serenity icon indicating copy to clipboard operation
serenity copied to clipboard
verified publisher icon SerenityOS

https://flatassembler.net/ crashes after loading

Open kalenikaliaksandr opened this issue 2 years ago • 3 comments

Backtrace:

* thread #1, name = 'WebContent', stop reason = signal SIGILL: illegal operand
    frame #0: 0x00007ff852fb7950 liblagom-core.so.0`::ak_verification_failed() at Assertions.cpp:108:5
   105  #    if defined(EXECINFO_BACKTRACE)
   106      dump_backtrace();
   107  #    endif
-> 108      __builtin_trap();
   109  }
   110  }
   111 
(lldb) bt
* thread #1, name = 'WebContent', stop reason = signal SIGILL: illegal operand
  * frame #0: 0x00007ff852fb7950 liblagom-core.so.0`::ak_verification_failed() at Assertions.cpp:108:5
    frame #1: 0x00007ff852078634 liblagom-web.so.0`::call() [inlined] operator-> at GCPtr.h:168:9
    frame #2: 0x00007ff852078628 liblagom-web.so.0`::call() [inlined] operator() at HTMLLinkElement.cpp:507:9
    frame #3: 0x00007ff852078604 liblagom-web.so.0`::call() at Function.h:182:20
    frame #4: 0x00007ff851fd945f liblagom-web.so.0`::operator()() at Function.h:115:25
    frame #5: 0x00007ff85203f42b liblagom-web.so.0`::execute() [inlined] operator() at SafeFunction.h:85:25
    frame #6: 0x00007ff85203f404 liblagom-web.so.0`::execute() at Task.cpp:31:5
    frame #7: 0x00007ff85203dac0 liblagom-web.so.0`::process() at EventLoop.cpp:111:22
    frame #8: 0x00007ff8522490e0 liblagom-web.so.0`::call() [inlined] operator() at SafeFunction.h:85:25
    frame #9: 0x00007ff8522490d1 liblagom-web.so.0`::call() [inlined] operator() at TimerSerenity.cpp:23:13
    frame #10: 0x00007ff8522490b5 liblagom-web.so.0`::call() at Function.h:182:20
    frame #11: 0x00007ff852f94e9f liblagom-core.so.0`::operator()() at Function.h:115:25
    frame #12: 0x00007ff852f94415 liblagom-core.so.0`::dispatch_event() at EventReceiver.cpp:163:17
    frame #13: 0x000056170ea3e4be WebContent`::impl() [inlined] qt_timer_fired at EventLoopImplementationQt.cpp:90:12
    frame #14: 0x000056170ea3e47a WebContent`::impl() [inlined] operator() at EventLoopImplementationQt.cpp:105:9
    frame #15: 0x000056170ea3e447 WebContent`::impl() [inlined] call at qobjectdefs_impl.h:127:13
    frame #16: 0x000056170ea3e447 WebContent`::impl() [inlined] call<QtPrivate::List<>, void> at qobjectdefs_impl.h:241:13
    frame #17: 0x000056170ea3e447 WebContent`::impl() at qobjectdefs_impl.h:408:17
    frame #18: 0x00007ff852b8113e libQt6Core.so.6`___lldb_unnamed_symbol10923 + 702
    frame #19: 0x00007ff852b855ce libQt6Core.so.6`QTimer::timeout(QTimer::QPrivateSignal) + 62
    frame #20: 0x00007ff852b73856 libQt6Core.so.6`QObject::event(QEvent*) + 454
    frame #21: 0x00007ff852b36975 libQt6Core.so.6`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 245
    frame #22: 0x00007ff852c70e69 libQt6Core.so.6`QTimerInfoList::activateTimers() + 873
    frame #23: 0x00007ff852d266ac libQt6Core.so.6`___lldb_unnamed_symbol12989 + 44
    frame #24: 0x00007ff850713b2c libglib-2.0.so.0`___lldb_unnamed_symbol2524 + 492
    frame #25: 0x00007ff85076f46f libglib-2.0.so.0`___lldb_unnamed_symbol2824 + 543
    frame #26: 0x00007ff850711d20 libglib-2.0.so.0`g_main_context_iteration + 48
    frame #27: 0x00007ff852d24420 libQt6Core.so.6`QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 112
    frame #28: 0x00007ff852b40cea libQt6Core.so.6`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 698
    frame #29: 0x00007ff852f8d873 liblagom-core.so.0`::exec() at EventLoop.cpp:86:20
    frame #30: 0x000056170ea48ffc WebContent`::serenity_main() at main.cpp:127:23
    frame #31: 0x000056170ea4c632 WebContent`main at Main.cpp:39:19
    frame #32: 0x00007ff8504280d0 libc.so.6`__libc_start_call_main(main=(WebContent`main at Main.cpp:31), argc=3, argv=0x00007ffc265e9278) at libc_start_call_main.h:58:16
    frame #33: 0x00007ff850428189 libc.so.6`__libc_start_main_impl(main=(WebContent`main at Main.cpp:31), argc=3, argv=0x00007ffc265e9278, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007ffc265e9268) at libc-start.c:360:3
    frame #34: 0x000056170e9b3275 WebContent`_start + 37

kalenikaliaksandr avatar Dec 06 '23 21:12 kalenikaliaksandr

This looks like a GC issue. Have you run the GC verifier tool recently?

ADKaster avatar Dec 08 '23 23:12 ADKaster

Tested with ASAN and UBSAN and not seeing anything weird, but I can semi-reliably make it crash with this backtrace on Linux:

(gdb) bt
#0  0x00007f330831b0db in ak_verification_failed () at /home/kling/src/serenity/AK/Assertions.cpp:108
#1  0x00007f330edf027b in operator-> () at /home/kling/src/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/Heap/GCPtr.h:168
#2  operator() () at /home/kling/src/serenity/Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp:507
#3  call () at /home/kling/src/serenity/Meta/Lagom/../../AK/Function.h:182
#4  0x00007f330eaa83e2 in operator() () at /home/kling/src/serenity/Meta/Lagom/../../AK/Function.h:115
#5  0x00007f330e27dd94 in operator() () at /home/kling/src/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/SafeFunction.h:85
#6  0x00007f330ecaa6f2 in process () at /home/kling/src/serenity/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp:111
#7  0x00007f330e27dd94 in operator() () at /home/kling/src/serenity/Meta/Lagom/../../Userland/Libraries/LibJS/SafeFunction.h:85
#8  0x00007f3308259738 in operator() () at /home/kling/src/serenity/Meta/Lagom/../../AK/Function.h:115
#9  0x00007f3308255b7f in dispatch_event () at /home/kling/src/serenity/Userland/Libraries/LibCore/EventReceiver.cpp:163
#10 0x0000560a3343d8ed in qt_timer_fired () at /home/kling/src/serenity/Ladybird/Qt/EventLoopImplementationQt.cpp:90
#11 operator() () at /home/kling/src/serenity/Ladybird/Qt/EventLoopImplementationQt.cpp:105
#12 call () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:127
#13 call<QtPrivate::List<>, void> () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:241
#14 impl () at /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:408
#15 0x00007f3311f8113e in ?? () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#16 0x00007f3311f855ce in QTimer::timeout(QTimer::QPrivateSignal) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#17 0x00007f3311f73856 in QObject::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#18 0x00007f3311f36975 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#19 0x00007f3312070e69 in QTimerInfoList::activateTimers() () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#20 0x00007f33121266ac in ?? () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#21 0x00007f3307b13b2c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007f3307b6f46f in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007f3307b11d20 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007f3312124420 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /lib/x86_64-linux-gnu/libQt6Core.so.6
#25 0x00007f3311f40cea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt6Core.so.6
#26 0x00007f33082360b2 in exec () at /home/kling/src/serenity/Userland/Libraries/LibCore/EventLoop.cpp:86
#27 0x0000560a33476cf2 in serenity_main () at /home/kling/src/serenity/Ladybird/WebContent/main.cpp:127
#28 0x0000560a33482d2e in main () at /home/kling/src/serenity/Userland/Libraries/LibMain/Main.cpp:39

The crashing code is in HTMLLinkElement::load_fallback_favicon_if_needed():

response->unsafe_response()->body()->fully_read(realm, move(process_body), move(process_body_error), global).release_value_but_fixme_should_propagate_errors();

Evidently something in that pointer chain is null.

awesomekling avatar Dec 10 '23 16:12 awesomekling

@kalenikaliaksandr Do you still see this crash? I was looking at this since I wrote the favicon fallback (19313945f23), but I'm not able to repro.

trflynn89 avatar Dec 23 '23 19:12 trflynn89

No longer reproducible for me

kalenikaliaksandr avatar Jan 05 '24 23:01 kalenikaliaksandr