Closed
Bug 1877389
Opened 8 months ago
Closed 8 months ago
[rustc 1.76] Hit MOZ_CRASH(attempt to add with overflow) at servo/components/style/gecko_string_cache/mod.rs:77
Categories
(Core :: CSS Parsing and Computation, defect)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
124 Branch
| Tracking | Status | |
|---|---|---|
| firefox124 | --- | fixed |
People
(Reporter: glandium, Assigned: emilio)
References
Details
Attachments
(1 file)
Runtime crash on debug builds:
[task 2024-01-30T06:22:36.354Z] 06:22:36 INFO - PROCESS-CRASH | attempt to add with overflow [@ style::gecko_string_cache::static_atoms] | automation.py
[task 2024-01-30T06:22:36.355Z] 06:22:36 INFO - Process type: main
[task 2024-01-30T06:22:36.355Z] 06:22:36 INFO - Process pid: 1306
[task 2024-01-30T06:22:36.355Z] 06:22:36 INFO - Mozilla crash reason: attempt to add with overflow
[task 2024-01-30T06:22:36.355Z] 06:22:36 INFO - Crash dump filename: /tmp/tmpafninmyv.mozrunner/minidumps/4efe7950-8254-c280-7136-ce12d8791433.dmp
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Operating system: Linux
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - 4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - CPU: amd64
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - family 6 model 85 stepping 7
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - 2 CPUs
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Linux Ubuntu 18.04 - bionic (Ubuntu 18.04.6 LTS)
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO -
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Crash reason: SIGSEGV / SEGV_MAPERR
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Crash address: 0x0000000000000000
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Crashing instruction: `mov dword [0x0], r14d`
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Memory accessed by instruction:
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - 0. Address: 0x0000000000000000
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Size: 4
[task 2024-01-30T06:22:36.356Z] 06:22:36 INFO - Process uptime: not available
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO -
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - Thread 0 firefox-bin (crashed)
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - 0 libxul.so!MOZ_Crash(char const*, int, char const*) [Assertions.h:b6450712300665bd7f000c410eda2039f2a08afa : 301]
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - 1 libxul.so!RustMozCrash [wrappers.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 18 + 0x15]
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rax = 0x000055a162a73238 rdx = 0x0000000000000000
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rcx = 0x0000000000000b40 rbx = 0x00007ffe8d5cd264
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rsi = 0x00007faf97a7d8b0 rdi = 0x00007faf97a7c680
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rbp = 0x00007ffe8d5cd050 rsp = 0x00007ffe8d5cd040
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r8 = 0x00007faf97a7d8b0 r9 = 0x00007faf989e5780
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r10 = 0x0000000000000002 r11 = 0x0000000000000000
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r12 = 0x00007ffe8d5cd264 r13 = 0x00007ffe8d5cd060
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r14 = 0x000000000000004d r15 = 0x0000000000000030
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rip = 0x00007faf89efb545
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - Found by: given as instruction pointer in context
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - 2 libxul.so!mozglue_static::panic_hook [lib.rs:b6450712300665bd7f000c410eda2039f2a08afa : 96]
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - 3 libxul.so!core::ops::function::Fn::call [function.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 79 + 0xbc]
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rbx = 0x000000000000004d rbp = 0x00007ffe8d5cd490
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd060 r12 = 0x00007ffe8d5cd264
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r13 = 0x00007ffe8d5cd060 r14 = 0x00007faf8090e09f
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - r15 = 0x0000000000000030 rip = 0x00007faf89efaf44
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.357Z] 06:22:36 INFO - 4 libxul.so!<alloc::boxed::Box<F,A> as core::ops::function::Fn<Args>>::call [boxed.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 2029]
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - 5 libxul.so!std::panicking::rust_panic_with_hook [panicking.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 783 + 0x2]
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rbx = 0x0000000000000001 rbp = 0x0000000000000000
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd4a0 r12 = 0x00007faf8aef80d8
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r13 = 0x00007faf8ad9e6e0 r14 = 0x00007faf8adc9540
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r15 = 0x00007ffe8d5cd570 rip = 0x00007faf8a7e9b26
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - 6 libxul.so!std::panicking::begin_panic_handler::{{closure}} [panicking.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 649 + 0xf]
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd570 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a7e9839
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - 7 libxul.so!std::sys_common::backtrace::__rust_end_short_backtrace [backtrace.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 171 + 0x4]
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd5a0 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a7e8496
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - 8 libxul.so!rust_begin_unwind [panicking.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 645 + 0x15]
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd5b0 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.358Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a7e95d0
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - 9 libxul.so!core::panicking::panic_fmt [panicking.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 72 + 0x5]
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd5d0 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a813455
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - 10 libxul.so!core::panicking::panic [panicking.rs:1633e2ae0630d21e668ce0a17f6268dfedf6becd : 144 + 0x8]
[task 2024-01-30T06:22:36.359Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd600 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a813513
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - 11 libxul.so!style::gecko_string_cache::static_atoms [mod.rs:b6450712300665bd7f000c410eda2039f2a08afa : 77]
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - 12 libxul.so!style::gecko_string_cache::valid_static_atom_addr [mod.rs:b6450712300665bd7f000c410eda2039f2a08afa : 87]
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.360Z] 06:22:36 INFO - 13 libxul.so!style::gecko_string_cache::make_static_handle [mod.rs:b6450712300665bd7f000c410eda2039f2a08afa : 365]
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - 14 libxul.so!style::gecko_string_cache::make_handle [mod.rs:b6450712300665bd7f000c410eda2039f2a08afa : 357]
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - 15 libxul.so!style::gecko_string_cache::Atom::from_raw [mod.rs:b6450712300665bd7f000c410eda2039f2a08afa : 405]
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - 16 libxul.so!style::properties::generated::gecko::GeckoList::clone_list_style_type [gecko_properties.rs: : 7029 + 0x18]
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd7a0 rbp = 0x00007ffe8d5cd690
[task 2024-01-30T06:22:36.361Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd650 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007faf626caa90
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - r15 = 0x00007faf7f2866b4 rip = 0x00007faf8a761f71
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - 17 libxul.so!style::properties::generated::<impl style::properties::generated::gecko::ComputedValues>::clone_list_style_type [properties.rs: : 58545]
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - 18 libxul.so!style::properties::generated::gecko::assert_initial_values_match [gecko_properties.rs: : 17229 + 0xc]
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cd700 rbp = 0x00007ffe8d5cd800
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd6a0 r12 = 0x00007ffe8d5cd700
[task 2024-01-30T06:22:36.362Z] 06:22:36 INFO - r13 = 0x00007faf7de87000 r14 = 0x00007ffe8d5cd7a0
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - r15 = 0x00007ffe8d5cd708 rip = 0x00007faf8a393888
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - 19 libxul.so!Servo_StyleSet_Init [glue.rs:b6450712300665bd7f000c410eda2039f2a08afa : 4441 + 0x7]
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - rbx = 0x00007faf626fb000 rbp = 0x00007ffe8d5cf200
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cd810 r12 = 0x00007faf72f5ca08
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - r13 = 0x00007faf7f28abe8 r14 = 0x00007faf72f5ca80
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - r15 = 0x00007faf72f5ca00 rip = 0x00007faf8a44548a
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.363Z] 06:22:36 INFO - 20 libxul.so!mozilla::ServoStyleSet::ServoStyleSet(mozilla::dom::Document&) [ServoStyleSet.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 116 + 0x7]
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - rbx = 0x00007faf7cbb5000 rbp = 0x00007ffe8d5cf240
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf210 r12 = 0x00007faf72f5ca08
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - r13 = 0x00007faf7f28abe8 r14 = 0x00007faf72f5ca80
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - r15 = 0x00007faf72f5ca00 rip = 0x00007faf8684995a
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - 21 libxul.so!mozilla::MakeUnique<mozilla::ServoStyleSet, mozilla::dom::Document&>(mozilla::dom::Document&) [UniquePtr.h:b6450712300665bd7f000c410eda2039f2a08afa : 606]
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - 22 libxul.so!mozilla::dom::Document::EnsureStyleSet() const [DocumentInlines.h:b6450712300665bd7f000c410eda2039f2a08afa : 60]
[task 2024-01-30T06:22:36.364Z] 06:22:36 INFO - Found by: inlining
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - 23 libxul.so!mozilla::dom::Document::ResetStylesheetsToURI(nsIURI*) [Document.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 3118 + 0x30]
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - rbx = 0x00007faf7cbb5000 rbp = 0x00007ffe8d5cf290
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf250 r12 = 0x0000000000000000
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - r13 = 0x00007faf7cbb5168 r14 = 0x00007faf72f5ca00
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - r15 = 0x00007faf7cbb5070 rip = 0x00007faf834581a7
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - 24 libxul.so!mozilla::dom::Document::ResetToURI(nsIURI*, nsILoadGroup*, nsIPrincipal*, nsIPrincipal*) [Document.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 2929 + 0xa]
[task 2024-01-30T06:22:36.365Z] 06:22:36 INFO - rbx = 0x00007faf7cbb5000 rbp = 0x00007ffe8d5cf320
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf2a0 r12 = 0x0000000000000000
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - r13 = 0x00007faf7cbb5168 r14 = 0x00007faf7cb1b3c0
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - r15 = 0x00007faf62677c10 rip = 0x00007faf834576d1
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - 25 libxul.so!nsHTMLDocument::ResetToURI(nsIURI*, nsILoadGroup*, nsIPrincipal*, nsIPrincipal*) [nsHTMLDocument.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 167 + 0x4]
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - rbx = 0x00007faf7cbb5000 rbp = 0x00007ffe8d5cf360
[task 2024-01-30T06:22:36.366Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf330 r12 = 0x00007faf7de78a80
[task 2024-01-30T06:22:36.367Z] 06:22:36 INFO - r13 = 0x00007faf7cb1b3c0 r14 = 0x00007faf70290400
[task 2024-01-30T06:22:36.367Z] 06:22:36 INFO - r15 = 0x00007faf7de78a80 rip = 0x00007faf84f804ca
[task 2024-01-30T06:22:36.367Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.368Z] 06:22:36 INFO - 26 libxul.so!nsContentDLF::CreateBlankDocument(nsILoadGroup*, nsIPrincipal*, nsIPrincipal*, nsDocShell*) [nsContentDLF.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 233 + 0x11]
[task 2024-01-30T06:22:36.371Z] 06:22:36 INFO - rbx = 0x00007ffe8d5cf458 rbp = 0x00007ffe8d5cf400
[task 2024-01-30T06:22:36.371Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf370 r12 = 0x00007faf7de78a80
[task 2024-01-30T06:22:36.371Z] 06:22:36 INFO - r13 = 0x00007faf7cb1b3c0 r14 = 0x00007faf70290400
[task 2024-01-30T06:22:36.372Z] 06:22:36 INFO - r15 = 0x00007faf7de78a80 rip = 0x00007faf86d43a1c
[task 2024-01-30T06:22:36.372Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.372Z] 06:22:36 INFO - 27 libxul.so!nsDocShell::CreateAboutBlankDocumentViewer(nsIPrincipal*, nsIPrincipal*, nsIContentSecurityPolicy*, nsIURI*, bool, mozilla::Maybe<nsILoadInfo::CrossOriginEmbedderPolicy> const&, bool, bool, mozilla::dom::WindowGlobalChild*) [nsDocShell.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 6618 + 0x7]
[task 2024-01-30T06:22:36.372Z] 06:22:36 INFO - rbx = 0x00007faf70290400 rbp = 0x00007ffe8d5cf4d0
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf410 r12 = 0x0000000000000000
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - r13 = 0x0000000000000000 r14 = 0x00007ffe8d5cf480
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - r15 = 0x00007faf70290598 rip = 0x00007faf877ce428
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - 28 libxul.so!nsAppShellService::JustCreateTopWindow(nsIAppWindow*, nsIURI*, unsigned int, int, int, bool, mozilla::AppWindow**) [nsAppShellService.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 698 + 0x23]
[task 2024-01-30T06:22:36.373Z] 06:22:36 INFO - rbx = 0x00007faf62b57f60 rbp = 0x00007ffe8d5cf5a0
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf4e0 r12 = 0x0000000000000000
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - r13 = 0x00007faf70290400 r14 = 0x00007faf7de78a80
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - r15 = 0x0000000081320ffe rip = 0x00007faf8786e92d
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - Found by: call frame info
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - 29 libxul.so!nsAppShellService::CreateTopLevelWindow(nsIAppWindow*, nsIURI*, unsigned int, int, int, nsIAppWindow**) [nsAppShellService.cpp:b6450712300665bd7f000c410eda2039f2a08afa : 178 + 0x17]
[task 2024-01-30T06:22:36.374Z] 06:22:36 INFO - rbx = 0x0000000000000000 rbp = 0x00007ffe8d5cf620
[task 2024-01-30T06:22:36.375Z] 06:22:36 INFO - rsp = 0x00007ffe8d5cf5b0 r12 = 0x00000000ffffffff
[task 2024-01-30T06:22:36.375Z] 06:22:36 INFO - r13 = 0x0000000000000000 r14 = 0x0000000081320ffe
[task 2024-01-30T06:22:36.375Z] 06:22:36 INFO - r15 = 0x00007ffe8d5cf660 rip = 0x00007faf8786f07a
[task 2024-01-30T06:22:36.375Z] 06:22:36 INFO - Found by: call frame info
On a local debug disable-optimize build, I was getting another panic, around the same code, but on get_unchecked:
Hit MOZ_CRASH(slice::get_unchecked requires that the index is within the slice) at /Users/glandium/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/slice/index.rs:228
|
Reporter | |
Comment 1•8 months ago
|
||
I wonder if that's still a problem:
https://searchfox.org/mozilla-central/rev/2a867dd1ab015c3ef24b774a57709fb3b3dc4961/servo/components/style/gecko_string_cache/mod.rs#69-73
Flags: needinfo?(emilio)
|
Assignee | |
Comment 2•8 months ago
|
||
Probably not... But that said, I don't see where the overflow is, am I missing something?
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 3•8 months ago
|
||
We hopefully don't hit bug 1517685 again.
|
||
Updated•8 months ago
|
Assignee: nobody → emilio
Status: NEW → ASSIGNED
|
|
Reporter | |
Comment 4•8 months ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #2)
Probably not... But that said, I don't see where the overflow is, am I missing something?
So the weird thing is that I wanted to see it too, and applied this patch:
- let addr = &gGkAtoms as *const _ as usize + kGkAtomsArrayOffset as usize;
+ let addr = dbg!(&gGkAtoms as *const _ as usize) + dbg!(kGkAtomsArrayOffset as usize);
... which made it not happen anymore, but then the get_unchecked one hit. Sounds like the compiler doing bad stuff with the UB, to the point of mishandling its own invariant check... which, honestly, doesn't sound great if that's the case, although arguably, cargo defaults to non-optimized for debug builds, so outside of cases like ours, it might not causing trouble.
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a570b0623013
Simplify Servo static atom setup. r=glandium,firefox-style-system-reviewers,zrhoffman
|
||
Comment 6•8 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
status-firefox124:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 124 Branch
|
|
Reporter | |
Comment 7•8 months ago
|
||
Downstreams are going to build with 1.76 sooner or later, and that yields "Illegal instruction" (the code contains ud2 instead of throwing a panic). We'll want to have this on beta and esr. We can either uplift the full fix, or, replacing get_unchecked with simple pointer math if we want a smaller patch. WDYT?
Flags: needinfo?(emilio)
|
|
Reporter | |
Comment 8•8 months ago
|
||
Full analysis on https://glandium.org/blog/?p=4354
|
|
Assignee | |
Comment 9•8 months ago
|
||
If the problem is that get_unchecked, it should not affect release builds at all right? It's only used inside debug_assert which hopefully doesn't get to the optimiser in non-debug builds.
Flags: needinfo?(emilio) → needinfo?(mh+mozilla)
|
|
Reporter | |
Comment 10•8 months ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #9)
If the problem is that get_unchecked, it should not affect release builds at all right? It's only used inside debug_assert which hopefully doesn't get to the optimiser in non-debug builds.
See my blog post. It does affect release builds.
Flags: needinfo?(mh+mozilla)
|
|
Reporter | |
Comment 11•8 months ago
|
||
Oh, you mean valid_static_atom_addr is only in a debug_assert.
|
|
Assignee | |
Comment 12•8 months ago
|
||
(In reply to Mike Hommey [:glandium] from comment #11)
Oh, you mean valid_static_atom_addr is only in a debug_assert.
Yeah, exactly.
You need to log in
before you can comment on or make changes to this bug.
Description
•