Closed
Bug 1829252
Opened 2 years ago
Closed 1 year ago
ThreadSanitizer: data race [@ mozilla::nsAvailableMemoryWatcherBase::OnUnloadAttemptCompleted] vs. [@ mozilla::CreateAvailableMemoryWatcher]
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
120 Branch
People
(Reporter: tsmith, Assigned: KrisWright)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-race, sec-low, Whiteboard: [adv-main120+r][adv-esr115.5+r])
Attachments
(1 file)
Found while fuzzing m-c 20230419-1be4e6b8f5cb (--enable-thread-sanitizer --enable-fuzzing)
Unfortunately no test case is available.
WARNING: ThreadSanitizer: data race (pid=156050)
Write of size 4 at 0x7b280005a98c by main thread:
#0 mozilla::nsAvailableMemoryWatcherBase::OnUnloadAttemptCompleted(nsresult) /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:137:7 (libxul.so+0x411f5ae) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#1 NS_InvokeByIndex /builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:101 (libxul.so+0x42991c5) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#2 XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:965:10 (libxul.so+0x5156b30) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#3 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:486:13 (libxul.so+0xc153d49) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#4 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:580:12 (libxul.so+0xc153d49)
#5 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc1644dc) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#6 CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10 (libxul.so+0xc1644dc)
#7 js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3395:16 (libxul.so+0xc1644dc)
#8 MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:400:10 (libxul.so+0xc15338c) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#9 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:458:13 (libxul.so+0xc15338c)
#10 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:612:13 (libxul.so+0xc153e19) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#11 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc154a07) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#12 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:679:8 (libxul.so+0xc154a07)
#13 JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:53:10 (libxul.so+0xc20045e) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#14 nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCWrappedJSClass.cpp:918:17 (libxul.so+0x514c404) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#15 PrepareAndDispatch /builds/worker/checkouts/gecko/xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:115:37 (libxul.so+0x429a177) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#16 SharedStub xptcstubs_x86_64_linux.cpp (libxul.so+0x42994c2) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#17 mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:555:16 (libxul.so+0x424d172) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#18 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:879:26 (libxul.so+0x4246264) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#19 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:702:15 (libxul.so+0x4244736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#20 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:491:36 (libxul.so+0x4244b2f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#21 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:218:37 (libxul.so+0x424f954) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#22 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x424f954)
#23 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1239:16 (libxul.so+0x42669c6) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#24 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10 (libxul.so+0x426d736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#25 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x4f8f2be) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#26 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 (libxul.so+0x4ea70c8) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#27 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 (libxul.so+0x4ea70c8)
#28 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 (libxul.so+0x4ea70c8)
#29 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x93b38e3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#30 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0xbda44a2) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#31 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5686:22 (libxul.so+0xbf0b382) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#32 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5886:8 (libxul.so+0xbf0bec3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#33 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5942:21 (libxul.so+0xbf0c581) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#34 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0xbf1b912) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#35 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox-bin+0x142095) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#36 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:445:16 (firefox-bin+0x142095)
Previous write of size 8 at 0x7b280005a988 by thread T137 (mutexes: write M0):
#0 __tsan_memset /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:3173:3 (firefox-bin+0xfdccd) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#1 mozilla::nsAvailableMemoryWatcherBase::RecordTelemetryEventOnHighMemory() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:166:22 (libxul.so+0x411f8cc) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#2 mozilla::nsAvailableMemoryWatcher::MaybeHandleHighMemory() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:232:5 (libxul.so+0x4120b5c) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#3 operator() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:184:17 (libxul.so+0x414bf38) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#4 mozilla::detail::RunnableFunction<mozilla::nsAvailableMemoryWatcher::Notify(nsITimer*)::$_0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:548:5 (libxul.so+0x414bf38)
#5 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1233:16 (libxul.so+0x4266cf6) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#6 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10 (libxul.so+0x426d736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#7 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:330:5 (libxul.so+0x4f8ff79) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#8 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 (libxul.so+0x4ea70c8) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#9 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 (libxul.so+0x4ea70c8)
#10 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 (libxul.so+0x4ea70c8)
#11 nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10 (libxul.so+0x4261df9) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#12 _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x4fc29) (BuildId: 399d685c8aab3f5d9bd34db622e0e582b7f01c4d)
Location is heap block of size 152 at 0x7b280005a960 allocated by main thread:
#0 malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:692:5 (firefox-bin+0xb77cc) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#1 moz_xmalloc /builds/worker/checkouts/gecko/memory/mozalloc/mozalloc.cpp:52:15 (firefox-bin+0x143ff8) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#2 operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10 (libxul.so+0x411ec4e) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#3 mozilla::CreateAvailableMemoryWatcher() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:102:18 (libxul.so+0x411ec4e)
#4 mozilla::nsAvailableMemoryWatcherBase::GetSingleton() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:49:18 (libxul.so+0x411eb4f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#5 mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:10166:60 (libxul.so+0x4222a05) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#6 mozilla::xpcom::StaticModule::CreateInstance(nsID const&, void**) const /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12993:10 (libxul.so+0x422630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#7 CreateInstance /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:184:46 (libxul.so+0x4231541) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#8 nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor>>&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:971:17 (libxul.so+0x4231541)
#9 nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:1160:10 (libxul.so+0x4232224) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#10 CallGetService(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManagerUtils.cpp:61:43 (libxul.so+0x4234ccd) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#11 xpc::CIGSHelper(JSContext*, unsigned int, JS::Value*, bool) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:585:10 (libxul.so+0x51325ac) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#12 xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:609:10 (libxul.so+0x5132147) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#13 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:486:13 (libxul.so+0xc153d49) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#14 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:580:12 (libxul.so+0xc153d49)
#15 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc1644dc) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#16 CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10 (libxul.so+0xc1644dc)
#17 js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3395:16 (libxul.so+0xc1644dc)
#18 MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:400:10 (libxul.so+0xc15338c) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#19 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:458:13 (libxul.so+0xc15338c)
#20 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:612:13 (libxul.so+0xc153e19) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#21 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc154a07) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#22 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:679:8 (libxul.so+0xc154a07)
#23 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10 (libxul.so+0xc201769) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#24 mozilla::dom::IdleRequestCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::IdleDeadline&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/WindowBinding.cpp:826:8 (libxul.so+0x6a9debf) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#25 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:691:12 (libxul.so+0x5d2630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#26 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:704:12 (libxul.so+0x5d2630a)
#27 mozilla::dom::(anonymous namespace)::IdleDispatchRunnable::Run() /builds/worker/checkouts/gecko/dom/base/ChromeUtils.cpp:481:17 (libxul.so+0x5d2630a)
#28 mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:555:16 (libxul.so+0x424d172) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#29 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:879:26 (libxul.so+0x4246264) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#30 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:744:15 (libxul.so+0x4244968) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#31 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:491:36 (libxul.so+0x4244b2f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#32 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:218:37 (libxul.so+0x424f954) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#33 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x424f954)
#34 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1239:16 (libxul.so+0x42669c6) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#35 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10 (libxul.so+0x426d736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#36 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x4f8f2be) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#37 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 (libxul.so+0x4ea70c8) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#38 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 (libxul.so+0x4ea70c8)
#39 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 (libxul.so+0x4ea70c8)
#40 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x93b38e3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#41 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0xbda44a2) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#42 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5686:22 (libxul.so+0xbf0b382) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#43 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5886:8 (libxul.so+0xbf0bec3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#44 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5942:21 (libxul.so+0xbf0c581) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#45 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0xbf1b912) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#46 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox-bin+0x142095) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#47 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:445:16 (firefox-bin+0x142095)
Mutex M0 (0x7b280005a9d0) created at:
#0 pthread_mutex_init /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1341:3 (firefox-bin+0xbae70) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#1 mozilla::detail::MutexImpl::MutexImpl() /builds/worker/checkouts/gecko/mozglue/misc/Mutex_posix.cpp:78:3 (firefox-bin+0x1ad9ce) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#2 OffTheBooksMutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:46:12 (libxul.so+0x411edd7) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#3 Mutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:125:39 (libxul.so+0x411edd7)
#4 nsAvailableMemoryWatcher /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:72:7 (libxul.so+0x411edd7)
#5 mozilla::CreateAvailableMemoryWatcher() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:102:22 (libxul.so+0x411edd7)
#6 mozilla::nsAvailableMemoryWatcherBase::GetSingleton() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:49:18 (libxul.so+0x411eb4f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#7 mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:10166:60 (libxul.so+0x4222a05) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#8 mozilla::xpcom::StaticModule::CreateInstance(nsID const&, void**) const /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12993:10 (libxul.so+0x422630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#9 CreateInstance /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:184:46 (libxul.so+0x4231541) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#10 nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor>>&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:971:17 (libxul.so+0x4231541)
#11 nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:1160:10 (libxul.so+0x4232224) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#12 CallGetService(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManagerUtils.cpp:61:43 (libxul.so+0x4234ccd) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#13 xpc::CIGSHelper(JSContext*, unsigned int, JS::Value*, bool) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:585:10 (libxul.so+0x51325ac) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#14 xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:609:10 (libxul.so+0x5132147) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#15 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:486:13 (libxul.so+0xc153d49) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#16 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:580:12 (libxul.so+0xc153d49)
#17 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc1644dc) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#18 CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10 (libxul.so+0xc1644dc)
#19 js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3395:16 (libxul.so+0xc1644dc)
#20 MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:400:10 (libxul.so+0xc15338c) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#21 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:458:13 (libxul.so+0xc15338c)
#22 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:612:13 (libxul.so+0xc153e19) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#23 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc154a07) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#24 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:679:8 (libxul.so+0xc154a07)
#25 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10 (libxul.so+0xc201769) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#26 mozilla::dom::IdleRequestCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::IdleDeadline&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/WindowBinding.cpp:826:8 (libxul.so+0x6a9debf) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#27 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:691:12 (libxul.so+0x5d2630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#28 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:704:12 (libxul.so+0x5d2630a)
#29 mozilla::dom::(anonymous namespace)::IdleDispatchRunnable::Run() /builds/worker/checkouts/gecko/dom/base/ChromeUtils.cpp:481:17 (libxul.so+0x5d2630a)
#30 mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:555:16 (libxul.so+0x424d172) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#31 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:879:26 (libxul.so+0x4246264) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#32 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:744:15 (libxul.so+0x4244968) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#33 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:491:36 (libxul.so+0x4244b2f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#34 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:218:37 (libxul.so+0x424f954) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#35 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x424f954)
#36 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1239:16 (libxul.so+0x42669c6) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#37 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10 (libxul.so+0x426d736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#38 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x4f8f2be) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#39 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 (libxul.so+0x4ea70c8) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#40 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 (libxul.so+0x4ea70c8)
#41 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 (libxul.so+0x4ea70c8)
#42 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x93b38e3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#43 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0xbda44a2) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#44 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5686:22 (libxul.so+0xbf0b382) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#45 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5886:8 (libxul.so+0xbf0bec3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#46 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5942:21 (libxul.so+0xbf0c581) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#47 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0xbf1b912) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#48 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox-bin+0x142095) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#49 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:445:16 (firefox-bin+0x142095)
Thread T137 'MemoryPoller' (tid=156370, running) created by main thread at:
#0 pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1048:3 (firefox-bin+0xb94fb) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#1 _PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14 (libnspr4.so+0x46cbe) (BuildId: 399d685c8aab3f5d9bd34db622e0e582b7f01c4d)
#2 PR_CreateThread /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12 (libnspr4.so+0x3bd44) (BuildId: 399d685c8aab3f5d9bd34db622e0e582b7f01c4d)
#3 nsThread::Init(nsTSubstring<char> const&) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:633:18 (libxul.so+0x4263a55) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#4 nsThreadManager::NewNamedThread(nsTSubstring<char> const&, nsIThreadManager::ThreadCreationOptions, nsIThread**) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadManager.cpp:548:12 (libxul.so+0x426c55f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#5 NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, nsIThreadManager::ThreadCreationOptions) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:175:57 (libxul.so+0x4275066) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#6 NS_NewNamedThread<13UL> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:87:10 (libxul.so+0x411fd97) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#7 mozilla::nsAvailableMemoryWatcher::Init() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:84:8 (libxul.so+0x411fd97)
#8 mozilla::CreateAvailableMemoryWatcher() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:104:7 (libxul.so+0x411edee) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#9 mozilla::nsAvailableMemoryWatcherBase::GetSingleton() /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:49:18 (libxul.so+0x411eb4f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#10 mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:10166:60 (libxul.so+0x4222a05) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#11 mozilla::xpcom::StaticModule::CreateInstance(nsID const&, void**) const /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:12993:10 (libxul.so+0x422630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#12 CreateInstance /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:184:46 (libxul.so+0x4231541) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#13 nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::detail::BaseMonitorAutoLock<mozilla::Monitor>>&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:971:17 (libxul.so+0x4231541)
#14 nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManager.cpp:1160:10 (libxul.so+0x4232224) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#15 CallGetService(char const*, nsID const&, void**) /builds/worker/checkouts/gecko/xpcom/components/nsComponentManagerUtils.cpp:61:43 (libxul.so+0x4234ccd) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#16 xpc::CIGSHelper(JSContext*, unsigned int, JS::Value*, bool) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:585:10 (libxul.so+0x51325ac) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#17 xpc::CID_GetService(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSID.cpp:609:10 (libxul.so+0x5132147) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#18 CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:486:13 (libxul.so+0xc153d49) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#19 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:580:12 (libxul.so+0xc153d49)
#20 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc1644dc) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#21 CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10 (libxul.so+0xc1644dc)
#22 js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3395:16 (libxul.so+0xc1644dc)
#23 MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:400:10 (libxul.so+0xc15338c) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#24 js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:458:13 (libxul.so+0xc15338c)
#25 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:612:13 (libxul.so+0xc153e19) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#26 InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:647:10 (libxul.so+0xc154a07) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#27 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:679:8 (libxul.so+0xc154a07)
#28 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10 (libxul.so+0xc201769) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#29 mozilla::dom::IdleRequestCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::IdleDeadline&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/WindowBinding.cpp:826:8 (libxul.so+0x6a9debf) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#30 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:691:12 (libxul.so+0x5d2630a) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#31 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:704:12 (libxul.so+0x5d2630a)
#32 mozilla::dom::(anonymous namespace)::IdleDispatchRunnable::Run() /builds/worker/checkouts/gecko/dom/base/ChromeUtils.cpp:481:17 (libxul.so+0x5d2630a)
#33 mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:555:16 (libxul.so+0x424d172) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#34 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:879:26 (libxul.so+0x4246264) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#35 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:744:15 (libxul.so+0x4244968) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#36 mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:491:36 (libxul.so+0x4244b2f) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#37 operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:218:37 (libxul.so+0x424f954) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#38 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x424f954)
#39 nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1239:16 (libxul.so+0x42669c6) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#40 NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10 (libxul.so+0x426d736) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#41 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x4f8f2be) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#42 RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:369:10 (libxul.so+0x4ea70c8) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#43 RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3 (libxul.so+0x4ea70c8)
#44 MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3 (libxul.so+0x4ea70c8)
#45 nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x93b38e3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#46 nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:295:30 (libxul.so+0xbda44a2) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#47 XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5686:22 (libxul.so+0xbf0b382) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#48 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5886:8 (libxul.so+0xbf0bec3) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#49 XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5942:21 (libxul.so+0xbf0c581) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#50 mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/Bootstrap.cpp:45:12 (libxul.so+0xbf1b912) (BuildId: 639d8b2737b0c7fa079c0f781bef6c7f1f249abd)
#51 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:227:22 (firefox-bin+0x142095) (BuildId: 86d628cada076b0779a6bf6c363e3d165ce7eca2)
#52 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:445:16 (firefox-bin+0x142095)
SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/xpcom/base/AvailableMemoryWatcher.cpp:137:7 in mozilla::nsAvailableMemoryWatcherBase::OnUnloadAttemptCompleted(nsresult)
|
||
Comment 1•2 years ago
|
||
It looks like the race is on nsAvailableMemoryWatcherBase::mNumOfMemoryPressure or ::mNumOfTabUnloading
OnUnloadAttemptCompleted doesn't seem to acquire mMutex.
It looks like those fields are only used for telemetry so it seems fairly harmless.
Keywords: sec-low
|
||
Comment 2•2 years ago
|
||
The severity field is not set for this bug.
:nika, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(nika)
|
||
Comment 3•2 years ago
|
||
It appears that nsAvailableMemoryWatcherBase doesn't internally have a Mutex mMutex which is used to guard its members, meaning that those members are effectively main-thread-only. In OnUnloadAttemptCompleted the members mNumOfTabUnloading and mNumOfMemoryPressure and in RecordTelemetryEventOnHighMemory are accessed without synchronization in the base class.
However it seems that the linux nsAvailableMemoryWatcher implementation does call RecordTelemetryEventOnHighMemory from off-main-thread, which creates the race here.
The easiest fix here might be to move the mMutex member of nsAvailableMemoryWatcher to be a protected member of nsAvailableMemoryWatcherBase to make all of these members guarded. This would make sense on linux (https://searchfox.org/mozilla-central/rev/85b4f7363292b272eb9b606e00de2c37a6be73f0/xpcom/base/AvailableMemoryWatcherLinux.cpp#54) and windows (https://searchfox.org/mozilla-central/rev/85b4f7363292b272eb9b606e00de2c37a6be73f0/xpcom/base/AvailableMemoryWatcherWin.cpp#72) which both have a mutex already, though would likely be unncessary on macOS, which appears to be main-thread only: (https://searchfox.org/mozilla-central/rev/85b4f7363292b272eb9b606e00de2c37a6be73f0/xpcom/base/AvailableMemoryWatcherMac.cpp#56-59).
Another option would be to make these members explicitly main-thread only and add thread dispatches or similar for situations when they need to be accessed in response to off-main-thread memory events.
Leaving a ni? for :kriswright who was involved with some of the tab unloading work around nsAvailableMemoryWatcher, including implementing the Linux version which is racing here.
Flags: needinfo?(nika) → needinfo?(kwright)
|
Assignee | |
Comment 4•2 years ago
|
||
I recall tab unloading initially being designed to run synchronously, so this may have been an oversight from the time. I'm going to change nsAvailableMemoryWatcherBase to own the mutex, which should unify all three versions.
Assignee: nobody → kwright
Flags: needinfo?(kwright)
|
|
||
Comment 5•2 years ago
|
||
The severity field is not set for this bug.
:nika, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(nika)
|
|
||
Updated•2 years ago
|
Severity: -- → S2
Flags: needinfo?(nika)
|
|
Assignee | |
Comment 6•1 year ago
|
||
This further guards methods that weren't covered under individual OS implementations.
Depends on D188947
Pushed by kwright@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dc035201366f
Guard parent AvailableMemoryWatcherBase members with a mutex. r=xpcom-reviewers,nika
|
||
Comment 8•1 year ago
|
||
Group: dom-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox118:
--- → wontfix
status-firefox119:
--- → affected
status-firefox120:
--- → fixed
status-firefox-esr115:
--- → affected
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
|
|
||
Comment 9•1 year ago
|
||
The patch landed in nightly and beta is affected.
:KrisWright, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox119towontfix.
For more information, please visit BugBot documentation.
Flags: needinfo?(kwright)
|
|
Assignee | |
Updated•1 year ago
|
Flags: needinfo?(kwright)
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
|
||
Updated•1 year ago
|
Whiteboard: [adv-main120+r][adv-esr115.5+r]
|
|
||
Comment 10•9 months ago
|
||
Bulk-unhiding security bugs fixed in Firefox 119-121 (Fall 2023). Use "moo-doctrine-subsidy" to filter
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•