1798849 - ThreadSanitizer: data race /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:772:45 in _S_right

Status: NEW

(Core :: XPCOM, defect)

Description

[Mike Hommey [:glandium]]

While tracking down bug 1798613, I hit this tsan report:

WARNING: ThreadSanitizer: data race (pid=8702)
  Read of size 8 at 0x7b0c00003078 by main thread:
    #0 _S_right /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:772:45 (libxul.so+0x404f4a8) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #1 std::_Rb_tree<RefPtr<mozilla::Task>, RefPtr<mozilla::Task>, std::_Identity<RefPtr<mozilla::Task>>, mozilla::Task::PriorityCompare, std::allocator<RefPtr<mozilla::Task>>>::_M_erase(std::_Rb_tree_node<RefPtr<mozilla::Task>>*) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:1856:13 (libxul.so+0x404f4a8)
    #2 ~_Rb_tree /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:949:9 (libxul.so+0x4066a36) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #3 ~set /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_set.h:271:22 (libxul.so+0x4066a36)
    #4 mozilla::TaskController::~TaskController() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.h:279:7 (libxul.so+0x4066a36)
    #5 operator() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/unique_ptr.h:78:2 (libxul.so+0x4059bcb) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #6 std::unique_ptr<mozilla::TaskController, std::default_delete<mozilla::TaskController>>::~unique_ptr() /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/unique_ptr.h:263:4 (libxul.so+0x4059bcb)
    #7 cxa_at_exit_callback_installed_at(void*) /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:404:3 (plugin-container+0xeff1a) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #8 __cxx_global_var_init.47 /builds/worker/workspace/obj-build/xpcom/threads/Unified_cpp_xpcom_threads0.cpp (libxul.so+0x406811d) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #9 _GLOBAL__sub_I_Unified_cpp_xpcom_threads0.cpp /builds/worker/workspace/obj-build/xpcom/threads/Unified_cpp_xpcom_threads0.cpp (libxul.so+0x406811d)
  Previous write of size 8 at 0x7b0c00003078 by thread T3 (mutexes: write M0, write M1):
    #0 malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:667:5 (plugin-container+0xb1a01) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #1 moz_xmalloc /builds/worker/checkouts/gecko/memory/mozalloc/mozalloc.cpp:52:15 (plugin-container+0x133cfb) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #2 operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10 (libxul.so+0x4066294) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #3 allocate /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/ext/new_allocator.h:111:27 (libxul.so+0x4066294)
    #4 allocate /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/alloc_traits.h:436:20 (libxul.so+0x4066294)
    #5 _M_get_node /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:588:16 (libxul.so+0x4066294)
    #6 _M_create_node<RefPtr<mozilla::Task> > /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:642:23 (libxul.so+0x4066294)
    #7 operator()<RefPtr<mozilla::Task> > /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:556:18 (libxul.so+0x4066294)
    #8 _M_insert_<RefPtr<mozilla::Task>, std::_Rb_tree<RefPtr<mozilla::Task>, RefPtr<mozilla::Task>, std::_Identity<RefPtr<mozilla::Task> >, mozilla::Task::PriorityCompare, std::allocator<RefPtr<mozilla::Task> > >::_Alloc_node> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:1753:19 (libxul.so+0x4066294)
    #9 std::pair<std::_Rb_tree_iterator<RefPtr<mozilla::Task>>, bool> std::_Rb_tree<RefPtr<mozilla::Task>, RefPtr<mozilla::Task>, std::_Identity<RefPtr<mozilla::Task>>, mozilla::Task::PriorityCompare, std::allocator<RefPtr<mozilla::Task>>>::_M_insert_unique<RefPtr<mozilla::Task>>(RefPtr<mozilla::Task>&&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:2096:16 (libxul.so+0x4066294)
    #10 mozilla::TaskController::AddTask(already_AddRefed<mozilla::Task>&&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp (libxul.so+0x405c032) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #11 DispatchRunnable /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:574:26 (libxul.so+0x4051cba) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #12 mozilla::detail::EventQueueInternal<16ul>::PutEvent(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority, mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&, mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) /builds/worker/checkouts/gecko/xpcom/threads/EventQueue.cpp:55:9 (libxul.so+0x4051cba)
    #13 mozilla::ThreadEventQueue::PutEventInternal(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority, mozilla::ThreadEventQueue::NestedSink*) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventQueue.cpp (libxul.so+0x406b8b0) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #14 mozilla::ThreadEventQueue::PutEvent(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventQueue.cpp:73:10 (libxul.so+0x406b676) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #15 mozilla::ThreadEventTarget::Dispatch(already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventTarget.cpp:114:15 (libxul.so+0x406d260) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #16 nsThread::Dispatch(already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:675:24 (libxul.so+0x407af6e) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #17 Dispatch /builds/worker/workspace/obj-build/dist/include/nsIEventTarget.h:42:14 (libxul.so+0x4096153) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #18 nsThreadSyncDispatch::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadSyncDispatch.h:46:16 (libxul.so+0x4096153)
    #19 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1198:16 (libxul.so+0x407ddbb) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #20 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10 (libxul.so+0x4084856) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #21 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:330:5 (libxul.so+0x4d4eb58) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #22 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10 (libxul.so+0x4c69987) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #23 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3 (libxul.so+0x4c69987)
    #24 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3 (libxul.so+0x4c69987)
    #25 nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:383:10 (libxul.so+0x4078fa2) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #26 _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x523e3) (BuildId: ea8cc87c37c6415f0371c49e2ba28d25a61e768b)
  Location is heap block of size 40 at 0x7b0c00003060 allocated by thread T3:
    #0 malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:667:5 (plugin-container+0xb1a01) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #1 moz_xmalloc /builds/worker/checkouts/gecko/memory/mozalloc/mozalloc.cpp:52:15 (plugin-container+0x133cfb) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #2 operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10 (libxul.so+0x4066294) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #3 allocate /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/ext/new_allocator.h:111:27 (libxul.so+0x4066294)
    #4 allocate /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/alloc_traits.h:436:20 (libxul.so+0x4066294)
    #5 _M_get_node /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:588:16 (libxul.so+0x4066294)
    #6 _M_create_node<RefPtr<mozilla::Task> > /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:642:23 (libxul.so+0x4066294)
    #7 operator()<RefPtr<mozilla::Task> > /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:556:18 (libxul.so+0x4066294)
    #8 _M_insert_<RefPtr<mozilla::Task>, std::_Rb_tree<RefPtr<mozilla::Task>, RefPtr<mozilla::Task>, std::_Identity<RefPtr<mozilla::Task> >, mozilla::Task::PriorityCompare, std::allocator<RefPtr<mozilla::Task> > >::_Alloc_node> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:1753:19 (libxul.so+0x4066294)
    #9 std::pair<std::_Rb_tree_iterator<RefPtr<mozilla::Task>>, bool> std::_Rb_tree<RefPtr<mozilla::Task>, RefPtr<mozilla::Task>, std::_Identity<RefPtr<mozilla::Task>>, mozilla::Task::PriorityCompare, std::allocator<RefPtr<mozilla::Task>>>::_M_insert_unique<RefPtr<mozilla::Task>>(RefPtr<mozilla::Task>&&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:2096:16 (libxul.so+0x4066294)
    #10 mozilla::TaskController::AddTask(already_AddRefed<mozilla::Task>&&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp (libxul.so+0x405c032) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #11 DispatchRunnable /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:574:26 (libxul.so+0x4051cba) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #12 mozilla::detail::EventQueueInternal<16ul>::PutEvent(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority, mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&, mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) /builds/worker/checkouts/gecko/xpcom/threads/EventQueue.cpp:55:9 (libxul.so+0x4051cba)
    #13 mozilla::ThreadEventQueue::PutEventInternal(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority, mozilla::ThreadEventQueue::NestedSink*) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventQueue.cpp (libxul.so+0x406b8b0) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #14 mozilla::ThreadEventQueue::PutEvent(already_AddRefed<nsIRunnable>&&, mozilla::EventQueuePriority) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventQueue.cpp:73:10 (libxul.so+0x406b676) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #15 mozilla::ThreadEventTarget::Dispatch(already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventTarget.cpp:114:15 (libxul.so+0x406d260) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #16 nsThread::Dispatch(already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:675:24 (libxul.so+0x407af6e) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #17 Dispatch /builds/worker/workspace/obj-build/dist/include/nsIEventTarget.h:42:14 (libxul.so+0x4096153) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #18 nsThreadSyncDispatch::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadSyncDispatch.h:46:16 (libxul.so+0x4096153)
    #19 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1198:16 (libxul.so+0x407ddbb) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #20 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10 (libxul.so+0x4084856) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #21 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:330:5 (libxul.so+0x4d4eb58) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #22 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10 (libxul.so+0x4c69987) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #23 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3 (libxul.so+0x4c69987)
    #24 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3 (libxul.so+0x4c69987)
    #25 nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:383:10 (libxul.so+0x4078fa2) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #26 _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x523e3) (BuildId: ea8cc87c37c6415f0371c49e2ba28d25a61e768b)
  Mutex M0 (0x7b2c00001160) created at:
    #0 pthread_mutex_init /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1316:3 (plugin-container+0xb493f) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #1 mozilla::detail::MutexImpl::MutexImpl() /builds/worker/checkouts/gecko/mozglue/misc/Mutex_posix.cpp:78:3 (plugin-container+0x19daa2) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #2 OffTheBooksMutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:46:12 (libxul.so+0x408190a) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #3 Mutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:125:39 (libxul.so+0x408190a)
    #4 ThreadEventQueue /builds/worker/checkouts/gecko/xpcom/threads/ThreadEventQueue.cpp:61:7 (libxul.so+0x408190a)
    #5 nsThreadManager::Init() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadManager.cpp:299:11 (libxul.so+0x408190a)
    #6 mozilla::gmp::GMPChild::Init(nsTSubstring<char16_t> const&, mozilla::ipc::UntypedEndpoint&&) /builds/worker/checkouts/gecko/dom/media/gmp/GMPChild.cpp:169:7 (libxul.so+0x7a8e185) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #7 mozilla::gmp::GMPProcessChild::Init(int, char**) /builds/worker/checkouts/gecko/dom/media/gmp/GMPProcessChild.cpp:40:18 (libxul.so+0x7ab5aa0) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #8 XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:709:21 (libxul.so+0xb953870) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #9 mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:67:12 (libxul.so+0xb95da02) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #10 content_process_main /builds/worker/checkouts/gecko/ipc/app/../contentproc/plugin-container.cpp:57:28 (plugin-container+0x133a0f) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #11 main /builds/worker/checkouts/gecko/ipc/app/MozillaRuntimeMain.cpp:94:11 (plugin-container+0x133a0f)
  Mutex M1 (0x7b5000001600) created at:
    #0 pthread_mutex_init /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1316:3 (plugin-container+0xb493f) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #1 mozilla::detail::MutexImpl::MutexImpl() /builds/worker/checkouts/gecko/mozglue/misc/Mutex_posix.cpp:78:3 (plugin-container+0x19daa2) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #2 OffTheBooksMutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:46:12 (libxul.so+0x4066fc2) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #3 Mutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:125:39 (libxul.so+0x4066fc2)
    #4 mozilla::TaskController::TaskController() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.h:282:9 (libxul.so+0x4066fc2)
    #5 make_unique<mozilla::TaskController> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/unique_ptr.h:821:34 (libxul.so+0x4059e85) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #6 mozilla::TaskController::Initialize() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:172:16 (libxul.so+0x4059e85)
    #7 nsThreadManager::Init() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadManager.cpp:287:3 (libxul.so+0x40816a8) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #8 mozilla::gmp::GMPChild::Init(nsTSubstring<char16_t> const&, mozilla::ipc::UntypedEndpoint&&) /builds/worker/checkouts/gecko/dom/media/gmp/GMPChild.cpp:169:7 (libxul.so+0x7a8e185) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #9 mozilla::gmp::GMPProcessChild::Init(int, char**) /builds/worker/checkouts/gecko/dom/media/gmp/GMPProcessChild.cpp:40:18 (libxul.so+0x7ab5aa0) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #10 XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:709:21 (libxul.so+0xb953870) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #11 mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:67:12 (libxul.so+0xb95da02) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #12 content_process_main /builds/worker/checkouts/gecko/ipc/app/../contentproc/plugin-container.cpp:57:28 (plugin-container+0x133a0f) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #13 main /builds/worker/checkouts/gecko/ipc/app/MozillaRuntimeMain.cpp:94:11 (plugin-container+0x133a0f)
  Thread T3 'ProfilerChild' (tid=8706, running) created by main thread at:
    #0 pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1022:3 (plugin-container+0xb316d) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #1 _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14 (libnspr4.so+0x4948f) (BuildId: ea8cc87c37c6415f0371c49e2ba28d25a61e768b)
    #2 PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12 (libnspr4.so+0x3e2a5) (BuildId: ea8cc87c37c6415f0371c49e2ba28d25a61e768b)
    #3 nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:617:18 (libxul.so+0x407ab57) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #4 nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadManager.cpp:533:12 (libxul.so+0x408368e) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #5 NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:161:57 (libxul.so+0x408bcc5) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #6 NS_NewNamedThread<14UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:85:10 (libxul.so+0xb304f68) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #7 mozilla::ChildProfilerController::Init(mozilla::ipc::Endpoint<mozilla::PProfilerChild>&&) /builds/worker/checkouts/gecko/tools/profiler/gecko/ChildProfilerController.cpp:37:7 (libxul.so+0xb304f68)
    #8 mozilla::ChildProfilerController::Create(mozilla::ipc::Endpoint<mozilla::PProfilerChild>&&) /builds/worker/checkouts/gecko/tools/profiler/gecko/ChildProfilerController.cpp:26:8 (libxul.so+0xb304ead) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #9 mozilla::gmp::GMPChild::RecvInitProfiler(mozilla::ipc::Endpoint<mozilla::PProfilerChild>&&) /builds/worker/checkouts/gecko/dom/media/gmp/GMPChild.cpp:718:7 (libxul.so+0x7a918bc) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #10 mozilla::gmp::PGMPChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PGMPChild.cpp:613:76 (libxul.so+0x7b0cb92) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #11 mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25 (libxul.so+0x4d49b7c) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #12 mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9 (libxul.so+0x4d47f07) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #13 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3 (libxul.so+0x4d485eb) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #14 mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14 (libxul.so+0x4d4918e) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #15 RunTask /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:504:11 (libxul.so+0x4c6a58f) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #16 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:513:5 (libxul.so+0x4c6a58f)
    #17 MessageLoop::DoWork() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:588:13 (libxul.so+0x4c6b20f) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #18 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_pump_default.cc:36:31 (libxul.so+0x4c6bdc6) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #19 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10 (libxul.so+0x4c69987) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #20 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3 (libxul.so+0x4c69987)
    #21 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3 (libxul.so+0x4c69987)
    #22 XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34 (libxul.so+0xb95389a) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #23 mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:67:12 (libxul.so+0xb95da02) (BuildId: b40bdee2d9adf69d39b04fc8a405646fca6766c4)
    #24 content_process_main /builds/worker/checkouts/gecko/ipc/app/../contentproc/plugin-container.cpp:57:28 (plugin-container+0x133a0f) (BuildId: b7a200684c4cae5c3380794ded4443b8c227e54b)
    #25 main /builds/worker/checkouts/gecko/ipc/app/MozillaRuntimeMain.cpp:94:11 (plugin-container+0x133a0f)
SUMMARY: ThreadSanitizer: data race /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_tree.h:772:45 in _S_right

Comment 1

[Mike Hommey [:glandium]]

Seems like using StaticAutoPtr instead of unique_ptr for TaskController::sSingleton would fix this, but I'm not sure whether there should be a ClearOnShutdown or not.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:nika, could you have a look please?

For more information, please visit auto_nag documentation.

Comment 3

[Nika Layzell [:nika] (ni? for response)]

(In reply to Mike Hommey [:glandium] from comment #1)

Seems like using StaticAutoPtr instead of unique_ptr for TaskController::sSingleton would fix this, but I'm not sure whether there should be a ClearOnShutdown or not.

Theoretically the singleton should already be being cleared during shutdown (https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/xpcom/threads/TaskController.cpp#265). The fact that we're getting into cxa_atexit without going through NS_ShutdownXPCOM enough to shutdown the task controller is pretty odd... (it's shut down here: https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/xpcom/build/XPCOMInit.cpp#769).

I don't see any way that we could end up running normal shutdown between where xpcom is started up, and shut down in a content process (https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/toolkit/xre/nsEmbedFunctions.cpp#709,745-747 - the xpcom startup happens at the end of ContentProcess::Init so we can't return an error there: https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/dom/ipc/ContentProcess.cpp#156).

AFAICT the only way that this could happen is if we call exit() somewhere, which would run atexit hooks IIRC, or we are returning from NS_InitXPCOM with an error after initializing nsThreadManager (https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/xpcom/build/XPCOMInit.cpp#304), as we only shutdown XPCOM if NS_InitXPCOM succeeds (https://searchfox.org/mozilla-central/rev/fadd0a14d2a2724ee4733ef73970a2ddd457a43f/ipc/glue/ScopedXREEmbed.cpp#85,89-90).

I don't suppose you have some more details about the particular issue here? We should definitely be changing TaskController out to use StaticAutoPtr anyway, but I'm curious how this crash is happening in practice.

Comment 4

[Mike Hommey [:glandium]]

The only thing I know that is not mentioned here is that it happens during mochitests. I've seen it appear on autoland, too (not only on my try pushes).

Comment 5

[Intermittent Failures Robot]

1 failures in 3856 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-02-13&endday=2023-02-19&tree=all

Comment 6

[Intermittent Failures Robot]

1 failures in 3966 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-03-06&endday=2023-03-12&tree=all

Comment 7

[Tyson Smith [:tsmith]]

The DOM fuzzers are reporting this somewhat frequently.

Comment 8

[Intermittent Failures Robot]

1 failures in 3946 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-05-22&endday=2023-05-28&tree=all

Comment 9

[Intermittent Failures Robot]

2 failures in 3471 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 1
• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 2
  • opt: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-05-29&endday=2023-06-04&tree=all

Comment 10

[Intermittent Failures Robot]

1 failures in 3880 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-06-19&endday=2023-06-25&tree=all

Comment 11

[Intermittent Failures Robot]

3 failures in 2956 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 3

Platform and build breakdown:

• linux1804-64-tsan-qr: 3
  • opt: 3

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-07-03&endday=2023-07-09&tree=all

Comment 12

[Intermittent Failures Robot]

2 failures in 3520 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 2

Platform and build breakdown:

• linux1804-64-tsan-qr: 2
  • opt: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-07-17&endday=2023-07-23&tree=all

Comment 13

[Intermittent Failures Robot]

1 failures in 3403 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-07-24&endday=2023-07-30&tree=all

Comment 14

[Intermittent Failures Robot]

5 failures in 3276 pushes (0.002 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 5

Platform and build breakdown:

• linux1804-64-tsan-qr: 5
  • opt: 5

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-07-31&endday=2023-08-06&tree=all

Comment 15

[Intermittent Failures Robot]

14 failures in 3341 pushes (0.004 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 10
• mozilla-release: 1
• mozilla-central: 3

Platform and build breakdown:

• linux1804-64-tsan-qr: 14
  • opt: 14

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-08-07&endday=2023-08-13&tree=all

Comment 16

[Intermittent Failures Robot]

1 failures in 3076 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-08-14&endday=2023-08-20&tree=all

Comment 17

[Intermittent Failures Robot]

5 failures in 2218 pushes (0.002 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 5

Platform and build breakdown:

• linux1804-64-tsan-qr: 5
  • opt: 5

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-08-21&endday=2023-08-27&tree=all

Comment 18

[Intermittent Failures Robot]

3 failures in 3019 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 2
• mozilla-central: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 3
  • opt: 3

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-08-28&endday=2023-09-03&tree=all

Comment 19

[Intermittent Failures Robot]

1 failures in 3267 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 1

Platform and build breakdown:

• linux1804-64-tsan-qr: 1
  • opt: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1798849&startday=2023-09-04&endday=2023-09-10&tree=all