Closed Bug 1878199 Opened 1 year ago Closed 10 months ago

ThreadSanitizer: data race [@ AddFontFaceSet] vs. [@ mozilla::dom::FontFaceImpl::Entry::GetUserFontSets]

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
126 Branch
Tracking Flags:
Tracking Status
firefox-esr115 126+ fixed
firefox123 --- wontfix
firefox124 --- wontfix
firefox125 --- wontfix
firefox126 + fixed

People

(Reporter: tsmith, Assigned: jfkthame, NeedInfo)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-race, sec-moderate, Whiteboard: [adv-main126+r] [adv-ESR115.11+r] )

Attachments

(4 files, 1 obsolete file)

Bug 1878199 - patch 1 - Don't create an additional Mutex in FontFaceImpl::Entry, just use the base gfxFontEntry's existing RWLock. r=#gfx-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1878199 - patch 2 - If the FontFaceImpl has a user-font entry, hold its lock during Add/Remove font-set operations. r=#gfx-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1878199 - patch 1 - Don't create an additional Mutex in FontFaceImpl::Entry, just use the base gfxFontEntry's existing RWLock.
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr115+
Details | Review
Bug 1878199 - patch 2 - If the FontFaceImpl has a user-font entry, hold its lock during Add/Remove font-set operations.
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr115+
Details | Review

Found while fuzzing m-c 20231203-8e959a7ded5f (--enable-thread-sanitizer --enable-fuzzing)

This has been reported consistently since 2023-12-03 but unfortunatly a reliable test case is not available.

WARNING: ThreadSanitizer: data race (pid=132840)
  Read of size 1 at 0x7b180002f6f1 by main thread (mutexes: write M0):
    #0 mozilla::dom::FontFaceImpl::Entry::GetUserFontSets(nsTArray<RefPtr<gfxUserFontSet>>&) src/layout/style/FontFaceImpl.cpp:778:12 (libxul.so+0x8040ff6) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #1 gfxUserFontEntry::IncrementGeneration() src/gfx/thebes/gfxUserFontSet.cpp:823:3 (libxul.so+0x46969d8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #2 gfxUserFontEntry::ContinuePlatformFontLoadOnMainThread(unsigned int, unsigned char const*, unsigned int, gfxUserFontType, unsigned char const*, unsigned int, nsTArray<gfxUserFontEntry::OTSMessage>&&, nsMainThreadPtrHandle<nsIFontLoadCompleteCallback>) src/gfx/thebes/gfxUserFontSet.cpp:912:5 (libxul.so+0x46983d6) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #3 operator()<StoreCopyPassByConstLRef<unsigned int> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByConstLRef<gfxUserFontType> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByRRef<nsTArray<gfxUserFontEntry::OTSMessage> > &, StoreCopyPassByConstLRef<nsMainThreadPtrHandle<nsIFontLoadCompleteCallback> > &> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18 (libxul.so+0x46a9b9e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #4 __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), StoreCopyPassByConstLRef<unsigned int> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByConstLRef<gfxUserFontType> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByRRef<nsTArray<gfxUserFontEntry::OTSMessage> > &, StoreCopyPassByConstLRef<nsMainThreadPtrHandle<nsIFontLoadCompleteCallback> > &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:60:14 (libxul.so+0x46a9b9e)
    #5 __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), StoreCopyPassByConstLRef<unsigned int> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByConstLRef<gfxUserFontType> &, StoreConstPtrPassByConstPtr<unsigned char> &, StoreCopyPassByConstLRef<unsigned int> &, StoreCopyPassByRRef<nsTArray<gfxUserFontEntry::OTSMessage> > &, StoreCopyPassByConstLRef<nsMainThreadPtrHandle<nsIFontLoadCompleteCallback> > &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95:14 (libxul.so+0x46a9b9e)
    #6 __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<StoreCopyPassByConstLRef<unsigned int>, StoreConstPtrPassByConstPtr<unsigned char>, StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByConstLRef<gfxUserFontType>, StoreConstPtrPassByConstPtr<unsigned char>, StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByRRef<nsTArray<gfxUserFontEntry::OTSMessage> >, StoreCopyPassByConstLRef<nsMainThreadPtrHandle<nsIFontLoadCompleteCallback> > > &, 0UL, 1UL, 2UL, 3UL, 4UL, 5UL, 6UL, 7UL> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1678:14 (libxul.so+0x46a9b9e)
    #7 apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<StoreCopyPassByConstLRef<unsigned int>, StoreConstPtrPassByConstPtr<unsigned char>, StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByConstLRef<gfxUserFontType>, StoreConstPtrPassByConstPtr<unsigned char>, StoreCopyPassByConstLRef<unsigned int>, StoreCopyPassByRRef<nsTArray<gfxUserFontEntry::OTSMessage> >, StoreCopyPassByConstLRef<nsMainThreadPtrHandle<nsIFontLoadCompleteCallback> > > &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1687:14 (libxul.so+0x46a9b9e)
    #8 apply<gfxUserFontEntry, void (gfxUserFontEntry::*)(unsigned int, const unsigned char *, unsigned int, gfxUserFontType, const unsigned char *, unsigned int, nsTArray<gfxUserFontEntry::OTSMessage> &&, nsMainThreadPtrHandle<nsIFontLoadCompleteCallback>)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12 (libxul.so+0x46a9b9e)
    #9 mozilla::detail::RunnableMethodImpl<gfxUserFontEntry*, void (gfxUserFontEntry::*)(unsigned int, unsigned char const*, unsigned int, gfxUserFontType, unsigned char const*, unsigned int, nsTArray<gfxUserFontEntry::OTSMessage>&&, nsMainThreadPtrHandle<nsIFontLoadCompleteCallback>), true, (mozilla::RunnableKind)0, unsigned int, unsigned char const*, unsigned int, gfxUserFontType, unsigned char const*, unsigned int, nsTArray<gfxUserFontEntry::OTSMessage>&&, nsMainThreadPtrHandle<nsIFontLoadCompleteCallback>>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13 (libxul.so+0x46a9b9e)
    #10 mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:578:16 (libxul.so+0x321d752) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #11 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:905:26 (libxul.so+0x3211f43) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #12 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:728:15 (libxul.so+0x3210776) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #13 mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:514:36 (libxul.so+0x3210aaf) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 operator() src/xpcom/threads/TaskController.cpp:232:37 (libxul.so+0x32209f4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #15 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() src/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x32209f4)
    #16 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1199:16 (libxul.so+0x32357b8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #17 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x3d6d1ee) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #19 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:268:30 (libxul.so+0x3d6dcbb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #20 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #21 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #22 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #23 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x7d1d1e3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #24 nsAppShell::Run() src/widget/gtk/nsAppShell.cpp:470:33 (libxul.so+0x7e0ae9c) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #25 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:721:20 (libxul.so+0x9c57e5f) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:235:9 (libxul.so+0x3d6dc6a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #27 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #28 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #29 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #30 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:656:34 (libxul.so+0x9c57ac0) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #31 mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/Bootstrap.cpp:67:12 (libxul.so+0x9c63f92) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28 (firefox-bin+0x15c142) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #33 main src/browser/app/nsBrowserApp.cpp:375:18 (firefox-bin+0x15c142)

  Previous write of size 1 at 0x7b180002f6f1 by thread T23 (mutexes: write M1):
    #0 AddFontFaceSet src/layout/style/FontFaceImpl.cpp:687:20 (libxul.so+0x8047869) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #1 mozilla::dom::FontFaceSetImpl::Add(mozilla::dom::FontFaceImpl*, mozilla::ErrorResult&) src/layout/style/FontFaceSetImpl.cpp:269:14 (libxul.so+0x8047869)
    #2 mozilla::dom::FontFaceSet::Add(mozilla::dom::FontFace&, mozilla::ErrorResult&) src/layout/style/FontFaceSet.cpp:227:15 (libxul.so+0x804347c) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #3 mozilla::dom::FontFaceSet_Binding::add(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./FontFaceSetBinding.cpp:261:24 (libxul.so+0x5a8aa57) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #4 bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3258:13 (libxul.so+0x5c431f9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #5 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9defea9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #6 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:574:12 (libxul.so+0x9defea9)
    #7 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9e00aec) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #8 CallFromStack src/js/src/vm/Interpreter.cpp:646:10 (libxul.so+0x9e00aec)
    #9 js::Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3061:16 (libxul.so+0x9e00aec)
    #10 MaybeEnterInterpreterTrampoline src/js/src/vm/Interpreter.cpp:394:10 (libxul.so+0x9def4f1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #11 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:452:13 (libxul.so+0x9def4f1)
    #12 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:606:13 (libxul.so+0x9deff76) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #13 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #15 js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/SelfHosting.cpp:1585:10 (libxul.so+0xa083d1f) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #16 AsyncFunctionResume(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, ResumeKind, JS::Handle<JS::Value>) src/js/src/vm/AsyncFunction.cpp:151:8 (libxul.so+0x9e81561) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #17 js::AsyncFunctionAwaitedRejected(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, JS::Handle<JS::Value>) src/js/src/vm/AsyncFunction.cpp:206:10 (libxul.so+0x9e8176a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 AsyncFunctionPromiseReactionJob src/js/src/builtin/Promise.cpp:2120:10 (libxul.so+0xa012c9d) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #19 PromiseReactionJob(JSContext*, unsigned int, JS::Value*) src/js/src/builtin/Promise.cpp:2178:12 (libxul.so+0xa012c9d)
    #20 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9defea9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #21 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:574:12 (libxul.so+0x9defea9)
    #22 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #23 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #24 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/vm/CallAndConstruct.cpp:119:10 (libxul.so+0x9ea6cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #25 mozilla::dom::PromiseJobCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./PromiseBinding.cpp:83:8 (libxul.so+0x50f8863) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:198:12 (libxul.so+0x312b2c7) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #27 Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/PromiseBinding.h:211:12 (libxul.so+0x312b2c7)
    #28 mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) src/xpcom/base/CycleCollectedJSContext.cpp:210:18 (libxul.so+0x312b2c7)
    #29 mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) src/xpcom/base/CycleCollectedJSContext.cpp:712:17 (libxul.so+0x31179a6) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #30 mozilla::CycleCollectedJSContext::AfterProcessTask(unsigned int) src/xpcom/base/CycleCollectedJSContext.cpp:499:3 (libxul.so+0x31186e7) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #31 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1237:24 (libxul.so+0x3235d6d) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #33 mozilla::dom::WorkerPrivate::DoRunLoop(JSContext*) src/dom/workers/WorkerPrivate.cpp:3386:7 (libxul.so+0x77c72e4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #34 mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() src/dom/workers/RuntimeService.cpp:2108:42 (libxul.so+0x77acbe1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #35 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #36 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #37 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:300:20 (libxul.so+0x3d6dd7e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #38 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #39 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #40 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #41 nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:370:10 (libxul.so+0x3231243) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #42 _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x4b1c9) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)

  Location is heap block of size 88 at 0x7b180002f6a0 allocated by thread T23:
    #0 malloc /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:663:5 (firefox-bin+0xd16ac) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #1 moz_xmalloc src/memory/mozalloc/mozalloc.cpp:52:15 (firefox-bin+0x15e2c8) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #2 operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10 (libxul.so+0x803c192) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #3 mozilla::dom::FontFace::Constructor(mozilla::dom::GlobalObject const&, nsTSubstring<char> const&, mozilla::dom::UTF8StringOrArrayBufferOrArrayBufferView const&, mozilla::dom::FontFaceDescriptors const&, mozilla::ErrorResult&) src/layout/style/FontFace.cpp:122:16 (libxul.so+0x803c192)
    #4 mozilla::dom::FontFace_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./FontFaceBinding.cpp:2198:54 (libxul.so+0x5a85ac6) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #5 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9df134a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #6 CallJSNativeConstructor src/js/src/vm/Interpreter.cpp:496:8 (libxul.so+0x9df134a)
    #7 InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:721:10 (libxul.so+0x9df134a)
    #8 js::ConstructFromStack(JSContext*, JS::CallArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:749:10 (libxul.so+0x9df0bfe) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #9 js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) src/js/src/jit/BaselineIC.cpp:1638:10 (libxul.so+0xa61a0d3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #10 <null> <null> (0x7fc2affd9834)
    #11 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:442:32 (libxul.so+0x9def276) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #12 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:606:13 (libxul.so+0x9deff76) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #13 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #15 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/vm/CallAndConstruct.cpp:119:10 (libxul.so+0x9ea6cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #16 mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./EventHandlerBinding.cpp:65:37 (libxul.so+0x5998630) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #17 Call<nsCOMPtr<mozilla::dom::EventTarget> > /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:82:12 (libxul.so+0x6286439) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:199:12 (libxul.so+0x6286439)
    #19 mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1349:22 (libxul.so+0x625be88) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #20 mozilla::EventListenerManager::HandleEventWithListenerArray(mozilla::EventListenerManager::ListenerArray*, nsAtom*, mozilla::EventMessage, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1664:12 (libxul.so+0x625d2cb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #21 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1561:35 (libxul.so+0x625c610) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #22 HandleEvent /builds/worker/workspace/obj-build/dist/include/mozilla/EventListenerManager.h:465:5 (libxul.so+0x624f4a1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #23 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:364:17 (libxul.so+0x624f4a1)
    #24 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:605:16 (libxul.so+0x624e228) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #25 mozilla::EventDispatcher::Dispatch(mozilla::dom::EventTarget*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1222:11 (libxul.so+0x6252549) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 mozilla::EventDispatcher::DispatchDOMEvent(mozilla::dom::EventTarget*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) src/dom/events/EventDispatcher.cpp (libxul.so+0x6256167) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #27 mozilla::DOMEventTargetHelper::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) src/dom/events/DOMEventTargetHelper.cpp:148:17 (libxul.so+0x621f1a5) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #28 mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&) src/dom/events/EventTarget.cpp:214:13 (libxul.so+0x6264416) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #29 mozilla::dom::MessageEventRunnable::DispatchDOMEvent(JSContext*, mozilla::dom::WorkerPrivate*, mozilla::DOMEventTargetHelper*, bool) src/dom/workers/MessageEventRunnable.cpp:80:12 (libxul.so+0x7792366) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #30 mozilla::dom::MessageEventRunnable::WorkerRun(JSContext*, mozilla::dom::WorkerPrivate*) src/dom/workers/MessageEventRunnable.cpp (libxul.so+0x77929b0) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #31 mozilla::dom::WorkerRunnable::Run() src/dom/workers/WorkerRunnable.cpp:378:12 (libxul.so+0x77d75fa) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #33 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #34 mozilla::dom::WorkerPrivate::DoRunLoop(JSContext*) src/dom/workers/WorkerPrivate.cpp:3386:7 (libxul.so+0x77c72e4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #35 mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() src/dom/workers/RuntimeService.cpp:2108:42 (libxul.so+0x77acbe1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #36 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #37 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #38 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:300:20 (libxul.so+0x3d6dd7e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #39 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #40 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #41 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #42 nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:370:10 (libxul.so+0x3231243) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #43 _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x4b1c9) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)

  Mutex M0 (0x7b5400092110) created at:
    #0 pthread_mutex_init /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1313:3 (firefox-bin+0xd4c70) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #1 mozilla::detail::MutexImpl::MutexImpl() src/mozglue/misc/Mutex_posix.cpp:76:3 (firefox-bin+0x1c8964) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #2 OffTheBooksMutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:47:12 (libxul.so+0x804d5d6) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #3 Mutex /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:126:39 (libxul.so+0x804d5d6)
    #4 Entry /builds/worker/workspace/obj-build/dist/include/mozilla/dom/FontFaceImpl.h:53:11 (libxul.so+0x804d5d6)
    #5 CreateUserFontEntry src/layout/style/FontFaceSetImpl.cpp:924:40 (libxul.so+0x804d5d6)
    #6 non-virtual thunk to mozilla::dom::FontFaceSetImpl::CreateUserFontEntry(nsTArray<gfxFontFaceSrc>&&, gfxUserFontAttributes&&) src/layout/style/FontFaceSetImpl.cpp (libxul.so+0x804d5d6)
    #7 gfxUserFontSet::FindOrCreateUserFontEntry(nsTArray<gfxFontFaceSrc>&&, gfxUserFontAttributes&&) src/gfx/thebes/gfxUserFontSet.cpp:990:13 (libxul.so+0x469951a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #8 mozilla::dom::FontFaceSetImpl::FindOrCreateUserFontEntryFromFontFace(mozilla::dom::FontFaceImpl*, gfxUserFontAttributes&&, mozilla::StyleOrigin) src/layout/style/FontFaceSetImpl.cpp:586:15 (libxul.so+0x803f769) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #9 mozilla::dom::FontFaceSetImpl::InsertNonRuleFontFace(mozilla::dom::FontFaceImpl*) src/layout/style/FontFaceSetImpl.cpp:360:38 (libxul.so+0x8049fd5) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #10 mozilla::dom::FontFaceSetWorkerImpl::FlushUserFontSet() src/layout/style/FontFaceSetWorkerImpl.cpp:219:5 (libxul.so+0x8055065) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #11 FlushUserFontSet src/layout/style/FontFaceSet.cpp:470:47 (libxul.so+0x8042f0e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #12 mozilla::dom::FontFaceSet::Check(nsTSubstring<char> const&, nsTSubstring<char16_t> const&, mozilla::ErrorResult&) src/layout/style/FontFaceSet.cpp:167:3 (libxul.so+0x8042f0e)
    #13 mozilla::dom::FontFaceSet_Binding::check(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/./FontFaceSetBinding.cpp:876:36 (libxul.so+0x5a8ca84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3258:13 (libxul.so+0x5c431f9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #15 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9defea9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #16 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:574:12 (libxul.so+0x9defea9)
    #17 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0995) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 js::CallFromStack(JSContext*, JS::CallArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:646:10 (libxul.so+0x9df0995)
    #19 js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) src/js/src/jit/BaselineIC.cpp:1659:10 (libxul.so+0xa61a1f2) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #20 <null> <null> (0x7fc2affd9834)
    #21 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:442:32 (libxul.so+0x9def276) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #22 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:606:13 (libxul.so+0x9deff76) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #23 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #24 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #25 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/vm/CallAndConstruct.cpp:119:10 (libxul.so+0x9ea6cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./EventHandlerBinding.cpp:65:37 (libxul.so+0x5998630) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #27 Call<nsCOMPtr<mozilla::dom::EventTarget> > /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:82:12 (libxul.so+0x6286439) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #28 mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:199:12 (libxul.so+0x6286439)
    #29 mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1349:22 (libxul.so+0x625be88) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #30 mozilla::EventListenerManager::HandleEventWithListenerArray(mozilla::EventListenerManager::ListenerArray*, nsAtom*, mozilla::EventMessage, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1664:12 (libxul.so+0x625d2cb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #31 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1561:35 (libxul.so+0x625c610) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 HandleEvent /builds/worker/workspace/obj-build/dist/include/mozilla/EventListenerManager.h:465:5 (libxul.so+0x624f4a1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #33 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:364:17 (libxul.so+0x624f4a1)
    #34 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:605:16 (libxul.so+0x624e228) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #35 mozilla::EventDispatcher::Dispatch(mozilla::dom::EventTarget*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1222:11 (libxul.so+0x6252549) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #36 mozilla::EventDispatcher::DispatchDOMEvent(mozilla::dom::EventTarget*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) src/dom/events/EventDispatcher.cpp (libxul.so+0x6256167) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #37 mozilla::DOMEventTargetHelper::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) src/dom/events/DOMEventTargetHelper.cpp:148:17 (libxul.so+0x621f1a5) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #38 mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&) src/dom/events/EventTarget.cpp:214:13 (libxul.so+0x6264416) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #39 mozilla::dom::MessageEventRunnable::DispatchDOMEvent(JSContext*, mozilla::dom::WorkerPrivate*, mozilla::DOMEventTargetHelper*, bool) src/dom/workers/MessageEventRunnable.cpp:80:12 (libxul.so+0x7792366) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #40 mozilla::dom::MessageEventRunnable::WorkerRun(JSContext*, mozilla::dom::WorkerPrivate*) src/dom/workers/MessageEventRunnable.cpp (libxul.so+0x77929b0) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #41 mozilla::dom::WorkerRunnable::Run() src/dom/workers/WorkerRunnable.cpp:378:12 (libxul.so+0x77d75fa) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #42 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #43 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #44 mozilla::dom::WorkerPrivate::DoRunLoop(JSContext*) src/dom/workers/WorkerPrivate.cpp:3386:7 (libxul.so+0x77c72e4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #45 mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() src/dom/workers/RuntimeService.cpp:2108:42 (libxul.so+0x77acbe1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #46 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #47 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #48 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:300:20 (libxul.so+0x3d6dd7e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #49 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #50 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #51 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #52 nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:370:10 (libxul.so+0x3231243) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #53 _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x4b1c9) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)

  Mutex M1 (0x7b44001212a8) created at:
    #0 pthread_mutex_init /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1313:3 (firefox-bin+0xd4c70) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #1 mozilla::RecursiveMutex::RecursiveMutex(char const*) src/xpcom/threads/RecursiveMutex.cpp:50:3 (libxul.so+0x320cbed) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #2 mozilla::dom::FontFaceSetImpl::FontFaceSetImpl(mozilla::dom::FontFaceSet*) src/layout/style/FontFaceSetImpl.cpp:72:7 (libxul.so+0x8045efd) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #3 mozilla::dom::FontFaceSetWorkerImpl::FontFaceSetWorkerImpl(mozilla::dom::FontFaceSet*) src/layout/style/FontFaceSetWorkerImpl.cpp:32:7 (libxul.so+0x805406e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #4 mozilla::dom::FontFaceSet::CreateForWorker(nsIGlobalObject*, mozilla::dom::WorkerPrivate*) src/layout/style/FontFaceSet.cpp:122:44 (libxul.so+0x804275b) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #5 mozilla::dom::WorkerGlobalScope::GetFonts(mozilla::ErrorResult&) src/dom/workers/WorkerScope.cpp:518:20 (libxul.so+0x77dbcac) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #6 mozilla::dom::WorkerGlobalScope_Binding::get_fonts(JSContext*, JS::Handle<JSObject*>, void*, JSJitGetterCallArgs) /builds/worker/workspace/obj-build/dom/bindings/./WorkerGlobalScopeBinding.cpp:917:78 (libxul.so+0x579dea9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #7 bool mozilla::dom::binding_detail::GenericGetter<mozilla::dom::binding_detail::MaybeGlobalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3140:13 (libxul.so+0x5c400fb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #8 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9defea9) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #9 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:574:12 (libxul.so+0x9defea9)
    #10 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #11 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #12 js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:795:10 (libxul.so+0x9df17ef) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #13 CallGetter src/js/src/vm/NativeObject.cpp:2074:12 (libxul.so+0x9fb9e2f) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 GetExistingProperty<(js::AllowGC)1> src/js/src/vm/NativeObject.cpp:2102:12 (libxul.so+0x9fb9e2f)
    #15 NativeGetPropertyInline<(js::AllowGC)1> src/js/src/vm/NativeObject.cpp:2250:14 (libxul.so+0x9fb9e2f)
    #16 js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) src/js/src/vm/NativeObject.cpp:2281:10 (libxul.so+0x9fb9e2f)
    #17 GetProperty src/js/src/vm/ObjectOperations-inl.h:117:10 (libxul.so+0x9e1156b) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 GetProperty src/js/src/vm/ObjectOperations-inl.h:124:10 (libxul.so+0x9e1156b)
    #19 js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:4519:10 (libxul.so+0x9e1156b)
    #20 GetPropertyOperation src/js/src/vm/Interpreter.cpp:246:10 (libxul.so+0x9dfced2) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #21 js::Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:2716:12 (libxul.so+0x9dfced2)
    #22 MaybeEnterInterpreterTrampoline src/js/src/vm/Interpreter.cpp:394:10 (libxul.so+0x9def4f1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #23 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:452:13 (libxul.so+0x9def4f1)
    #24 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:606:13 (libxul.so+0x9deff76) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #25 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #27 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/vm/CallAndConstruct.cpp:119:10 (libxul.so+0x9ea6cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #28 mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./EventHandlerBinding.cpp:65:37 (libxul.so+0x5998630) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #29 Call<nsCOMPtr<mozilla::dom::EventTarget> > /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:82:12 (libxul.so+0x6286439) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #30 mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) src/dom/events/JSEventHandler.cpp:199:12 (libxul.so+0x6286439)
    #31 mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1349:22 (libxul.so+0x625be88) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 mozilla::EventListenerManager::HandleEventWithListenerArray(mozilla::EventListenerManager::ListenerArray*, nsAtom*, mozilla::EventMessage, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1664:12 (libxul.so+0x625d2cb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #33 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1561:35 (libxul.so+0x625c610) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #34 HandleEvent /builds/worker/workspace/obj-build/dist/include/mozilla/EventListenerManager.h:465:5 (libxul.so+0x624f4a1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #35 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:364:17 (libxul.so+0x624f4a1)
    #36 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:605:16 (libxul.so+0x624e228) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #37 mozilla::EventDispatcher::Dispatch(mozilla::dom::EventTarget*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1222:11 (libxul.so+0x6252549) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #38 mozilla::EventDispatcher::DispatchDOMEvent(mozilla::dom::EventTarget*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) src/dom/events/EventDispatcher.cpp (libxul.so+0x6256167) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #39 mozilla::DOMEventTargetHelper::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) src/dom/events/DOMEventTargetHelper.cpp:148:17 (libxul.so+0x621f1a5) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #40 mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&) src/dom/events/EventTarget.cpp:214:13 (libxul.so+0x6264416) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #41 mozilla::dom::MessageEventRunnable::DispatchDOMEvent(JSContext*, mozilla::dom::WorkerPrivate*, mozilla::DOMEventTargetHelper*, bool) src/dom/workers/MessageEventRunnable.cpp:80:12 (libxul.so+0x7792366) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #42 mozilla::dom::MessageEventRunnable::WorkerRun(JSContext*, mozilla::dom::WorkerPrivate*) src/dom/workers/MessageEventRunnable.cpp (libxul.so+0x77929b0) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #43 mozilla::dom::WorkerRunnable::Run() src/dom/workers/WorkerRunnable.cpp:378:12 (libxul.so+0x77d75fa) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #44 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #45 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #46 mozilla::dom::WorkerPrivate::DoRunLoop(JSContext*) src/dom/workers/WorkerPrivate.cpp:3386:7 (libxul.so+0x77c72e4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #47 mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() src/dom/workers/RuntimeService.cpp:2108:42 (libxul.so+0x77acbe1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #48 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1193:16 (libxul.so+0x32359ce) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #49 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #50 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:300:20 (libxul.so+0x3d6dd7e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #51 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #52 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #53 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #54 nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:370:10 (libxul.so+0x3231243) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #55 _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5 (libnspr4.so+0x4b1c9) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)

  Thread T23 'DOM Worker' (tid=132882, running) created by main thread at:
    #0 pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1020:3 (firefox-bin+0xd328b) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #1 _PR_CreateThread src/nsprpub/pr/src/pthreads/ptthread.c:458:14 (libnspr4.so+0x4243e) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)
    #2 PR_CreateThread src/nsprpub/pr/src/pthreads/ptthread.c:533:12 (libnspr4.so+0x376d4) (BuildId: 013ac6dfde6ba0632bf957fc68626f89e752c2e5)
    #3 nsThread::Init(nsTSubstring<char> const&) src/xpcom/threads/nsThread.cpp:620:20 (libxul.so+0x32329e7) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #4 mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) src/dom/workers/WorkerThread.cpp:101:7 (libxul.so+0x77e2a3b) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #5 mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate&) src/dom/workers/RuntimeService.cpp:1313:37 (libxul.so+0x77950f3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #6 mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate&) src/dom/workers/RuntimeService.cpp:1195:19 (libxul.so+0x77944e7) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #7 mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerKind, mozilla::dom::RequestCredentials, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&, nsTString<char16_t>, std::function<void (bool)>&&, std::function<void ()>&&) src/dom/workers/WorkerPrivate.cpp:2654:24 (libxul.so+0x77c370c) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #8 mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, nsTSubstring<char16_t> const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) src/dom/workers/Worker.cpp:48:41 (libxul.so+0x77a28e2) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #9 mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/obj-build/dom/bindings/./WorkerBinding.cpp:1158:52 (libxul.so+0x578ea7a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #10 CallJSNative src/js/src/vm/Interpreter.cpp:480:13 (libxul.so+0x9df134a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #11 CallJSNativeConstructor src/js/src/vm/Interpreter.cpp:496:8 (libxul.so+0x9df134a)
    #12 InternalConstruct(JSContext*, js::AnyConstructArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:721:10 (libxul.so+0x9df134a)
    #13 ConstructFromStack src/js/src/vm/Interpreter.cpp:749:10 (libxul.so+0x9e00a9e) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #14 js::Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3046:16 (libxul.so+0x9e00a9e)
    #15 MaybeEnterInterpreterTrampoline src/js/src/vm/Interpreter.cpp:394:10 (libxul.so+0x9def4f1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #16 js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:452:13 (libxul.so+0x9def4f1)
    #17 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:606:13 (libxul.so+0x9deff76) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #18 InternalCall src/js/src/vm/Interpreter.cpp:641:10 (libxul.so+0x9df0b27) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #19 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) src/js/src/vm/Interpreter.cpp:673:8 (libxul.so+0x9df0b27)
    #20 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/vm/CallAndConstruct.cpp:119:10 (libxul.so+0x9ea6cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #21 mozilla::dom::EventListener::HandleEvent(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./EventListenerBinding.cpp:62:8 (libxul.so+0x5999cd3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #22 HandleEvent<mozilla::dom::EventTarget *> /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventListenerBinding.h:65:12 (libxul.so+0x625be70) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #23 mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1343:43 (libxul.so+0x625be70)
    #24 mozilla::EventListenerManager::HandleEventWithListenerArray(mozilla::EventListenerManager::ListenerArray*, nsAtom*, mozilla::EventMessage, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, bool) src/dom/events/EventListenerManager.cpp:1664:12 (libxul.so+0x625d2cb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #25 mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1561:35 (libxul.so+0x625c610) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #26 HandleEvent /builds/worker/workspace/obj-build/dist/include/mozilla/EventListenerManager.h:465:5 (libxul.so+0x624f4a1) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #27 mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:364:17 (libxul.so+0x624f4a1)
    #28 mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:605:16 (libxul.so+0x624e228) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #29 mozilla::EventDispatcher::Dispatch(mozilla::dom::EventTarget*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1222:11 (libxul.so+0x6252549) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #30 mozilla::EventDispatcher::DispatchDOMEvent(mozilla::dom::EventTarget*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) src/dom/events/EventDispatcher.cpp (libxul.so+0x6256167) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #31 nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) src/dom/base/nsINode.cpp:1404:17 (libxul.so+0x4c645fd) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #32 nsContentUtils::DispatchEvent(mozilla::dom::Document*, mozilla::dom::EventTarget*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, mozilla::Trusted, bool*, mozilla::ChromeOnlyDispatch) src/dom/base/nsContentUtils.cpp:4754:29 (libxul.so+0x49043cc) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #33 nsContentUtils::DispatchTrustedEvent(mozilla::dom::Document*, mozilla::dom::EventTarget*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, bool*) src/dom/base/nsContentUtils.cpp:4720:10 (libxul.so+0x4904229) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #34 mozilla::dom::Document::DispatchContentLoadedEvents() src/dom/base/Document.cpp:8107:3 (libxul.so+0x4aaaee4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #35 operator()<> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18 (libxul.so+0x4b1f139) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #36 __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:60:14 (libxul.so+0x4b1f139)
    #37 __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95:14 (libxul.so+0x4b1f139)
    #38 __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1678:14 (libxul.so+0x4b1f139)
    #39 apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1687:14 (libxul.so+0x4b1f139)
    #40 apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12 (libxul.so+0x4b1f139)
    #41 mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13 (libxul.so+0x4b1f139)
    #42 mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:578:16 (libxul.so+0x321d752) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #43 mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:905:26 (libxul.so+0x3211f43) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #44 mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:728:15 (libxul.so+0x3210776) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #45 mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:514:36 (libxul.so+0x3210aaf) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #46 operator() src/xpcom/threads/TaskController.cpp:232:37 (libxul.so+0x32209f4) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #47 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() src/xpcom/threads/nsThreadUtils.h:548:5 (libxul.so+0x32209f4)
    #48 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1199:16 (libxul.so+0x32357b8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #49 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:480:10 (libxul.so+0x323bf84) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #50 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:85:21 (libxul.so+0x3d6d1ee) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #51 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:268:30 (libxul.so+0x3d6dcbb) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #52 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #53 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #54 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #55 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:148:27 (libxul.so+0x7d1d1e3) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #56 nsAppShell::Run() src/widget/gtk/nsAppShell.cpp:470:33 (libxul.so+0x7e0ae9c) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #57 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:721:20 (libxul.so+0x9c57e5f) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #58 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:235:9 (libxul.so+0x3d6dc6a) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #59 RunInternal src/ipc/chromium/src/base/message_loop.cc:370:10 (libxul.so+0x3ce6ec8) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #60 RunHandler src/ipc/chromium/src/base/message_loop.cc:363:3 (libxul.so+0x3ce6ec8)
    #61 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:345:3 (libxul.so+0x3ce6ec8)
    #62 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:656:34 (libxul.so+0x9c57ac0) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #63 mozilla::BootstrapImpl::XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/Bootstrap.cpp:67:12 (libxul.so+0x9c63f92) (BuildId: fbe278bdf2bf6f09068ff0a6ad9a6f8fa379f09b)
    #64 content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28 (firefox-bin+0x15c142) (BuildId: 3f9edf2c7d6f60ef39bfb14b1180c67f1e585547)
    #65 main src/browser/app/nsBrowserApp.cpp:375:18 (firefox-bin+0x15c142)

From the line numbers, it looks like the race is on FontFaceImpl::mInFontFaceSet.

Keywords: sec-moderate
Severity: -- → S3
Component: Graphics: Text → Layout: Text and Fonts
Flags: needinfo?(jfkthame)
Group: gfx-core-security → layout-core-security
Duplicate of this bug: 1884985
Duplicate of this bug: 1887318

No functional change here, just cleanup in preparation for the following patch.
We don't need FontFaceImpl to create a mutex, as there's already a lock (RWLock)
in its base class gfxFontEntry, and we can use that to guard the fields here.

Assignee: nobody → jfkthame
Status: NEW → ASSIGNED

This should fix the intermittently-reported race here, by ensuring that access into
the FontFaceImpl from GetUserFontSets(), called by the main thread, cannot race with
changes being made by the AddFontSet()/RemoveFontSet() methods.

(If the FontFaceImpl doesn't have an mUserFontEntry yet, then these methods don't
need to lock, as only the owning thread will be touching it.)

Pushed by jkew@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/139d3b840241 patch 1 - Don't create an additional Mutex in FontFaceImpl::Entry, just use the base gfxFontEntry's existing RWLock. r=gfx-reviewers,lsalzman https://hg.mozilla.org/integration/autoland/rev/4a497e92bd00 patch 2 - If the FontFaceImpl has a user-font entry, hold its lock during Add/Remove font-set operations. r=gfx-reviewers,lsalzman

https://hg.mozilla.org/mozilla-central/rev/139d3b840241
https://hg.mozilla.org/mozilla-central/rev/4a497e92bd00

Group: layout-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 10 months ago
status-firefox126: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 126 Branch

Since nightly and release are affected, beta will likely be affected too.
For more information, please visit BugBot documentation.

status-firefox125: --- → affected
Flags: needinfo?(jfkthame)
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-

:jfkthame this grafts cleanly to esr115.
Could you please add an esr115 uplift request?

Flags: needinfo?(jfkthame)

No functional change here, just cleanup in preparation for the following patch.
We don't need FontFaceImpl to create a mutex, as there's already a lock (RWLock)
in its base class gfxFontEntry, and we can use that to guard the fields here.

Original Revision: https://phabricator.services.mozilla.com/D207295

Attachment #9397791 - Flags: approval-mozilla-esr115?

No functional change here, just cleanup in preparation for the following patch.
We don't need FontFaceImpl to create a mutex, as there's already a lock (RWLock)
in its base class gfxFontEntry, and we can use that to guard the fields here.

Original Revision: https://phabricator.services.mozilla.com/D207295

Attachment #9397792 - Flags: approval-mozilla-esr115?

This should fix the intermittently-reported race here, by ensuring that access into
the FontFaceImpl from GetUserFontSets(), called by the main thread, cannot race with
changes being made by the AddFontSet()/RemoveFontSet() methods.

(If the FontFaceImpl doesn't have an mUserFontEntry yet, then these methods don't
need to lock, as only the owning thread will be touching it.)

Original Revision: https://phabricator.services.mozilla.com/D207296

Attachment #9397793 - Flags: approval-mozilla-esr115?
Attachment #9397791 - Attachment is obsolete: true
Attachment #9397791 - Flags: approval-mozilla-esr115?

esr115 Uplift Approval Request

  • User impact if declined: data race when managing webfonts
  • Code covered by automated testing: no
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: low
  • Explanation of risk level: just adding a lock around font management operations
  • String changes made/needed: none
  • Is Android affected?: yes
Attachment #9397793 - Flags: approval-mozilla-esr115? → approval-mozilla-esr115+
Attachment #9397792 - Flags: approval-mozilla-esr115? → approval-mozilla-esr115+
Whiteboard: [adv-main126+r] [adv-ESR115.11+r]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: