Open Bug 1724252 Opened 3 years ago Updated 2 years ago

ThreadSanitizer: lock-order-inversion [@ _cairo_scaled_font_allocate_glyph]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox92 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(1 file)

testcase.html
363 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20210801-ea89827501c6 (--enable-thread-sanitizer --enable-fuzzing)

WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock) (pid=24265)
  Cycle in lock order graph: M213755 (0x7b54002b5378) => M197640 (0x7f92cc6fffc8) => M213755

  Mutex M197640 acquired here while holding mutex M213755 in main thread:
    #0 pthread_mutex_lock /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:4233:3 (firefox+0x7a2e6)
    #1 _cairo_scaled_font_allocate_glyph src/gfx/cairo/cairo/src/cairo-scaled-font.c:2887:5 (libxul.so+0x5a6a495)
    #2 _cairo_scaled_glyph_lookup src/gfx/cairo/cairo/src/cairo-scaled-font.c:3007:11 (libxul.so+0x5a6a495)
    #3 _cairo_scaled_font_single_glyph_device_extents src/gfx/cairo/cairo/src/cairo-scaled-font.c:2176:14 (libxul.so+0x5a6eb61)
    #4 _cairo_scaled_font_glyph_device_extents src/gfx/cairo/cairo/src/cairo-scaled-font.c:2228:9 (libxul.so+0x5a6eb61)
    #5 _cairo_composite_rectangles_init_for_glyphs src/gfx/cairo/cairo/src/cairo-composite-rectangles.c:446:14 (libxul.so+0x5a23b6a)
    #6 _cairo_recording_surface_show_text_glyphs src/gfx/cairo/cairo/src/cairo-recording-surface.c:1002:14 (libxul.so+0x5a77e26)
    #7 _cairo_surface_show_text_glyphs src/gfx/cairo/cairo/src/cairo-surface.c:2963:15 (libxul.so+0x5a80230)
    #8 _cairo_gstate_show_text_glyphs src/gfx/cairo/cairo/src/cairo-gstate.c:2038:15 (libxul.so+0x5a2d36b)
    #9 _cairo_default_context_glyphs src/gfx/cairo/cairo/src/cairo-default-context.c:1318:12 (libxul.so+0x5a32eda)
    #10 _moz_cairo_show_glyphs src/gfx/cairo/cairo/src/cairo.c:3629:14 (libxul.so+0x5a929d4)
    #11 mozilla::gfx::DrawTargetCairo::FillGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetCairo.cpp:1405:5 (libxul.so+0x1cffda7)
    #12 mozilla::gfx::RecordedFillGlyphs::PlayEvent(mozilla::gfx::Translator*) const src/gfx/2d/RecordedEventImpl.h:2406:7 (libxul.so+0x1cced1f)
    #13 operator() src/layout/printing/PrintTranslator.cpp:58:33 (libxul.so+0x5120f7a)
    #14 std::_Function_handler<bool (mozilla::gfx::RecordedEvent*), mozilla::layout::PrintTranslator::TranslateRecording(mozilla::layout::PRFileDescStream&)::$_0>::_M_invoke(std::_Any_data const&, mozilla::gfx::RecordedEvent*&&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:301:9 (libxul.so+0x5120f7a)
    #15 operator() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:706:14 (libxul.so+0x1d6746b)
    #16 bool mozilla::gfx::RecordedEvent::DoWithEvent<mozilla::gfx::EventStream>(mozilla::gfx::EventStream&, mozilla::gfx::RecordedEvent::EventType, std::function<bool (mozilla::gfx::RecordedEvent*)> const&) src/gfx/2d/RecordedEventImpl.h:4051:5 (libxul.so+0x1d6746b)
    #17 mozilla::gfx::RecordedEvent::DoWithEventFromStream(mozilla::gfx::EventStream&, mozilla::gfx::RecordedEvent::EventType, std::function<bool (mozilla::gfx::RecordedEvent*)> const&) src/gfx/2d/RecordedEvent.cpp:24:10 (libxul.so+0x1d66af2)
    #18 mozilla::layout::PrintTranslator::TranslateRecording(mozilla::layout::PRFileDescStream&) src/layout/printing/PrintTranslator.cpp:50:20 (libxul.so+0x5110b16)
    #19 PrintPage src/layout/printing/ipc/RemotePrintJobParent.cpp:167:26 (libxul.so+0x5112fa2)
    #20 mozilla::layout::RemotePrintJobParent::FinishProcessingPage(nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) src/layout/printing/ipc/RemotePrintJobParent.cpp:146:17 (libxul.so+0x5112fa2)
    #21 mozilla::layout::RemotePrintJobParent::RecvProcessPage(nsTArray<unsigned long>&&) src/layout/printing/ipc/RemotePrintJobParent.cpp:121:5 (libxul.so+0x5112efe)
    #22 mozilla::layout::PRemotePrintJobParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PRemotePrintJobParent.cpp:301:28 (libxul.so+0x184bdfa)
    #23 mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentParent.cpp:6612:32 (libxul.so+0x168bd21)
    #24 mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2051:25 (libxul.so+0x1554481)
    #25 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:1978:9 (libxul.so+0x1552b75)
    #26 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1826:3 (libxul.so+0x155376a)
    #27 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1857:13 (libxul.so+0x1553bf1)
    #28 mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:502:16 (libxul.so+0xc9cbb7)
    #29 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:805:26 (libxul.so+0xc7bc94)
    #30 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:641:15 (libxul.so+0xc7a2c6)
    #31 mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:425:36 (libxul.so+0xc7a594)
    #32 operator() src/xpcom/threads/TaskController.cpp:135:37 (libxul.so+0xca06a7)
    #33 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() src/xpcom/threads/nsThreadUtils.h:532:5 (libxul.so+0xca06a7)
    #34 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1148:16 (libxul.so+0xc8c075)
    #35 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:466:10 (libxul.so+0xc92ff2)
    #36 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x15582fd)
    #37 RunInternal src/ipc/chromium/src/base/message_loop.cc:331:10 (libxul.so+0x14dae3c)
    #38 RunHandler src/ipc/chromium/src/base/message_loop.cc:324:3 (libxul.so+0x14dae3c)
    #39 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3 (libxul.so+0x14dae3c)
    #40 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 (libxul.so+0x49371f6)
    #41 nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:274:30 (libxul.so+0x65c8048)
    #42 XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:5294:22 (libxul.so+0x66cf4ba)
    #43 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5479:8 (libxul.so+0x66d0207)
    #44 XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5538:21 (libxul.so+0x66d07a4)
    #45 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x66dabe2)
    #46 do_main src/browser/app/nsBrowserApp.cpp:225:22 (firefox+0xc96c8)
    #47 main src/browser/app/nsBrowserApp.cpp:378:16 (firefox+0xc96c8)

  Mutex M213755 previously acquired by the same thread here:
    #0 pthread_mutex_lock /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:4233:3 (firefox+0x7a2e6)
    #1 _cairo_scaled_font_freeze_cache src/gfx/cairo/cairo/src/cairo-scaled-font.c:795:5 (libxul.so+0x5a6eb28)
    #2 _cairo_scaled_font_single_glyph_device_extents src/gfx/cairo/cairo/src/cairo-scaled-font.c:2175:5 (libxul.so+0x5a6eb28)
    #3 _cairo_scaled_font_glyph_device_extents src/gfx/cairo/cairo/src/cairo-scaled-font.c:2228:9 (libxul.so+0x5a6eb28)
    #4 _cairo_composite_rectangles_init_for_glyphs src/gfx/cairo/cairo/src/cairo-composite-rectangles.c:446:14 (libxul.so+0x5a23b6a)
    #5 _cairo_recording_surface_show_text_glyphs src/gfx/cairo/cairo/src/cairo-recording-surface.c:1002:14 (libxul.so+0x5a77e26)
    #6 _cairo_surface_show_text_glyphs src/gfx/cairo/cairo/src/cairo-surface.c:2963:15 (libxul.so+0x5a80230)
    #7 _cairo_gstate_show_text_glyphs src/gfx/cairo/cairo/src/cairo-gstate.c:2038:15 (libxul.so+0x5a2d36b)
    #8 _cairo_default_context_glyphs src/gfx/cairo/cairo/src/cairo-default-context.c:1318:12 (libxul.so+0x5a32eda)
    #9 _moz_cairo_show_glyphs src/gfx/cairo/cairo/src/cairo.c:3629:14 (libxul.so+0x5a929d4)
    #10 mozilla::gfx::DrawTargetCairo::FillGlyphs(mozilla::gfx::ScaledFont*, mozilla::gfx::GlyphBuffer const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetCairo.cpp:1405:5 (libxul.so+0x1cffda7)
    #11 mozilla::gfx::RecordedFillGlyphs::PlayEvent(mozilla::gfx::Translator*) const src/gfx/2d/RecordedEventImpl.h:2406:7 (libxul.so+0x1cced1f)
    #12 operator() src/layout/printing/PrintTranslator.cpp:58:33 (libxul.so+0x5120f7a)
    #13 std::_Function_handler<bool (mozilla::gfx::RecordedEvent*), mozilla::layout::PrintTranslator::TranslateRecording(mozilla::layout::PRFileDescStream&)::$_0>::_M_invoke(std::_Any_data const&, mozilla::gfx::RecordedEvent*&&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:301:9 (libxul.so+0x5120f7a)
    #14 operator() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:706:14 (libxul.so+0x1d6746b)
    #15 bool mozilla::gfx::RecordedEvent::DoWithEvent<mozilla::gfx::EventStream>(mozilla::gfx::EventStream&, mozilla::gfx::RecordedEvent::EventType, std::function<bool (mozilla::gfx::RecordedEvent*)> const&) src/gfx/2d/RecordedEventImpl.h:4051:5 (libxul.so+0x1d6746b)
    #16 mozilla::gfx::RecordedEvent::DoWithEventFromStream(mozilla::gfx::EventStream&, mozilla::gfx::RecordedEvent::EventType, std::function<bool (mozilla::gfx::RecordedEvent*)> const&) src/gfx/2d/RecordedEvent.cpp:24:10 (libxul.so+0x1d66af2)
    #17 mozilla::layout::PrintTranslator::TranslateRecording(mozilla::layout::PRFileDescStream&) src/layout/printing/PrintTranslator.cpp:50:20 (libxul.so+0x5110b16)
    #18 PrintPage src/layout/printing/ipc/RemotePrintJobParent.cpp:167:26 (libxul.so+0x5112fa2)
    #19 mozilla::layout::RemotePrintJobParent::FinishProcessingPage(nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) src/layout/printing/ipc/RemotePrintJobParent.cpp:146:17 (libxul.so+0x5112fa2)
    #20 mozilla::layout::RemotePrintJobParent::RecvProcessPage(nsTArray<unsigned long>&&) src/layout/printing/ipc/RemotePrintJobParent.cpp:121:5 (libxul.so+0x5112efe)
    #21 mozilla::layout::PRemotePrintJobParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PRemotePrintJobParent.cpp:301:28 (libxul.so+0x184bdfa)
    #22 mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentParent.cpp:6612:32 (libxul.so+0x168bd21)
    #23 mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2051:25 (libxul.so+0x1554481)
    #24 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:1978:9 (libxul.so+0x1552b75)
    #25 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1826:3 (libxul.so+0x155376a)
    #26 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1857:13 (libxul.so+0x1553bf1)
    #27 mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:502:16 (libxul.so+0xc9cbb7)
    #28 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:805:26 (libxul.so+0xc7bc94)
    #29 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:641:15 (libxul.so+0xc7a2c6)
    #30 mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:425:36 (libxul.so+0xc7a594)
    #31 operator() src/xpcom/threads/TaskController.cpp:135:37 (libxul.so+0xca06a7)
    #32 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() src/xpcom/threads/nsThreadUtils.h:532:5 (libxul.so+0xca06a7)
    #33 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1148:16 (libxul.so+0xc8c075)
    #34 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:466:10 (libxul.so+0xc92ff2)
    #35 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x15582fd)
    #36 RunInternal src/ipc/chromium/src/base/message_loop.cc:331:10 (libxul.so+0x14dae3c)
    #37 RunHandler src/ipc/chromium/src/base/message_loop.cc:324:3 (libxul.so+0x14dae3c)
    #38 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3 (libxul.so+0x14dae3c)
    #39 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 (libxul.so+0x49371f6)
    #40 nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:274:30 (libxul.so+0x65c8048)
    #41 XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:5294:22 (libxul.so+0x66cf4ba)
    #42 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5479:8 (libxul.so+0x66d0207)
    #43 XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5538:21 (libxul.so+0x66d07a4)
    #44 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x66dabe2)
    #45 do_main src/browser/app/nsBrowserApp.cpp:225:22 (firefox+0xc96c8)
    #46 main src/browser/app/nsBrowserApp.cpp:378:16 (firefox+0xc96c8)

  Mutex M213755 acquired here while holding mutex M197640 in main thread:
    #0 pthread_mutex_lock /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:4233:3 (firefox+0x7a2e6)
    #1 _cairo_scaled_glyph_page_pluck src/gfx/cairo/cairo/src/cairo-scaled-font.c:479:5 (libxul.so+0x5a79a18)
    #2 _cairo_cache_remove src/gfx/cairo/cairo/src/cairo-cache.c:296:2 (libxul.so+0x5a1d15c)
    #3 _cairo_cache_pluck src/gfx/cairo/cairo/src/cairo-cache.c:115:5 (libxul.so+0x5a1d15c)
    #4 _cairo_hash_table_foreach src/gfx/cairo/cairo/src/cairo-hash.c:567:6 (libxul.so+0x5a2f174)
    #5 _cairo_cache_fini src/gfx/cairo/cairo/src/cairo-cache.c:130:5 (libxul.so+0x5a1d0e7)
    #6 _cairo_scaled_font_reset_static_data src/gfx/cairo/cairo/src/cairo-scaled-font.c:1262:2 (libxul.so+0x5a6e46e)
    #7 _moz_cairo_debug_reset_static_data src/gfx/cairo/cairo/src/cairo-debug.c:81:5 (libxul.so+0x5a266c6)
    #8 gfxPlatform::WillShutdown() src/gfx/thebes/gfxPlatform.cpp:1391:3 (libxul.so+0x20f1427)
    #9 gfxPlatform::Shutdown() src/gfx/thebes/gfxPlatform.cpp:1300:14 (libxul.so+0x20f0af8)
    #10 nsLayoutModuleDtor() src/layout/build/nsLayoutModule.cpp:259:3 (libxul.so+0x5123894)
    #11 CallUnloadFuncs /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:8736:5 (libxul.so+0xc58c81)
    #12 mozilla::xpcom::StaticComponents::Shutdown() /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12210:3 (libxul.so+0xc58c81)
    #13 nsComponentManagerImpl::Shutdown() src/xpcom/components/nsComponentManager.cpp:852:3 (libxul.so+0xc63bbc)
    #14 mozilla::ShutdownXPCOM(nsIServiceManager*) src/xpcom/build/XPCOMInit.cpp:724:55 (libxul.so+0xcc76e8)
    #15 NS_ShutdownXPCOM src/xpcom/build/XPCOMInit.cpp:567:10 (libxul.so+0xcc7255)
    #16 ScopedXPCOMStartup::~ScopedXPCOMStartup() src/toolkit/xre/nsAppRunner.cpp:1682:5 (libxul.so+0x66c52e3)
    #17 operator() /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:463:5 (libxul.so+0x66d251f)
    #18 mozilla::UniquePtr<ScopedXPCOMStartup, mozilla::DefaultDelete<ScopedXPCOMStartup> >::reset(ScopedXPCOMStartup*) /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:305:7 (libxul.so+0x66d251f)
    #19 operator= /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:275:5 (libxul.so+0x66d0255)
    #20 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5496:16 (libxul.so+0x66d0255)
    #21 XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5538:21 (libxul.so+0x66d07a4)
    #22 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x66dabe2)
    #23 do_main src/browser/app/nsBrowserApp.cpp:225:22 (firefox+0xc96c8)
    #24 main src/browser/app/nsBrowserApp.cpp:378:16 (firefox+0xc96c8)

  Mutex M197640 previously acquired by the same thread here:
    #0 pthread_mutex_lock /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:4233:3 (firefox+0x7a2e6)
    #1 _cairo_scaled_font_reset_static_data src/gfx/cairo/cairo/src/cairo-scaled-font.c:1260:5 (libxul.so+0x5a6e449)
    #2 _moz_cairo_debug_reset_static_data src/gfx/cairo/cairo/src/cairo-debug.c:81:5 (libxul.so+0x5a266c6)
    #3 gfxPlatform::WillShutdown() src/gfx/thebes/gfxPlatform.cpp:1391:3 (libxul.so+0x20f1427)
    #4 gfxPlatform::Shutdown() src/gfx/thebes/gfxPlatform.cpp:1300:14 (libxul.so+0x20f0af8)
    #5 nsLayoutModuleDtor() src/layout/build/nsLayoutModule.cpp:259:3 (libxul.so+0x5123894)
    #6 CallUnloadFuncs /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:8736:5 (libxul.so+0xc58c81)
    #7 mozilla::xpcom::StaticComponents::Shutdown() /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12210:3 (libxul.so+0xc58c81)
    #8 nsComponentManagerImpl::Shutdown() src/xpcom/components/nsComponentManager.cpp:852:3 (libxul.so+0xc63bbc)
    #9 mozilla::ShutdownXPCOM(nsIServiceManager*) src/xpcom/build/XPCOMInit.cpp:724:55 (libxul.so+0xcc76e8)
    #10 NS_ShutdownXPCOM src/xpcom/build/XPCOMInit.cpp:567:10 (libxul.so+0xcc7255)
    #11 ScopedXPCOMStartup::~ScopedXPCOMStartup() src/toolkit/xre/nsAppRunner.cpp:1682:5 (libxul.so+0x66c52e3)
    #12 operator() /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:463:5 (libxul.so+0x66d251f)
    #13 mozilla::UniquePtr<ScopedXPCOMStartup, mozilla::DefaultDelete<ScopedXPCOMStartup> >::reset(ScopedXPCOMStartup*) /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:305:7 (libxul.so+0x66d251f)
    #14 operator= /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:275:5 (libxul.so+0x66d0255)
    #15 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5496:16 (libxul.so+0x66d0255)
    #16 XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5538:21 (libxul.so+0x66d07a4)
    #17 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x66dabe2)
    #18 do_main src/browser/app/nsBrowserApp.cpp:225:22 (firefox+0xc96c8)
    #19 main src/browser/app/nsBrowserApp.cpp:378:16 (firefox+0xc96c8)
Flags: in-testsuite?
Keywords: bugmon

Bugmon Analysis
Verified bug as reproducible on mozilla-central 20210805163446-f5921ffeaee4.
The bug appears to have been introduced in the following build range:

Start: 3557d61e4136ee4e624662dc9c06f9d2cea38ea5 (20210519033212)
End: de62b7dc09b8bfba7cdb04deda52e0b70b7d3f99 (20210519044826)
Pushlog: https://hg.mozilla.org/mozilla-unified/pushloghtml?fromchange=3557d61e4136ee4e624662dc9c06f9d2cea38ea5&tochange=de62b7dc09b8bfba7cdb04deda52e0b70b7d3f99

Whiteboard: [bugmon:bisected,confirmed]

I think this is a false positive, inasmuch as the two pieces of code involved (rendering a print job, and shutting down xpcom) both run only on the main thread. So they cannot race with each other and potentially deadlock.

In theory this could be an upstream issue, I guess, if a cairo client is doing multi-threaded rendering and one of the threads tries to use cairo_debug_reset_static_data at the same time as other threads are accessing scaled_font glyphs. But from a Gecko point of view I don't think there's a concern here.

Severity: -- → S3

Bugmon Analysis
Testcase crashes using the initial build (mozilla-central 20210801214108-ea89827501c6) but not with tip (mozilla-central 20211203213802-92df9c655be5.)
The bug appears to have been fixed in the following build range:

Start: f5cb6b2465f3042f3ec5bb096a75fbe24f71465e (20211116073345)
End: 5d32dbafda59a62fba936250375782a4cc9c6300 (20211116082732)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=f5cb6b2465f3042f3ec5bb096a75fbe24f71465e&tochange=5d32dbafda59a62fba936250375782a4cc9c6300
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: