Closed
Bug 1771159
Opened 2 years ago
Closed 2 years ago
Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:150:43 in _cairo_list_del
Categories
(Core :: Graphics: Canvas2D, defect)
Core
Graphics: Canvas2D
Tracking
()
People
(Reporter: intermittent-bug-filer, Assigned: lsalzman)
Details
(Keywords: csectype-race, intermittent-failure, sec-moderate, Whiteboard: [adv-main104+r][adv-esr102.2+r])
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr102+
tjr
:
sec-approval+
|
Details | Review |
Filed by: abutkovits [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=379251725&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/X-PkyE8_QuiWYXw__LeYSw/runs/0/artifacts/public/logs/live_backing.log
Reported after: dom/canvas/test/test_hitregion_event.html
WARNING: ThreadSanitizer: data race (pid=3995)
Read of size 8 at 0x7b5c000bca80 by main thread:
#0 _cairo_list_del /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:150:43 (libxul.so+0x6f62f5b)
#1 cairo_list_del /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:156:5 (libxul.so+0x6f62f5b)
#2 _cairo_xlib_surface_finish /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-xlib-surface.c:381:5 (libxul.so+0x6f62f5b)
#3 _cairo_surface_finish /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-surface.c:1034:11 (libxul.so+0x6fe1e31)
#4 INT__moz_cairo_surface_destroy /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-surface.c:974:2 (libxul.so+0x6fe1e31)
#5 gfxASurface::Release() /builds/worker/checkouts/gecko/gfx/thebes/gfxASurface.cpp:96:5 (libxul.so+0x267b0a9)
#6 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x236ef24)
#7 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x236ef24)
#8 ~RefPtr /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:81:7 (libxul.so+0x236ef24)
#9 mozilla::gl::GLContextGLX::~GLContextGLX() /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:455:1 (libxul.so+0x236ef24)
#10 mozilla::gl::GLContextGLX::~GLContextGLX() /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:433:31 (libxul.so+0x236f025)
#11 mozilla::detail::GenericRefCounted<(mozilla::detail::RefCountAtomicity)0>::Release() /builds/worker/workspace/obj-build/dist/include/mozilla/GenericRefCounted.h:83:7 (libxul.so+0x2370917)
#12 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x3e61e77)
#13 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x3e61e77)
#14 assign_assuming_AddRef /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:69:7 (libxul.so+0x3e61e77)
#15 operator= /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:168:5 (libxul.so+0x3e61e77)
#16 mozilla::WebGLContext::DestroyResourcesAndContext() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:220:45 (libxul.so+0x3e61e77)
#17 mozilla::WebGLContext::~WebGLContext() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:155:33 (libxul.so+0x3e76777)
#18 mozilla::WebGL2Context::~WebGL2Context() /builds/worker/checkouts/gecko/dom/canvas/WebGL2Context.h:24:7 (libxul.so+0x3e77545)
#19 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefCounted.h:255:7 (libxul.so+0x3e0e79c)
#20 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x3e0e79c)
#21 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x3e0e79c)
#22 ~RefPtr /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:81:7 (libxul.so+0x3e0e79c)
#23 mozilla::HostWebGLContext::~HostWebGLContext() /builds/worker/checkouts/gecko/dom/canvas/HostWebGLContext.cpp:74:1 (libxul.so+0x3e0e79c)
#24 operator() /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:463:5 (libxul.so+0x3db51c5)
#25 reset /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:305:7 (libxul.so+0x3db51c5)
#26 ~UniquePtr /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:253:18 (libxul.so+0x3db51c5)
#27 mozilla::webgl::NotLostData::~NotLostData() /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:57:1 (libxul.so+0x3db51c5)
#28 destroy<mozilla::webgl::NotLostData> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/ext/new_allocator.h:140:28 (libxul.so+0x3e3cc62)
#29 destroy<mozilla::webgl::NotLostData> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/alloc_traits.h:487:8 (libxul.so+0x3e3cc62)
#30 operator() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/shared_ptr_base.h:1310:6 (libxul.so+0x3e3cc62)
#31 std::_Sp_counted_deleter<mozilla::webgl::NotLostData*, std::__shared_ptr<mozilla::webgl::NotLostData, (__gnu_cxx::_Lock_policy)2>::_Deleter<std::allocator<mozilla::webgl::NotLostData> >, std::allocator<mozilla::webgl::NotLostData>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/shared_ptr_base.h:470:9 (libxul.so+0x3e3cc62)
#32 _M_release /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/shared_ptr_base.h:154:6 (libxul.so+0x3db60c4)
#33 ~__shared_count /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/shared_ptr_base.h:684:11 (libxul.so+0x3db60c4)
#34 ~__shared_ptr /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/shared_ptr_base.h:1123:31 (libxul.so+0x3db60c4)
#35 mozilla::ClientWebGLContext::~ClientWebGLContext() /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:129:74 (libxul.so+0x3db60c4)
#36 DeleteCycleCollectable /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:6619:1 (libxul.so+0x3e29345)
#37 mozilla::ClientWebGLContext::cycleCollection::DeleteCycleCollectable(void*) /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.h:713:3 (libxul.so+0x3e29345)
#38 MaybeKillObject /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp:2419:29 (libxul.so+0x10cc3c1)
#39 SnowWhiteKiller::~SnowWhiteKiller() /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp:2406:7 (libxul.so+0x10cc3c1)
#40 nsCycleCollector::FreeSnowWhite(bool) /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp:2596:3 (libxul.so+0x10cba62)
#41 nsCycleCollector::Collect(mozilla::CCReason, ccIsManual, js::SliceBudget&, nsICycleCollectorListener*, bool) /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp:3397:5 (libxul.so+0x10d09a7)
#42 nsCycleCollector_collectSlice(js::SliceBudget&, mozilla::CCReason, bool) /builds/worker/checkouts/gecko/xpcom/base/nsCycleCollector.cpp:3925:21 (libxul.so+0x10d35c0)
#43 nsJSContext::RunCycleCollectorSlice(mozilla::CCReason, mozilla::TimeStamp) /builds/worker/checkouts/gecko/dom/base/nsJSEnvironment.cpp (libxul.so+0x2cc37e3)
#44 mozilla::CCGCScheduler::CCRunnerFired(mozilla::TimeStamp) /builds/worker/checkouts/gecko/dom/base/nsJSEnvironment.cpp:1592:9 (libxul.so+0x2cc45ec)
#45 std::_Function_handler<bool (mozilla::TimeStamp), bool (*)(mozilla::TimeStamp)>::_M_invoke(std::_Any_data const&, mozilla::TimeStamp&&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:301:9 (libxul.so+0x2258d8e)
#46 operator() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:706:14 (libxul.so+0x119bf67)
#47 mozilla::IdleTaskRunner::Run() /builds/worker/checkouts/gecko/xpcom/threads/IdleTaskRunner.cpp:124:14 (libxul.so+0x119bf67)
#48 mozilla::IdleTaskRunnerTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/IdleTaskRunner.cpp:45:15 (libxul.so+0x119cba6)
#49 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:788:26 (libxul.so+0x11b060d)
#50 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:662:15 (libxul.so+0x11aec48)
#51 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:398:36 (libxul.so+0x11aed84)
#52 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:124:37 (libxul.so+0x11db577)
#53 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5 (libxul.so+0x11db577)
#54 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1180:16 (libxul.so+0x11c4b22)
#55 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10 (libxul.so+0x11cb1f5)
#56 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x1e1cf5b)
#57 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:380:10 (libxul.so+0x1d3d41c)
#58 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:373:3 (libxul.so+0x1d3d41c)
#59 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:355:3 (libxul.so+0x1d3d41c)
#60 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27 (libxul.so+0x5a66466)
#61 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0x839d9b3)
#62 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5731:22 (libxul.so+0x84dc327)
#63 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5916:8 (libxul.so+0x84dcddf)
#64 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5983:21 (libxul.so+0x84dd454)
#65 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x84e8ff2)
#66 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox+0xdf12f)
#67 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:406:16 (firefox+0xdf12f)
Previous write of size 8 at 0x7b5c000bca80 by thread T44:
#0 __cairo_list_del /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:144:16 (libxul.so+0x6f62f77)
#1 _cairo_list_del /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:150:5 (libxul.so+0x6f62f77)
#2 cairo_list_del /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:156:5 (libxul.so+0x6f62f77)
#3 _cairo_xlib_surface_finish /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-xlib-surface.c:381:5 (libxul.so+0x6f62f77)
#4 _cairo_surface_finish /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-surface.c:1034:11 (libxul.so+0x6fe1e31)
#5 INT__moz_cairo_surface_destroy /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-surface.c:974:2 (libxul.so+0x6fe1e31)
#6 gfxASurface::Release() /builds/worker/checkouts/gecko/gfx/thebes/gfxASurface.cpp:96:5 (libxul.so+0x267b0a9)
#7 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x236ef24)
#8 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x236ef24)
#9 ~RefPtr /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:81:7 (libxul.so+0x236ef24)
#10 mozilla::gl::GLContextGLX::~GLContextGLX() /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:455:1 (libxul.so+0x236ef24)
#11 mozilla::gl::GLContextGLX::~GLContextGLX() /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:433:31 (libxul.so+0x236f025)
#12 mozilla::detail::GenericRefCounted<(mozilla::detail::RefCountAtomicity)0>::Release() /builds/worker/workspace/obj-build/dist/include/mozilla/GenericRefCounted.h:83:7 (libxul.so+0x2370917)
#13 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x3e61e77)
#14 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x3e61e77)
#15 assign_assuming_AddRef /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:69:7 (libxul.so+0x3e61e77)
#16 operator= /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:168:5 (libxul.so+0x3e61e77)
#17 mozilla::WebGLContext::DestroyResourcesAndContext() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:220:45 (libxul.so+0x3e61e77)
#18 mozilla::WebGLContext::~WebGLContext() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:155:33 (libxul.so+0x3e76777)
#19 mozilla::WebGL2Context::~WebGL2Context() /builds/worker/checkouts/gecko/dom/canvas/WebGL2Context.h:24:7 (libxul.so+0x3e77545)
#20 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefCounted.h:255:7 (libxul.so+0x3e0e79c)
#21 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:50:40 (libxul.so+0x3e0e79c)
#22 Release /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:381:36 (libxul.so+0x3e0e79c)
#23 ~RefPtr /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:81:7 (libxul.so+0x3e0e79c)
#24 mozilla::HostWebGLContext::~HostWebGLContext() /builds/worker/checkouts/gecko/dom/canvas/HostWebGLContext.cpp:74:1 (libxul.so+0x3e0e79c)
#25 operator() /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:463:5 (libxul.so+0x3eafc45)
#26 reset /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:305:7 (libxul.so+0x3eafc45)
#27 operator= /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:275:5 (libxul.so+0x3eafc45)
#28 mozilla::dom::WebGLParent::Recv__delete__() /builds/worker/checkouts/gecko/dom/canvas/WebGLParent.cpp:95:9 (libxul.so+0x3eafc45)
#29 mozilla::dom::PWebGLParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PWebGLParent.cpp:190:79 (libxul.so+0x3f44105)
#30 mozilla::gfx::PCanvasManagerParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PCanvasManagerParent.cpp:214:32 (libxul.so+0x277c8b3)
#31 mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1781:25 (libxul.so+0x1e18e5b)
#32 mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1706:9 (libxul.so+0x1e17209)
#33 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1506:3 (libxul.so+0x1e178ae)
#34 mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1604:14 (libxul.so+0x1e1846e)
#35 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1174:16 (libxul.so+0x11c4d48)
#36 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10 (libxul.so+0x11cb1f5)
#37 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:330:5 (libxul.so+0x1e1dbe8)
#38 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:380:10 (libxul.so+0x1d3d41c)
#39 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:373:3 (libxul.so+0x1d3d41c)
#40 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:355:3 (libxul.so+0x1d3d41c)
#41 nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:378:10 (libxul.so+0x11c024a)
#42 _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x45f5d)
Location is heap block of size 832 at 0x7b5c000bc900 allocated by main thread:
#0 malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:667:5 (firefox+0x5c821)
#1 _cairo_xlib_surface_create_internal /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-xlib-surface.c:1767:15 (libxul.so+0x6f621d9)
#2 _moz_cairo_xlib_surface_create /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-xlib-surface.c:1947:12 (libxul.so+0x6f62112)
#3 gfxXlibSurface /builds/worker/checkouts/gecko/gfx/thebes/gfxXlibSurface.cpp:46:27 (libxul.so+0x26ae2d5)
#4 gfxXlibSurface::Create(std::shared_ptr<mozilla::gfx::XlibDisplay> const&, Screen*, Visual*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, unsigned long) /builds/worker/checkouts/gecko/gfx/thebes/gfxXlibSurface.cpp:170:11 (libxul.so+0x26ae2d5)
#5 CreateOffscreenPixmapContext /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:875:36 (libxul.so+0x2370593)
#6 mozilla::gl::GLContextProviderGLX::CreateHeadless(mozilla::gl::GLContextCreateDesc const&, nsTSubstring<char>*) /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderGLX.cpp:904:10 (libxul.so+0x2370593)
#7 mozilla::gl::GLContextProviderLinux::CreateHeadless(mozilla::gl::GLContextCreateDesc const&, nsTSubstring<char>*) /builds/worker/checkouts/gecko/gfx/gl/GLContextProviderLinux.cpp:37:12 (libxul.so+0x2370df4)
#8 operator() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:356:38 (libxul.so+0x3e62480)
#9 operator() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:369:11 (libxul.so+0x3e62480)
#10 mozilla::WebGLContext::CreateAndInitGL(bool, std::vector<mozilla::WebGLContext::FailureReason, std::allocator<mozilla::WebGLContext::FailureReason> >*) /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:363:22 (libxul.so+0x3e62480)
#11 operator() /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:521:17 (libxul.so+0x3e6328b)
#12 mozilla::WebGLContext::Create(mozilla::HostWebGLContext&, mozilla::webgl::InitContextDesc const&, mozilla::webgl::InitContextResult*) /builds/worker/checkouts/gecko/dom/canvas/WebGLContext.cpp:495:14 (libxul.so+0x3e6328b)
#13 Create /builds/worker/checkouts/gecko/dom/canvas/HostWebGLContext.cpp:58:16 (libxul.so+0x3db7cf5)
#14 operator() /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:689:11 (libxul.so+0x3db7cf5)
#15 mozilla::ClientWebGLContext::CreateHostContext(mozilla::avec2<unsigned int> const&) /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:656:14 (libxul.so+0x3db7cf5)
#16 mozilla::ClientWebGLContext::SetDimensions(int, int) /builds/worker/checkouts/gecko/dom/canvas/ClientWebGLContext.cpp:628:8 (libxul.so+0x3dbc31e)
#17 mozilla::gfx::DrawTargetWebgl::SharedContext::Initialize() /builds/worker/checkouts/gecko/dom/canvas/DrawTargetWebgl.cpp:372:15 (libxul.so+0x3d6fb39)
#18 mozilla::gfx::DrawTargetWebgl::Init(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) /builds/worker/checkouts/gecko/dom/canvas/DrawTargetWebgl.cpp:334:26 (libxul.so+0x3d6f836)
#19 mozilla::gfx::DrawTargetWebgl::Create(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) /builds/worker/checkouts/gecko/dom/canvas/DrawTargetWebgl.cpp:529:12 (libxul.so+0x3d7225f)
#20 mozilla::dom::CanvasRenderingContext2D::TryAcceleratedTarget(RefPtr<mozilla::gfx::DrawTarget>&, RefPtr<mozilla::layers::PersistentBufferProvider>&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:1545:12 (libxul.so+0x3d9472f)
#21 mozilla::dom::CanvasRenderingContext2D::EnsureTarget(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const*, bool) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:1418:8 (libxul.so+0x3d94012)
#22 mozilla::dom::CanvasRenderingContext2D::DrawImage(mozilla::dom::HTMLImageElementOrSVGImageElementOrHTMLCanvasElementOrHTMLVideoElementOrOffscreenCanvasOrImageBitmap const&, double, double, double, double, double, double, double, double, unsigned char, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/canvas/CanvasRenderingContext2D.cpp:4750:3 (libxul.so+0x3da9de1)
#23 mozilla::dom::CanvasRenderingContext2D::DrawImage(mozilla::dom::HTMLImageElementOrSVGImageElementOrHTMLCanvasElementOrHTMLVideoElementOrOffscreenCanvasOrImageBitmap const&, double, double, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/CanvasRenderingContext2D.h:249:5 (libxul.so+0x3d897a3)
#24 mozilla::dom::CanvasRenderingContext2D_Binding::drawImage(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/CanvasRenderingContext2DBinding.cpp:2670:28 (libxul.so+0x340b136)
#25 bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3271:13 (libxul.so+0x3ccb9ee)
#26 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:420:13 (libxul.so+0x95a0f3a)
#27 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:507:12 (libxul.so+0x95a0f3a)
#28 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x9596ac6)
#29 CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:578:10 (libxul.so+0x9596ac6)
#30 Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3314:16 (libxul.so+0x9596ac6)
#31 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:389:13 (libxul.so+0x9589ba7)
#32 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:539:13 (libxul.so+0x95a10c1)
#33 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x95a201c)
#34 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:8 (libxul.so+0x95a201c)
#35 js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/SelfHosting.cpp:1590:10 (libxul.so+0x893fb07)
#36 js::jit::InterpretResume(JSContext*, JS::Handle<JSObject*>, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:1093:10 (libxul.so+0x8f1c2ee)
#37 <null> <null> (0x7f60612729e0)
#38 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:379:32 (libxul.so+0x9589ab1)
#39 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:539:13 (libxul.so+0x95a10c1)
#40 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x95a201c)
#41 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:8 (libxul.so+0x95a201c)
#42 js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/SelfHosting.cpp:1590:10 (libxul.so+0x893fb07)
#43 AsyncFunctionResume(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, ResumeKind, JS::Handle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/AsyncFunction.cpp:152:8 (libxul.so+0x8718bd8)
#44 js::AsyncFunctionAwaitedFulfilled(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, JS::Handle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/AsyncFunction.cpp:193:10 (libxul.so+0x8718957)
#45 AsyncFunctionPromiseReactionJob /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2113:12 (libxul.so+0x88bd260)
#46 PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2176:12 (libxul.so+0x88bd260)
#47 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:420:13 (libxul.so+0x95a0f3a)
#48 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:507:12 (libxul.so+0x95a0f3a)
#49 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x95a201c)
#50 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:8 (libxul.so+0x95a201c)
#51 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10 (libxul.so+0x8739ec1)
#52 mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:35:8 (libxul.so+0x31efa1e)
#53 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:89:12 (libxul.so+0x10b1d7e)
#54 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:102:12 (libxul.so+0x10b1d7e)
#55 mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:213:18 (libxul.so+0x10b1d7e)
#56 mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:674:17 (libxul.so+0x109ee43)
#57 LeaveMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:243:7 (libxul.so+0x424cf7e)
#58 ~nsAutoMicroTask /builds/worker/workspace/obj-build/dist/include/mozilla/CycleCollectedJSContext.h:394:13 (libxul.so+0x424cf7e)
#59 mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1318:3 (libxul.so+0x424cf7e)
#60 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1507:17 (libxul.so+0x424daed)
#61 HandleEvent /builds/worker/checkouts/gecko/dom/events/EventListenerManager.h:395:5 (libxul.so+0x4242cde)
#62 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:348:17 (libxul.so+0x4242cde)
#63 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:480:12 (libxul.so+0x4241cdd)
#64 mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:1119:11 (libxul.so+0x4244d0d)
#65 nsDocumentViewer::LoadComplete(nsresult) /builds/worker/checkouts/gecko/layout/base/nsDocumentViewer.cpp:1085:7 (libxul.so+0x5e8b426)
#66 nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:6458:20 (libxul.so+0x7cb5992)
#67 nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:5850:7 (libxul.so+0x7cb5354)
#68 non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp (libxul.so+0x7cb61ab)
#69 nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:1377:3 (libxul.so+0x20ae85e)
#70 nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:975:14 (libxul.so+0x20adf6a)
#71 nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:794:9 (libxul.so+0x20ac0d1)
#72 nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:677:5 (libxul.so+0x20ad429)
#73 nsDocShell::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:13846:23 (libxul.so+0x7cd1fbc)
#74 non-virtual thunk to nsDocShell::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp (libxul.so+0x7cd21b8)
#75 mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:614:22 (libxul.so+0x1388b1c)
#76 mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:518:10 (libxul.so+0x138a072)
#77 nsJARChannel::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/modules/libjar/nsJARChannel.cpp:1242:31 (libxul.so+0x1fd5ae0)
#78 non-virtual thunk to nsJARChannel::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/modules/libjar/nsJARChannel.cpp (libxul.so+0x1fd8832)
#79 nsInputStreamPump::OnStateStop() /builds/worker/checkouts/gecko/netwerk/base/nsInputStreamPump.cpp:657:16 (libxul.so+0x13869b8)
#80 nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) /builds/worker/checkouts/gecko/netwerk/base/nsInputStreamPump.cpp:382:21 (libxul.so+0x1385a42)
#81 non-virtual thunk to nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) /builds/worker/checkouts/gecko/netwerk/base/nsInputStreamPump.cpp (libxul.so+0x1386c99)
#82 operator() /builds/worker/checkouts/gecko/xpcom/io/nsPipe3.cpp:74:47 (libxul.so+0x1178101)
#83 already_AddRefed<mozilla::CancelableRunnable> NS_NewCancelableRunnableFunction<CallbackHolder::CallbackHolder(nsIAsyncInputStream*, nsIInputStreamCallback*, unsigned int, nsIEventTarget*)::'lambda'()>(char const*, CallbackHolder::CallbackHolder(nsIAsyncInputStream*, nsIInputStreamCallback*, unsigned int, nsIEventTarget*)::'lambda'()&&)::FuncCancelableRunnable::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:650:9 (libxul.so+0x1178101)
#84 mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:475:16 (libxul.so+0x11d78b7)
#85 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:788:26 (libxul.so+0x11b060d)
#86 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:620:15 (libxul.so+0x11aeaa6)
#87 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:398:36 (libxul.so+0x11aed84)
#88 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:124:37 (libxul.so+0x11db577)
#89 mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5 (libxul.so+0x11db577)
#90 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1180:16 (libxul.so+0x11c4b22)
#91 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10 (libxul.so+0x11cb1f5)
#92 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x1e1cf5b)
#93 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:380:10 (libxul.so+0x1d3d41c)
#94 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:373:3 (libxul.so+0x1d3d41c)
#95 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:355:3 (libxul.so+0x1d3d41c)
#96 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27 (libxul.so+0x5a66466)
#97 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0x839d9b3)
#98 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5731:22 (libxul.so+0x84dc327)
#99 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5916:8 (libxul.so+0x84dcddf)
#100 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5983:21 (libxul.so+0x84dd454)
#101 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x84e8ff2)
#102 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox+0xdf12f)
#103 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:406:16 (firefox+0xdf12f)
Thread T44 'Compositor' (tid=4055, running) created by main thread at:
#0 pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1022:3 (firefox+0x5dfdd)
#1 _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14 (libnspr4.so+0x3cfb5)
#2 PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12 (libnspr4.so+0x320a5)
#3 nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:604:18 (libxul.so+0x11c1ce5)
#4 nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadManager.cpp:534:12 (libxul.so+0x11ca104)
#5 NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:161:57 (libxul.so+0x11d2314)
#6 NS_NewNamedThread<11UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:74:10 (libxul.so+0x256f835)
#7 mozilla::layers::CompositorThreadHolder::CreateCompositorThread() /builds/worker/checkouts/gecko/gfx/layers/ipc/CompositorThread.cpp:66:17 (libxul.so+0x256f835)
#8 CompositorThreadHolder /builds/worker/checkouts/gecko/gfx/layers/ipc/CompositorThread.cpp:40:25 (libxul.so+0x256fa01)
#9 mozilla::layers::CompositorThreadHolder::Start() /builds/worker/checkouts/gecko/gfx/layers/ipc/CompositorThread.cpp:109:33 (libxul.so+0x256fa01)
#10 gfxPlatform::InitLayersIPC() /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatform.cpp:1300:5 (libxul.so+0x269e88f)
#11 gfxPlatform::Init() /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatform.cpp:956:3 (libxul.so+0x269c7b1)
#12 gfxPlatform::GetPlatform() /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatform.cpp:466:5 (libxul.so+0x269b540)
#13 mozilla::widget::GfxInfoBase::GetContentBackend(nsTSubstring<char16_t>&) /builds/worker/checkouts/gecko/widget/GfxInfoBase.cpp:1871:25 (libxul.so+0x5a20547)
#14 NS_InvokeByIndex /builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:101 (libxul.so+0x11f5935)
#15 GetAttribute /builds/worker/checkouts/gecko/js/xpconnect/src/xpcprivate.h:1470:12 (libxul.so+0x1fae3bb)
#16 XPC_WN_GetterSetter(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1003:10 (libxul.so+0x1fae3bb)
#17 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:420:13 (libxul.so+0x95a0f3a)
#18 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:507:12 (libxul.so+0x95a0f3a)
#19 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x95a201c)
#20 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:8 (libxul.so+0x95a201c)
#21 js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:731:10 (libxul.so+0x95a30aa)
#22 CallGetter /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:1983:12 (libxul.so+0x884c0e6)
#23 GetExistingProperty<js::CanGC> /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2011:12 (libxul.so+0x884c0e6)
#24 NativeGetPropertyInline<js::CanGC> /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2153:14 (libxul.so+0x884c0e6)
#25 js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2184:10 (libxul.so+0x884c0e6)
#26 GetElementOperationWithStackIndex /builds/worker/checkouts/gecko/js/src/vm/Interpreter-inl.h (libxul.so+0x9595129)
#27 Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3119:12 (libxul.so+0x9595129)
#28 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:389:13 (libxul.so+0x9589ba7)
#29 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:539:13 (libxul.so+0x95a10c1)
#30 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:574:10 (libxul.so+0x95a201c)
#31 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:8 (libxul.so+0x95a201c)
#32 JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:53:10 (libxul.so+0x8738f3e)
#33 nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedJSClass.cpp:981:17 (libxul.so+0x1fa40cb)
#34 PrepareAndDispatch /builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:115:37 (libxul.so+0x11f6927)
#35 SharedStub xptcstubs_x86_64_linux.cpp (libxul.so+0x11f5c72)
#36 nsXREDirProvider::DoStartup() /builds/worker/checkouts/gecko/toolkit/xre/nsXREDirProvider.cpp:936:11 (libxul.so+0x84ed56d)
#37 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5474:18 (libxul.so+0x84dbc8c)
#38 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5916:8 (libxul.so+0x84dcddf)
#39 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5983:21 (libxul.so+0x84dd454)
#40 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0x84e8ff2)
#41 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox+0xdf12f)
#42 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:406:16 (firefox+0xdf12f)
SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/gfx/cairo/cairo/src/cairo-list-inline.h:150:43 in _cairo_list_del
|
||
Comment 1•2 years ago
|
||
The read and write races look like we're trying to release the same surface on two different threads?
Group: core-security → gfx-core-security
|
|
||
Updated•2 years ago
|
Keywords: csectype-race,
sec-moderate
|
||
Updated•2 years ago
|
Severity: -- → S2
|
Assignee | |
Comment 2•2 years ago
|
||
The race doesn't come from the fact that we're freeing the same surface. It happens because cairo_xlib_surface's are managed internally in a list inside cairo_xlib_screen. Two different cairo_xlib_surfaces are being destroyed at the same time on different threads, but since cairo_xlib_screen isn't thread safe, this causes the race on that internal list, hence why it turns up as a race in _cairo_list_del, but not in any of the enclosing structures.
Since GLContextGLX doesn't actually use the gfxXlibSurface (that was causing the Cairo use) for anything other than lifetime management, it's much easier to just inline the calls to XCreatePixmap/XFreePixmap here and do the management ourselves. This obviates the path through Cairo and eliminates the thread safety issue.
|
|
Assignee | |
Comment 3•2 years ago
|
||
|
||
Updated•2 years ago
|
Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•2 years ago
|
status-firefox103:
--- → affected
status-firefox104:
--- → affected
status-firefox105:
--- → affected
status-firefox-esr102:
--- → affected
status-firefox-esr91:
--- → affected
|
|
Assignee | |
Comment 4•2 years ago
|
||
Comment on attachment 9288418 [details]
Bug 1771159 - Don't use gfxXlibSurface in GLContextGLX. r?jgilbert
Security Approval Request
- How easily could an exploit be constructed based on the patch?: Unlikely, as this bug mostly affects shutdown.
- Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No
- Which older supported branches are affected by this flaw?: 91+
- If not all supported branches, which bug introduced the flaw?: None
- Do you have backports for the affected branches?: Yes
- If not, how different, hard to create, and risky will they be?:
- How likely is this patch to cause regressions; how much testing does it need?: Unlikely
- Is Android affected?: No
Attachment #9288418 -
Flags: sec-approval?
|
||
Comment 5•2 years ago
|
||
Comment on attachment 9288418 [details]
Bug 1771159 - Don't use gfxXlibSurface in GLContextGLX. r?jgilbert
Approved to request uplift and land
Attachment #9288418 -
Flags: sec-approval? → sec-approval+
|
|
Assignee | |
Comment 6•2 years ago
|
||
Comment on attachment 9288418 [details]
Bug 1771159 - Don't use gfxXlibSurface in GLContextGLX. r?jgilbert
Beta/Release Uplift Approval Request
- User impact if declined: Potential shutdown crashes.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Removes Cairo usage that was unsafe, but Linux only.
- String changes made/needed:
- Is Android affected?: No
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration:
- User impact if declined:
- Fix Landed on Version: 105
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky):
Attachment #9288418 -
Flags: approval-mozilla-esr102?
Attachment #9288418 -
Flags: approval-mozilla-beta?
|
||
Updated•2 years ago
|
|
||
Comment 7•2 years ago
|
||
Don't use gfxXlibSurface in GLContextGLX. r=jgilbert
https://hg.mozilla.org/integration/autoland/rev/1370a06b62c662e13be4a856d1d187070e55d782
https://hg.mozilla.org/mozilla-central/rev/1370a06b62c6
Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
|
||
Comment 8•2 years ago
|
||
Comment on attachment 9288418 [details]
Bug 1771159 - Don't use gfxXlibSurface in GLContextGLX. r?jgilbert
Approved for 104.0b8
Attachment #9288418 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 9•2 years ago
|
||
| uplift | ||
|
|
||
Comment 10•2 years ago
|
||
Comment on attachment 9288418 [details]
Bug 1771159 - Don't use gfxXlibSurface in GLContextGLX. r?jgilbert
Approved for 102.2esr.
Attachment #9288418 -
Flags: approval-mozilla-esr102? → approval-mozilla-esr102+
|
|
||
Comment 11•2 years ago
|
||
| uplift | ||
|
|
||
Updated•2 years ago
|
Whiteboard: [adv-main104+r]
|
|
||
Updated•2 years ago
|
Whiteboard: [adv-main104+r] → [adv-main104+r][adv-esr102.2+r]
|
||
Updated•2 years ago
|
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
|
|
||
Updated•1 year ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•