Closed Bug 1525549 Opened 5 years ago Closed 5 years ago

Intermittent GECKO(2696) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/atomic_base.h:618:16 in fetch_add

Categories

(Core :: Graphics, defect, P5)

Product:
Core
Component:
Graphics
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox65 --- wontfix
firefox66 + fixed
firefox67 + fixed

People

(Reporter: intermittent-bug-filer, Assigned: lsalzman)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [post-critsmash-triage][adv-main66+])

Attachments

(1 file)

use SkTypefaceCache::FindByProcAndRef to associate typefaces with fontconfig fonts
2.96 KB, patch
rhunt
: review+
RyanVM
: approval-mozilla-beta+
abillings
: sec-approval+
Details | Diff | Splinter Review

#[markdown(off)]
Filed by: nbeleuzu [at] mozilla.com

https://treeherder.mozilla.org/logviewer.html#?job_id=226472907&repo=mozilla-inbound

https://queue.taskcluster.net/v1/task/cAuMbRFMRLWKqbhm9pNDwg/runs/0/artifacts/public/logs/live_backing.log

[task 2019-02-06T11:48:36.539Z] 11:48:36 INFO - TEST-START | gfx/tests/mochitest/test_font_whitelist.html
[task 2019-02-06T11:48:37.268Z] 11:48:37 INFO - GECKO(2696) | =================================================================
[task 2019-02-06T11:48:37.268Z] 11:48:37 ERROR - GECKO(2696) | ==2804==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000050308 at pc 0x7f7b9391fb9a bp 0x7f7b7f130d90 sp 0x7f7b7f130d88
[task 2019-02-06T11:48:37.268Z] 11:48:37 INFO - GECKO(2696) | WRITE of size 4 at 0x606000050308 thread T9 (PaintThread)
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #0 0x7f7b9391fb99 in fetch_add /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/atomic_base.h:618:16
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #1 0x7f7b9391fb99 in ref /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:76
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #2 0x7f7b9391fb99 in SkSafeRef<SkTypeface> /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:153
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #3 0x7f7b9391fb99 in sk_sp /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:224
[task 2019-02-06T11:48:38.048Z] 11:48:38 INFO - GECKO(2696) | #4 0x7f7b9391fb99 in SkPaint /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkTextBlobPriv.h:228
[task 2019-02-06T11:48:38.049Z] 11:48:38 INFO - GECKO(2696) | #5 0x7f7b9391fb99 in SkGlyphRun::SkGlyphRun(SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>, SkSpan<SkPoint const>, SkSpan<unsigned short const>, SkSpan<unsigned short const>, SkSpan<char const>, SkSpan<unsigned int const>) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:45
[task 2019-02-06T11:48:38.052Z] 11:48:38 INFO - GECKO(2696) | #6 0x7f7b939532e4 in construct<SkGlyphRun, const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/ext/new_allocator.h:120:23
[task 2019-02-06T11:48:38.053Z] 11:48:38 INFO - GECKO(2696) | #7 0x7f7b939532e4 in construct<SkGlyphRun, const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/alloc_traits.h:527
[task 2019-02-06T11:48:38.055Z] 11:48:38 INFO - GECKO(2696) | #8 0x7f7b939532e4 in void std::vector<SkGlyphRun, std::allocator<SkGlyphRun> >::_M_emplace_back_aux<SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>&, SkSpan<SkPoint const>&, SkSpan<unsigned short const>&, SkSpan<unsigned short const>&, SkSpan<char const>&, SkSpan<unsigned int const>&>(SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>&, SkSpan<SkPoint const>&, SkSpan<unsigned short const>&, SkSpan<unsigned short const>&, SkSpan<char const>&, SkSpan<unsigned int const>&) /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/vector.tcc:416
[task 2019-02-06T11:48:38.056Z] 11:48:38 INFO - GECKO(2696) | #9 0x7f7b939258ae in emplace_back<const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/vector.tcc:101:4
[task 2019-02-06T11:48:38.058Z] 11:48:38 INFO - GECKO(2696) | #10 0x7f7b939258ae in makeGlyphRun /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:372
[task 2019-02-06T11:48:38.059Z] 11:48:38 INFO - GECKO(2696) | #11 0x7f7b939258ae in simplifyDrawPosText /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:475
[task 2019-02-06T11:48:38.060Z] 11:48:38 INFO - GECKO(2696) | #12 0x7f7b939258ae in SkGlyphRunBuilder::drawPosText(SkPaint const&, void const*, unsigned long, SkPoint const*) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:230
[task 2019-02-06T11:48:38.079Z] 11:48:38 INFO - GECKO(2696) | #13 0x7f7b93227b3e in SkCanvas::onDrawPosText(void const*, unsigned long, SkPoint const*, SkPaint const&) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkCanvas.cpp:2445:34
[task 2019-02-06T11:48:38.080Z] 11:48:38 INFO - GECKO(2696) | #14 0x7f7b93229ffb in SkCanvas::drawPosText(void const*, unsigned long, SkPoint const*, SkPaint const&) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkCanvas.cpp:2531:15
[task 2019-02-06T11:48:38.081Z] 11:48:38 INFO - GECKO(2696) | #15 0x7f7b8abb7d2f in mozilla::gfx::DrawTargetSkia::DrawGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const*, mozilla::gfx::DrawOptions const&) /builds/worker/workspace/build/src/gfx/2d/DrawTargetSkia.cpp:1399:12
[task 2019-02-06T11:48:38.120Z] 11:48:38 INFO - GECKO(2696) | #16 0x7f7b8acc6a8d in mozilla::gfx::FillGlyphsCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const /builds/worker/workspace/build/src/gfx/2d/DrawCommands.h:577:10
[task 2019-02-06T11:48:38.120Z] 11:48:38 INFO - GECKO(2696) | #17 0x7f7b8ac4bb65 in ReplayToDrawTarget /builds/worker/workspace/build/src/gfx/2d/DrawTargetCapture.cpp:315:10
[task 2019-02-06T11:48:38.121Z] 11:48:38 INFO - GECKO(2696) | #18 0x7f7b8ac4bb65 in mozilla::gfx::DrawTarget::DrawCapturedDT(mozilla::gfx::DrawTargetCapture*, mozilla::gfx::BaseMatrix<float> const&) /builds/worker/workspace/build/src/gfx/2d/DrawTarget.cpp:168
[task 2019-02-06T11:48:38.140Z] 11:48:38 INFO - GECKO(2696) | #19 0x7f7b8afe2ed3 in mozilla::layers::PaintThread::AsyncPaintTask(mozilla::layers::CompositorBridgeChild*, mozilla::layers::PaintTask*) /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:203:13
[task 2019-02-06T11:48:38.141Z] 11:48:38 INFO - GECKO(2696) | #20 0x7f7b8b036b52 in operator() /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:175:38
[task 2019-02-06T11:48:38.143Z] 11:48:38 INFO - GECKO(2696) | #21 0x7f7b8b036b52 in mozilla::detail::RunnableFunction<mozilla::layers::PaintThread::QueuePaintTask(mozilla::UniquePtr<mozilla::layers::PaintTask, mozilla::DefaultDelete<mozilla::layers::PaintTask> >&&)::$_7>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:559
[task 2019-02-06T11:48:38.160Z] 11:48:38 INFO - GECKO(2696) | #22 0x7f7b8894a526 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1162:14
[task 2019-02-06T11:48:38.162Z] 11:48:38 INFO - GECKO(2696) | #23 0x7f7b88950748 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:474:10
[task 2019-02-06T11:48:38.164Z] 11:48:38 INFO - GECKO(2696) | #24 0x7f7b898ff5c0 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:333:5
[task 2019-02-06T11:48:38.169Z] 11:48:38 INFO - GECKO(2696) | #25 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.172Z] 11:48:38 INFO - GECKO(2696) | #26 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.173Z] 11:48:38 INFO - GECKO(2696) | #27 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.174Z] 11:48:38 INFO - GECKO(2696) | #28 0x7f7b889446da in nsThread::ThreadFunc(void*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:449:11
[task 2019-02-06T11:48:38.175Z] 11:48:38 INFO - GECKO(2696) | #29 0x7f7ba60d4666 in _pt_root /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:201:5
[task 2019-02-06T11:48:38.176Z] 11:48:38 INFO - GECKO(2696) | #30 0x7f7ba9e6f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2019-02-06T11:48:38.233Z] 11:48:38 INFO - GECKO(2696) | #31 0x7f7ba8ef841c in clone /build/glibc-Cl5G7W/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[task 2019-02-06T11:48:38.236Z] 11:48:38 INFO - GECKO(2696) | 0x606000050308 is located 8 bytes inside of 64-byte region [0x606000050300,0x606000050340)

[task 2019-02-06T11:48:36.539Z] 11:48:36 INFO - TEST-START | gfx/tests/mochitest/test_font_whitelist.html
[task 2019-02-06T11:48:37.268Z] 11:48:37 INFO - GECKO(2696) | =================================================================
[task 2019-02-06T11:48:37.268Z] 11:48:37 ERROR - GECKO(2696) | ==2804==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000050308 at pc 0x7f7b9391fb9a bp 0x7f7b7f130d90 sp 0x7f7b7f130d88
[task 2019-02-06T11:48:37.268Z] 11:48:37 INFO - GECKO(2696) | WRITE of size 4 at 0x606000050308 thread T9 (PaintThread)
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #0 0x7f7b9391fb99 in fetch_add /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/atomic_base.h:618:16
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #1 0x7f7b9391fb99 in ref /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:76
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #2 0x7f7b9391fb99 in SkSafeRef<SkTypeface> /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:153
[task 2019-02-06T11:48:38.046Z] 11:48:38 INFO - GECKO(2696) | #3 0x7f7b9391fb99 in sk_sp /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:224
[task 2019-02-06T11:48:38.048Z] 11:48:38 INFO - GECKO(2696) | #4 0x7f7b9391fb99 in SkPaint /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkTextBlobPriv.h:228
[task 2019-02-06T11:48:38.049Z] 11:48:38 INFO - GECKO(2696) | #5 0x7f7b9391fb99 in SkGlyphRun::SkGlyphRun(SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>, SkSpan<SkPoint const>, SkSpan<unsigned short const>, SkSpan<unsigned short const>, SkSpan<char const>, SkSpan<unsigned int const>) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:45
[task 2019-02-06T11:48:38.052Z] 11:48:38 INFO - GECKO(2696) | #6 0x7f7b939532e4 in construct<SkGlyphRun, const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/ext/new_allocator.h:120:23
[task 2019-02-06T11:48:38.053Z] 11:48:38 INFO - GECKO(2696) | #7 0x7f7b939532e4 in construct<SkGlyphRun, const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/alloc_traits.h:527
[task 2019-02-06T11:48:38.055Z] 11:48:38 INFO - GECKO(2696) | #8 0x7f7b939532e4 in void std::vector<SkGlyphRun, std::allocator<SkGlyphRun> >::_M_emplace_back_aux<SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>&, SkSpan<SkPoint const>&, SkSpan<unsigned short const>&, SkSpan<unsigned short const>&, SkSpan<char const>&, SkSpan<unsigned int const>&>(SkPaint const&, SkRunFont const&, SkSpan<unsigned short const>&, SkSpan<SkPoint const>&, SkSpan<unsigned short const>&, SkSpan<unsigned short const>&, SkSpan<char const>&, SkSpan<unsigned int const>&) /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/vector.tcc:416
[task 2019-02-06T11:48:38.056Z] 11:48:38 INFO - GECKO(2696) | #9 0x7f7b939258ae in emplace_back<const SkPaint &, const SkRunFont &, SkSpan<const unsigned short> &, SkSpan<const SkPoint> &, SkSpan<const unsigned short> &, SkSpan<const unsigned short> &, SkSpan<const char> &, SkSpan<const unsigned int> &> /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/vector.tcc:101:4
[task 2019-02-06T11:48:38.058Z] 11:48:38 INFO - GECKO(2696) | #10 0x7f7b939258ae in makeGlyphRun /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:372
[task 2019-02-06T11:48:38.059Z] 11:48:38 INFO - GECKO(2696) | #11 0x7f7b939258ae in simplifyDrawPosText /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:475
[task 2019-02-06T11:48:38.060Z] 11:48:38 INFO - GECKO(2696) | #12 0x7f7b939258ae in SkGlyphRunBuilder::drawPosText(SkPaint const&, void const*, unsigned long, SkPoint const*) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkGlyphRun.cpp:230
[task 2019-02-06T11:48:38.079Z] 11:48:38 INFO - GECKO(2696) | #13 0x7f7b93227b3e in SkCanvas::onDrawPosText(void const*, unsigned long, SkPoint const*, SkPaint const&) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkCanvas.cpp:2445:34
[task 2019-02-06T11:48:38.080Z] 11:48:38 INFO - GECKO(2696) | #14 0x7f7b93229ffb in SkCanvas::drawPosText(void const*, unsigned long, SkPoint const*, SkPaint const&) /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkCanvas.cpp:2531:15
[task 2019-02-06T11:48:38.081Z] 11:48:38 INFO - GECKO(2696) | #15 0x7f7b8abb7d2f in mozilla::gfx::DrawTargetSkia::DrawGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const*, mozilla::gfx::DrawOptions const&) /builds/worker/workspace/build/src/gfx/2d/DrawTargetSkia.cpp:1399:12
[task 2019-02-06T11:48:38.120Z] 11:48:38 INFO - GECKO(2696) | #16 0x7f7b8acc6a8d in mozilla::gfx::FillGlyphsCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const /builds/worker/workspace/build/src/gfx/2d/DrawCommands.h:577:10
[task 2019-02-06T11:48:38.120Z] 11:48:38 INFO - GECKO(2696) | #17 0x7f7b8ac4bb65 in ReplayToDrawTarget /builds/worker/workspace/build/src/gfx/2d/DrawTargetCapture.cpp:315:10
[task 2019-02-06T11:48:38.121Z] 11:48:38 INFO - GECKO(2696) | #18 0x7f7b8ac4bb65 in mozilla::gfx::DrawTarget::DrawCapturedDT(mozilla::gfx::DrawTargetCapture*, mozilla::gfx::BaseMatrix<float> const&) /builds/worker/workspace/build/src/gfx/2d/DrawTarget.cpp:168
[task 2019-02-06T11:48:38.140Z] 11:48:38 INFO - GECKO(2696) | #19 0x7f7b8afe2ed3 in mozilla::layers::PaintThread::AsyncPaintTask(mozilla::layers::CompositorBridgeChild*, mozilla::layers::PaintTask*) /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:203:13
[task 2019-02-06T11:48:38.141Z] 11:48:38 INFO - GECKO(2696) | #20 0x7f7b8b036b52 in operator() /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:175:38
[task 2019-02-06T11:48:38.143Z] 11:48:38 INFO - GECKO(2696) | #21 0x7f7b8b036b52 in mozilla::detail::RunnableFunction<mozilla::layers::PaintThread::QueuePaintTask(mozilla::UniquePtr<mozilla::layers::PaintTask, mozilla::DefaultDelete<mozilla::layers::PaintTask> >&&)::$_7>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:559
[task 2019-02-06T11:48:38.160Z] 11:48:38 INFO - GECKO(2696) | #22 0x7f7b8894a526 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1162:14
[task 2019-02-06T11:48:38.162Z] 11:48:38 INFO - GECKO(2696) | #23 0x7f7b88950748 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:474:10
[task 2019-02-06T11:48:38.164Z] 11:48:38 INFO - GECKO(2696) | #24 0x7f7b898ff5c0 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:333:5
[task 2019-02-06T11:48:38.169Z] 11:48:38 INFO - GECKO(2696) | #25 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.172Z] 11:48:38 INFO - GECKO(2696) | #26 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.173Z] 11:48:38 INFO - GECKO(2696) | #27 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.174Z] 11:48:38 INFO - GECKO(2696) | #28 0x7f7b889446da in nsThread::ThreadFunc(void*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:449:11
[task 2019-02-06T11:48:38.175Z] 11:48:38 INFO - GECKO(2696) | #29 0x7f7ba60d4666 in _pt_root /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:201:5
[task 2019-02-06T11:48:38.176Z] 11:48:38 INFO - GECKO(2696) | #30 0x7f7ba9e6f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2019-02-06T11:48:38.233Z] 11:48:38 INFO - GECKO(2696) | #31 0x7f7ba8ef841c in clone /build/glibc-Cl5G7W/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[task 2019-02-06T11:48:38.236Z] 11:48:38 INFO - GECKO(2696) | 0x606000050308 is located 8 bytes inside of 64-byte region [0x606000050300,0x606000050340)
[task 2019-02-06T11:48:38.238Z] 11:48:38 INFO - GECKO(2696) | freed by thread T0 (Web Content) here:
[task 2019-02-06T11:48:38.239Z] 11:48:38 INFO - GECKO(2696) | #0 0x55e933e9c5d2 in __interceptor_free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
[task 2019-02-06T11:48:38.247Z] 11:48:38 INFO - GECKO(2696) | #1 0x7f7b93aa29d5 in unref /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:89:19
[task 2019-02-06T11:48:38.248Z] 11:48:38 INFO - GECKO(2696) | #2 0x7f7b93aa29d5 in SkSafeUnref<SkTypeface> /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:162
[task 2019-02-06T11:48:38.250Z] 11:48:38 INFO - GECKO(2696) | #3 0x7f7b93aa29d5 in ~sk_sp /builds/worker/workspace/build/src/gfx/skia/skia/include/core/SkRefCnt.h:249
[task 2019-02-06T11:48:38.251Z] 11:48:38 INFO - GECKO(2696) | #4 0x7f7b93aa29d5 in removeShuffle /builds/worker/workspace/build/src/gfx/skia/skia/include/private/SkTArray.h:158
[task 2019-02-06T11:48:38.252Z] 11:48:38 INFO - GECKO(2696) | #5 0x7f7b93aa29d5 in purge /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkTypefaceCache.cpp:40
[task 2019-02-06T11:48:38.253Z] 11:48:38 INFO - GECKO(2696) | #6 0x7f7b93aa29d5 in purgeAll /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkTypefaceCache.cpp:52
[task 2019-02-06T11:48:38.254Z] 11:48:38 INFO - GECKO(2696) | #7 0x7f7b93aa29d5 in SkTypefaceCache::PurgeAll() /builds/worker/workspace/build/src/gfx/skia/skia/src/core/SkTypefaceCache.cpp:81
[task 2019-02-06T11:48:38.271Z] 11:48:38 INFO - GECKO(2696) | #8 0x7f7b8b686de7 in gfxPlatformFontList::InitFontList() /builds/worker/workspace/build/src/gfx/thebes/gfxPlatformFontList.cpp:344:3
[task 2019-02-06T11:48:38.272Z] 11:48:38 INFO - GECKO(2696) | #9 0x7f7b8b685bbd in gfxPlatformFontList::UpdateFontList() /builds/worker/workspace/build/src/gfx/thebes/gfxPlatformFontList.cpp:528:3
[task 2019-02-06T11:48:38.273Z] 11:48:38 INFO - GECKO(2696) | #10 0x7f7b8b512103 in gfxPlatformGtk::UpdateFontList() /builds/worker/workspace/build/src/gfx/thebes/gfxPlatformGtk.cpp:186:44
[task 2019-02-06T11:48:38.289Z] 11:48:38 INFO - GECKO(2696) | #11 0x7f7b90144f66 in mozilla::dom::ContentChild::RecvUpdateFontList(nsTArray<mozilla::dom::SystemFontListEntry>&&) /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:2367:31
[task 2019-02-06T11:48:38.347Z] 11:48:38 INFO - GECKO(2696) | #12 0x7f7b89ac105a in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:7113:20
[task 2019-02-06T11:48:38.366Z] 11:48:38 INFO - GECKO(2696) | #13 0x7f7b898f7079 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2150:21
[task 2019-02-06T11:48:38.367Z] 11:48:38 INFO - GECKO(2696) | #14 0x7f7b898f421c in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2077:9
[task 2019-02-06T11:48:38.368Z] 11:48:38 INFO - GECKO(2696) | #15 0x7f7b898f5b0c in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1936:3
[task 2019-02-06T11:48:38.370Z] 11:48:38 INFO - GECKO(2696) | #16 0x7f7b898f6107 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1967:13
[task 2019-02-06T11:48:38.374Z] 11:48:38 INFO - GECKO(2696) | #17 0x7f7b8894a526 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1162:14
[task 2019-02-06T11:48:38.376Z] 11:48:38 INFO - GECKO(2696) | #18 0x7f7b88950748 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:474:10
[task 2019-02-06T11:48:38.377Z] 11:48:38 INFO - GECKO(2696) | #19 0x7f7b898fe3ba in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:88:21
[task 2019-02-06T11:48:38.379Z] 11:48:38 INFO - GECKO(2696) | #20 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.382Z] 11:48:38 INFO - GECKO(2696) | #21 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.383Z] 11:48:38 INFO - GECKO(2696) | #22 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.386Z] 11:48:38 INFO - GECKO(2696) | #23 0x7f7b90a89a19 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:137:27
[task 2019-02-06T11:48:38.388Z] 11:48:38 INFO - GECKO(2696) | #24 0x7f7b94d873df in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:908:20
[task 2019-02-06T11:48:38.389Z] 11:48:38 INFO - GECKO(2696) | #25 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.393Z] 11:48:38 INFO - GECKO(2696) | #26 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.396Z] 11:48:38 INFO - GECKO(2696) | #27 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.397Z] 11:48:38 INFO - GECKO(2696) | #28 0x7f7b94d86d84 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:746:34
[task 2019-02-06T11:48:38.398Z] 11:48:38 INFO - GECKO(2696) | #29 0x55e933ecf3d4 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
[task 2019-02-06T11:48:38.399Z] 11:48:38 INFO - GECKO(2696) | #30 0x55e933ecf3d4 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:265
[task 2019-02-06T11:48:38.404Z] 11:48:38 INFO - GECKO(2696) | #31 0x7f7ba8e1182f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2019-02-06T11:48:38.407Z] 11:48:38 INFO - GECKO(2696) | previously allocated by thread T9 (PaintThread) here:
[task 2019-02-06T11:48:38.409Z] 11:48:38 INFO - GECKO(2696) | #0 0x55e933e9c953 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
[task 2019-02-06T11:48:38.410Z] 11:48:38 INFO - GECKO(2696) | #1 0x55e933ed117d in moz_xmalloc /builds/worker/workspace/build/src/memory/mozalloc/mozalloc.cpp:68:15
[task 2019-02-06T11:48:38.411Z] 11:48:38 INFO - GECKO(2696) | #2 0x7f7b931907eb in operator new /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/mozalloc.h:131:10
[task 2019-02-06T11:48:38.412Z] 11:48:38 INFO - GECKO(2696) | #3 0x7f7b931907eb in SkCreateTypefaceFromCairoFTFontWithFontconfig(_cairo_scaled_font*, _FcPattern*) /builds/worker/workspace/build/src/gfx/skia/skia/src/ports/SkFontHost_cairo.cpp:297
[task 2019-02-06T11:48:38.414Z] 11:48:38 INFO - GECKO(2696) | #4 0x7f7b8ad8b3ac in mozilla::gfx::ScaledFontBase::GetSkTypeface() /builds/worker/workspace/build/src/gfx/2d/ScaledFontBase.cpp:73:28
[task 2019-02-06T11:48:38.415Z] 11:48:38 INFO - GECKO(2696) | #5 0x7f7b8abb754f in mozilla::gfx::DrawTargetSkia::DrawGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const*, mozilla::gfx::DrawOptions const&) /builds/worker/workspace/build/src/gfx/2d/DrawTargetSkia.cpp:1315:36
[task 2019-02-06T11:48:38.425Z] 11:48:38 INFO - GECKO(2696) | #6 0x7f7b8acc6a8d in mozilla::gfx::FillGlyphsCommand::ExecuteOnDT(mozilla::gfx::DrawTarget*, mozilla::gfx::BaseMatrix<float> const*) const /builds/worker/workspace/build/src/gfx/2d/DrawCommands.h:577:10
[task 2019-02-06T11:48:38.426Z] 11:48:38 INFO - GECKO(2696) | #7 0x7f7b8ac4bb65 in ReplayToDrawTarget /builds/worker/workspace/build/src/gfx/2d/DrawTargetCapture.cpp:315:10
[task 2019-02-06T11:48:38.430Z] 11:48:38 INFO - GECKO(2696) | #8 0x7f7b8ac4bb65 in mozilla::gfx::DrawTarget::DrawCapturedDT(mozilla::gfx::DrawTargetCapture*, mozilla::gfx::BaseMatrix<float> const&) /builds/worker/workspace/build/src/gfx/2d/DrawTarget.cpp:168
[task 2019-02-06T11:48:38.430Z] 11:48:38 INFO - GECKO(2696) | #9 0x7f7b8afe2ed3 in mozilla::layers::PaintThread::AsyncPaintTask(mozilla::layers::CompositorBridgeChild*, mozilla::layers::PaintTask*) /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:203:13
[task 2019-02-06T11:48:38.435Z] 11:48:38 INFO - GECKO(2696) | #10 0x7f7b8b036b52 in operator() /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:175:38
[task 2019-02-06T11:48:38.435Z] 11:48:38 INFO - GECKO(2696) | #11 0x7f7b8b036b52 in mozilla::detail::RunnableFunction<mozilla::layers::PaintThread::QueuePaintTask(mozilla::UniquePtr<mozilla::layers::PaintTask, mozilla::DefaultDelete<mozilla::layers::PaintTask> >&&)::$_7>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:559
[task 2019-02-06T11:48:38.435Z] 11:48:38 INFO - GECKO(2696) | #12 0x7f7b8894a526 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1162:14
[task 2019-02-06T11:48:38.436Z] 11:48:38 INFO - GECKO(2696) | #13 0x7f7b88950748 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:474:10
[task 2019-02-06T11:48:38.439Z] 11:48:38 INFO - GECKO(2696) | #14 0x7f7b898ff5c0 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:333:5
[task 2019-02-06T11:48:38.439Z] 11:48:38 INFO - GECKO(2696) | #15 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.443Z] 11:48:38 INFO - GECKO(2696) | #16 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.444Z] 11:48:38 INFO - GECKO(2696) | #17 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.447Z] 11:48:38 INFO - GECKO(2696) | #18 0x7f7b889446da in nsThread::ThreadFunc(void*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:449:11
[task 2019-02-06T11:48:38.450Z] 11:48:38 INFO - GECKO(2696) | #19 0x7f7ba60d4666 in _pt_root /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:201:5
[task 2019-02-06T11:48:38.450Z] 11:48:38 INFO - GECKO(2696) | #20 0x7f7ba9e6f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2019-02-06T11:48:38.458Z] 11:48:38 INFO - GECKO(2696) | Thread T9 (PaintThread) created by T0 (Web Content) here:
[task 2019-02-06T11:48:38.460Z] 11:48:38 INFO - GECKO(2696) | #0 0x55e933e8526d in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
[task 2019-02-06T11:48:38.460Z] 11:48:38 INFO - GECKO(2696) | #1 0x7f7ba60d1395 in _PR_CreateThread /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:433:14
[task 2019-02-06T11:48:38.464Z] 11:48:38 INFO - GECKO(2696) | #2 0x7f7ba60d0f7e in PR_CreateThread /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:518:12
[task 2019-02-06T11:48:38.464Z] 11:48:38 INFO - GECKO(2696) | #3 0x7f7b889469d9 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:655:8
[task 2019-02-06T11:48:38.464Z] 11:48:38 INFO - GECKO(2696) | #4 0x7f7b8894f890 in nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /builds/worker/workspace/build/src/xpcom/threads/nsThreadManager.cpp:410:12
[task 2019-02-06T11:48:38.464Z] 11:48:38 INFO - GECKO(2696) | #5 0x7f7b88953459 in NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, nsIRunnable*, unsigned int) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:127:57
[task 2019-02-06T11:48:38.469Z] 11:48:38 INFO - GECKO(2696) | #6 0x7f7b8afe1c0e in NS_NewNamedThread<12> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:71:10
[task 2019-02-06T11:48:38.473Z] 11:48:38 INFO - GECKO(2696) | #7 0x7f7b8afe1c0e in mozilla::layers::PaintThread::Init() /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:74
[task 2019-02-06T11:48:38.475Z] 11:48:38 INFO - GECKO(2696) | #8 0x7f7b8afe18ae in mozilla::layers::PaintThread::Start() /builds/worker/workspace/build/src/gfx/layers/PaintThread.cpp:64:33
[task 2019-02-06T11:48:38.476Z] 11:48:38 INFO - GECKO(2696) | #9 0x7f7b8b4fdc62 in gfxPlatform::InitLayersIPC() /builds/worker/workspace/build/src/gfx/thebes/gfxPlatform.cpp:1244:7
[task 2019-02-06T11:48:38.478Z] 11:48:38 INFO - GECKO(2696) | #10 0x7f7b8b4f7653 in gfxPlatform::Init() /builds/worker/workspace/build/src/gfx/thebes/gfxPlatform.cpp:973:3
[task 2019-02-06T11:48:38.480Z] 11:48:38 INFO - GECKO(2696) | #11 0x7f7b8b4fa5f9 in gfxPlatform::InitChild(mozilla::gfx::ContentDeviceData const&) /builds/worker/workspace/build/src/gfx/thebes/gfxPlatform.cpp:511:3
[task 2019-02-06T11:48:38.482Z] 11:48:38 INFO - GECKO(2696) | #12 0x7f7b90134713 in InitGraphicsDeviceData /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:1159:3
[task 2019-02-06T11:48:38.484Z] 11:48:38 INFO - GECKO(2696) | #13 0x7f7b90134713 in mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes(mozilla::dom::XPCOMInitData const&, mozilla::dom::ipc::StructuredCloneData const&, nsTArray<LookAndFeelInt>&&, nsTArray<mozilla::dom::SystemFontListEntry>&&) /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:598
[task 2019-02-06T11:48:38.487Z] 11:48:38 INFO - GECKO(2696) | #14 0x7f7b89aca708 in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:7786:20
[task 2019-02-06T11:48:38.489Z] 11:48:38 INFO - GECKO(2696) | #15 0x7f7b898f7079 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2150:21
[task 2019-02-06T11:48:38.492Z] 11:48:38 INFO - GECKO(2696) | #16 0x7f7b898f421c in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2077:9
[task 2019-02-06T11:48:38.493Z] 11:48:38 INFO - GECKO(2696) | #17 0x7f7b898f5b0c in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1936:3
[task 2019-02-06T11:48:38.496Z] 11:48:38 INFO - GECKO(2696) | #18 0x7f7b898f6107 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1967:13
[task 2019-02-06T11:48:38.498Z] 11:48:38 INFO - GECKO(2696) | #19 0x7f7b8894a526 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1162:14
[task 2019-02-06T11:48:38.499Z] 11:48:38 INFO - GECKO(2696) | #20 0x7f7b88950748 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:474:10
[task 2019-02-06T11:48:38.501Z] 11:48:38 INFO - GECKO(2696) | #21 0x7f7b898fe3ba in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:88:21
[task 2019-02-06T11:48:38.502Z] 11:48:38 INFO - GECKO(2696) | #22 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.503Z] 11:48:38 INFO - GECKO(2696) | #23 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.505Z] 11:48:38 INFO - GECKO(2696) | #24 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.506Z] 11:48:38 INFO - GECKO(2696) | #25 0x7f7b90a89a19 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:137:27
[task 2019-02-06T11:48:38.508Z] 11:48:38 INFO - GECKO(2696) | #26 0x7f7b94d873df in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:908:20
[task 2019-02-06T11:48:38.509Z] 11:48:38 INFO - GECKO(2696) | #27 0x7f7b89845c6f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
[task 2019-02-06T11:48:38.510Z] 11:48:38 INFO - GECKO(2696) | #28 0x7f7b89845c6f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
[task 2019-02-06T11:48:38.512Z] 11:48:38 INFO - GECKO(2696) | #29 0x7f7b89845c6f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
[task 2019-02-06T11:48:38.513Z] 11:48:38 INFO - GECKO(2696) | #30 0x7f7b94d86d84 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:746:34
[task 2019-02-06T11:48:38.515Z] 11:48:38 INFO - GECKO(2696) | #31 0x55e933ecf3d4 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
[task 2019-02-06T11:48:38.516Z] 11:48:38 INFO - GECKO(2696) | #32 0x55e933ecf3d4 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:265
[task 2019-02-06T11:48:38.517Z] 11:48:38 INFO - GECKO(2696) | #33 0x7f7ba8e1182f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2019-02-06T11:48:38.519Z] 11:48:38 INFO - GECKO(2696) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/bits/atomic_base.h:618:16 in fetch_add
[task 2019-02-06T11:48:38.520Z] 11:48:38 INFO - GECKO(2696) | Shadow bytes around the buggy address:
[task 2019-02-06T11:48:38.521Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002010: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
[task 2019-02-06T11:48:38.523Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002020: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
[task 2019-02-06T11:48:38.524Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002030: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd
[task 2019-02-06T11:48:38.526Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002040: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
[task 2019-02-06T11:48:38.527Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002050: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
[task 2019-02-06T11:48:38.528Z] 11:48:38 INFO - GECKO(2696) | =>0x0c0c80002060: fd[fd]fd fd fd fd fd fd fa fa fa fa 00 00 00 00
[task 2019-02-06T11:48:38.530Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002070: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd
[task 2019-02-06T11:48:38.531Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002080: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
[task 2019-02-06T11:48:38.533Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c80002090: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
[task 2019-02-06T11:48:38.534Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c800020a0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
[task 2019-02-06T11:48:38.536Z] 11:48:38 INFO - GECKO(2696) | 0x0c0c800020b0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
[task 2019-02-06T11:48:38.537Z] 11:48:38 INFO - GECKO(2696) | Shadow byte legend (one shadow byte represents 8 application bytes):
[task 2019-02-06T11:48:38.539Z] 11:48:38 INFO - GECKO(2696) | Addressable: 00
[task 2019-02-06T11:48:38.540Z] 11:48:38 INFO - GECKO(2696) | Partially addressable: 01 02 03 04 05 06 07
[task 2019-02-06T11:48:38.541Z] 11:48:38 INFO - GECKO(2696) | Heap left redzone: fa
[task 2019-02-06T11:48:38.543Z] 11:48:38 INFO - GECKO(2696) | Freed heap region: fd
[task 2019-02-06T11:48:38.544Z] 11:48:38 INFO - GECKO(2696) | Stack left redzone: f1
[task 2019-02-06T11:48:38.545Z] 11:48:38 INFO - GECKO(2696) | Stack mid redzone: f2
[task 2019-02-06T11:48:38.547Z] 11:48:38 INFO - GECKO(2696) | Stack right redzone: f3
[task 2019-02-06T11:48:38.548Z] 11:48:38 INFO - GECKO(2696) | Stack after return: f5
[task 2019-02-06T11:48:38.550Z] 11:48:38 INFO - GECKO(2696) | Stack use after scope: f8
[task 2019-02-06T11:48:38.551Z] 11:48:38 INFO - GECKO(2696) | Global redzone: f9
[task 2019-02-06T11:48:38.552Z] 11:48:38 INFO - GECKO(2696) | Global init order: f6
[task 2019-02-06T11:48:38.553Z] 11:48:38 INFO - GECKO(2696) | Poisoned by user: f7
[task 2019-02-06T11:48:38.554Z] 11:48:38 INFO - GECKO(2696) | Container overflow: fc
[task 2019-02-06T11:48:38.555Z] 11:48:38 INFO - GECKO(2696) | Array cookie: ac
[task 2019-02-06T11:48:38.555Z] 11:48:38 INFO - GECKO(2696) | Intra object redzone: bb
[task 2019-02-06T11:48:38.557Z] 11:48:38 INFO - GECKO(2696) | ASan internal: fe
[task 2019-02-06T11:48:38.558Z] 11:48:38 INFO - GECKO(2696) | Left alloca redzone: ca
[task 2019-02-06T11:48:38.559Z] 11:48:38 INFO - GECKO(2696) | Right alloca redzone: cb
[task 2019-02-06T11:48:38.560Z] 11:48:38 INFO - GECKO(2696) | Shadow gap: cc
[task 2019-02-06T11:48:38.561Z] 11:48:38 INFO - GECKO(2696) | ==2804==ABORTING

Group: gfx-core-security
Component: General → Graphics

Hey Lee, does anything stand out to you in this stack?

Flags: needinfo?(lsalzman)

This looks OMTP related. Somehow we have a race that is mucking up an SkTypeface's reference count. So the bug is on our side here, not Skia's fault.

Flags: needinfo?(lsalzman)

Ryan, does OMTP put this ball in your court?

Flags: needinfo?(rhunt)

There is a potential race from when we query the cairo user data to when we call ref() on the SkTypeface, and we don't have SkTypefaceCache's lock held, since we may be simultaneously inside SkTypefaceCache purging fonts which does hold the lock.

This just gets rid of the cairo user data strategy and instead uses the slightly slower SkTypefaceCache::FindByProcAndRef which does properly acquire SkTypefaceCache's lock the entire time, and ref the typeface inside the scope of that lock.

As a side-effect we should also save a bit of memory from no longer needing to add the user-data.

I am not entirely sure if this is the race causing this intermittent, but it is the only real race I can find here, so it might fix this.

Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Attachment #9043117 - Flags: review?(rhunt)
Comment on attachment 9043117 [details] [diff] [review]
use SkTypefaceCache::FindByProcAndRef to associate typefaces with fontconfig fonts

Thanks for taking this Lee.
Flags: needinfo?(rhunt)
Attachment #9043117 - Flags: review?(rhunt) → review+

Comment on attachment 9043117 [details] [diff] [review]
use SkTypefaceCache::FindByProcAndRef to associate typefaces with fontconfig fonts

Security Approval Request

How easily could an exploit be constructed based on the patch?

Not easily at all.

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?

No

Which older supported branches are affected by this flaw?

63+

If not all supported branches, which bug introduced the flaw?

None

Do you have backports for the affected branches?

Yes

If not, how different, hard to create, and risky will they be?

Patch should apply cleanly to 65+

How likely is this patch to cause regressions; how much testing does it need?

Very unlikely

Attachment #9043117 - Flags: sec-approval?

sec-approval+ for trunk. Can we get a beta patch nominated for 66 as well (the same as it would seem to apply)?

status-firefox65: --- → wontfix
status-firefox66: --- → affected
status-firefox67: --- → affected
status-firefox-esr60: --- → unaffected
tracking-firefox66: --- → +
tracking-firefox67: --- → +
Attachment #9043117 - Flags: sec-approval? → sec-approval+

Comment on attachment 9043117 [details] [diff] [review]
use SkTypefaceCache::FindByProcAndRef to associate typefaces with fontconfig fonts

Beta/Release Uplift Approval Request

Feature/Bug causing the regression

None

User impact if declined

Is this code covered by automated tests?

Yes

Has the fix been verified in Nightly?

No

Needs manual test from QE?

No

If yes, steps to reproduce

List of other uplifts needed

None

Risk to taking this patch

Low

Why is the change risky/not risky? (and alternatives if risky)

String changes made/needed

Attachment #9043117 - Flags: approval-mozilla-beta?

Can you land this on m-c before we take the uplift? Thanks.

Flags: needinfo?(lsalzman)

Okay

Flags: needinfo?(lsalzman)

This was landed and merged to m-c.
https://hg.mozilla.org/mozilla-central/rev/c9c9cd1c4611

Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox67: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Comment on attachment 9043117 [details] [diff] [review]
use SkTypefaceCache::FindByProcAndRef to associate typefaces with fontconfig fonts

[Triage Comment]
Approved for 66.0b10 also.
Attachment #9043117 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main66+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: