secondlife-3p
diff --git a/‎src/Concurrency/WorkContractGroup.cpp‎
Lines changed: 7 additions & 3 deletions b/‎src/Concurrency/WorkContractGroup.cpp‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎src/Concurrency/WorkContractGroup.h‎
Lines changed: 17 additions & 3 deletions b/‎src/Concurrency/WorkContractGroup.h‎
Lines changed: 17 additions & 3 deletions
@@ -206,11 +206,15 @@ namespace Concurrency {
         ENTROPY_ASSERT(mainThreadSelectingCount == 0, "WorkContractGroup destroyed with threads still in selectForMainThreadExecution");
 
         // Then notify the concurrency provider to remove us from active groups
+        // CRITICAL: Read provider without holding lock to avoid ABBA deadlock
+        IConcurrencyProvider* provider = nullptr;
         {
             std::unique_lock<std::shared_mutex> lock(_concurrencyProviderMutex);
-            if (_concurrencyProvider) {
-                _concurrencyProvider->notifyGroupDestroyed(this);
-            }
+            provider = _concurrencyProvider;
+        }
+
+        if (provider) {
+            provider->notifyGroupDestroyed(this);
         }
     }
 
 
@@ -29,6 +29,7 @@
 #include <thread>
 #include <condition_variable>
 #include <mutex>
+#include <shared_mutex>
 #include <optional>
 #include <limits>
 
@@ -176,9 +177,22 @@ namespace Concurrency {
         /**
          * @brief Destructor ensures all work is stopped and completed
          * 
-         * Calls stop() to prevent new work selection, then wait() to ensure
-         * all executing work completes. Finally notifies the concurrency provider
-         * (if any) that the group is being destroyed.
+         * Follows a strict destruction protocol to prevent deadlocks:
+         * 1. Calls stop() to prevent new work selection
+         * 2. Calls wait() to ensure all executing work completes
+         * 3. Unschedules and releases all remaining contracts
+         * 4. Reads concurrency provider pointer WITHOUT holding mutex lock
+         * 5. Calls notifyGroupDestroyed() to inform provider of destruction
+         *
+         * CRITICAL: The provider notification is made without holding the group's
+         * concurrency provider mutex to prevent ABBA deadlock with WorkService.
+         * Any deviation from this protocol may result in deadlock during destruction.
+         *
+         * The provider will then:
+         * - Remove this group from its internal lists
+         * - Call setConcurrencyProvider(nullptr) to clear the back-reference
+         *
+         * This ensures proper bidirectional cleanup without lock ordering issues.
          */
         ~WorkContractGroup();
Original file line number	Diff line number	Diff line change
`@@ -206,11 +206,15 @@ namespace Concurrency {`
`206`	`206`	`ENTROPY_ASSERT(mainThreadSelectingCount == 0, "WorkContractGroup destroyed with threads still in selectForMainThreadExecution");`
`207`	`207`
`208`	`208`	`// Then notify the concurrency provider to remove us from active groups`
	`209`	`+ // CRITICAL: Read provider without holding lock to avoid ABBA deadlock`
	`210`	`+ IConcurrencyProvider* provider = nullptr;`
`209`	`211`	`{`
`210`	`212`	`std::unique_lock<std::shared_mutex> lock(_concurrencyProviderMutex);`
`211`		`- if (_concurrencyProvider) {`
`212`		`- _concurrencyProvider->notifyGroupDestroyed(this);`
`213`		`- }`
	`213`	`+ provider = _concurrencyProvider;`
	`214`	`+ }`
	`215`	`+`
	`216`	`+ if (provider) {`
	`217`	`+ provider->notifyGroupDestroyed(this);`
`214`	`218`	`}`
`215`	`219`	`}`
`216`	`220`