Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust panic in adblock engine #15782

Closed
iefremov opened this issue May 12, 2021 · 6 comments
Closed

Rust panic in adblock engine #15782

iefremov opened this issue May 12, 2021 · 6 comments
Labels
closed/stale Issue is no longer relevant, perhaps because the feature it refers to has been deprecated. crash feature/shields/adblock Blocking ads & trackers with Shields OS/Android Fixes related to Android browser functionality OS/Desktop

Comments

@iefremov
Copy link
Contributor

Basically there are different callstacks, probably could be analyzed one-by-one
https://brave.sp.backtrace.io/p/brave/explore?time=month&filters=((callstack.functions%2Ccontains%2Crust_panic)%2C_deleted%3D0%2Cptype%3Dbrowser%2C(ver%2Cregex%2C%2290%7C91.*%22))&aggregations=((ver%2Cmax)%2C(ver%2Cdistribution)%2C(callstack%2Chead))&

Example:
https://brave.sp.backtrace.io/p/brave/debug?time=month&filters=((callstack.functions%2Ccontains%2Crust_panic)%2C_deleted%3D0%2Cptype%3Dbrowser%2C(ver%2Cregex%2C%2290%7C91.*%22))&fingerprint=d6eeac72eb80cf38664434c8fbb7ea057a46338b6de65fc69194bfee0cda58d7&debug=(%22109a91f%22,0,0)

[ 00 ] __pthread_kill
[ 01 ] abort
[ 02 ] _ZN11panic_abort18__rust_start_panic5abort17h19164e12d4c30869E
[ 03 ] panic_abort.__rust_start_panic
[ 04 ] std.panicking.rust_panic
[ 05 ] _ZN3std9panicking20rust_panic_with_hook17hbb70e1d25c7381a9E
[ 06 ] _ZN3std9panicking19begin_panic_handler28_$u7b$$u7b$closure$u7d$$u7d$17hb72eee9aad2e147cE
[ 07 ] _ZN3std10sys_common9backtrace26__rust_end_short_backtrace17h372ff87ecb2667f3E
[ 08 ] rust_begin_unwind
[ 09 ] _ZN4core9panicking9panic_fmt17h261fd45d36f74dfaE
[ 10 ] regex::compile::Compiler::fill::h77f15022e96afe1b
[ 11 ] regex::compile::Compiler::fill::h77f15022e96afe1b
[ 12 ] regex::compile::Compiler::c_concat::haa159c160bea3d45
[ 13 ] regex::compile::Compiler::c::h21fe583188bd69ad
[ 14 ] regex::compile::Compiler::c::h21fe583188bd69ad
[ 15 ] regex::compile::Compiler::compile::hdc0f7948019f73a5
[ 16 ] regex::exec::ExecBuilder::build::h9a47c11881463191
[ 17 ] regex::re_builder::set_unicode::RegexSetBuilder::build::h329e6ac4bfa41ebe
[ 18 ] adblock::filters::network::compile_regex::h980c2d33cd2c1b40
[ 19 ] _$LT$adblock..filters..network..NetworkFilter$u20$as$u20$adblock..filters..network..NetworkMatchable$GT$::get_regex::h75285b6d688d8f87
[ 20 ] _$LT$adblock..filters..network..NetworkFilter$u20$as$u20$adblock..filters..network..NetworkMatchable$GT$::matches::h2a0f64a5f31a5f63
[ 21 ] adblock::blocker::NetworkFilterList::check::hd5d29321e1e4ea84
[ 22 ] adblock::blocker::Blocker::check_parameterised::h23a5400ea656d0da
[ 23 ] adblock::engine::Engine::check_network_urls_with_hostnames_subset::h0bdffa07c712975f
[ 24 ] engine_match
[ 25 ] adblock::Engine::matches(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool*, bool*, bool*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)
[ 26 ] brave_shields::AdBlockBaseService::ShouldStartRequest(GURL const&, blink::mojom::ResourceType, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool*, bool*, bool*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)
[ 27 ] brave_shields::AdBlockService::ShouldStartRequest(GURL const&, blink::mojom::ResourceType, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool*, bool*, bool*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)
[ 28 ] brave::ShouldBlockAdOnTaskRunner(std::__1::shared_ptr<brave::BraveRequestInfo>, base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)
@iefremov iefremov added crash feature/shields/adblock Blocking ads & trackers with Shields priority/P2 A bad problem. We might uplift this to the next planned release. OS/Android Fixes related to Android browser functionality OS/Desktop labels May 12, 2021
@iefremov
Copy link
Contributor Author

@antonok-edm can you please take a look? Also cc @pes10k

@antonok-edm
Copy link
Collaborator

For that first callstack, it looks like something is panicking inside the regex crate. I haven't been able to find any known examples other than the ones in rust-lang/regex#738, which don't apply to how it's used in adblock-rust. According to the backtrace, the panic occurs within regex::compile::Compiler::fill, which doesn't have anything that could panic except for the array index self.insts[pc]. It's not immediately obvious what might cause that.

The other panics are comparatively much less common and in several different locations. Normally I'd be inclined to believe they are OOM-related, but it's concerning that they've only been happening recently.

@antonok-edm antonok-edm mentioned this issue May 12, 2021
Closed
@pes10k
Copy link
Contributor

pes10k commented Jun 1, 2021

Is this issue still valid post #15796 ?

@iefremov
Copy link
Contributor Author

iefremov commented Jun 1, 2021

We don't have regex-related panics after this fix, but there are some others in versions containing the fix, e.g.

[ 00 ] 0x7fff203c892e
[ 01 ] 0x7fff2034c411
[ 02 ] _ZN11panic_abort18__rust_start_panic5abort17h19164e12d4c30869E
[ 03 ] panic_abort.__rust_start_panic
[ 04 ] std.panicking.rust_panic
[ 05 ] _ZN3std9panicking20rust_panic_with_hook17hbb70e1d25c7381a9E
[ 06 ] _ZN3std9panicking19begin_panic_handler28_$u7b$$u7b$closure$u7d$$u7d$17hb72eee9aad2e147cE
[ 07 ] _ZN3std10sys_common9backtrace26__rust_end_short_backtrace17h372ff87ecb2667f3E
[ 08 ] rust_begin_unwind
[ 09 ] _ZN4core9panicking9panic_fmt17h261fd45d36f74dfaE
[ 10 ] _ZN4core6option13expect_failed17hf6315062a18e949fE
[ 11 ] adblock::request::Request::from_urls_with_hostname::ha29063f92268aa84
[ 12 ] adblock::engine::Engine::get_csp_directives::hb0a452fef9491a9b
[ 13 ] engine_get_csp_directives
[ 14 ] adblock::Engine::getCspDirectives(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
[ 15 ] brave_shields::AdBlockBaseService::GetCspDirectives(GURL const&, blink::mojom::ResourceType, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
[ 16 ] brave_shields::AdBlockService::GetCspDirectives(GURL const&, blink::mojom::ResourceType, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
[ 17 ] brave::GetCspDirectivesOnTaskRunner(std::__1::shared_ptr<brave::BraveRequestInfo>, base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)
[ 18 ] base::internal::Invoker<base::internal::BindState<base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > (*)(std::__1::shared_ptr<brave::BraveRequestInfo>, base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >), std::__1::shared_ptr<brave::BraveRequestInfo>, base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > >, base::Optional<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > ()>::RunOnce(base::internal::BindStateBase*)

@pes10k
Copy link
Contributor

pes10k commented Jun 1, 2021

@antonok-edm looks maybe related to brave/adblock-rust@94b377c ?

@antonok-edm
Copy link
Collaborator

There's nothing in from_urls_with_hostname that should be able to panic. Unless these are all OOM related, I have no idea what's going on...

@bsclifton bsclifton added closed/stale Issue is no longer relevant, perhaps because the feature it refers to has been deprecated. and removed priority/P2 A bad problem. We might uplift this to the next planned release. labels Mar 6, 2024
@github-project-automation github-project-automation bot moved this to Done in Crashes Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed/stale Issue is no longer relevant, perhaps because the feature it refers to has been deprecated. crash feature/shields/adblock Blocking ads & trackers with Shields OS/Android Fixes related to Android browser functionality OS/Desktop
Projects
Crashes
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pes10k @iefremov @bsclifton @antonok-edm