Google Drive Segmentation Fault

For support with specific websites

Moderator: trava90

Forum rules
Please always mention the name/domain of the website in question in your topic title.
Please one website per topic thread (to help keep things organized). While behavior on different sites might at first glance seem similar, they are not necessarily caused by the same.

Please try to include any relevant output from the Toolkit Error Console or the Developer Tools Web Console using the following procedure:
  1. Clear any current output
  2. Navigate or refresh the page in question
  3. Copy and paste Errors or seemingly relevant Warnings into a single [ code ] block.
User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-10, 02:03

Hello the following link will always segfault the browser:
https://drive.google.com/file/d/1IYmniB ... rFCFv/view

built on:
gcc 11.2.0 palemoon 29.4.6 x86_64 X11, Muslc Linux 5.17

Note that only this specific js code for this page can cause a crash; other pages
of google drive work fine.

Have a look at the backtrace:

Code: Select all

   0x00007ffc2ba465a0 <+0>:     push   r15
   0x00007ffc2ba465a2 <+2>:     mov    r15,r8
   0x00007ffc2ba465a5 <+5>:     push   r14
   0x00007ffc2ba465a7 <+7>:     push   r13
   0x00007ffc2ba465a9 <+9>:     mov    r13,rdi
   0x00007ffc2ba465ac <+12>:    push   r12
   0x00007ffc2ba465ae <+14>:    mov    r12d,edx
   0x00007ffc2ba465b1 <+17>:    push   rbp
   0x00007ffc2ba465b2 <+18>:    mov    ebp,ecx
   0x00007ffc2ba465b4 <+20>:    push   rbx
   0x00007ffc2ba465b5 <+21>:    lea    rbx,[rip+0x876b24]        # 0x7ffc2c2bd0e0 <_ZN2js8frontendL15PrecedenceTableE>
   0x00007ffc2ba465bc <+28>:    sub    rsp,0x78
=> 0x00007ffc2ba465c0 <+32>:    mov    DWORD PTR [rsp+0x1c],esi    ; crashed right here
   0x00007ffc2ba465c4 <+36>:    mov    DWORD PTR [rsp+0x18],r9d
   0x00007ffc2ba465c9 <+41>:    mov    rax,QWORD PTR fs:0x28
   0x00007ffc2ba465d2 <+50>:    mov    QWORD PTR [rsp+0x68],rax
   0x00007ffc2ba465d7 <+55>:    xor    eax,eax
   0x00007ffc2ba465d9 <+57>:    lea    rax,[rdi+0x18]
   0x00007ffc2ba465dd <+61>:    mov    DWORD PTR [rsp+0xc],0x0
   0x00007ffc2ba465e5 <+69>:    mov    QWORD PTR [rsp+0x10],rax
   0x00007ffc2ba465ea <+74>:    nop    WORD PTR [rax+rax*1+0x0]
   0x00007ffc2ba465f0 <+80>:    mov    r8d,DWORD PTR [rsp+0x18]
   0x00007ffc2ba465f5 <+85>:    mov    rcx,r15
   0x00007ffc2ba465f8 <+88>:    mov    edx,ebp
   0x00007ffc2ba465fa <+90>:    mov    esi,r12d
   0x00007ffc2ba465fd <+93>:    mov    rdi,r13
   0x00007ffc2ba46600 <+96>:    call   0x7ffc2ba45c70 <_ZN2js8frontend6ParserINS0_18SyntaxParseHandlerEE9unaryExprENS0_13YieldHandlingENS0_17TripledotHandlingEPNS3_13PossibleErrorENS0_10ParserBase17InvokedPredictionE>
   0x00007ffc2ba46605 <+101>:   mov    r14d,eax
   0x00007ffc2ba46608 <+104>:   test   eax,eax
   0x00007ffc2ba4660a <+106>:   je     0x7ffc2ba467b4 <_ZN2js8frontend6ParserINS0_18SyntaxParseHandlerEE9condExpr1ENS0_10InHandlingENS0_13YieldHandlingENS0_17TripledotHandlingEPNS3_13PossibleErrorENS0_10ParserBase17InvokedPredictionE+532>
   0x00007ffc2ba46610 <+112>:   mov    eax,DWORD PTR [r13+0x2d4]
   0x00007ffc2ba46617 <+119>:   test   eax,eax
   0x00007ffc2ba46619 <+121>:   je     0x7ffc2ba46768 <_ZN2js8frontend6ParserINS0_18SyntaxParseHandlerEE9condExpr1ENS0_10InHandlingENS0_13YieldHandlingENS0_17TripledotHandlingEPNS3_13PossibleErrorENS0_10ParserBase17InvokedPredictionE+456>
   0x00007ffc2ba4661f <+127>:   sub    eax,0x1
   0x00007ffc2ba46622 <+130>:   mov    DWORD PTR [r13+0x2d4],eax
   0x00007ffc2ba46629 <+137>:   mov    eax,DWORD PTR [r13+0x2d0]
   0x00007ffc2ba46630 <+144>:   add    eax,0x1
   0x00007ffc2ba46633 <+147>:   and    eax,0x3
   0x00007ffc2ba46636 <+150>:   mov    DWORD PTR [r13+0x2d0],eax
   0x00007ffc2ba4663d <+157>:   shl    rax,0x5
   0x00007ffc2ba46641 <+161>:   mov    ecx,DWORD PTR [r13+rax*1+0x250]
   0x00007ffc2ba46649 <+169>:   mov    DWORD PTR [rsp+0x2c],ecx
   0x00007ffc2ba4664d <+173>:   cmp    ecx,0x56
-----------------------------------------------------------------------------------------------------------------------------
0x00007ffc2ba465c0 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1 (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff00f0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8007
8007    Parser<ParseHandler>::condExpr1(InHandling inHandling, YieldHandling yieldHandling,
Increasing the stack size does not seem to fix the problem.
Last 30 calls before crash in condExpr1:

Code: Select all

#0  0x00007ffc2ba465c0 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff00f0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8007
#1  0x00007ffc2ba3f65c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8134
#2  0x00007ffc2ba4244f in js::frontend::Parser<js::frontend::SyntaxParseHandler>::argumentList(js::frontend::YieldHandling, js::frontend::SyntaxParseHandler::Node, bool*, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, listNode=listNode@entry=js::frontend::SyntaxParseHandler::NodeFunctionCall, isSpread=isSpread@entry=0x7ffc1eff0264, possibleError=0x0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/TokenStream.h:694
#3  0x00007ffc2ba4585c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=0x1, possibleError=<optimized out>, invoked=<optimized out>) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:9064
#4  0x00007ffc2ba45d7e in js::frontend::Parser<js::frontend::SyntaxParseHandler>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0440, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8457
#5  0x00007ffc2ba46605 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::orExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (invoked=js::frontend::ParserBase::PredictUninvoked, possibleError=0x7ffc1eff0440, tripledotHandling=js::frontend::TripledotProhibited, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, this=0x7ffc1f00fcc0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:7946
#6  js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0440, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8012
#7  0x00007ffc2ba3f65c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8134
#8  0x00007ffc2ba4244f in js::frontend::Parser<js::frontend::SyntaxParseHandler>::argumentList(js::frontend::YieldHandling, js::frontend::SyntaxParseHandler::Node, bool*, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, listNode=listNode@entry=js::frontend::SyntaxParseHandler::NodeFunctionCall, isSpread=isSpread@entry=0x7ffc1eff05b4, possibleError=0x0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/TokenStream.h:694
#9  0x00007ffc2ba4585c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=0x1, possibleError=<optimized out>, invoked=<optimized out>) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:9064
#10 0x00007ffc2ba45d7e in js::frontend::Parser<js::frontend::SyntaxParseHandler>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0790, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8457
#11 0x00007ffc2ba46605 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::orExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (invoked=js::frontend::ParserBase::PredictUninvoked, possibleError=0x7ffc1eff0790, tripledotHandling=js::frontend::TripledotProhibited, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, this=0x7ffc1f00fcc0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:7946
#12 js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0790, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8012
#13 0x00007ffc2ba3f65c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8134
#14 0x00007ffc2ba4244f in js::frontend::Parser<js::frontend::SyntaxParseHandler>::argumentList(js::frontend::YieldHandling, js::frontend::SyntaxParseHandler::Node, bool*, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, listNode=listNode@entry=js::frontend::SyntaxParseHandler::NodeFunctionCall, isSpread=isSpread@entry=0x7ffc1eff0904, possibleError=0x0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/TokenStream.h:694
#15 0x00007ffc2ba4585c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=0x1, possibleError=<optimized out>, invoked=<optimized out>) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:9064
#16 0x00007ffc2ba45d7e in js::frontend::Parser<js::frontend::SyntaxParseHandler>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0ae0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8457
#17 0x00007ffc2ba46605 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::orExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (invoked=js::frontend::ParserBase::PredictUninvoked, possibleError=0x7ffc1eff0ae0, tripledotHandling=js::frontend::TripledotProhibited, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, this=0x7ffc1f00fcc0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:7946
#18 js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0ae0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8012
#19 0x00007ffc2ba3f65c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8134
#20 0x00007ffc2ba4244f in js::frontend::Parser<js::frontend::SyntaxParseHandler>::argumentList(js::frontend::YieldHandling, js::frontend::SyntaxParseHandler::Node, bool*, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, listNode=listNode@entry=js::frontend::SyntaxParseHandler::NodeFunctionCall, isSpread=isSpread@entry=0x7ffc1eff0c54, possibleError=0x0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/TokenStream.h:694
#21 0x00007ffc2ba4585c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=0x1, possibleError=<optimized out>, invoked=<optimized out>) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:9064
#22 0x00007ffc2ba45d7e in js::frontend::Parser<js::frontend::SyntaxParseHandler>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0e30, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8457
#23 0x00007ffc2ba46605 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::orExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (invoked=js::frontend::ParserBase::PredictUninvoked, possibleError=0x7ffc1eff0e30, tripledotHandling=js::frontend::TripledotProhibited, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, this=0x7ffc1f00fcc0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:7946
#24 js::frontend::Parser<js::frontend::SyntaxParseHandler>::condExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff0e30, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8012
#25 0x00007ffc2ba3f65c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::assignExpr(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, inHandling=inHandling@entry=js::frontend::InAllowed, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x0, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8134
#26 0x00007ffc2ba4244f in js::frontend::Parser<js::frontend::SyntaxParseHandler>::argumentList(js::frontend::YieldHandling, js::frontend::SyntaxParseHandler::Node, bool*, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, listNode=listNode@entry=js::frontend::SyntaxParseHandler::NodeFunctionCall, isSpread=isSpread@entry=0x7ffc1eff0fa4, possibleError=0x0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/TokenStream.h:694
#27 0x00007ffc2ba4585c in js::frontend::Parser<js::frontend::SyntaxParseHandler>::memberExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::TokenKind, bool, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, tt=<optimized out>, allowCallSyntax=allowCallSyntax@entry=0x1, possibleError=<optimized out>, invoked=<optimized out>) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:9064
#28 0x00007ffc2ba45d7e in js::frontend::Parser<js::frontend::SyntaxParseHandler>::unaryExpr(js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (this=this@entry=0x7ffc1f00fcc0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, tripledotHandling=tripledotHandling@entry=js::frontend::TripledotProhibited, possibleError=possibleError@entry=0x7ffc1eff1180, invoked=invoked@entry=js::frontend::ParserBase::PredictUninvoked) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:8457
#29 0x00007ffc2ba46605 in js::frontend::Parser<js::frontend::SyntaxParseHandler>::orExpr1(js::frontend::InHandling, js::frontend::YieldHandling, js::frontend::TripledotHandling, js::frontend::Parser<js::frontend::SyntaxParseHandler>::PossibleError*, js::frontend::ParserBase::InvokedPrediction)
    (invoked=js::frontend::ParserBase::PredictUninvoked, possibleError=0x7ffc1eff1180, tripledotHandling=js::frontend::TripledotProhibited, yieldHandling=js::frontend::YieldIsName, inHandling=js::frontend::InAllowed, this=0x7ffc1f00fcc0) at /cache/kiss/proc/3122/build/palemoon/platform/js/src/frontend/Parser.cpp:7946
Let me know if you can reproduce and maybe find a fix. Thanks.

User avatar
Disil07
Moon lover
Moon lover
Posts: 76
Joined: 2021-03-31, 05:15
Location: Indonesia
Contact:

Re: Google Drive Segmentation Fault

Unread post by Disil07 » 2022-05-11, 06:44

I can't reproduce the issues on clean profile, it does not cause any crashes.
Image
Do you have tried this page on clean profile?
Debian 12 Bookworm - KDE Plasma 5.27
Intel Celeron N5100 - 4 gigs of RAM - 256 gigs of SSD

I can barely speak english, so bear that in mind when talking to me

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-11, 16:18

Seems like you are using Windows. There can be subtle differences, for example linux kernel being more picky about a SIGSEGV signal where if a thread crashes the whole program won't. And obviously there are a lot more factors at play here, for example just running the browser with valgrind produces tons of memory errors without even loading any page. So basically memory corruption just from a startup can cause any kind of weird behaviors and crashes. I wonder does the developer even check the program for invalid memory operations at all, cause it's a shame. Any respectable program should not have invalid malloc/free operations happen at startup.

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: Google Drive Segmentation Fault

Unread post by Nuck-TH » 2022-05-11, 16:40

Instead of shame calling you should post in detail about your build environment and .mozconfig, because apparently you are doing your own build. Invalid environment or config may cause pretty much any issues.
For starters, GCC 11 support is considered experimental, which means that any issues could arise. Even 9 and 10 are not recommended.

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-11, 17:06

And yes, I've tested on clean profile, same crash obviously. It's just a bug in JS parser it seems.

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-11, 17:10

Nuck-TH wrote:
2022-05-11, 16:40
Instead of shame calling you should post in detail about your build environment and .mozconfig, because apparently you are doing your own build. Invalid environment or config may cause pretty much any issues.
For starters, GCC 11 support is considered experimental, which means that any issues could arise. Even 9 and 10 are not recommended.
Right, here is the exact build script:
https://github.com/ehawkvu/kiss-xorg/bl ... moon/build
Here is the mozconfig:
https://github.com/ehawkvu/kiss-xorg/bl ... zconfig.in
And some extra stuff in general for this package:
https://github.com/ehawkvu/kiss-xorg/tr ... y/palemoon

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: Google Drive Segmentation Fault

Unread post by Nuck-TH » 2022-05-11, 17:28

I haven't any significant knowledge about building for linux, but still my eyes catch on this:

Code: Select all

ac_add_options --disable-jemalloc
Why this is done? jemalloc is only supported memory allocator and essential for platform functioning.
Also --enable-optimize is taken somewhere outside, which may cause issues if it has, for example, -O3.
Anyway, at least configuration is non-standart and compiler is out of robustly supported range, so you can't blame project, because apparently it works fine with official configuration, as no such issues(or any stablity issues on linux for that matter) have been reported yet.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Google Drive Segmentation Fault

Unread post by Moonchild » 2022-05-11, 17:51

We rely heavily on jemalloc for proper memory handling on supported platforms (including Linux flavours). This was evaluated using a lot of practical testing, and using the system allocator proved problematic re: stability, so that's the most likely cause here.

P.S.: the issue with /mach being made into a misidentifying bash script by Tobin has been resolved, no need to hack it any longer.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-11, 18:22

Nuck-TH wrote:
2022-05-11, 17:28
I haven't any significant knowledge about building for linux, but still my eyes catch on this:

Code: Select all

ac_add_options --disable-jemalloc
Why this is done? jemalloc is only supported memory allocator and essential for platform functioning.
This is done to reduce bloat and speed up compitation I suppose. Asuming that the jemalloc librarary does not break any standard allocator ABI, there should be no difference and if there is, well it's just another hidden bug.
Nuck-TH wrote:
2022-05-11, 17:28
Also --enable-optimize is taken somewhere outside, which may cause issues if it has, for example, -O3.
Anyway, at least configuration is non-standart and compiler is out of robustly supported range, so you can't blame project, because apparently it works fine with official configuration, as no such issues(or any stablity issues on linux for that matter) have been reported yet.
Not sure about --enable-optimize. I shall add it in later.
Well, you can't hide behind old compilers forever, right? If some old version of Gcc is more forgiving that does not mean your code is actually correct.
Right now I am seeing loads of invalid reads and writes, invalid mallocs and frees being reported by valgrind from all kinds of random places. Do you see the same on your
build? If so this should be a top priority to fix all those issues first in the next version.
This makes debugging this issue insanely difficult not to mention that there are 19 contexts (threads)

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: Google Drive Segmentation Fault

Unread post by Nuck-TH » 2022-05-11, 18:50

Officially supported configuration and compiler versions exist for a reason. It is working, tested and deemed stable. Anything else is up to one who configured differently, it is impossible to test and guarantee stability on all combinations of compiler versions and possible build options.
As for jemalloc: you didn't get it. It is not "bloat", it is required for proper platform operation. That it is build option doesn't mean it's optional.
Asuming that the jemalloc librarary does not break any standard allocator ABI, there should be no difference and if there is, well it's just another hidden bug.
Well, you are free to debug it, because it is result of lack of jemalloc. Compatible ABI doesn't gurantee exact same behaviour or quirks.
Well, you can't hide behind old compilers forever, right? If some old version of Gcc is more forgiving that does not mean your code is actually correct.
Old versions are not "more forgiving", but has well understood bugs and quirks with mature methods to evade them. Each new version has new ones, so needs new research. If it "must be fixed asap", once again you can try it. New GCC versions rarely introduce revolutionary perfomance improvements, so there is no real need to rush things.
Right now I am seeing loads of invalid reads and writes, invalid mallocs and frees being reported by valgrind from all kinds of random places. Do you see the same on your
build? If so this should be a top priority to fix all those issues first in the next version.
You are seeing fruits of lack of jemalloc combined with unsupported GCC version. As said - you are on completely(because of lack of jemalloc) unsupported configuration, so you are on your own.

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-12, 15:22

Hello, I've compiled version 31* now on musl C library with jemalloc and the crash still happens. Apparently one other reason to disable jemalloc is because it's
not portable on musl due to usage of glibc specific "fast" mutexes. With some hacks jemalloc does compile but with timed mutexes. Anyway none of that changed
anything.

So then I compiled the same package under Glibc (jemalloc disabled) and magically the link no longer crashes. That means the code is using glibc specific quirks
which is never a good idea in the first place.

Also since the crash looks like a stack overflow, I did one more test, this time increasing kDefaultHelperStackSize in js/src/vm/HelperThreads.cpp 677 by 8 times
yet it still crashed.

User avatar
kyxor
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-09, 17:59

Re: Google Drive Segmentation Fault

Unread post by kyxor » 2022-05-12, 15:31

I would highly encourage to develop the browser and test under musl c library because of strong adherance to standards, code correctness and portability.
Generally, if the code works on musl, most likely it would work on anything else no problem.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Google Drive Segmentation Fault

Unread post by Moonchild » 2022-05-12, 16:47

Using musl is not officially supported.
I'm sorry but you are pretty much on your own if you don't use the normal build environment (i.e. standard gcc, memory allocator, libc, other deps)
It's not possible for us to cater to self-compiling on every possible combination of libs and systems.

And another note: just because it doesn't work properly in your environment doesn't mean there is a code correctness issue on our side. Interoperability issues exist, especially with code bases as large and complex as ours that have decades of coding work in it (of various age)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked