Found while fuzzing m-c 20220509-70f5ae719af1 (--enable-address-sanitizer --enable-fuzzing)
To reproduce via Grizzly Replay:
```
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ python -m grizzly.replay -p prefs.js ./firefox/firefox testcase.html
```
```
==12416==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d00039f87f at pc 0x7ff2975b123a bp 0x7ff24ebfed50 sp 0x7ff24ebfed48
READ of size 2 at 0x61d00039f87f thread T72 (Renderer)
#0 0x7ff2975b1239 in load<unsigned char> src/gfx/wr/swgl/src/vector_type.h:503:5
#1 0x7ff2975b1239 in unaligned_load<unsigned char __attribute__((ext_vector_type(2))), unsigned char> src/gfx/wr/swgl/src/vector_type.h:532:10
#2 0x7ff2975b1239 in unsigned short vector[4] glsl::textureLinearUnpackedR8<glsl::sampler2D_impl*>(glsl::sampler2D_impl*, glsl::ivec2) src/gfx/wr/swgl/src/texture.h:554:13
#3 0x7ff2979c0d2a in textureLinearUnpacked<glsl::sampler2D_impl *> src/gfx/wr/swgl/src/swgl_ext.h:145:10
#4 0x7ff2979c0d2a in blendTextureLinearFallback<false, glsl::sampler2D_impl *, NoColor, unsigned char> src/gfx/wr/swgl/src/swgl_ext.h:178:25
#5 0x7ff2979c0d2a in blendTextureLinearDispatch<false, glsl::sampler2D_impl *, NoColor, unsigned char> src/gfx/wr/swgl/src/swgl_ext.h:451:11
#6 0x7ff2979c0d2a in int blendTextureLinear<false, glsl::sampler2D_impl*, NoColor, unsigned char>(glsl::sampler2D_impl*, glsl::vec2, int, glsl::vec4_scalar const&, NoColor, unsigned char*, LinearFilter) src/gfx/wr/swgl/src/swgl_ext.h:466:3
#7 0x7ff2979b591d in cs_clip_box_shadow_TEXTURE_2D_frag::swgl_drawSpanR8() /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/swgl-6552a371abcb3a5c/out/cs_clip_box_shadow_TEXTURE_2D.h:762:6
#8 0x7ff2979a6e4a in cs_clip_box_shadow_TEXTURE_2D_frag::draw_span_R8(glsl::FragmentShaderImpl*) /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/swgl-6552a371abcb3a5c/out/cs_clip_box_shadow_TEXTURE_2D.h:831:28
#9 0x7ff297ac7303 in draw_span src/gfx/wr/swgl/src/program.h:178:12
#10 0x7ff297ac7303 in void draw_quad_spans<unsigned char>(int, glsl::vec2_scalar*, unsigned int, glsl::vec3*, Texture&, Texture&, ClipRect const&) src/gfx/wr/swgl/src/rasterize.h:1028:42
#11 0x7ff297594ed8 in draw_quad(int, Texture&, Texture&) src/gfx/wr/swgl/src/rasterize.h:1618:5
#12 0x7ff297590cc2 in void draw_elements<unsigned short>(int, int, unsigned long, VertexArray&, Texture&, Texture&) src/gfx/wr/swgl/src/rasterize.h:1645:5
#13 0x7ff297590969 in DrawElementsInstanced src/gfx/wr/swgl/src/gl.cc:2744:7
#14 0x7ff296e81051 in webrender::device::gl::Device::draw_indexed_triangles_instanced_u16::h42212c7ec2e3db72 src/gfx/wr/webrender/src/device/gl.rs:3633:9
#15 0x7ff296e81051 in webrender::renderer::Renderer::draw_instanced_batch::h1db2bf55624de946 src/gfx/wr/webrender/src/renderer/mod.rs:2511:17
#16 0x7ff296e81051 in webrender::renderer::Renderer::draw_clip_batch_list::h5d85ee13219da81e src/gfx/wr/webrender/src/renderer/mod.rs:3935:13
#17 0x7ff296e9479d in webrender::renderer::Renderer::draw_alpha_target::h9ccd69028b7a15b0 src/gfx/wr/webrender/src/renderer/mod.rs:4130:13
#18 0x7ff296e9479d in webrender::renderer::Renderer::draw_frame::h84acc984322e107e src/gfx/wr/webrender/src/renderer/mod.rs:4905:17
#19 0x7ff296e29883 in webrender::renderer::Renderer::render_impl::had18dff80f58dd00 src/gfx/wr/webrender/src/renderer/mod.rs:2015:17
#20 0x7ff296e24d6e in webrender::renderer::Renderer::render::hfcbfece57088587f src/gfx/wr/webrender/src/renderer/mod.rs:1737:30
#21 0x7ff2962107cf in wr_renderer_render src/gfx/webrender_bindings/src/bindings.rs:620:11
#22 0x7ff287d7a8ce in mozilla::wr::RendererOGL::UpdateAndRender(mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*, mozilla::wr::RendererStats*) src/gfx/webrender_bindings/RendererOGL.cpp:185:8
#23 0x7ff287d78d1a in mozilla::wr::RenderThread::UpdateAndRender(mozilla::wr::WrWindowId, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType> const&, mozilla::TimeStamp const&, bool, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*) src/gfx/webrender_bindings/RenderThread.cpp:537:31
#24 0x7ff287d77e79 in mozilla::wr::RenderThread::HandleFrameOneDoc(mozilla::wr::WrWindowId, bool) src/gfx/webrender_bindings/RenderThread.cpp:387:3
#25 0x7ff287d92e66 in applyImpl<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), StoreCopyPassByConstLRef<mozilla::wr::WrWindowId>, StoreCopyPassByConstLRef<bool>, 0UL, 1UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1147:12
#26 0x7ff287d92e66 in apply<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1153:12
#27 0x7ff287d92e66 in mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), true, (mozilla::RunnableKind)0, mozilla::wr::WrWindowId, bool>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1200:13
#28 0x7ff28536f95e in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1174:16
#29 0x7ff28537929c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:465:10
#30 0x7ff286a78671 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:330:5
#31 0x7ff2868ee861 in RunInternal src/ipc/chromium/src/base/message_loop.cc:380:10
#32 0x7ff2868ee861 in RunHandler src/ipc/chromium/src/base/message_loop.cc:373:3
#33 0x7ff2868ee861 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:355:3
#34 0x7ff28536752b in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:378:10
#35 0x7ff2b325657e in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5
#36 0x7ff2b2f846da in start_thread /build/glibc-uZu3wS/glibc-2.27/nptl/pthread_create.c:463
#37 0x7ff2b1f6261e in __clone /build/glibc-uZu3wS/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
```
Bug 1768578 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found while fuzzing m-c 20220509-70f5ae719af1 (--enable-address-sanitizer --enable-fuzzing)
To reproduce via Grizzly Replay:
```
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -a --fuzzing -n firefox
$ python -m grizzly.replay -p prefs.js ./firefox/firefox testcase.html
```
```
==24328==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d000486c7f at pc 0x7fbc41ab6fca bp 0x7fbc12613d50 sp 0x7fbc12613d48
READ of size 2 at 0x61d000486c7f thread T30 (Renderer)
#0 0x7fbc41ab6fc9 in load<unsigned char> /gecko/gfx/wr/swgl/src/vector_type.h:503:5
#1 0x7fbc41ab6fc9 in unaligned_load<unsigned char __attribute__((ext_vector_type(2))), unsigned char> /gecko/gfx/wr/swgl/src/vector_type.h:532:10
#2 0x7fbc41ab6fc9 in unsigned short vector[4] glsl::textureLinearUnpackedR8<glsl::sampler2D_impl*>(glsl::sampler2D_impl*, glsl::ivec2) /gecko/gfx/wr/swgl/src/texture.h:554:13
#3 0x7fbc41ec6aba in textureLinearUnpacked<glsl::sampler2D_impl *> /gecko/gfx/wr/swgl/src/swgl_ext.h:145:10
#4 0x7fbc41ec6aba in blendTextureLinearFallback<false, glsl::sampler2D_impl *, NoColor, unsigned char> /gecko/gfx/wr/swgl/src/swgl_ext.h:178:25
#5 0x7fbc41ec6aba in blendTextureLinearDispatch<false, glsl::sampler2D_impl *, NoColor, unsigned char> /gecko/gfx/wr/swgl/src/swgl_ext.h:451:11
#6 0x7fbc41ec6aba in int blendTextureLinear<false, glsl::sampler2D_impl*, NoColor, unsigned char>(glsl::sampler2D_impl*, glsl::vec2, int, glsl::vec4_scalar const&, NoColor, unsigned char*, LinearFilter) /gecko/gfx/wr/swgl/src/swgl_ext.h:466:3
#7 0x7fbc41ebb6ad in cs_clip_box_shadow_TEXTURE_2D_frag::swgl_drawSpanR8() /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/swgl-6552a371abcb3a5c/out/cs_clip_box_shadow_TEXTURE_2D.h:762:6
#8 0x7fbc41eacbda in cs_clip_box_shadow_TEXTURE_2D_frag::draw_span_R8(glsl::FragmentShaderImpl*) /builds/worker/workspace/obj-build/x86_64-unknown-linux-gnu/release/build/swgl-6552a371abcb3a5c/out/cs_clip_box_shadow_TEXTURE_2D.h:831:28
#9 0x7fbc41fcd093 in draw_span /gecko/gfx/wr/swgl/src/program.h:178:12
#10 0x7fbc41fcd093 in void draw_quad_spans<unsigned char>(int, glsl::vec2_scalar*, unsigned int, glsl::vec3*, Texture&, Texture&, ClipRect const&) /gecko/gfx/wr/swgl/src/rasterize.h:1028:42
#11 0x7fbc41a9ac68 in draw_quad(int, Texture&, Texture&) /gecko/gfx/wr/swgl/src/rasterize.h:1618:5
#12 0x7fbc41a96a52 in void draw_elements<unsigned short>(int, int, unsigned long, VertexArray&, Texture&, Texture&) /gecko/gfx/wr/swgl/src/rasterize.h:1645:5
#13 0x7fbc41a966f9 in DrawElementsInstanced /gecko/gfx/wr/swgl/src/gl.cc:2744:7
#14 0x7fbc41384701 in webrender::device::gl::Device::draw_indexed_triangles_instanced_u16::h42212c7ec2e3db72 /gecko/gfx/wr/webrender/src/device/gl.rs:3633:9
#15 0x7fbc41384701 in webrender::renderer::Renderer::draw_instanced_batch::h1db2bf55624de946 /gecko/gfx/wr/webrender/src/renderer/mod.rs:2511:17
#16 0x7fbc41384701 in webrender::renderer::Renderer::draw_clip_batch_list::h5d85ee13219da81e /gecko/gfx/wr/webrender/src/renderer/mod.rs:3935:13
#17 0x7fbc41397e4d in webrender::renderer::Renderer::draw_alpha_target::h9ccd69028b7a15b0 /gecko/gfx/wr/webrender/src/renderer/mod.rs:4130:13
#18 0x7fbc41397e4d in webrender::renderer::Renderer::draw_frame::h84acc984322e107e /gecko/gfx/wr/webrender/src/renderer/mod.rs:4905:17
#19 0x7fbc4132cf33 in webrender::renderer::Renderer::render_impl::had18dff80f58dd00 /gecko/gfx/wr/webrender/src/renderer/mod.rs:2015:17
#20 0x7fbc4132841e in webrender::renderer::Renderer::render::hfcbfece57088587f /gecko/gfx/wr/webrender/src/renderer/mod.rs:1737:30
#21 0x7fbc4071276f in wr_renderer_render /gecko/gfx/webrender_bindings/src/bindings.rs:616:11
#22 0x7fbc32277c1e in mozilla::wr::RendererOGL::UpdateAndRender(mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*, mozilla::wr::RendererStats*) /gecko/gfx/webrender_bindings/RendererOGL.cpp:185:8
#23 0x7fbc3227606a in mozilla::wr::RenderThread::UpdateAndRender(mozilla::wr::WrWindowId, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType> const&, mozilla::TimeStamp const&, bool, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*) /gecko/gfx/webrender_bindings/RenderThread.cpp:537:31
#24 0x7fbc322751c9 in mozilla::wr::RenderThread::HandleFrameOneDoc(mozilla::wr::WrWindowId, bool) /gecko/gfx/webrender_bindings/RenderThread.cpp:387:3
#25 0x7fbc322901b6 in applyImpl<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), StoreCopyPassByConstLRef<mozilla::wr::WrWindowId>, StoreCopyPassByConstLRef<bool>, 0UL, 1UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1147:12
#26 0x7fbc322901b6 in apply<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1153:12
#27 0x7fbc322901b6 in mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), true, (mozilla::RunnableKind)0, mozilla::wr::WrWindowId, bool>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1200:13
#28 0x7fbc2f86aade in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1174:16
#29 0x7fbc2f87441c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#30 0x7fbc30f73651 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:330:5
#31 0x7fbc30de9841 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:380:10
#32 0x7fbc30de9841 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:373:3
#33 0x7fbc30de9841 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:355:3
#34 0x7fbc2f8626ab in nsThread::ThreadFunc(void*) /gecko/xpcom/threads/nsThread.cpp:378:10
#35 0x7fbc54bd857e in _pt_root /gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#36 0x7fbc55877608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477:8
#37 0x7fbc5543e162 in __clone /build/glibc-sMfBJT/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
0x61d000486c7f is located 1 bytes to the left of 2068-byte region [0x61d000486c80,0x61d000487494)
allocated by thread T30 (Renderer) here:
#0 0x564c475b87d6 in __interceptor_realloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
#1 0x7fbc41a9c872 in Texture::allocate(bool, int, int) /gecko/gfx/wr/swgl/src/gl.cc:509:32
#2 0x7fbc41a825d7 in set_tex_storage(Texture&, unsigned int, int, int, void*, int, int, int) /gecko/gfx/wr/swgl/src/gl.cc:1716:10
#3 0x7fbc41a820be in TexStorage2D /gecko/gfx/wr/swgl/src/gl.cc:1732:3
#4 0x7fbc41a83349 in TexImage2D /gecko/gfx/wr/swgl/src/gl.cc:1822:3
#5 0x7fbc41a6401a in _$LT$swgl..swgl_fns..Context$u20$as$u20$gleam..gl..Gl$GT$::tex_image_2d::hd2143d53dc386835 /gecko/gfx/wr/swgl/src/swgl_fns.rs:997:13
#6 0x7fbc40efe897 in webrender::device::gl::Device::create_texture::hd1c2e346282d7926 /gecko/gfx/wr/webrender/src/device/gl.rs:2529:13
#7 0x7fbc4134acc1 in webrender::renderer::Renderer::update_texture_cache::_$u7b$$u7b$closure$u7d$$u7d$::h18679fcfc1740cf6 /gecko/gfx/wr/webrender/src/renderer/mod.rs:2379:29
#8 0x7fbc4134acc1 in core::option::Option$LT$T$GT$::unwrap_or_else::he0535446ceb1660e /builds/worker/fetches/rust/library/core/src/option.rs:802:21
#9 0x7fbc4134acc1 in webrender::renderer::Renderer::update_texture_cache::h321af9a1eba3ffc9 /gecko/gfx/wr/webrender/src/renderer/mod.rs:2378:43
#10 0x7fbc4132c40c in webrender::renderer::Renderer::render_impl::had18dff80f58dd00 /gecko/gfx/wr/webrender/src/renderer/mod.rs:1975:13
#11 0x7fbc4132841e in webrender::renderer::Renderer::render::hfcbfece57088587f /gecko/gfx/wr/webrender/src/renderer/mod.rs:1737:30
#12 0x7fbc4071276f in wr_renderer_render /gecko/gfx/webrender_bindings/src/bindings.rs:616:11
#13 0x7fbc32277c1e in mozilla::wr::RendererOGL::UpdateAndRender(mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*, mozilla::wr::RendererStats*) /gecko/gfx/webrender_bindings/RendererOGL.cpp:185:8
#14 0x7fbc3227606a in mozilla::wr::RenderThread::UpdateAndRender(mozilla::wr::WrWindowId, mozilla::layers::BaseTransactionId<mozilla::VsyncIdType> const&, mozilla::TimeStamp const&, bool, mozilla::Maybe<mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> > const&, mozilla::Maybe<mozilla::wr::ImageFormat> const&, mozilla::Maybe<mozilla::Range<unsigned char> > const&, bool*) /gecko/gfx/webrender_bindings/RenderThread.cpp:537:31
#15 0x7fbc322751c9 in mozilla::wr::RenderThread::HandleFrameOneDoc(mozilla::wr::WrWindowId, bool) /gecko/gfx/webrender_bindings/RenderThread.cpp:387:3
#16 0x7fbc322901b6 in applyImpl<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), StoreCopyPassByConstLRef<mozilla::wr::WrWindowId>, StoreCopyPassByConstLRef<bool>, 0UL, 1UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1147:12
#17 0x7fbc322901b6 in apply<mozilla::wr::RenderThread, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1153:12
#18 0x7fbc322901b6 in mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void (mozilla::wr::RenderThread::*)(mozilla::wr::WrWindowId, bool), true, (mozilla::RunnableKind)0, mozilla::wr::WrWindowId, bool>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1200:13
#19 0x7fbc2f86aade in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1174:16
#20 0x7fbc2f87441c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#21 0x7fbc30f73651 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:330:5
#22 0x7fbc30de9841 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:380:10
#23 0x7fbc30de9841 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:373:3
#24 0x7fbc30de9841 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:355:3
#25 0x7fbc2f8626ab in nsThread::ThreadFunc(void*) /gecko/xpcom/threads/nsThread.cpp:378:10
#26 0x7fbc54bd857e in _pt_root /gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#27 0x7fbc55877608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477:8
Thread T30 (Renderer) created by T0 here:
#0 0x564c475a1a6c in __interceptor_pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:208:3
#1 0x7fbc54bc862c in _PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14
#2 0x7fbc54bb99ce in PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12
#3 0x7fbc2f865955 in nsThread::Init(nsTSubstring<char> const&) /gecko/xpcom/threads/nsThread.cpp:604:18
#4 0x7fbc2f8720ff in nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /gecko/xpcom/threads/nsThreadManager.cpp:534:12
#5 0x7fbc2f87ded1 in NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, unsigned int) /gecko/xpcom/threads/nsThreadUtils.cpp:161:57
#6 0x7fbc3227154f in NS_NewNamedThread<9UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:74:10
#7 0x7fbc3227154f in mozilla::wr::RenderThread::Start(unsigned int) /gecko/gfx/webrender_bindings/RenderThread.cpp:94:17
#8 0x7fbc31fd4ad7 in gfxPlatform::InitLayersIPC() /gecko/gfx/thebes/gfxPlatform.cpp:1295:7
#9 0x7fbc31fd0d5b in gfxPlatform::Init() /gecko/gfx/thebes/gfxPlatform.cpp:955:3
#10 0x7fbc31fd46c6 in GetPlatform /gecko/gfx/thebes/gfxPlatform.cpp:465:5
#11 0x7fbc31fd46c6 in gfxPlatform::InitializeCMS() /gecko/gfx/thebes/gfxPlatform.cpp:2088:9
#12 0x7fbc37c90e04 in EnsureCMSInitialized /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:975:7
#13 0x7fbc37c90e04 in gfxPlatform::GetCMSMode() /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:523:5
#14 0x7fbc37c9066d in nsXPLookAndFeel::GetColorValue(mozilla::StyleSystemColor, mozilla::ColorScheme, mozilla::LookAndFeel::UseStandins, unsigned int&) /gecko/widget/nsXPLookAndFeel.cpp:879:9
#15 0x7fbc37c947ce in mozilla::LookAndFeel::GetColor(mozilla::StyleSystemColor, mozilla::ColorScheme, mozilla::LookAndFeel::UseStandins) /gecko/widget/nsXPLookAndFeel.cpp:1279:47
#16 0x7fbc37bff40c in Color /builds/worker/workspace/obj-build/dist/include/mozilla/LookAndFeel.h:444:12
#17 0x7fbc37bff40c in ThemedAccentColor /gecko/widget/ThemeColors.cpp:88:37
#18 0x7fbc37bff40c in mozilla::widget::ThemeColors::RecomputeAccentColors() /gecko/widget/ThemeColors.cpp:197:20
#19 0x7fbc37bff055 in mozilla::widget::Theme::LookAndFeelChanged() /gecko/widget/Theme.cpp:179:3
#20 0x7fbc37c8ea46 in nsXPLookAndFeel::GetInstance() /gecko/widget/nsXPLookAndFeel.cpp:361:3
#21 0x7fbc37c9516d in mozilla::LookAndFeel::GetThemeInfo(nsTSubstring<char>&) /gecko/widget/nsXPLookAndFeel.cpp:1392:3
#22 0x7fbc2f6c38fa in nsSystemInfo::Init() /gecko/xpcom/base/nsSystemInfo.cpp:1047:5
#23 0x7fbc2f7d2fe4 in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:11960:7
#24 0x7fbc2f816c80 in CreateInstance /gecko/xpcom/components/nsComponentManager.cpp:185:46
#25 0x7fbc2f816c80 in nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor> >&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /gecko/xpcom/components/nsComponentManager.cpp:1290:17
#26 0x7fbc2f817728 in nsComponentManagerImpl::GetService(mozilla::xpcom::ModuleID, nsID const&, void**) /gecko/xpcom/components/nsComponentManager.cpp:1380:10
#27 0x7fbc2f7ecead in mozilla::xpcom::GetServiceHelper::operator()(nsID const&, void**) const /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12287:50
#28 0x7fbc2f67afb1 in nsCOMPtr_base::assign_from_helper(nsCOMPtr_helper const&, nsID const&) /gecko/xpcom/base/nsCOMPtr.cpp:109:7
#29 0x7fbc3128027f in nsCOMPtr /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:999:5
#30 0x7fbc3128027f in GetServiceImpl /gecko/js/xpconnect/src/JSServices.cpp:83:32
#31 0x7fbc3128027f in GetService /gecko/js/xpconnect/src/JSServices.cpp:130:8
#32 0x7fbc3128027f in xpc::Services_Resolve(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::PropertyKey>, bool*) /gecko/js/xpconnect/src/JSServices.cpp:153:25
#33 0x7fbc3d13c9d7 in CallResolveOp /gecko/js/src/vm/NativeObject-inl.h:640:8
#34 0x7fbc3d13c9d7 in NativeLookupOwnPropertyInline<js::CanGC, js::LookupResolveMode::CheckResolve> /gecko/js/src/vm/NativeObject-inl.h:760:14
#35 0x7fbc3d13c9d7 in NativeGetPropertyInline<js::CanGC> /gecko/js/src/vm/NativeObject.cpp:2124:10
#36 0x7fbc3d13c9d7 in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) /gecko/js/src/vm/NativeObject.cpp:2172:10
#37 0x7fbc3ce57d19 in GetProperty /gecko/js/src/vm/ObjectOperations-inl.h:120:10
#38 0x7fbc3ce57d19 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::PropertyName*, JS::MutableHandle<JS::Value>) /gecko/js/src/vm/ObjectOperations-inl.h:127:10
#39 0x7fbc3e82834b in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) /gecko/js/src/vm/Interpreter.cpp:4668:10
#40 0x7fbc3e800c24 in GetPropertyOperation /gecko/js/src/vm/Interpreter.cpp:203:10
#41 0x7fbc3e800c24 in Interpret(JSContext*, js::RunState&) /gecko/js/src/vm/Interpreter.cpp:2984:12
#42 0x7fbc3e7f2fc1 in js::RunScript(JSContext*, js::RunState&) /gecko/js/src/vm/Interpreter.cpp:389:13
#43 0x7fbc3e82128f in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /gecko/js/src/vm/Interpreter.cpp:539:13
#44 0x7fbc3e822e1a in InternalCall /gecko/js/src/vm/Interpreter.cpp:574:10
#45 0x7fbc3e822e1a in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /gecko/js/src/vm/Interpreter.cpp:605:8
#46 0x7fbc3cf5c41c in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /gecko/js/src/vm/CallAndConstruct.cpp:53:10
#47 0x7fbc312c5e25 in nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /gecko/js/xpconnect/src/XPCWrappedJSClass.cpp:981:17
#48 0x7fbc2f8badb2 in PrepareAndDispatch /gecko/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:115:37
#49 0x7fbc2f8b9b0a in SharedStub xptcstubs_x86_64_linux.cpp
#50 0x7fbc2f80d1dd in NS_CreateServicesFromCategory(char const*, nsISupports*, char const*, char16_t const*) /gecko/xpcom/components/nsCategoryManager.cpp:687:19
#51 0x7fbc3cb235a9 in nsXREDirProvider::DoStartup() /gecko/toolkit/xre/nsXREDirProvider.cpp:936:11
#52 0x7fbc3cb00920 in XREMain::XRE_mainRun() /gecko/toolkit/xre/nsAppRunner.cpp:5483:18
#53 0x7fbc3cb031d5 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5925:8
#54 0x7fbc3cb03f13 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5992:21
#55 0x564c475f66cd in do_main /gecko/browser/app/nsBrowserApp.cpp:225:22
#56 0x564c475f66cd in main /gecko/browser/app/nsBrowserApp.cpp:397:16
#57 0x7fbc553430b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
```