Closed
Bug 1895837
Opened 1 years ago
Closed 1 year ago
[clang-18] AddressSanitizer: SEGV .../dec_group.cc:415:11 in jxl::N_AVX3::DecodeGroupImpl
Categories
(Core :: Sanitizers, defect)
Core
Sanitizers
Tracking
()
RESOLVED
FIXED
128 Branch
| Tracking | Status | |
|---|---|---|
| firefox128 | --- | fixed |
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(1 file)
[task 2024-05-04T21:36:37.788Z] 21:36:37 INFO - AddressSanitizer:DEADLYSIGNAL
[task 2024-05-04T21:36:37.788Z] 21:36:37 INFO - =================================================================
[task 2024-05-04T21:36:37.788Z] 21:36:37 ERROR - ==1003==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f9734c44223 bp 0x7f96e4b0df10 sp 0x7f96e4b0d7e0 T141173)
[task 2024-05-04T21:36:37.788Z] 21:36:37 INFO - ==1003==The signal is caused by a READ memory access.
[task 2024-05-04T21:36:37.788Z] 21:36:37 INFO - ==1003==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
[task 2024-05-04T21:36:38.626Z] 21:36:38 INFO - #0 0x7f9734c44223 in jxl::N_AVX3::DecodeGroupImpl(jxl::FrameHeader const&, jxl::GetBlock*, jxl::GroupDecCache*, jxl::PassesDecoderState*, unsigned long, unsigned long, jxl::RenderPipelineInput&, jxl::ImageBundle*, jxl::DrawMode) /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/dec_group.cc:415:11
[task 2024-05-04T21:36:38.627Z] 21:36:38 INFO - #1 0x7f9734c78011 in jxl::DecodeGroup(jxl::FrameHeader const&, jxl::BitReader* restrict*, unsigned long, unsigned long, jxl::PassesDecoderState*, jxl::GroupDecCache*, unsigned long, jxl::RenderPipelineInput&, jxl::ImageBundle*, unsigned long, bool, bool, bool*) /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/dec_group.cc:778:3
[task 2024-05-04T21:36:38.636Z] 21:36:38 INFO - #2 0x7f9734bfd77f in jxl::FrameDecoder::ProcessACGroup(unsigned long, jxl::BitReader* restrict*, unsigned long, unsigned long, bool, bool) /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/dec_frame.cc:492:5
[task 2024-05-04T21:36:38.636Z] 21:36:38 INFO - #3 0x7f9734c0bdae in operator() /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/dec_frame.cc:712:5
[task 2024-05-04T21:36:38.637Z] 21:36:38 INFO - #4 0x7f9734c0bdae in jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections(jxl::FrameDecoder::SectionInfo const*, unsigned long, jxl::FrameDecoder::SectionStatus*)::$_1, jxl::FrameDecoder::ProcessSections(jxl::FrameDecoder::SectionInfo const*, unsigned long, jxl::FrameDecoder::SectionStatus*)::$_2>::CallDataFunc(void*, unsigned int, unsigned long) /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/base/data_parallel.h:94:14
[task 2024-05-04T21:36:38.638Z] 21:36:38 INFO - #5 0x7f9734fcb0cd in RunRange /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/threads/thread_parallel_runner_internal.cc:145:7
[task 2024-05-04T21:36:38.638Z] 21:36:38 INFO - #6 0x7f9734fcb0cd in jpegxl::ThreadParallelRunner::ThreadFunc(jpegxl::ThreadParallelRunner*, int) /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/threads/thread_parallel_runner_internal.cc:175:9
[task 2024-05-04T21:36:38.638Z] 21:36:38 INFO - #7 0x7f974e037a4f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbda4f) (BuildId: f2119a44a99758114620c8e9d8e243d7094f77f6)
[task 2024-05-04T21:36:38.639Z] 21:36:38 INFO - #8 0x55ce5af5bb88 in asan_thread_start(void*) /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:239:28
[task 2024-05-04T21:36:38.639Z] 21:36:38 INFO - #9 0x7f974e30a6da in start_thread /tmp/glibc/nptl/pthread_create.c:463
[task 2024-05-04T21:36:38.639Z] 21:36:38 INFO - #10 0x7f974d0cda3e in __clone /tmp/glibc/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
[task 2024-05-04T21:36:38.639Z] 21:36:38 INFO - AddressSanitizer can not provide additional info.
[task 2024-05-04T21:36:38.640Z] 21:36:38 INFO - SUMMARY: AddressSanitizer: SEGV /builds/worker/checkouts/gecko/third_party/jpeg-xl/lib/jxl/dec_group.cc:415:11 in jxl::N_AVX3::DecodeGroupImpl(jxl::FrameHeader const&, jxl::GetBlock*, jxl::GroupDecCache*, jxl::PassesDecoderState*, unsigned long, unsigned long, jxl::RenderPipelineInput&, jxl::ImageBundle*, jxl::DrawMode)
[task 2024-05-04T21:36:38.640Z] 21:36:38 INFO - Thread T141173 created by T0 here:
[task 2024-05-04T21:36:38.640Z] 21:36:38 INFO - #0 0x55ce5af45591 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3
[task 2024-05-04T21:36:38.640Z] 21:36:38 INFO - #1 0x7f974e037b63 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xbdb63) (BuildId: f2119a44a99758114620c8e9d8e243d7094f77f6)
[task 2024-05-04T21:36:38.640Z] 21:36:38 INFO - ==1003==ABORTING
from: https://treeherder.mozilla.org/logviewer?job_id=456978735&repo=autoland
|
Assignee | |
Comment 1•1 years ago
|
||
Whatever issues there were with detect_stack_use_after_return during the
clang trunk cycle for clang 15 seem to be gone.
On the other hand, changes in clang 18 trigger a bug[1] that causes stack
misalignment in AVX-512 code when detect_stack_use_after_return is
disabled.
|
||
Comment 2•1 years ago
|
||
Heads up, this bug will re-enable stack-use-after-return detection. You might see this in fuzzing. Let us know if this causes any issues.
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/e0e3391e5162
Undo bug 1768099. r=decoder
|
|
Assignee | |
Comment 4•1 years ago
|
||
It's worth noting that stack-use-after-return was never enabled for fuzzing builds. It was disabled when it became the default in clang trunk.
|
||
Comment 5•1 years ago
•
|
||
Backed out for causing for causing SM bustages in 1659595.js.
- Backout link
- Push with failures
- Failure Log for SUMMARY AddressSanitizer
- Failure Log for SM build bustage
- Failure line:
[task 2024-05-09T08:07:21.007Z] TEST-PASS | check_vanilla_allocations.py | ok
[task 2024-05-09T08:07:21.029Z] make[2]: Leaving directory '/builds/worker/workspace/obj-spider/js/src/build'
[task 2024-05-09T08:07:21.029Z] make[1]: Leaving directory '/builds/worker/workspace/obj-spider'
[task 2024-05-09T08:07:21.029Z] in directory /builds/worker/workspace/obj-spider, running ['make', 'check-jit-test']
[task 2024-05-09T08:07:21.035Z] make -C js/src check-jit-test
[task 2024-05-09T08:07:21.040Z] make[1]: Entering directory '/builds/worker/workspace/obj-spider/js/src'
[task 2024-05-09T08:07:21.040Z] ASAN_SYMBOLIZER_PATH='/builds/worker/fetches/llvm-symbolizer/bin/llvm-symbolizer' ../../dist/bin/run-mozilla.sh /builds/worker/.mozbuild/srcdirs/gecko-8a5b87fe5d69/_virtualenvs/build/bin/python -u /builds/worker/checkouts/gecko/js/src/jit-test/jit_test.py \
[task 2024-05-09T08:07:21.040Z] --no-slow --no-progress --format=automation --jitflags=all \
[task 2024-05-09T08:07:21.040Z] \
[task 2024-05-09T08:07:21.040Z] --show-slow --jitflags=none \
[task 2024-05-09T08:07:21.040Z] ../../dist/bin/js
[task 2024-05-09T08:07:21.549Z] Over recursed
[task 2024-05-09T08:07:21.549Z] Exit code: 1
[task 2024-05-09T08:07:21.549Z] FAIL - 1659595.js
[task 2024-05-09T08:07:21.549Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/1659595.js | Over recursed (code 1, args "") [0.0 s]
[task 2024-05-09T08:07:21.549Z] INFO exit-status : 1
[task 2024-05-09T08:07:21.549Z] INFO timed-out : False
[task 2024-05-09T08:07:21.549Z] INFO stderr 2> Over recursed
[task 2024-05-09T08:07:21.585Z] Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.585Z] Falling back on parsing source.
[task 2024-05-09T08:07:21.586Z] Over recursed
[task 2024-05-09T08:07:21.586Z] Exit code: 1
[task 2024-05-09T08:07:21.586Z] FAIL - bug1323854-2.js
[task 2024-05-09T08:07:21.586Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/bug1323854-2.js | Can't open self-hosted stencil XDR file. (code 1, args "--ion-gvn=off") [0.0 s]
[task 2024-05-09T08:07:21.586Z] INFO exit-status : 1
[task 2024-05-09T08:07:21.586Z] INFO timed-out : False
[task 2024-05-09T08:07:21.586Z] INFO stderr 2> Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.586Z] INFO stderr 2> Falling back on parsing source.
[task 2024-05-09T08:07:21.586Z] INFO stderr 2> Over recursed
[task 2024-05-09T08:07:21.586Z] Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.586Z] Falling back on parsing source.
[task 2024-05-09T08:07:21.586Z] Over recursed
[task 2024-05-09T08:07:21.586Z] Exit code: 1
[task 2024-05-09T08:07:21.586Z] FAIL - bug1366925.js
[task 2024-05-09T08:07:21.586Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/bug1366925.js | Can't open self-hosted stencil XDR file. (code 1, args "") [0.0 s]
[task 2024-05-09T08:07:21.586Z] INFO exit-status : 1
[task 2024-05-09T08:07:21.586Z] INFO timed-out : False
[task 2024-05-09T08:07:21.586Z] INFO stderr 2> Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.587Z] INFO stderr 2> Falling back on parsing source.
[task 2024-05-09T08:07:21.587Z] INFO stderr 2> Over recursed
[task 2024-05-09T08:07:21.588Z] Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.588Z] Falling back on parsing source.
[task 2024-05-09T08:07:21.588Z] Over recursed
[task 2024-05-09T08:07:21.588Z] Exit code: 1
[task 2024-05-09T08:07:21.588Z] FAIL - backup-point-bug1315634.js
[task 2024-05-09T08:07:21.588Z] TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/backup-point-bug1315634.js | Can't open self-hosted stencil XDR file. (code 1, args "") [0.0 s]
[task 2024-05-09T08:07:21.589Z] INFO exit-status : 1
[task 2024-05-09T08:07:21.589Z] INFO timed-out : False
[task 2024-05-09T08:07:21.589Z] INFO stderr 2> Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.589Z] INFO stderr 2> Falling back on parsing source.
[task 2024-05-09T08:07:21.589Z] INFO stderr 2> Over recursed
[task 2024-05-09T08:07:21.589Z] Can't open self-hosted stencil XDR file.
[task 2024-05-09T08:07:21.589Z] Falling back on parsing source.
[task 2024-05-09T08:07:21.589Z] Over recursed
[task 2024-05-09T08:07:21.589Z] Exit code: 1
[task 2024-05-09T08:07:21.589Z] FAIL - bug1213574.js
<...>
Flags: needinfo?(mh+mozilla)
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/6d33721029ff
Undo bug 1768099. r=decoder
|
||
Comment 7•1 year ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox128:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
|
|
Assignee | |
Updated•1 year ago
|
Flags: needinfo?(mh+mozilla)
|
||
Updated•7 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•