hashbrown icon indicating copy to clipboard operation
hashbrown copied to clipboard
verified publisher icon rust-lang

Hashbrown crash due to bad malloc

Open jacobgorm opened this issue 2 years ago • 1 comments

hi,

I am working on a Tauri project, and after updating to Tauri 1.5.2 I have been hitting this when using the auto-update feature:

0   libsystem_kernel.dylib               0x188fe111c __pthread_kill + 8
1   libsystem_pthread.dylib             0x189018cc0 pthread_kill + 288
2   libsystem_c.dylib                   0x188f28a40 abort + 180
3   libsystem_malloc.dylib               0x188e3fb08 malloc_vreport + 908
4   libsystem_malloc.dylib               0x188e433f4 malloc_report + 64
5   libsystem_malloc.dylib               0x188e57ebc find_zone_and_free + 308
6   Jamscape_dev                         0x10544d5ac _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::deallocate::h3b6fa631b372b4b2 + 100
7   Jamscape_dev                         0x10544db8c _$LT$alloc..raw_vec..RawVec$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h8aa92e308f0ec0f2 + 104
8   Jamscape_dev                         0x10544c404 core::ptr::drop_in_place$LT$alloc..raw_vec..RawVec$LT$u8$GT$$GT$::h09995669823630f0 + 24
9   Jamscape_dev                         0x10544c320 core::ptr::drop_in_place$LT$alloc..vec..Vec$LT$u8$GT$$GT$::hc10bd1359d74c61a + 68
10  Jamscape_dev                         0x10544c2d0 core::ptr::drop_in_place$LT$alloc..string..String$GT$::h345097467142dafb + 24
11  Jamscape_dev                         0x105248bd8 core::ptr::drop_in_place$LT$tauri_runtime_wry..WindowWrapper$GT$::h1112a2fcf62ef460 + 28
12  Jamscape_dev                         0x105249368 core::ptr::drop_in_place$LT$$LP$u64$C$tauri_runtime_wry..WindowWrapper$RP$$GT$::hb17ead8247a18606 + 24
13  Jamscape_dev                         0x10521abcc hashbrown::raw::Bucket$LT$T$GT$::drop::hee8050c08d3bbddb + 136
14  Jamscape_dev                         0x10521c564 hashbrown::raw::RawTable$LT$T$C$A$GT$::drop_elements::ha24a49f3fe95a7db + 208
15  Jamscape_dev                         0x105219f6c _$LT$hashbrown..raw..RawTable$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h918c530a5ac879a6 + 56
16  Jamscape_dev                         0x105249b70 core::ptr::drop_in_place$LT$hashbrown..raw..RawTable$LT$$LP$u64$C$tauri_runtime_wry..WindowWrapper$RP$$GT$$GT$::hddf3979f0a52a379 + 24
17  Jamscape_dev                         0x105246ea8 core::ptr::drop_in_place$LT$hashbrown..map..HashMap$LT$u64$C$tauri_runtime_wry..WindowWrapper$C$std..collections..hash..map..RandomState$GT$$GT$::h3f1f261caf44368f + 24
18  Jamscape_dev                         0x105246178 core::ptr::drop_in_place$LT$std..collections..hash..map..HashMap$LT$u64$C$tauri_runtime_wry..WindowWrapper$GT$$GT$::h991fb323e63cb93e + 24
19  Jamscape_dev                         0x105246e84 core::ptr::drop_in_place$LT$core..cell..UnsafeCell$LT$std..collections..hash..map..HashMap$LT$u64$C$tauri_runtime_wry..WindowWrapper$GT$$GT$$GT$::heefac6c34beb7b08 + 24
20  Jamscape_dev                         0x105246cf8 core::ptr::drop_in_place$LT$core..cell..RefCell$LT$std..collections..hash..map..HashMap$LT$u64$C$tauri_runtime_wry..WindowWrapper$GT$$GT$$GT$::h68eae5cf62608460 + 24
21  Jamscape_dev                         0x1052400b0 _$LT$alloc..rc..Rc$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h171f9537e4975776 + 164
22  Jamscape_dev                         0x10524727c core::ptr::drop_in_place$LT$alloc..rc..Rc$LT$core..cell..RefCell$LT$std..collections..hash..map..HashMap$LT$u64$C$tauri_runtime_wry..WindowWrapper$GT$$GT$$GT$$GT$::h00022cd5cd5084f7 + 24
23  Jamscape_dev                         0x1050f5e18 tauri_runtime_wry::handle_user_message::h3df2ed605959d6ac + 30868
24  Jamscape_dev                         0x104e2b354 tauri_runtime_wry::handle_event_loop::ha937412070a75dce + 4536 ([lib.rs:3075](http://lib.rs:3075/))
25  Jamscape_dev                         0x104e2e7e4 _$LT$tauri_runtime_wry..Wry$LT$T$GT$$u20$as$u20$tauri_runtime..Runtime$LT$T$GT$$GT$::run::_$u7b$$u7b$closure$u7d$$u7d$::he6075d6cd504a25d + 692 ([lib.rs:2342](http://lib.rs:2342/))
26  Jamscape_dev                         0x104f4b704 _$LT$tao..platform_impl..platform..app_state..EventLoopHandler$LT$T$GT$$u20$as$u20$tao..platform_impl..platform..app_state..EventHandler$GT$::handle_user_events::_$u7b$$u7b$closure$u7d$$u7d$::h66f05e8e50f106ef + 856 ([app_state.rs:117](http://app_state.rs:117/))
27  Jamscape_dev                         0x104f4be70 tao::platform_impl::platform::app_state::EventLoopHandler$LT$T$GT$::with_callback::he1cccedcc2c4eb19 + 428 ([app_state.rs:79](http://app_state.rs:79/))
28  Jamscape_dev                         0x104f4b3a0 _$LT$tao..platform_impl..platform..app_state..EventLoopHandler$LT$T$GT$$u20$as$u20$tao..platform_impl..platform..app_state..EventHandler$GT$::handle_user_events::h97560dd0fdb584dd + 40 ([app_state.rs:111](http://app_state.rs:111/))
29  Jamscape_dev                         0x1052ab610 tao::platform_impl::platform::app_state::Handler::handle_user_events::h1b24e58c2e3264c9 + 324
30  Jamscape_dev                         0x1052ace98 tao::platform_impl::platform::app_state::AppState::cleared::hbb180447c1f1bb1a + 424
31  Jamscape_dev                         0x1052d3408 tao::platform_impl::platform::observer::control_flow_end_handler::_$u7b$$u7b$closure$u7d$$u7d$::h478bbfd33460e5da + 124
32  Jamscape_dev                         0x1052d321c tao::platform_impl::platform::observer::control_flow_handler::_$u7b$$u7b$closure$u7d$$u7d$::h2db82c3ea26e5b5c + 48
33  Jamscape_dev                         0x1052e3b18 std::panicking::try::do_call::h72756c55419d11cf + 52
34  Jamscape_dev                         0x1052eec34 __rust_try + 32
35  Jamscape_dev                         0x1052e392c std::panicking::try::h41aba550f8a7c56f + 84
36  Jamscape_dev                         0x1052a1f9c std::panic::catch_unwind::he36e42555bb4fd43 + 32
37  Jamscape_dev                         0x10528b768 tao::platform_impl::platform::event_loop::stop_app_on_panic::h1b26250f39676ed0 + 64
38  Jamscape_dev                         0x1052d3170 tao::platform_impl::platform::observer::control_flow_handler::hefb16ebe938c57cd + 280
39  Jamscape_dev                         0x1052d3380 tao::platform_impl::platform::observer::control_flow_end_handler::hd0a7cc1e4c2de82e + 52
40  CoreFoundation                       0x1890f50a0 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36
41  CoreFoundation                       0x1890f4f8c __CFRunLoopDoObservers + 532
42  CoreFoundation                       0x1890f46b8 __CFRunLoopRun + 1028
43  CoreFoundation                       0x1890f3c5c CFRunLoopRunSpecific + 608
44  HIToolbox                           0x193670448 RunCurrentEventLoopInMode + 292
45  HIToolbox                           0x193670284 ReceiveNextEventCommon + 648
46  HIToolbox                           0x19366ffdc _BlockUntilNextEventMatchingListInModeWithFilter + 76
47  AppKit                               0x18c8cec54 _DPSNextEvent + 660
48  AppKit                               0x18d0a4ebc -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 716
49  AppKit                               0x18c8c2100 -[NSApplication run] + 476
50  Jamscape_dev                         0x10520a64c _$LT$$LP$$RP$$u20$as$u20$objc..message..MessageArguments$GT$::invoke::h6ffa29c13c45f8ad + 64
51  Jamscape_dev                         0x1051ebedc objc::message::platform::send_unverified::_$u7b$$u7b$closure$u7d$$u7d$::h36dede0269f4626d + 52
52  Jamscape_dev                         0x1051e8b4c objc_exception::try::_$u7b$$u7b$closure$u7d$$u7d$::h9a39498abc446063 + 44
53  Jamscape_dev                         0x1051e5f80 objc_exception::try_no_ret::try_objc_execute_closure::h9db87fefeca70005 + 76
54  Jamscape_dev                         0x1058f19ec RustObjCExceptionTryCatch + 36
55  Jamscape_dev                         0x1051e3f20 objc_exception::try_no_ret::h608d2ff5e8e3603f + 168
56  Jamscape_dev                         0x1051e66c4 objc_exception::try::h47a8c415a73c7af7 + 72
57  Jamscape_dev                         0x10520fe14 objc::exception::try::h327bceb955c96f7c + 12
58  Jamscape_dev                         0x1051e9e10 objc::message::platform::send_unverified::h3b83088c385148d3 + 136
59  Jamscape_dev                         0x104fc76cc objc::message::send_message::h5acf2b3504c54a6f + 20 ([mod.rs:178](http://mod.rs:178/)) [inlined]
60  Jamscape_dev                         0x104fc76cc tao::platform_impl::platform::event_loop::EventLoop$LT$T$GT$::run_return::h2b087a1a56cdedac + 1100 ([event_loop.rs:193](http://event_loop.rs:193/))
61  Jamscape_dev                         0x104fc86d4 tao::platform_impl::platform::event_loop::EventLoop$LT$T$GT$::run::h09783b506abecd9d + 20 ([event_loop.rs:160](http://event_loop.rs:160/))
62  Jamscape_dev                         0x104c97800 tao::event_loop::EventLoop$LT$T$GT$::run::h9920a60abe5a4812 + 60 ([event_loop.rs:179](http://event_loop.rs:179/))
63  Jamscape_dev                         0x104e2e3a0 _$LT$tauri_runtime_wry..Wry$LT$T$GT$$u20$as$u20$tauri_runtime..Runtime$LT$T$GT$$GT$::run::hcfcec858f9321d85 + 756 ([lib.rs:2314](http://lib.rs:2314/))
64  Jamscape_dev                         0x104fd834c tauri::app::App$LT$R$GT$::run::h4f45f2090fc8148e + 280 ([app.rs:868](http://app.rs:868/))
65  Jamscape_dev                         0x104fd87d0 tauri::app::Builder$LT$R$GT$::run::h9e6ecf26819be3ec + 120 ([app.rs:1722](http://app.rs:1722/))
66  Jamscape_dev                         0x104cf8504 app::main::ha28cce926cd67973 + 12324 ([main.rs:173](http://main.rs:173/))
67  Jamscape_dev                         0x104c46810 core::ops::function::FnOnce::call_once::hc5fe19d6bb4e03db + 20 ([function.rs:250](http://function.rs:250/))
68  Jamscape_dev                         0x104fc0854 std::sys_common::backtrace::__rust_begin_short_backtrace::h2b69912e7a958cf1 + 24 ([backtrace.rs:154](http://backtrace.rs:154/))
69  Jamscape_dev                         0x104cd85c4 std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h56d03a1bd5523624 + 28 ([rt.rs:166](http://rt.rs:166/))
70  Jamscape_dev                         0x10590a34c std::rt::lang_start_internal::haeade8bb0e866fa6 + 648
71  Jamscape_dev                         0x104cd8590 std::rt::lang_start::hd06be6379018a1f9 + 84 ([rt.rs:165](http://rt.rs:165/))
72  Jamscape_dev                         0x104cf9090 main + 36
73  dyld                                 0x188c9d0e0 start + 2360```

(Jamscape_dev is the name of my app).

In some cases I am also seeing this logged to the console:

```Jamscape_dev(16032,0x1df1c9ec0) malloc: *** error for object 0x6000000fc2c0: pointer being freed was not allocated
Jamscape_dev(16032,0x1df1c9ec0) malloc: *** set a breakpoint in malloc_error_break to debug

  [6:57 PM](https://jamscape.slack.com/archives/C052N7Z0L1Z/p1702317468266849)```

Could this be due to a bug in Hashbrown? Any help or insights would be much appreciated.

Thanks!

jacobgorm avatar Dec 11 '23 18:12 jacobgorm

Can you run this under valgrind so all allocations are checked?

Amanieu avatar Dec 11 '23 19:12 Amanieu