Found with m-c 20250430-c39268ce319f (--enable-address-sanitizer) This was found by visiting a live website with an ASan build. STR: - Launch browser and visit site This issue was triggered by visiting `http://kinozone.net/`. ``` ==115827==ERROR: AddressSanitizer: heap-use-after-free on address 0x511000925d08 at pc 0x7fffdec6ff1a bp 0x7fff20dec460 sp 0x7fff20dec458 READ of size 2 at 0x511000925d08 thread T31 #0 0x7fffdec6ff19 in operator unsigned short /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-algs.hh:137:56 #1 0x7fffdec6ff19 in operator unsigned int /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-open-type.hh:68:109 #2 0x7fffdec6ff19 in OT::BASE::sanitize(hb_sanitize_context_t*) const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout-base-table.hh:822:5 #3 0x7fffded03d0d in hb_blob_t* hb_sanitize_context_t::sanitize_blob<OT::BASE>(hb_blob_t*) /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-sanitize.hh:448:15 #4 0x7fffded038a8 in create /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:301:14 #5 0x7fffded038a8 in hb_blob_t* hb_data_wrapper_t<hb_face_t, 27u>::call_create<hb_blob_t, hb_table_lazy_loader_t<OT::BASE, 27u, true>>() const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:158:42 #6 0x7fffdeaf2606 in get_stored /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:221:26 #7 0x7fffdeaf2606 in get /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:245:58 #8 0x7fffdeaf2606 in operator-> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:205:50 #9 0x7fffdeaf2606 in hb_ot_layout_get_baseline /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout.cc:2305:10 #10 0x7fffdeeb4ea3 in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4445:7 #11 0x7fffe1ad9f16 in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5043:30 #12 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #13 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #14 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #15 0x7fff4ed13fac ([anon:js-executable-memory]+0xfac) 0x511000925d08 is located 8 bytes inside of 248-byte region [0x511000925d00,0x511000925df8) freed by thread T32 here: #0 0x5555556bc556 in free /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 #1 0x7fffdeebb7ec in ~FontTableBlobData /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:424:3 #2 0x7fffdeebb7ec in gfxFontEntry::FontTableHashEntry::DeleteFontTableBlobData(void*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:508:3 #3 0x7fffdeac89dc in destroy_user_data /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-blob.hh:47:7 #4 0x7fffdeac89dc in ~hb_blob_t /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-blob.hh:41:19 #5 0x7fffdeac89dc in hb_object_destroy<hb_blob_t> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-object.hh:297:11 #6 0x7fffdeac89dc in hb_blob_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-blob.cc:264:8 #7 0x7fffdead3afd in destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:303:40 #8 0x7fffdead3afd in do_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:202:7 #9 0x7fffdead3afd in fini /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:188:19 #10 0x7fffdead3afd in hb_ot_face_t::fini() /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-ot-face-table-list.hh:122:1 #11 0x7fffdead2b24 in hb_face_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-face.cc:593:15 #12 0x7fffdeadff77 in hb_font_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-font.cc:2097:3 #13 0x7fffdeeb508f in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4463:3 #14 0x7fffe1ada0ac in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5079:28 #15 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #16 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #17 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #18 0x7fff4ed23fac ([anon:js-executable-memory]+0x10fac) #19 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #20 0x7fff4ed23745 ([anon:js-executable-memory]+0x10745) #21 0x7fff4ed24998 ([anon:js-executable-memory]+0x11998) #22 0x7fff4ed243ac ([anon:js-executable-memory]+0x113ac) #23 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #24 0x7fff4ed2449c ([anon:js-executable-memory]+0x1149c) #25 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #26 0x7fff4ed235c2 ([anon:js-executable-memory]+0x105c2) previously allocated by thread T32 here: #0 0x5555556bc7ef in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x7fffdc38d058 in Malloc /builds/worker/workspace/obj-build/dist/include/nsTArray.h:245:46 #2 0x7fffdc38d058 in nsTArrayFallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacityImpl<nsTArrayFallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:173:43 #3 0x7fffdc38cb3c in EnsureCapacity<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:472:12 #4 0x7fffdc38cb3c in ExtendCapacity<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:148:16 #5 0x7fffdc38cb3c in InsertSlotsAt<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:417:17 #6 0x7fffdc38cb3c in unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::InsertElementsAtInternal<nsTArrayFallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2321:49 #7 0x7fffdee017ff in SetLength<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2250:11 #8 0x7fffdee017ff in SetLength /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2260:12 #9 0x7fffdee017ff in gfxFT2FontEntryBase::CopyFaceTable(mozilla::gfx::SharedFTFace*, unsigned int, nsTArray<unsigned char>&) /builds/worker/checkouts/gecko/gfx/thebes/gfxFT2FontBase.cpp:85:16 #10 0x7fffdeebbfb1 in gfxFontEntry::GetFontTable(unsigned int) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:569:20 #11 0x7fffded039d9 in reference_table /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-face.hh:83:12 #12 0x7fffded039d9 in hb_face_reference_table /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-face.cc:701:16 #13 0x7fffded039d9 in hb_blob_t* hb_sanitize_context_t::reference_table<OT::BASE>(hb_face_t const*, unsigned int) /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-sanitize.hh:500:33 #14 0x7fffded038a8 in create /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:301:14 #15 0x7fffded038a8 in hb_blob_t* hb_data_wrapper_t<hb_face_t, 27u>::call_create<hb_blob_t, hb_table_lazy_loader_t<OT::BASE, 27u, true>>() const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:158:42 #16 0x7fffdeaf2606 in get_stored /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:221:26 #17 0x7fffdeaf2606 in get /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:245:58 #18 0x7fffdeaf2606 in operator-> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:205:50 #19 0x7fffdeaf2606 in hb_ot_layout_get_baseline /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout.cc:2305:10 #20 0x7fffdeeb4ea3 in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4445:7 #21 0x7fffe1ada0ac in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5079:28 #22 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #23 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #24 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #25 0x7fff4ed23fac ([anon:js-executable-memory]+0x10fac) #26 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #27 0x7fff4ed23745 ([anon:js-executable-memory]+0x10745) #28 0x7fff4ed24998 ([anon:js-executable-memory]+0x11998) #29 0x7fff4ed243ac ([anon:js-executable-memory]+0x113ac) #30 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #31 0x7fff4ed2449c ([anon:js-executable-memory]+0x1149c) Thread T31 created by T0 (Isolated Web Co) here: #0 0x5555556a2031 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3 #1 0x7ffff73dc2b9 in _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:429:10 #2 0x7ffff73ca4fe in PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:496:10 #3 0x7fffdc46b761 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:615:20 #4 0x7fffe5310fc3 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /builds/worker/checkouts/gecko/dom/workers/WorkerThread.cpp:97:7 #5 0x7fffe527f707 in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1376:37 #6 0x7fffe527e3fd in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1259:19 #7 0x7fffe52d7114 in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerKind, mozilla::dom::RequestCredentials, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&, nsTString<char16_t>, std::function<void (bool)>&&, std::function<void ()>&&, mozilla::ipc::Endpoint<mozilla::dom::PRemoteWorkerNonLifeCycleOpControllerChild>&&) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3165:24 #8 0x7fffe5297646 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::TrustedScriptURLOrUSVString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/workers/Worker.cpp:77:41 #9 0x7fffe1185556 in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./WorkerBinding.cpp:1084:52 #10 0x7fffe7dc5175 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #11 0x7fffe7dc5175 in CallJSNativeConstructor /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:8 #12 0x7fffe7dc5175 in InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:718:14 #13 0x7fffe7de043e in ConstructFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:765:10 #14 0x7fffe7de043e in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3271:16 #15 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #16 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #17 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #18 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #19 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #20 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #21 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #22 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #23 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #24 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #25 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #26 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #27 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #28 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #29 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #30 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #31 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #32 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #33 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #34 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #35 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #36 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #37 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #38 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #39 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #40 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #41 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #42 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #43 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #44 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #45 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #46 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #47 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #48 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #49 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #50 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #51 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #52 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #53 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #54 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #55 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #56 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #57 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #58 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #59 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #60 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #61 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #62 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #63 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #64 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #65 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #66 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #67 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #68 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #69 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #70 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #71 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #72 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #73 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #74 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #75 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #76 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #77 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #78 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #79 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #80 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #81 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #82 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #83 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #84 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #85 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #86 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #87 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #88 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #89 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #90 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #91 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #92 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #93 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #94 0x7fffe7dc6aab in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:855:13 #95 0x7fffe7f14348 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:601:10 #96 0x7fffe7f14641 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:625:10 #97 0x7fffe5864dca in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2760:8 #98 0x7fffe5864dca in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3316:7 #99 0x7fffe58639a5 in mozilla::dom::ScriptLoader::EvaluateScriptElement(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2846:10 #100 0x7fffe585bd4b in mozilla::dom::ScriptLoader::ProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2458:10 #101 0x7fffe585e31d in mozilla::dom::ScriptLoader::CompileOffThreadOrProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1856:10 #102 0x7fffe583a21a in mozilla::dom::ScriptLoader::ProcessPendingRequests(bool) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3693:7 #103 0x7fffe5862f9d in mozilla::dom::ScriptLoader::ProcessOffThreadRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2367:3 #104 0x7fffe5878ece in mozilla::dom::(anonymous namespace)::OffThreadCompilationCompleteTask::Run() /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1909:20 #105 0x7fffdc42f1d8 in mozilla::TaskController::RunTask(mozilla::Task*) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:196:19 #106 0x7fffdc4362bd in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1252:20 #107 0x7fffdc433df8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1075:15 #108 0x7fffdc434416 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:639:36 #109 0x7fffdc450401 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:333:37 #110 0x7fffdc450401 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 #111 0x7fffdc46fb7b in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16 #112 0x7fffdc47a4f8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10 #113 0x7fffdd8e0449 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 #114 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #115 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #116 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #117 0x7fffe5cde786 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 #118 0x7fffe5eb912b in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:539:33 #119 0x7fffe7b6ce1d in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:654:20 #120 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #121 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #122 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #123 0x7fffe7b6b3d6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:592:34 #124 0x5555556ff152 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:397:22 #125 0x7ffff7a51d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 Thread T32 created by T0 (Isolated Web Co) here: #0 0x5555556a2031 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3 #1 0x7ffff73dc2b9 in _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:429:10 #2 0x7ffff73ca4fe in PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:496:10 #3 0x7fffdc46b761 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:615:20 #4 0x7fffe5310fc3 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /builds/worker/checkouts/gecko/dom/workers/WorkerThread.cpp:97:7 #5 0x7fffe527f707 in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1376:37 #6 0x7fffe527e3fd in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1259:19 #7 0x7fffe52d7114 in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerKind, mozilla::dom::RequestCredentials, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&, nsTString<char16_t>, std::function<void (bool)>&&, std::function<void ()>&&, mozilla::ipc::Endpoint<mozilla::dom::PRemoteWorkerNonLifeCycleOpControllerChild>&&) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3165:24 #8 0x7fffe5297646 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::TrustedScriptURLOrUSVString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/workers/Worker.cpp:77:41 #9 0x7fffe1185556 in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./WorkerBinding.cpp:1084:52 #10 0x7fffe7dc5175 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #11 0x7fffe7dc5175 in CallJSNativeConstructor /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:8 #12 0x7fffe7dc5175 in InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:718:14 #13 0x7fffe7de043e in ConstructFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:765:10 #14 0x7fffe7de043e in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3271:16 #15 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #16 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #17 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #18 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #19 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #20 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #21 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #22 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #23 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #24 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #25 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #26 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #27 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #28 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #29 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #30 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #31 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #32 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #33 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #34 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #35 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #36 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #37 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #38 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #39 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #40 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #41 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #42 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #43 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #44 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #45 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #46 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #47 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #48 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #49 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #50 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #51 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #52 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #53 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #54 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #55 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #56 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #57 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #58 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #59 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #60 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #61 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #62 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #63 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #64 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #65 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #66 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #67 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #68 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #69 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #70 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #71 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #72 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #73 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #74 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #75 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #76 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #77 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #78 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #79 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #80 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #81 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #82 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #83 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #84 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #85 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #86 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #87 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #88 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #89 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #90 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #91 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #92 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #93 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #94 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #95 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #96 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #97 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #98 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #99 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #100 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #101 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #102 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #103 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #104 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #105 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #106 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #107 0x7fffe7dc6aab in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:855:13 #108 0x7fffe7f14348 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:601:10 #109 0x7fffe7f14641 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:625:10 #110 0x7fffe5864dca in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2760:8 #111 0x7fffe5864dca in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3316:7 #112 0x7fffe58639a5 in mozilla::dom::ScriptLoader::EvaluateScriptElement(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2846:10 #113 0x7fffe585bd4b in mozilla::dom::ScriptLoader::ProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2458:10 #114 0x7fffe585e31d in mozilla::dom::ScriptLoader::CompileOffThreadOrProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1856:10 #115 0x7fffe583a21a in mozilla::dom::ScriptLoader::ProcessPendingRequests(bool) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3693:7 #116 0x7fffe5862f9d in mozilla::dom::ScriptLoader::ProcessOffThreadRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2367:3 #117 0x7fffe5878ece in mozilla::dom::(anonymous namespace)::OffThreadCompilationCompleteTask::Run() /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1909:20 #118 0x7fffdc42f1d8 in mozilla::TaskController::RunTask(mozilla::Task*) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:196:19 #119 0x7fffdc4362bd in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1252:20 #120 0x7fffdc433df8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1075:15 #121 0x7fffdc43478e in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:639:36 #122 0x7fffdc450424 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:336:37 #123 0x7fffdc450424 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_1>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 #124 0x7fffdc46fb7b in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16 #125 0x7fffdc47a4f8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10 #126 0x7fffdd8e05b6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:107:5 #127 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #128 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #129 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #130 0x7fffe5cde786 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 #131 0x7fffe5eb912b in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:539:33 #132 0x7fffe7b6ce1d in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:654:20 #133 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #134 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #135 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #136 0x7fffe7b6b3d6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:592:34 #137 0x5555556ff152 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:397:22 #138 0x7ffff7a51d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-algs.hh:137:56 in operator unsigned short Shadow bytes around the buggy address: 0x511000925a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 0x511000925b80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511000925c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925c80: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa =>0x511000925d00: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x511000925e00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511000925e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925f00: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa 0x511000925f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ```
Bug 1963715 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found with m-c 20250430-c39268ce319f (--enable-address-sanitizer) This was found by visiting a live website with an ASan build. This issue was triggered by visiting `http://kinozone.net/`. I have not been able to reproduce the issue. ``` ==115827==ERROR: AddressSanitizer: heap-use-after-free on address 0x511000925d08 at pc 0x7fffdec6ff1a bp 0x7fff20dec460 sp 0x7fff20dec458 READ of size 2 at 0x511000925d08 thread T31 #0 0x7fffdec6ff19 in operator unsigned short /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-algs.hh:137:56 #1 0x7fffdec6ff19 in operator unsigned int /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-open-type.hh:68:109 #2 0x7fffdec6ff19 in OT::BASE::sanitize(hb_sanitize_context_t*) const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout-base-table.hh:822:5 #3 0x7fffded03d0d in hb_blob_t* hb_sanitize_context_t::sanitize_blob<OT::BASE>(hb_blob_t*) /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-sanitize.hh:448:15 #4 0x7fffded038a8 in create /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:301:14 #5 0x7fffded038a8 in hb_blob_t* hb_data_wrapper_t<hb_face_t, 27u>::call_create<hb_blob_t, hb_table_lazy_loader_t<OT::BASE, 27u, true>>() const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:158:42 #6 0x7fffdeaf2606 in get_stored /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:221:26 #7 0x7fffdeaf2606 in get /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:245:58 #8 0x7fffdeaf2606 in operator-> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:205:50 #9 0x7fffdeaf2606 in hb_ot_layout_get_baseline /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout.cc:2305:10 #10 0x7fffdeeb4ea3 in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4445:7 #11 0x7fffe1ad9f16 in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5043:30 #12 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #13 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #14 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #15 0x7fff4ed13fac ([anon:js-executable-memory]+0xfac) 0x511000925d08 is located 8 bytes inside of 248-byte region [0x511000925d00,0x511000925df8) freed by thread T32 here: #0 0x5555556bc556 in free /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 #1 0x7fffdeebb7ec in ~FontTableBlobData /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:424:3 #2 0x7fffdeebb7ec in gfxFontEntry::FontTableHashEntry::DeleteFontTableBlobData(void*) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:508:3 #3 0x7fffdeac89dc in destroy_user_data /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-blob.hh:47:7 #4 0x7fffdeac89dc in ~hb_blob_t /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-blob.hh:41:19 #5 0x7fffdeac89dc in hb_object_destroy<hb_blob_t> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-object.hh:297:11 #6 0x7fffdeac89dc in hb_blob_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-blob.cc:264:8 #7 0x7fffdead3afd in destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:303:40 #8 0x7fffdead3afd in do_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:202:7 #9 0x7fffdead3afd in fini /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:188:19 #10 0x7fffdead3afd in hb_ot_face_t::fini() /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-ot-face-table-list.hh:122:1 #11 0x7fffdead2b24 in hb_face_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-face.cc:593:15 #12 0x7fffdeadff77 in hb_font_destroy /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-font.cc:2097:3 #13 0x7fffdeeb508f in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4463:3 #14 0x7fffe1ada0ac in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5079:28 #15 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #16 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #17 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #18 0x7fff4ed23fac ([anon:js-executable-memory]+0x10fac) #19 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #20 0x7fff4ed23745 ([anon:js-executable-memory]+0x10745) #21 0x7fff4ed24998 ([anon:js-executable-memory]+0x11998) #22 0x7fff4ed243ac ([anon:js-executable-memory]+0x113ac) #23 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #24 0x7fff4ed2449c ([anon:js-executable-memory]+0x1149c) #25 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #26 0x7fff4ed235c2 ([anon:js-executable-memory]+0x105c2) previously allocated by thread T32 here: #0 0x5555556bc7ef in malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 #1 0x7fffdc38d058 in Malloc /builds/worker/workspace/obj-build/dist/include/nsTArray.h:245:46 #2 0x7fffdc38d058 in nsTArrayFallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacityImpl<nsTArrayFallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:173:43 #3 0x7fffdc38cb3c in EnsureCapacity<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:472:12 #4 0x7fffdc38cb3c in ExtendCapacity<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:148:16 #5 0x7fffdc38cb3c in InsertSlotsAt<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray-inl.h:417:17 #6 0x7fffdc38cb3c in unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::InsertElementsAtInternal<nsTArrayFallibleAllocator>(unsigned long, unsigned long) /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2321:49 #7 0x7fffdee017ff in SetLength<nsTArrayFallibleAllocator> /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2250:11 #8 0x7fffdee017ff in SetLength /builds/worker/workspace/obj-build/dist/include/nsTArray.h:2260:12 #9 0x7fffdee017ff in gfxFT2FontEntryBase::CopyFaceTable(mozilla::gfx::SharedFTFace*, unsigned int, nsTArray<unsigned char>&) /builds/worker/checkouts/gecko/gfx/thebes/gfxFT2FontBase.cpp:85:16 #10 0x7fffdeebbfb1 in gfxFontEntry::GetFontTable(unsigned int) /builds/worker/checkouts/gecko/gfx/thebes/gfxFontEntry.cpp:569:20 #11 0x7fffded039d9 in reference_table /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-face.hh:83:12 #12 0x7fffded039d9 in hb_face_reference_table /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-face.cc:701:16 #13 0x7fffded039d9 in hb_blob_t* hb_sanitize_context_t::reference_table<OT::BASE>(hb_face_t const*, unsigned int) /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-sanitize.hh:500:33 #14 0x7fffded038a8 in create /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:301:14 #15 0x7fffded038a8 in hb_blob_t* hb_data_wrapper_t<hb_face_t, 27u>::call_create<hb_blob_t, hb_table_lazy_loader_t<OT::BASE, 27u, true>>() const /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:158:42 #16 0x7fffdeaf2606 in get_stored /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:221:26 #17 0x7fffdeaf2606 in get /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:245:58 #18 0x7fffdeaf2606 in operator-> /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-machinery.hh:205:50 #19 0x7fffdeaf2606 in hb_ot_layout_get_baseline /builds/worker/checkouts/gecko/gfx/harfbuzz/src/hb-ot-layout.cc:2305:10 #20 0x7fffdeeb4ea3 in gfxFont::GetBaselines(nsFontMetrics::FontOrientation) /builds/worker/checkouts/gecko/gfx/thebes/gfxFont.cpp:4445:7 #21 0x7fffe1ada0ac in mozilla::dom::CanvasRenderingContext2D::DrawOrMeasureText(nsTSubstring<char16_t> const&, float, float, mozilla::dom::Optional<double> const&, mozilla::dom::CanvasRenderingContext2D::TextDrawOperation, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:5079:28 #22 0x7fffe1adaee9 in mozilla::dom::CanvasRenderingContext2D::MeasureText(nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4470:10 #23 0x7fffe06485a3 in mozilla::dom::OffscreenCanvasRenderingContext2D_Binding::measureText(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./OffscreenCanvasRenderingContext2DBinding.cpp:4128:78 #24 0x7fffe19361cf in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3302:13 #25 0x7fff4ed23fac ([anon:js-executable-memory]+0x10fac) #26 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #27 0x7fff4ed23745 ([anon:js-executable-memory]+0x10745) #28 0x7fff4ed24998 ([anon:js-executable-memory]+0x11998) #29 0x7fff4ed243ac ([anon:js-executable-memory]+0x113ac) #30 0x7fff4ecdd5c2 ([anon:js-executable-memory]+0x1a5c2) #31 0x7fff4ed2449c ([anon:js-executable-memory]+0x1149c) Thread T31 created by T0 (Isolated Web Co) here: #0 0x5555556a2031 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3 #1 0x7ffff73dc2b9 in _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:429:10 #2 0x7ffff73ca4fe in PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:496:10 #3 0x7fffdc46b761 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:615:20 #4 0x7fffe5310fc3 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /builds/worker/checkouts/gecko/dom/workers/WorkerThread.cpp:97:7 #5 0x7fffe527f707 in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1376:37 #6 0x7fffe527e3fd in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1259:19 #7 0x7fffe52d7114 in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerKind, mozilla::dom::RequestCredentials, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&, nsTString<char16_t>, std::function<void (bool)>&&, std::function<void ()>&&, mozilla::ipc::Endpoint<mozilla::dom::PRemoteWorkerNonLifeCycleOpControllerChild>&&) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3165:24 #8 0x7fffe5297646 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::TrustedScriptURLOrUSVString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/workers/Worker.cpp:77:41 #9 0x7fffe1185556 in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./WorkerBinding.cpp:1084:52 #10 0x7fffe7dc5175 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #11 0x7fffe7dc5175 in CallJSNativeConstructor /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:8 #12 0x7fffe7dc5175 in InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:718:14 #13 0x7fffe7de043e in ConstructFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:765:10 #14 0x7fffe7de043e in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3271:16 #15 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #16 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #17 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #18 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #19 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #20 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #21 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #22 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #23 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #24 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #25 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #26 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #27 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #28 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #29 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #30 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #31 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #32 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #33 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #34 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #35 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #36 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #37 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #38 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #39 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #40 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #41 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #42 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #43 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #44 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #45 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #46 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #47 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #48 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #49 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #50 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #51 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #52 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #53 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #54 0x7fff4eb9d6c6 ([anon:js-executable-memory]+0xa6c6) #55 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #56 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #57 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #58 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #59 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #60 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #61 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #62 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #63 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #64 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #65 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #66 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #67 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #68 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #69 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #70 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #71 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #72 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #73 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #74 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #75 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #76 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #77 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #78 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #79 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #80 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #81 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #82 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #83 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #84 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #85 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #86 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #87 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #88 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #89 0x7fffe7de04c6 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #90 0x7fffe7de04c6 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:662:10 #91 0x7fffe7de04c6 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3286:16 #92 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #93 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #94 0x7fffe7dc6aab in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:855:13 #95 0x7fffe7f14348 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:601:10 #96 0x7fffe7f14641 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:625:10 #97 0x7fffe5864dca in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2760:8 #98 0x7fffe5864dca in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3316:7 #99 0x7fffe58639a5 in mozilla::dom::ScriptLoader::EvaluateScriptElement(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2846:10 #100 0x7fffe585bd4b in mozilla::dom::ScriptLoader::ProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2458:10 #101 0x7fffe585e31d in mozilla::dom::ScriptLoader::CompileOffThreadOrProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1856:10 #102 0x7fffe583a21a in mozilla::dom::ScriptLoader::ProcessPendingRequests(bool) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3693:7 #103 0x7fffe5862f9d in mozilla::dom::ScriptLoader::ProcessOffThreadRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2367:3 #104 0x7fffe5878ece in mozilla::dom::(anonymous namespace)::OffThreadCompilationCompleteTask::Run() /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1909:20 #105 0x7fffdc42f1d8 in mozilla::TaskController::RunTask(mozilla::Task*) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:196:19 #106 0x7fffdc4362bd in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1252:20 #107 0x7fffdc433df8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1075:15 #108 0x7fffdc434416 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:639:36 #109 0x7fffdc450401 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:333:37 #110 0x7fffdc450401 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 #111 0x7fffdc46fb7b in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16 #112 0x7fffdc47a4f8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10 #113 0x7fffdd8e0449 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 #114 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #115 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #116 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #117 0x7fffe5cde786 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 #118 0x7fffe5eb912b in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:539:33 #119 0x7fffe7b6ce1d in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:654:20 #120 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #121 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #122 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #123 0x7fffe7b6b3d6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:592:34 #124 0x5555556ff152 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:397:22 #125 0x7ffff7a51d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 Thread T32 created by T0 (Isolated Web Co) here: #0 0x5555556a2031 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3 #1 0x7ffff73dc2b9 in _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:429:10 #2 0x7ffff73ca4fe in PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:496:10 #3 0x7fffdc46b761 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:615:20 #4 0x7fffe5310fc3 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /builds/worker/checkouts/gecko/dom/workers/WorkerThread.cpp:97:7 #5 0x7fffe527f707 in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1376:37 #6 0x7fffe527e3fd in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate&) /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:1259:19 #7 0x7fffe52d7114 in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerKind, mozilla::dom::RequestCredentials, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&, nsTString<char16_t>, std::function<void (bool)>&&, std::function<void ()>&&, mozilla::ipc::Endpoint<mozilla::dom::PRemoteWorkerNonLifeCycleOpControllerChild>&&) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3165:24 #8 0x7fffe5297646 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, mozilla::dom::TrustedScriptURLOrUSVString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/workers/Worker.cpp:77:41 #9 0x7fffe1185556 in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./WorkerBinding.cpp:1084:52 #10 0x7fffe7dc5175 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #11 0x7fffe7dc5175 in CallJSNativeConstructor /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:512:8 #12 0x7fffe7dc5175 in InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:718:14 #13 0x7fffe7de043e in ConstructFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:765:10 #14 0x7fffe7de043e in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3271:16 #15 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #16 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #17 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #18 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #19 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #20 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #21 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #22 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #23 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #24 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #25 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #26 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #27 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #28 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #29 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #30 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #31 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #32 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #33 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #34 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #35 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #36 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #37 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #38 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #39 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #40 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #41 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #42 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #43 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #44 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #45 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #46 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #47 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #48 0x7fffe8e4a5f3 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:549:10 #49 0x7fffe8e4b1c0 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:573:8 #50 0x7fff4eb93d74 ([anon:js-executable-memory]+0xd74) #51 0x7fff4ec1e10d ([anon:js-executable-memory]+0x1b10d) #52 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #53 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #54 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #55 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #56 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #57 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #58 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #59 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #60 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #61 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #62 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #63 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #64 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #65 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #66 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #67 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #68 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #69 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #70 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #71 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #72 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #73 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #74 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #75 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #76 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #77 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #78 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #79 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #80 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #81 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #82 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #83 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #84 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #85 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #86 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #87 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #88 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #89 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #90 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #91 0x7fffe7dc295d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:622:13 #92 0x7fffe7dc4661 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:657:10 #93 0x7fffe7dc4661 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:689:8 #94 0x7fffe801ac88 in js::fun_call(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/vm/JSFunction.cpp:1118:10 #95 0x7fffe7dc27e7 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:494:13 #96 0x7fffe7dc27e7 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:590:12 #97 0x7fffe8caf4e9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/BaselineIC.cpp:1705:10 #98 0x7fff4eb95873 ([anon:js-executable-memory]+0x2873) #99 0x7fff4eb9b1d5 ([anon:js-executable-memory]+0x81d5) #100 0x7fff4eca2fa5 ([anon:js-executable-memory]+0x1ffa5) #101 0x7fff4eb934e5 ([anon:js-executable-memory]+0x4e5) #102 0x7fffe948c822 in EnterJit /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:114:5 #103 0x7fffe948c822 in js::jit::MaybeEnterJit(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/jit/Jit.cpp:260:10 #104 0x7fffe7de2ffa in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3325:40 #105 0x7fffe7dc15b8 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:395:10 #106 0x7fffe7dc15b8 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:464:13 #107 0x7fffe7dc6aab in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:855:13 #108 0x7fffe7f14348 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:601:10 #109 0x7fffe7f14641 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/worker/checkouts/gecko/js/src/vm/CompilationAndEvaluation.cpp:625:10 #110 0x7fffe5864dca in ExecuteCompiledScript /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2760:8 #111 0x7fffe5864dca in mozilla::dom::ScriptLoader::EvaluateScript(nsIGlobalObject*, JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3316:7 #112 0x7fffe58639a5 in mozilla::dom::ScriptLoader::EvaluateScriptElement(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2846:10 #113 0x7fffe585bd4b in mozilla::dom::ScriptLoader::ProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2458:10 #114 0x7fffe585e31d in mozilla::dom::ScriptLoader::CompileOffThreadOrProcessRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1856:10 #115 0x7fffe583a21a in mozilla::dom::ScriptLoader::ProcessPendingRequests(bool) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:3693:7 #116 0x7fffe5862f9d in mozilla::dom::ScriptLoader::ProcessOffThreadRequest(JS::loader::ScriptLoadRequest*) /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:2367:3 #117 0x7fffe5878ece in mozilla::dom::(anonymous namespace)::OffThreadCompilationCompleteTask::Run() /builds/worker/checkouts/gecko/dom/script/ScriptLoader.cpp:1909:20 #118 0x7fffdc42f1d8 in mozilla::TaskController::RunTask(mozilla::Task*) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:196:19 #119 0x7fffdc4362bd in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1252:20 #120 0x7fffdc433df8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:1075:15 #121 0x7fffdc43478e in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:639:36 #122 0x7fffdc450424 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:336:37 #123 0x7fffdc450424 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_1>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 #124 0x7fffdc46fb7b in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1159:16 #125 0x7fffdc47a4f8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10 #126 0x7fffdd8e05b6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:107:5 #127 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #128 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #129 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #130 0x7fffe5cde786 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 #131 0x7fffe5eb912b in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:539:33 #132 0x7fffe7b6ce1d in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:654:20 #133 0x7fffdd7ef8d4 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 #134 0x7fffdd7ef8d4 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 #135 0x7fffdd7ef8d4 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 #136 0x7fffe7b6b3d6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:592:34 #137 0x5555556ff152 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:397:22 #138 0x7ffff7a51d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/checkouts/gecko/gfx/harfbuzz/src/graph/../hb-algs.hh:137:56 in operator unsigned short Shadow bytes around the buggy address: 0x511000925a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 0x511000925b80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511000925c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925c80: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa =>0x511000925d00: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x511000925e00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x511000925e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x511000925f00: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa 0x511000925f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ```