-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: Internal Code
-
None
-
Fully Compatible
-
ALL
-
v4.2
-
Service Arch 2019-08-12
-
10
There's an unfortunate race between addChild and transitionToFinished, where the caller of addChild can observe a kInit shared state, as can transitionToFinished, and then the caller of addChild can add a child that is never fulfilled by the caller of transitionToFinished.
It looks like:
| addChild() | transitionToFinished() |
|---|---|
| loadState, observe init | |
| acquire mutex | |
| loadState, observe init | |
| transition to finished, observed init | |
| attempt to cas to waitingOrHaveChildren | |
| return, doing nothing | |
| add to children | |
| strand the child in a way that won't be finished later |