPv + 0x11f (8416028, 840aab8, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (840ed40, 412c8c74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (412c8be0, 412c8be0, 0, 412c8be0, 1, 0) + bed3740c > > cfree (free) parked on the mutex at 59400010 >----- Thread 28337 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (4553af2c, 20, 4553af2c, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (4553bbe0, 8414e60, 4553afe4, 8327fec, 8414e80, 8414e60) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 40022e5b, 4213820c, 667edc18, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 8327fec, 4553b094, 8327fec, 667edc18, 65ab7b40) >0x42075a7a: __cfree + 0x9a (667edc18, 8331f30, 40022e5b, 82acb30, 667edc18, 8327fec) >0x082acb46: __builtin_delete + 0x22 (667edc18, 83310d0, 4553b0c4, 810971e, 68c373f0, 68c37408) + 10 >0x08109792: _._12TCConnection + 0x82 (65ab7b40, 3, 40022e5b, 8115a9a, 8331a7c, 0) + 10 >0x08115ad1: _._10TCIOHandle + 0x45 (68c373f0, 3, 4553b134, 81650d2, 8409ca0, 454f18) + 10 >0x0816510e: _release__8TCObject + 0x4a (68c373f0, 68c373f0, 4553b4d4, 80f5356, 8409ca0, 4553b38c) + 390 >0x080f537a: processIORequest__9TCAsyncIOi + 0x402 (8409ca0, 1a, ffffffff, 0, 0, 0) + 480 >0x080f4be4: run__9TCAsyncIO + 0x254 (8409ca0, 4, 2, 80f5912, 2, 8327fec) >0x080f5924: __asyncIOHandlerEntry__9TCAsyncIOPv + 0x1c (8409ca0, 843d180, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (8415220, 4553bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (4553bbe0, 4553bbe0, 0, 4553bbe0, 1, 0) + baac440c > > cfree (free) parked on the mutex at 59400010 >----- Thread 28348 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (4ad3b4bc, 20, 4ad3b4bc, 40028c20, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (4ad3bbe0, 1000, 0, 8205416, 3f9f6ba2, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 4ad3b624, 4213820c, 6583fe28, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 8332224, 40022ccf, 8327fec, 4ad3b680, 65840028) >0x42075a7a: __cfree + 0x9a (6583fe28, 8327fec, 4ad3b6f4, 82acb30, 5c4be5e0, 8327fec) >0x082acb46: __builtin_delete + 0x22 (6583fe28, 6583fe28, 200, 1, 12, 5bc8b824) + 30 >0x080f5896: postAsyncRead__9TCAsyncIOP12TCConnection + 0x15a (8409ca0, 5c4be5e0, 4ad3b694, 8109d02, 8327fec, 5c4be5e0) >0x08109d2f: readAsync__12TCConnectionPUcUl + 0x37 (5c4be5e0, 6006de70, 1000, 4ad3b76c, 4ad3b6c4, 0) + 10 >0x08109cee: readAsync__12TCConnectionRC11TCBufferPtr + 0x82 (5c4be5e0, 4ad3b76c, 4ad3b6f4, 8115ef1, 41b00010, 3f9f6c17) + 10 >0x08115f1f: readAsync__10TCIOHandleRC11TCBufferPtr + 0x83 (5bb68840, 4ad3b76c, 45b957, 8332278, 5bb68840, 82c1388) + 10 >0x080f69cb: readAsync__9TCAsyncIOUlRC11TCBufferPtr + 0x3f (8409ca0, 45b957, 4ad3b76c, 4001fef5, 8332288, 8327fec) >0x080f9042: readAsync__9TCChannelRC11TCBufferPtr + 0x1a (60b09458, 4ad3b76c, 4ad3b764, 80f8ad6, 8332240, 82c0688) + 30 >0x080f8ba2: queueRead__9TCChannel + 0xda (60b09458, 60b09458, 4ad3b7b4, 81fed66, 8409ca0, 8327fec) >0x081fed7a: queueRead__16TCTinCanProtocolRC11TCObjectPtr + 0x1e (8409ca0, 4ad3b86c, 45b957, 4ad3b90c, 5c4be608, 843ce30) + d0 >0x080f5ab3: addConnection__9TCAsyncIOP12TCConnectionRC11TCObjectPtr + 0x187 (8409ca0, 5c4be5e0, 4ad3b90c, 4ad3b92c, 0, 0) + d0 >0x0816cee2: __ListenerDispatch__17TCProtocolAdaptorPv + 0x176 (843c368, 843c428, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (843c378, 4ad3bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (4ad3bbe0, 4ad3bbe0, 0, 4ad3bbe0, 1, 0) + b52c440c > > cfree (free) parked on the mutex at 59400010 >----- Thread 28349 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (4b53b52c, 20, 4b53b52c, 811866a, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (4b53bbe0, 4b53b70c, 4b53b684, 0, 4b53bbe1, 840a430) + 20 >0x40022de8: __pthread_lock + 0x128 (841096c, 8327fec, 4b53b6f4, 8327fec, 6e517658, 6ca087a0) >0x4001fd96: __GI___pthread_mutex_lock + 0xb6 (8409d4c, 8, 42047c8f, 80f574a, 12, 843df48) + 30 >0x080f576f: postAsyncRead__9TCAsyncIOP12TCConnection + 0x33 (8409ca0, 6e517658, 4b53b694, 8109d02, 8327fec, 6e517658) >0x08109d2f: readAsync__12TCConnectionPUcUl + 0x37 (6e517658, 7621a698, 1000, 4b53b76c, 4b53b6c4, 0) + 10 >0x08109cee: readAsync__12TCConnectionRC11TCBufferPtr + 0x82 (6e517658, 4b53b76c, 4b53b6f4, 8115ef1, 6b800010, 3f9f6c17) + 10 >0x08115f1f: readAsync__10TCIOHandleRC11TCBufferPtr + 0x83 (716c29c0, 4b53b76c, 44ddd7, 83322e8, 716c29c0, 82c1388) + 10 >0x080f69cb: readAsync__9TCAsyncIOUlRC11TCBufferPtr + 0x3f (8409ca0, 44ddd7, 4b53b76c, 4001fef5, 83322f8, 8327fec) >0x080f9042: readAsync__9TCChannelRC11TCBufferPtr + 0x1a (67847598, 4b53b76c, 4b53b764, 80f8ad6, 83322b0, 82c0688) + 30 >0x080f8ba2: queueRead__9TCChannel + 0xda (67847598, 67847598, 4b53b7b4, 81fed66, 8409ca0, 8327fec) >0x081fed7a: queueRead__16TCTinCanProtocolRC11TCObjectPtr + 0x1e (8409ca0, 4b53b86c, 44ddd7, 4b53b90c, 6e517680, 843df48) + d0 >0x080f5ab3: addConnection__9TCAsyncIOP12TCConnectionRC11TCObjectPtr + 0x187 (8409ca0, 6e517658, 4b53b90c, 4b53b92c, 0, 0) + d0 >0x0816cee2: __ListenerDispatch__17TCProtocolAdaptorPv + 0x176 (843ba60, 843c4c8, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (843df38, 4b53bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (4b53bbe0, 4b53bbe0, 0, 4b53bbe0, 1, 0) + b4ac440c > > postAsyncRead... parked on 0x8409d4c. >----- Thread 28350 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (4bd3b52c, 20, 4bd3b52c, 811866a, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (4bd3bbe0, 4bd3b70c, 4bd3b684, 0, 4bd3bbe1, 8400390) + 20 >0x40022de8: __pthread_lock + 0x128 (840f23c, 8327fec, 4bd3b6f4, 8327fec, bc2ee90, b5661a0) >0x4001fd96: __GI___pthread_mutex_lock + 0xb6 (8409d4c, 86c7000, 42047c8f, 80f574a, 12, 843f248) + 30 >0x080f576f: postAsyncRead__9TCAsyncIOP12TCConnection + 0x33 (8409ca0, bc2ee90, 4bd3b694, 8109d02, 8327fec, bc2ee90) >0x08109d2f: readAsync__12TCConnectionPUcUl + 0x37 (bc2ee90, d1f2748, 1000, 4bd3b76c, 4bd3b6c4, 0) + 10 >0x08109cee: readAsync__12TCConnectionRC11TCBufferPtr + 0x82 (bc2ee90, 4bd3b76c, 4bd3b6f4, 8115ef1, 42138c80, 3f9f6c23) + 10 >0x08115f1f: readAsync__10TCIOHandleRC11TCBufferPtr + 0x83 (b6cebe0, 4bd3b76c, 446c03, 8332358, b6cebe0, 82c1388) + 10 >0x080f69cb: readAsync__9TCAsyncIOUlRC11TCBufferPtr + 0x3f (8409ca0, 446c03, 4bd3b76c, 4001fef5, 8332368, 8327fec) >0x080f9042: readAsync__9TCChannelRC11TCBufferPtr + 0x1a (969bf58, 4bd3b76c, 4bd3b764, 80f8ad6, 8332320, 82c0688) + 30 >0x080f8ba2: queueRead__9TCChannel + 0xda (969bf58, 969bf58, 4bd3b7b4, 81fed66, 8409ca0, 8327fec) >0x081fed7a: queueRead__16TCTinCanProtocolRC11TCObjectPtr + 0x1e (8409ca0, 4bd3b86c, 446c03, 4bd3b90c, bc2eeb8, 843f248) + d0 >0x080f5ab3: addConnection__9TCAsyncIOP12TCConnectionRC11TCObjectPtr + 0x187 (8409ca0, bc2ee90, 4bd3b90c, 4bd3b92c, 0, 0) + d0 >0x0816cee2: __ListenerDispatch__17TCProtocolAdaptorPv + 0x176 (843e120, 843ba70, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (843e130, 4bd3bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (4bd3bbe0, 4bd3bbe0, 0, 4bd3bbe0, 1, 0) + b42c440c > > postAsyncRead... parked on 0x8409d4c. Is it possible any code in this stack could be holding a mutex locked? >----- Thread 28363 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (5253b66c, 20, 5253b66c, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (5253bbe0, 8327fec, 5253b744, 40023137, 82c0170, 82c01a0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 0, 4213820c, 666599a0, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 82c01a0, 40022f3b, 8327fec, 84581e0, 2c) >0x42075a7a: __cfree + 0x9a (666599a0, 8327fec, 5253b7f4, 82acb30, 82c01a0, 8327fec) >0x082acb46: __builtin_delete + 0x22 (666599a0, 0, 75e42ad0, 8327fec, 84581e0, 8327fec) >0x082acb6f: __builtin_vec_delete + 0x1b (666599a0, 18, 84b2320, 84b2324, c8a422c0, 0) + c0 >0x081eaf9c: gcPool__H3ZcZ15TCStringPoolCtxZQ24_STLt3map4ZPCcZUiZt15CharPoolCompare1ZcZQ24_STLt9allocator1ZQ24_STLt4pair2ZCPCcZUi_PX01PX11PPX21_i + 0xb0 (0, 83f9298, 83fa6c8, 3, 0, 3f9f6b4f) + 10 >0x081e9f9d: collectGarbage__12TCStringPool + 0x25 (83f7c38, 2, 5253b934, 81f122e, 0, 8327fec) >0x081f1245: collectGarbage__9TCStrUtil + 0x21 (818aa04, 8327fec) >0x081890e9: gcStrings__18ServerMonitorEvent + 0x49 (843e9e0, 843ea78, 5253b974, 818aa61, 843ec60, 0) + 20 >0x0818aa0f: run__18ServerMonitorEvent + 0x19f (843e9e0, 4, 2, 818acbe, 843ebb0, 8327fec) >0x0818acd0: __serverMonitorEntry__18ServerMonitorEventPv + 0x1c (843e9e0, 843dcc8, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (843ebb0, 5253bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (5253bbe0, 5253bbe0, 0, 5253bbe0, 1, 0) + adac440c > > cfree (free) parked on the mutex at 59400010, called from StringPool code. Might the StringPool code on this stack be holding a mutex? >----- Thread 1234 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (531ff76c, 20, 531ff76c, 40028c20, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (531ffbe0, 40028c20, 531ff834, 531ffbe0, 73721be0, 8327fec) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 531ff894, 4213820c, 669cbfa0, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 6b800010, 531ff8b4, 8327fec, 6f2af4a0, 0) >0x42075a7a: __cfree + 0x9a (669cbfa0, 75d2e518, 40022ccf, 82acb30, 75d2e518, 8327fec) >0x082acb46: __builtin_delete + 0x22 (669cbfa0, 0, 40022ccf, 40028c20, 531ffbe0, 8327fec) >0x082acb6f: __builtin_vec_delete + 0x1b (669cbfa0, 0, 531ff914, 8157bfa, 8327fec, 8332e80) >0x08157c1d: _._9TCMessage + 0x2d (6f2af4a0, 3, 531ff934, 8157c56, 8416074, 8327fec) + 10 >0x08157c9b: _release__9TCMessage + 0x53 (6f2af4a0, 2, 531ff964, 8327fec, 8d66df0, 8d66de8) >0x08157966: clearFreeList__16TCMessageFactoryPP9TCMessage + 0x2a (8d66de8, 8d66df0, 186a0, 81579e6, 20, 0) + 10 >0x08157a1e: __msgDestructorFunc__16TCMessageFactoryPv + 0x46 (8d66de8, 920d550, 0, 81f4a55, 0, 0) + 120 >0x081f4b5f: __TCThreadEntry__FPv + 0x11b (5f1dae20, 531ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (531ffbe0, 531ffbe0, 0, 531ffbe0, 1, 0) + ace0040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 15563 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (621fde2c, 20, 621fde2c, 82054d7, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (621ffbe0, 8327fec, 621fdfa4, 0, 621ffbe1, 621fe02c) + 20 >0x40022de8: __pthread_lock + 0x128 (621fdfac, 841b1b8, 40022ccf, 8327fec, 621fe09c, 621fe0c9) >0x4001fd96: __GI___pthread_mutex_lock + 0xb6 (83f9978, 8c2358a, 621fdf44, 81ebe4d, 83f9398, 8327fec) + b0 >0x081ebef3: getString__H3ZcZ15TCStringPoolCtxZQ24_STLt3map4ZPCcZUiZt15CharPoolCompare1ZcZQ24_STLt9allocator1ZQ24_STLt4pair2ZCPCcZUi_PCX01iPX11PPX21_PX01 + 0xb7 (621fe09c, 2c, 83f9298, 83fa6c8, 72300fd0, 621fe08c) + 10 >0x081ea314: get__12TCStringPoolPCci + 0x40 (83f7c38, 621fe09c, ffffffff, 70ef0300, 8327fec, 621fe08c) >0x081e71da: __10TCMBStringPCc + 0x36 (621fe08c, 621fe09c, 621fe09c, 70ef0300, 5f312d5f, 327c3037) + 850 >0x0814a818: toUTF8__8TCJSHookP8JSStringR10TCMBString + 0x88 (72300fd0, 621fe8fc, 621fe8e4, 814cc56, 72012388, 6df5f720) + 50 >0x0814cc99: _ProcessScriptVar__14TCJSSerializerPlP10TCMBString + 0x51 (621fea0c, 76155ee0, 0, 76155ee0, 621fea0c, 8327fec) + 30 >0x0814cafa: ProcessScriptVar__14TCJSSerializerPlP10TCMBString + 0x42 (621fea0c, 76155ee0, 0, 1, 6eb8d280, 0) + 10 >0x0814d26c: PutVar__14TCJSSerializerPlb + 0x48 (621fea0c, 76155ee0, 0, 621fe9d8, 6eb8d280, 72300fa8) + 100 >0x080c6de7: call__14TCClientJSHookUiPl + 0x1b3 (64c00080, 3, 76155ed8, 71512110, 0, 76155ee4) >0x080c55f5: tcSendCommand + 0x45 (6eb8d280, 71512110, 3, 76155ed8, 621feb7c, 71512110) + d0 >0x08253b5d: js_Invoke + 0x5a1 (6eb8d280, 3, 0, 621fece4, 760fdd70, 6b800010) + 150 >0x0825b3b3: js_Interpret + 0x6e43 (6eb8d280, 621feda8, 621fedac, 40028c20, 6b800010, 76155ce0) + c0 >0x08253bb7: js_Invoke + 0x5fb (6eb8d280, 1, 2, 7202a8c0, 71512110, 6eb8d280) + 80 >0x08253da9: js_InternalInvoke + 0x9d (6eb8d280, 71512110, 71512130, 0, 1, 621ff27c) + 10 >0x08237e55: JS_CallFunctionValue + 0x21 (6eb8d280, 71512110, 71512130, 1, 621ff27c, 621ff070) + 20 >0x0814a5c9: jsCallFunctionValue__8TCJSHookP9JSContextP8JSObjectlUiPlT5 + 0x5d (6eb8d280, 71512110, 71512130, 1, 621ff27c, 621ff070) + 20 >0x0814a0dd: invoke__8TCJSHookP8JSObjectPCcPliPPCcRl + 0xd5 (70e49400, 71512110, 8c23584, 621ff27c, 1, 82c0428) + 5a0 >0x080bb531: onCmdMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0xbf1 (70e49400, 621ff89c, 621ff88c, 1, 8332da0, 5c4a0438) + 10 >0x080ba406: onMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0x4a (70e49400, 621ff89c, 621ff88c, 0, 0, 0) + 340 >0x0814584f: executeEvent__18TCJavaScriptEngineiRC11TCObjectPtrT2 + 0x59b (6e8599b8, 6, 618b9dac, 618b9db4, 82c01b0, 618b9dac) + 60 >0x081478d9: run__18TCJavaScriptEngine + 0xe5 (6e8599b8, 56b0b350, 621ff964, 8149a12, 82c1da0, 8327fec) >0x08149a27: run__11TCScriptMsg + 0x1f (56b0b350, 8416048, 186a0, 83ff800, 20, 8416048) + 10 >0x081f3734: __ThreadDynamicPoolEntry__12TCThreadPoolPv + 0x100 (8416028, 95e4698, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (a1acba8, 621ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (621ffbe0, 621ffbe0, 0, 621ffbe0, 1, 0) + 9de0040c > > ....CharPoolCompare...allocate parked on 83f9978. Who owns that StringPool (or is it an STL map) mutex? It sure looks to me as though thread 28363 might own that mutex. JS on the stack means there ought to be an active request on the context at 6eb8d280. Is there? Is it possible any code in this stack could be holding a mutex locked? >----- Thread 6984 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (55d3b73c, 20, 55d3b73c, 810121d, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (55d3bbe0, 55d3b7e4, 6f217ff0, 0, 55d3bbe1, 75caf000) + 20 >0x40022de8: __pthread_lock + 0x128 (d534e98, 75caf000, 40022e5b, 8327fec, ccb3f80, 6f217ff0) >0x4001fd96: __GI___pthread_mutex_lock + 0xb6 (ccb3f98, 8332ae4, 40022e5b, 815789e, 8332ae4, 1) + 10 >0x081578ba: release__16TCMessageFactoryP9TCMessage + 0x2a (ccb3f80, 6f217ff0, 0, 8157c56, d535090, 1000000) + 10 >0x08157cc0: _release__9TCMessage + 0x78 (6f217ff0, 55d3b8cb, 55d3b914, 8101962, 0, 0) + 60 >0x08101a0b: pump__8TCClient + 0xc3 (d534e98, d534e98, 55d3b944, 8101f09, d534e98, 82c0658) + 10 >0x08101f71: onPumpData__8TCClientPvT1 + 0x75 (d534e98, 0, 55d3b964, 4001fef5, 843e868, 8327fec) >0x081bb41e: run__8QueueAPC + 0x12 (6f1a7e78, 3, 927c0, 8418dc0, 20, 843e858) + 10 >0x081f3734: __ThreadDynamicPoolEntry__12TCThreadPoolPv + 0x100 (843e838, 8ca3288, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (8545508, 55d3bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (55d3bbe0, 55d3bbe0, 0, 55d3bbe0, 1, 0) + aa2c440c > > Not sure what's going on here. >----- Thread 13617 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (5e8fde2c, 20, 5e8fde2c, 42073da3, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (5e8ffbe0, 8327fec, 5e8fdfa4, 0, 5e8ffbe1, 4213820c) + 20 >0x40022de8: __pthread_lock + 0x128 (5e8fdfac, 841b1b8, 40022ccf, 8327fec, 5e8fe09c, 5e8fe0c9) >0x4001fd96: __GI___pthread_mutex_lock + 0xb6 (83f9978, 8c2358a, 5e8fdf44, 81ebe4d, 83f9398, 8327fec) + b0 >0x081ebef3: getString__H3ZcZ15TCStringPoolCtxZQ24_STLt3map4ZPCcZUiZt15CharPoolCompare1ZcZQ24_STLt9allocator1ZQ24_STLt4pair2ZCPCcZUi_PCX01iPX11PPX21_PX01 + 0xb7 (5e8fe09c, 2c, 83f9298, 83fa6c8, 68ad6378, 5e8fe08c) + 10 >0x081ea314: get__12TCStringPoolPCci + 0x40 (83f7c38, 5e8fe09c, ffffffff, 6fae4b90, 8327fec, 5e8fe08c) >0x081e71da: __10TCMBStringPCc + 0x36 (5e8fe08c, 5e8fe09c, 5e8fe09c, 6fae4b90, 33373233, 742e3839) + 850 >0x0814a818: toUTF8__8TCJSHookP8JSStringR10TCMBString + 0x88 (68ad6378, 5e8fe8fc, 5e8fe8e4, 814cc56, 6b8f79a8, 6ec47af0) + 50 >0x0814cc99: _ProcessScriptVar__14TCJSSerializerPlP10TCMBString + 0x51 (5e8fea0c, 71316d08, 0, 71316d08, 5e8fea0c, 8327fec) + 30 >0x0814cafa: ProcessScriptVar__14TCJSSerializerPlP10TCMBString + 0x42 (5e8fea0c, 71316d08, 0, 1, 6dc11f80, 0) + 10 >0x0814d26c: PutVar__14TCJSSerializerPlb + 0x48 (5e8fea0c, 71316d08, 0, 5e8fe9d8, 6dc11f80, 68ad6348) + 100 >0x080c6de7: call__14TCClientJSHookUiPl + 0x1b3 (760c03a0, 3, 71316d00, 6b1bc168, 0, 71316d0c) >0x080c55f5: tcSendCommand + 0x45 (6dc11f80, 6b1bc168, 3, 71316d00, 5e8feb7c, 6b1bc168) + d0 >0x08253b5d: js_Invoke + 0x5a1 (6dc11f80, 3, 0, 5e8fece4, 724b3ba8, 6b600010) + 150 >0x0825b3b3: js_Interpret + 0x6e43 (6dc11f80, 5e8feda8, 5e8fedac, 40028c20, 6b600010, 71316b08) + c0 >0x08253bb7: js_Invoke + 0x5fb (6dc11f80, 1, 2, 67560cc0, 6b1bc168, 6dc11f80) + 80 >0x08253da9: js_InternalInvoke + 0x9d (6dc11f80, 6b1bc168, 6b1bc190, 0, 1, 5e8ff27c) + 10 >0x08237e55: JS_CallFunctionValue + 0x21 (6dc11f80, 6b1bc168, 6b1bc190, 1, 5e8ff27c, 5e8ff070) + 20 >0x0814a5c9: jsCallFunctionValue__8TCJSHookP9JSContextP8JSObjectlUiPlT5 + 0x5d (6dc11f80, 6b1bc168, 6b1bc190, 1, 5e8ff27c, 5e8ff070) + 20 >0x0814a0dd: invoke__8TCJSHookP8JSObjectPCcPliPPCcRl + 0xd5 (6d4631b0, 6b1bc168, 8c23584, 5e8ff27c, 1, 82c0428) + 5a0 >0x080bb531: onCmdMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0xbf1 (6d4631b0, 5e8ff89c, 5e8ff88c, 1, 8331e50, bf1da98) + 10 >0x080ba406: onMessage__11TCAppJSHookRC11TCClientPtrRC12TCMessagePtr + 0x4a (6d4631b0, 5e8ff89c, 5e8ff88c, 0, 0, 0) + 340 >0x0814584f: executeEvent__18TCJavaScriptEngineiRC11TCObjectPtrT2 + 0x59b (6d790580, 6, df0c51c, df0c524, 82c01b0, df0c51c) + 60 >0x081478d9: run__18TCJavaScriptEngine + 0xe5 (6d790580, a827a88, 5e8ff964, 8149a12, 82c1da0, 8327fec) >0x08149a27: run__11TCScriptMsg + 0x1f (a827a88, 8416048, 186a0, 83ff800, 20, 8416048) + 10 >0x081f3734: __ThreadDynamicPoolEntry__12TCThreadPoolPv + 0x100 (8416028, 8f62920, 0, 81f4a55, 0, 0) + 120 >0x081f4b0a: __TCThreadEntry__FPv + 0xc6 (86e1930, 5e8ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (5e8ffbe0, 5e8ffbe0, 0, 5e8ffbe0, 1, 0) + a170040c > > ....CharPoolCompare...allocate parked on 83f9978. Who owns that StringPool (or is it an STL map) mutex? It sure looks to me as though thread 28363 might own that mutex. JS on the stack means there ought to be an active request on the context at 6eb8d280. Is there? Is it possible any code in this stack could be holding a mutex locked? >----- Thread 28715 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (5553b76c, 20, 5553b76c, 8208c2c, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (5553bbe0, 8bbb890, 40022ccf, 40028c20, 0, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 0, 4213820c, 666983d8, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 0, 0, 8327fec, 6fcf8d48, 0) >0x42075a7a: __cfree + 0x9a (666983d8, 0, 40022ccf, 82acb30, 5553bbe0, 8327fec) >0x082acb46: __builtin_delete + 0x22 (666983d8, 0, 40022ccf, 40028c20, 5553bbe0, 8327fec) >0x082acb6f: __builtin_vec_delete + 0x1b (666983d8, 0, 5553b914, 8157bfa, 8327fec, 8332cdc) >0x08157c1d: _._9TCMessage + 0x2d (6fcf8d48, 3, 5553b934, 8157c56, 843e884, 8327fec) + 10 >0x08157c9b: _release__9TCMessage + 0x53 (6fcf8d48, 2, 5553b964, 8327fec, 890a600, 890a5f8) >0x08157966: clearFreeList__16TCMessageFactoryPP9TCMessage + 0x2a (890a5f8, 890a600, 927c0, 81579e6, 20, 0) + 10 >0x08157a1e: __msgDestructorFunc__16TCMessageFactoryPv + 0x46 (890a5f8, 930dfc0, 0, 81f4a55, 0, 0) + 120 >0x081f4b5f: __TCThreadEntry__FPv + 0x11b (41b0d3d8, 5553bc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (5553bbe0, 5553bbe0, 0, 5553bbe0, 1, 0) + aaac440c > > cfree (free) parked on the mutex at 59400010 Is it possible any code in this stack could be holding a mutex locked? >----- Thread 19210 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (5ffff76c, 20, 5ffff76c, ee, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (5ffffbe0, 8bbb890, 40022ccf, 40028c20, 0, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 0, 4213820c, 661a6a58, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 0, 0, 8327fec, 657ee560, 0) >0x42075a7a: __cfree + 0x9a (661a6a58, 0, 40022ccf, 82acb30, 5ffffbe0, 8327fec) >0x082acb46: __builtin_delete + 0x22 (661a6a58, 0, 40022ccf, 40028c20, 5ffffbe0, 8327fec) >0x082acb6f: __builtin_vec_delete + 0x1b (661a6a58, 0, 5ffff914, 8157bfa, 8327fec, 8331ab4) >0x08157c1d: _._9TCMessage + 0x2d (657ee560, 3, 5ffff934, 8157c56, 843e884, 8327fec) + 10 >0x08157c9b: _release__9TCMessage + 0x53 (657ee560, 2, 5ffff964, 8327fec, 938c168, 938c160) >0x08157966: clearFreeList__16TCMessageFactoryPP9TCMessage + 0x2a (938c160, 938c168, 927c0, 81579e6, 20, 0) + 10 >0x08157a1e: __msgDestructorFunc__16TCMessageFactoryPv + 0x46 (938c160, 873b3d8, 0, 81f4a55, 0, 0) + 120 >0x081f4b5f: __TCThreadEntry__FPv + 0x11b (5d720af8, 5ffffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (5ffffbe0, 5ffffbe0, 0, 5ffffbe0, 1, 0) + a000040c > > cfree (free) parked on the mutex at 59400010 Is it possible any code in this stack could be holding a mutex locked? >----- Thread 3240 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (62cff6cc, 20, 62cff6cc, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (62cffbe0, c73e808, 40022ccf, 1, 62cffbe0, 8332c50) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 40022ccf, 4213820c, 6486d230, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 3, 62cff814, 8327fec, 6486d230, 3) >0x42075a7a: __cfree + 0x9a (6486d230, e802e, 62cff874, 8294926, 0, 8327fec) >0x0829494d: PR_Free + 0x31 (6486d230, 62cff92c, 4211b2db, 8289ec6, 40028c20, 11c) >0x08289f70: _pt_thread_death + 0xb4 (6486d230, 0, 11c, 0, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (62cff974, 0, 0, 0, 57b01c78, 0) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 62cff974, 62cff994, 8327fec, 84b0a18, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, 8bcdf38, 81f38b2, 62cff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 62cffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (9c8c8d8, 62cffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (62cffbe0, 62cffbe0, 0, 62cffbe0, 1, 0) + 9d30040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 3241 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (634ff6cc, 20, 634ff6cc, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (634ffbe0, 619b7700, 40022ccf, 1, 634ffbe0, 8332588) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 40022ccf, 4213820c, 6131eb08, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 3, 634ff814, 8327fec, 6131eb08, 3) >0x42075a7a: __cfree + 0x9a (6131eb08, ec02f, 634ff874, 8294926, 0, 8327fec) >0x0829494d: PR_Free + 0x31 (6131eb08, 634ff92c, 4211b2db, 8289ec6, 40028c20, 11c) >0x08289f70: _pt_thread_death + 0xb4 (6131eb08, 0, 11c, 0, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (634ff974, 41b00010, 40022f3b, 40028c20, 84b0680, 41b00010) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 634ff974, 634ff994, 8327fec, 84b06a8, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, 9cb2600, 81f38b2, 634ff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 634ffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (9c7dec0, 634ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (634ffbe0, 634ffbe0, 0, 634ffbe0, 1, 0) + 9cb0040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 1902 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (60a4d82c, 20, 60a4d82c, 40023137, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (60a4dbe0, 0, 60a4d8f4, 40023137, 76117b48, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 60a4d954, 4213820c, 58028348, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 9c69a98, 60a4d994, 8327fec, 8c27e58, 9c69a98) >0x42075a7a: __cfree + 0x9a (58028348, ffffffff, 87d2060, 82acb30, 8c27e58, 8327fec) >0x082acb46: __builtin_delete + 0x22 (58028348, 18, 0, 81f4a55, 0, 0) + 120 >0x081f4c09: __TCThreadEntry__FPv + 0x1c5 (58028348, 60a4dc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (60a4dbe0, 60a4dbe0, 0, 60a4dbe0, 1, 0) + 9f5b240c > > cfree (free) parked on the mutex at 59400010 >----- Thread 5969 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (63cff82c, 20, 63cff82c, 40023137, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (63cffbe0, 8434520, 63cff8f4, 40023137, 40029190, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 63cff954, 4213820c, 544acfc8, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 9dbe958, 63cff994, 8327fec, 9dbe958, 9dbe958) >0x42075a7a: __cfree + 0x9a (544acfc8, 8434520, 1000002, 82acb30, 9dbe958, 8327fec) >0x082acb46: __builtin_delete + 0x22 (544acfc8, 18, 0, 81f4a55, 0, 0) + 120 >0x081f4c09: __TCThreadEntry__FPv + 0x1c5 (544acfc8, 63cffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (63cffbe0, 63cffbe0, 0, 63cffbe0, 1, 0) + 9c30040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 30053 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (647ff82c, 20, 647ff82c, 40023137, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (647ffbe0, 8434520, 647ff8f4, 40023137, 400291a0, 0) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 647ff954, 4213820c, 529488a0, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, b0556c0, 647ff994, 8327fec, b0556c0, b0556c0) >0x42075a7a: __cfree + 0x9a (529488a0, 8434520, 1000002, 82acb30, b0556c0, 8327fec) >0x082acb46: __builtin_delete + 0x22 (529488a0, 18, 0, 81f4a55, 0, 0) + 120 >0x081f4c09: __TCThreadEntry__FPv + 0x1c5 (529488a0, 647ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (647ffbe0, 647ffbe0, 0, 647ffbe0, 1, 0) + 9b80040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 26942 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (6a6ff6cc, 20, 6a6ff6cc, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (6a6ffbe0, 75760c18, 40022ccf, 1, 6a6ffbe0, 8332470) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 40022ccf, 4213820c, 667bbe70, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 3, 6a6ff814, 8327fec, 667bbe70, 3) >0x42075a7a: __cfree + 0x9a (667bbe70, 100035, 6a6ff874, 8294926, 0, 8327fec) >0x0829494d: PR_Free + 0x31 (667bbe70, 6a6ff92c, 4211b2db, 8289ec6, 40028c20, 11c) >0x08289f70: _pt_thread_death + 0xb4 (667bbe70, 0, 11c, 0, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (6a6ff974, 6b800010, 40022f3b, 40028c20, 844bb58, 6b800010) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 6a6ff974, 6a6ff994, 8327fec, 84b0540, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, b887458, 81f38b2, 6a6ff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 6a6ffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (ad45590, 6a6ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (6a6ffbe0, 6a6ffbe0, 0, 6a6ffbe0, 1, 0) + 9590040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 26943 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (6aeff6ec, 20, 6aeff6ec, 4213820c, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (6aeffbe0, 4, 0, 1, 8333018, 8327fec) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 6aeff814, 4213820c, 6616b710, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 104036, 4, 8327fec, 6616b710, 4) >0x42075a7a: __cfree + 0x9a (6616b710, 0, 4211b2db, 82a827a, 40028c20, 11c) >0x082a82a8: eh_context_free + 0x38 (6616b710, 0, 11c, 1, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (6aeff974, 0, 0, 0, 99c7be8, 0) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 6aeff974, 6aeff994, 8327fec, 99c7d50, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, beb2ff8, 81f38b2, 6aeff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 6aeffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (bb3fc58, 6aeffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (6aeffbe0, 6aeffbe0, 0, 6aeffbe0, 1, 0) + 9510040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 4366 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (6c0ff6ec, 20, 6c0ff6ec, 4213820c, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (6c0ffbe0, 4, 0, 1, 83329a4, 8327fec) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 6c0ff814, 4213820c, 542c60a0, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 108037, 4, 8327fec, 542c60a0, 4) >0x42075a7a: __cfree + 0x9a (542c60a0, 0, 4211b2db, 82a827a, 40028c20, 11c) >0x082a82a8: eh_context_free + 0x38 (542c60a0, 0, 11c, 1, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (6c0ff974, 6b800010, 40022f3b, 40028c20, 57b01ca0, 6b800010) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 6c0ff974, 6c0ff994, 8327fec, 84b09c8, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, c184320, 81f38b2, 6c0ff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 6c0ffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (574db038, 6c0ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (6c0ffbe0, 6c0ffbe0, 0, 6c0ffbe0, 1, 0) + 93f0040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 4367 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (6c8ff6cc, 20, 6c8ff6cc, 0, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (6c8ffbe0, 60fc9530, 40022ccf, 1, 6c8ffbe0, 8332994) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 40022ccf, 4213820c, 63dc30d8, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 3, 6c8ff814, 8327fec, 63dc30d8, 3) >0x42075a7a: __cfree + 0x9a (63dc30d8, 10c038, 6c8ff874, 8294926, 0, 8327fec) >0x0829494d: PR_Free + 0x31 (63dc30d8, 6c8ff92c, 4211b2db, 8289ec6, 40028c20, 11c) >0x08289f70: _pt_thread_death + 0xb4 (63dc30d8, 0, 11c, 0, 0, 0) + 10 >0x400220ec: __pthread_destroy_specifics + 0x7c (6c8ff974, 0, 0, 0, 84b09a0, 0) + b0 >0x4001e29a: __pthread_do_exit + 0x3a (0, 6c8ff974, 6c8ff994, 8327fec, 57b01ed0, 8327fec) >0x4001e623: __pthread_exit + 0x23 (0, ffffffff, a271c68, 81f38b2, 6c8ff9cc, 8327fec) >0x081f38c3: tcEndThread__Fi + 0x1b (0, 6c8ffa9c, 0, 81f4a55, 0, 0) + 120 >0x081f4c2f: __TCThreadEntry__FPv + 0x1eb (6b600878, 6c8ffc74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (6c8ffbe0, 6c8ffbe0, 0, 6c8ffbe0, 1, 0) + 9370040c > > cfree (free) parked on the mutex at 59400010 >----- Thread 24324 ----- >0x40021a35: __pthread_sigsuspend + 0x15 (7372176c, 20, 7372176c, 40028c20, 0, 0) + 90 >0x40020db8: __pthread_wait_for_restart_signal + 0x68 (73721be0, 40028c20, 73721834, 73721be0, 621ffbe0, 8327fec) + 50 >0x40023190: __pthread_alt_lock + 0x70 (59400020, 0, 73721894, 4213820c, 64ee98c0, 59400010) >0x4001fd77: __GI___pthread_mutex_lock + 0x97 (59400010, 6b800010, 737218b4, 8327fec, 66510748, 0) >0x42075a7a: __cfree + 0x9a (64ee98c0, 75c83ce8, 40022ccf, 82acb30, 75c83ce8, 8327fec) >0x082acb46: __builtin_delete + 0x22 (64ee98c0, 0, 40022ccf, 40028c20, 73721be0, 8327fec) >0x082acb6f: __builtin_vec_delete + 0x1b (64ee98c0, 0, 73721914, 8157bfa, 8327fec, 8332ba8) >0x08157c1d: _._9TCMessage + 0x2d (66510748, 3, 73721934, 8157c56, 8416074, 8327fec) + 10 >0x08157c9b: _release__9TCMessage + 0x53 (66510748, 2, 73721964, 8327fec, ccb3f84, ccb3f80) >0x08157966: clearFreeList__16TCMessageFactoryPP9TCMessage + 0x2a (ccb3f80, ccb3f84, 186a0, 81579e6, 20, 1) + 10 >0x08157a1e: __msgDestructorFunc__16TCMessageFactoryPv + 0x46 (ccb3f80, 93ed168, 0, 81f4a55, 0, 0) + 120 >0x081f4b5f: __TCThreadEntry__FPv + 0x11b (6cdbc470, 73721c74, 0, 0, 0, 0) + e0 >0x4001f881: pthread_start_thread + 0x1b1 (73721be0, 73721be0, 0, 73721be0, 1, 0) + 8c8de40c > > cfree (free) parked on the mutex at 59400010 So: thread 28363 is holding some kind of string pool mutex, calling into malloc, waiting for what looks like a global malloc heap mutex to be unlocked. threads 15563 and 13617 want that string pool mutex, but can't get it. Could they be holding something that's preventing the global malloc heap mutex to be unlocked? What is thread 6984 doing? What other thread owns the mutex that it is waiting on? Does it ever seem to make progress, and acquire that mutex? Sure looks like a memory-linked deadlock to me. You shouldn't suspect infinite loop when you have threads nesting in opposing order through different modules. That's the hallmark of an AB-BA deadlock, so called because thread 1 nests lock B in A, while thread 2 nests lock A in B. A deadly embrace is inevitable. You should not nest mutexes. That means you should avoid calling malloc while holding a mutex. Enough threaded programming fu; now back to m.jseng. /be .