Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

called `Result::unwrap()` on an `Err` value: HierarchyRequest #20218

Open
mateon1 opened this issue Mar 6, 2018 · 8 comments
Open

called `Result::unwrap()` on an `Err` value: HierarchyRequest #20218

mateon1 opened this issue Mar 6, 2018 · 8 comments
Labels
A-content/dom C-has-manual-testcase E-candidate-for-mentoring I-panic

Comments

@mateon1
Copy link
Contributor

@mateon1 mateon1 commented Mar 6, 2018

Found fuzzing with domato.

<script>
setTimeout(_=>{
  document.open();
  document.createRange().insertNode(document.createElement("a"));
  document.writeln(728544);
});
</script>
VMware, Inc.
softpipe
3.3 (Core Profile) Mesa 17.3.0-devel
called `Result::unwrap()` on an `Err` value: HierarchyRequest (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(0), index: PipelineIndex(NonZero(NonZero(1))) }, at libcore/result.rs:916)
stack backtrace:
   0:     0x55555bcfa704 - backtrace::backtrace::libunwind::trace::h79984cabe80721dc
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/backtrace/libunwind.rs:53
                         - backtrace::backtrace::trace::h10c59b076f73358b
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/backtrace/mod.rs:42
   1:     0x55555bcf1e8c - backtrace::capture::Backtrace::new::haef9cefb7535bc7c
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.2/src/capture.rs:64
   2:     0x55555597aa16 - servo::main::{{closure}}::hf0fa8cccddc0cbc3
                        at ports/servo/main.rs:146
   3:     0x55555bd0db45 - std::panicking::rust_panic_with_hook::haa00f5a9417cd684
                        at libstd/panicking.rs:577
   4:     0x55555bd0d9ce - std::panicking::begin_panic::ha956683198499384
                        at libstd/panicking.rs:537
   5:     0x55555bd0d8ca - std::panicking::begin_panic_fmt::h587e116719f14631
                        at libstd/panicking.rs:521
   6:     0x55555bd0d862 - rust_begin_unwind
                        at libstd/panicking.rs:497
   7:     0x55555bd42050 - core::panicking::panic_fmt::h1d64949939b0af2f
                        at libcore/panicking.rs:71
   8:     0x555557e159f7 - core::result::unwrap_failed::h3c523c1bc1568770
                        at /checkout/src/libcore/macros.rs:23
   9:     0x555557dd1369 - <core::result::Result<T, E>>::unwrap::h5974d88c8f61ad29
                        at /checkout/src/libcore/result.rs:782
  10:     0x555556ea9e54 - script::dom::servoparser::insert::h205d4a4fe0b0bfd5
                        at components/script/dom/servoparser/mod.rs:755
  11:     0x555556eab495 - <script::dom::servoparser::Sink as markup5ever::interface::tree_builder::TreeSink>::append::ha0e671b9215ab76b
                        at components/script/dom/servoparser/mod.rs:902
  12:     0x5555584d3736 - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::create_root::h22a4aace0abaccdd
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tree_builder/mod.rs:1162
  13:     0x5555584f776a - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::step::h88f1194f32ec553b
                        at /shared/dev/rust/servo/target/debug/build/html5ever-2d6ca5f7962b4873/out/rules.rs:42
  14:     0x5555584eea0f - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::process_to_completion::h9334e535996a134d
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tree_builder/mod.rs:313
  15:     0x5555584d020f - <html5ever::tree_builder::TreeBuilder<Handle, Sink> as html5ever::tokenizer::interface::TokenSink>::process_token::ha95b65cccbf2d72b
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tree_builder/mod.rs:475
  16:     0x5555585bbf46 - <html5ever::tokenizer::Tokenizer<Sink>>::process_token::h7b6e76e906b76d07
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:233
  17:     0x5555585c00c7 - <html5ever::tokenizer::Tokenizer<Sink>>::process_token_and_continue::hc104a91f2fa670a2
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:238
  18:     0x5555585ba5a2 - <html5ever::tokenizer::Tokenizer<Sink>>::emit_chars::hdbb5e216e952e5ce
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:397
  19:     0x5555585c302a - <html5ever::tokenizer::Tokenizer<Sink>>::step::h36f8a696e9252f15
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:688
  20:     0x5555585c22ed - <html5ever::tokenizer::Tokenizer<Sink>>::run::he1842558f0b53eea
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:362
  21:     0x5555585c2490 - <html5ever::tokenizer::Tokenizer<Sink>>::feed::h9c509db059c0ac19
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/html5ever-0.22.0/src/tokenizer/mod.rs:220
  22:     0x5555572f929a - script::dom::servoparser::html::Tokenizer::feed::h3611c612904ff36f
                        at components/script/dom/servoparser/html.rs:81
  23:     0x555556ea726b - script::dom::servoparser::Tokenizer::feed::h5cf37677a45653bb
                        at components/script/dom/servoparser/mod.rs:543
  24:     0x5555578368a6 - script::dom::servoparser::ServoParser::write::{{closure}}::hf0994b13897a572b
                        at components/script/dom/servoparser/mod.rs:296
  25:     0x555557836f20 - script::dom::servoparser::ServoParser::tokenize::h846a595cf0aa9b51
                        at components/script/dom/servoparser/mod.rs:465
  26:     0x555556ea5329 - script::dom::servoparser::ServoParser::write::hde0868bd2721c4a3
                        at components/script/dom/servoparser/mod.rs:296
  27:     0x5555578639df - <script::dom::document::Document as script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::DocumentMethods>::Write::h7b81bfb9e03d44e5
                        at components/script/dom/document.rs:3830
  28:     0x555557863bb4 - <script::dom::document::Document as script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::DocumentMethods>::Writeln::h33cdf9d3faa3c393
                        at components/script/dom/document.rs:3839
  29:     0x555557e3a798 - script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::writeln::{{closure}}::h623479521384ab83
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/DocumentBinding.rs:2798
  30:     0x555556441fbc - core::ops::function::FnOnce::call_once::h6a681906a6b29ba1
                        at /checkout/src/libcore/ops/function.rs:223
  31:     0x555557187d1a - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::h6d6225fc2e54036d
                        at /checkout/src/libstd/panic.rs:293
  32:     0x555556cd3c94 - std::panicking::try::do_call::h7d90e82c982ada5a
                        at /checkout/src/libstd/panicking.rs:479
  33:     0x55555bd3689e - __rust_maybe_catch_panic
                        at libpanic_unwind/lib.rs:102
  34:     0x555556c89c15 - std::panicking::try::hf45b217d13042b8c
                        at /checkout/src/libstd/panicking.rs:458
  35:     0x5555571bf3d1 - std::panic::catch_unwind::h3ca5e9ded571ab8b
                        at /checkout/src/libstd/panic.rs:358
  36:     0x5555565b3cbe - mozjs::panic::wrap_panic::h55913c2220ca8fd3
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs-0.1.11/src/panic.rs:22
  37:     0x555557801992 - script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::writeln::he4118b6adae81c58
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/DocumentBinding.rs:2775
  38:     0x55555afc8748 - CallJitMethodOp
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs-0.1.11/src/jsglue.cpp:516
  39:     0x555556d8abd2 - script::dom::bindings::utils::generic_call::hd6e59bcf9f7cf856
                        at components/script/dom/bindings/utils.rs:450
  40:     0x555556d8ac3b - script::dom::bindings::utils::generic_method::h5fea33e25c52c0fa
                        at components/script/dom/bindings/utils.rs:458
  41:     0x55555b64470b - _ZN2js12CallJSNativeEP9JSContextPFbS1_jPN2JS5ValueEERKNS2_8CallArgsE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jscntxtinlines.h:232
  42:     0x55555b612b63 - _ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:453
  43:     0x55555b612e8a - InternalCall
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:498
  44:     0x55555b612eb4 - _ZN2js13CallFromStackEP9JSContextRKN2JS8CallArgsE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:504
  45:     0x55555b61fee0 - Interpret
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:2873
  46:     0x55555b6127e5 - _ZN2js9RunScriptEP9JSContextRNS_8RunStateE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:399
  47:     0x55555b612c32 - _ZN2js23InternalCallOrConstructEP9JSContextRKN2JS8CallArgsENS_14MaybeConstructE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:471
  48:     0x55555b612e8a - InternalCall
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:498
  49:     0x55555b612f1c - _ZN2js4CallEP9JSContextN2JS6HandleINS2_5ValueEEES5_RKNS_13AnyInvokeArgsENS2_13MutableHandleIS4_EE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/vm/Interpreter.cpp:517
  50:     0x55555b37c5b8 - _Z20JS_CallFunctionValueP9JSContextN2JS6HandleIP8JSObjectEENS2_INS1_5ValueEEERKNS1_16HandleValueArrayENS1_13MutableHandleIS6_EE
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.50.0/mozjs/js/src/jsapi.cpp:2781
  51:     0x555557e5f304 - script::dom::bindings::codegen::Bindings::FunctionBinding::Function::Call::h347f37e3f605a3ca
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/FunctionBinding.rs:296
  52:     0x5555572160d6 - script::dom::bindings::codegen::Bindings::FunctionBinding::Function::Call_::hc1e79df0449091a4
                        at /shared/dev/rust/servo/target/debug/build/script-c42abaa61a41d086/out/Bindings/FunctionBinding.rs:268
  53:     0x555556f0fe30 - script::timers::JsTimerTask::invoke::h234b98120fecac7d
                        at components/script/timers.rs:504
  54:     0x555556f0f71b - script::timers::OneshotTimerCallback::invoke::h0f16e8bc7fce2d4e
                        at components/script/timers.rs:81
  55:     0x555556f160eb - script::timers::OneshotTimers::fire_timer::hea4b7bf4830e090c
                        at components/script/timers.rs:207
  56:     0x55555730f495 - script::dom::globalscope::GlobalScope::fire_timer::h468b14a0cf261c6d
                        at components/script/dom/globalscope.rs:478
  57:     0x555556939047 - script::dom::window::Window::handle_fire_timer::h879d074260917469
                        at components/script/dom/window.rs:1541
  58:     0x55555714e639 - script::script_thread::ScriptThread::handle_timer_event::h520e9696289980a3
                        at components/script/script_thread.rs:1382
  59:     0x555557329a9f - script::script_thread::ScriptThread::handle_msgs::{{closure}}::hadc6814adf9864cb
                        at components/script/script_thread.rs:1076
  60:     0x55555732be55 - script::script_thread::ScriptThread::profile_event::hdaa78467182b37a8
                        at components/script/script_thread.rs:1247
  61:     0x55555714a10d - script::script_thread::ScriptThread::handle_msgs::he274484626a8c86d
                        at components/script/script_thread.rs:1068
  62:     0x555557147dfb - script::script_thread::ScriptThread::start::h64c6368a6c1c1b4b
                        at components/script/script_thread.rs:900
  63:     0x55555732706c - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::{{closure}}::h07852e545a49cf41
                        at components/script/script_thread.rs:581
  64:     0x555557c58d44 - profile_traits::mem::ProfilerChan::run_with_memory_reporting::hc6605068ad7df8fb
                        at /shared/dev/rust/servo/components/profile_traits/mem.rs:63
  65:     0x555557327633 - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::h781e4f44138bb56a
                        at components/script/script_thread.rs:580
  66:     0x55555863e0f4 - std::sys_common::backtrace::__rust_begin_short_backtrace::h43c7dd6ba30580c1
                        at /checkout/src/libstd/sys_common/backtrace.rs:133
  67:     0x55555824325b - std::thread::Builder::spawn::{{closure}}::{{closure}}::h01e3a1603aad539e
                        at /checkout/src/libstd/thread/mod.rs:406
  68:     0x5555571abf74 - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hf399303cba3a63fc
                        at /checkout/src/libstd/panic.rs:293
  69:     0x555556cde684 - std::panicking::try::do_call::h939bd3fa9280fd7e
                        at /checkout/src/libstd/panicking.rs:479
  70:     0x55555bd3689e - __rust_maybe_catch_panic
                        at libpanic_unwind/lib.rs:102
  71:     0x555556c51bdc - std::panicking::try::hc37830de544179f7
                        at /checkout/src/libstd/panicking.rs:458
  72:     0x5555571c358c - std::panic::catch_unwind::h4c51de2d7de9c711
                        at /checkout/src/libstd/panic.rs:358
  73:     0x555558242ba8 - std::thread::Builder::spawn::{{closure}}::hcf0e50747d57cf40
                        at /checkout/src/libstd/thread/mod.rs:405
  74:     0x555558243945 - <F as alloc::boxed::FnBox<A>>::call_box::hd0c845f7b3061ed8
                        at /checkout/src/liballoc/boxed.rs:788
  75:     0x55555bd215db - <alloc::boxed::Box<alloc::boxed::FnBox<A, Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h13f1b0bf377a9f5b
                        at /checkout/src/liballoc/boxed.rs:798
                         - std::sys_common::thread::start_thread::hb5b6e0447b9691dc
                        at libstd/sys_common/thread.rs:24
                         - std::sys::unix::thread::Thread::new::thread_start::hcaff0bef1a01c624
                        at libstd/sys/unix/thread.rs:90
  76:     0x7ffff6eb0493 - start_thread
  77:     0x7ffff5479abe - __clone
  78:                0x0 - <unknown>
ERROR:servo: called `Result::unwrap()` on an `Err` value: HierarchyRequest
Pipeline failed in hard-fail mode.  Crashing!
Servo exited with return value 1
@patgronowski
Copy link

@patgronowski patgronowski commented Mar 6, 2018

Hi, I'd like to take a stab at this issue.
@jdm jdm added the C-assigned label Mar 6, 2018
@jdm
Copy link
Member

@jdm jdm commented Mar 23, 2018

@patgronowski Have you made any progress with this?
@dguenther
Copy link
Contributor

@dguenther dguenther commented Oct 7, 2018

I came across a similar crash when working on #21882 with this test:

servo/tests/wpt/web-platform-tests/html/webappapis/dynamic-markup-insertion/opening-the-input-stream/quirks.window.js

Lines 41 to 47 in 76ddbe4

// This tests the document.open() call in fact sets the document to no-quirks
// mode, not limited-quirks mode. It is derived from
// quirks/blocks-ignore-line-height.html in WPT, as there is no direct way to
// distinguish between a no-quirks document and a limited-quirks document. It
// assumes that the user agent passes the linked test, which at the time of
// writing is all major web browsers.
test(t => {

a minimal repro:

<iframe id="test"></iframe>
  <script>
    const frame = document.getElementById('test');
    frame.contentDocument.open();
    frame.contentDocument.appendChild(frame.contentDocument.createElement('div'));
    frame.contentDocument.close();
  </script>

A few lines from the trace in common with the original issue:

  12:        0x10ff88c92 - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::create_root::h3ea9842e7334b29f
  13:        0x10ffadb4b - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::step::h972cc3290bdd0e11
  14:        0x10ffa3b4c - <html5ever::tree_builder::TreeBuilder<Handle, Sink>>::process_to_completion::h27615fc794bb6b50

It seems like the problem is when modifying the DOM directly, like using appendChild or insertNode, the script parser created by document.open doesn't have knowledge of the DOM changes. So, when the parser is closed by document.close, the parser is still in the Initial state and attempts to append an <html> element to the document, causing the HierarchyRequest error.
@KiChjang KiChjang removed the C-assigned label Oct 7, 2018
@dguenther dguenther mentioned this issue Oct 13, 2018
Merged
4 of 4 tasks complete
@nipunG314
Copy link

@nipunG314 nipunG314 commented Jan 9, 2020

I would like to work on this issue.
@jdm
Copy link
Member

@jdm jdm commented Jan 9, 2020

You're welcome to it. I don't have time to investigate the underlying cause right now, but the previous comment sounds very plausible to me. You will find the parser-related code in components/script/dom/document.rs, components/script/dom/servoparser/mod.rs, and components/script/dom/servoparser/html.rs.
@nipunG314
Copy link

@nipunG314 nipunG314 commented Jan 22, 2020

I have narrowed down the code block where the Err originates.

When the insert function in components/script/dom/servoparser/mod.rs, it eventually calls the pre_insert function in components/script/dom/node.rs, which calls the 'ensure_pre_insertion_validity` function in the same file. Specifically, Step 6.2 of the function which is documented here.

Basically, the problem only occurs when an element node is being appended to the document itself but while the document still has an element child. If the parent isn't the document or the node being appended isn't an element node, the problem goes away.

I ran a modified test case where the Node was appended to a 'div' tag and it worked without fault. I ran another test where I appended an empty DocumentFragment to the document and that worked as well.

pub fn ensure_pre_insertion_validity(
        node: &Node,
        parent: &Node,
        child: Option<&Node>,
    ) -> ErrorResult {
                ...
                // Step 6.2
                NodeTypeId::Element(_) => {
                    if !parent.child_elements().next().is_none() {
                        return Err(Error::HierarchyRequest);
                    }
                ...
                },
                ...
            }
        }
        Ok(())
    }

I'm not entirely sure why the Document seems to have an element child after calling document.open(). I'll try to figure that out now.
@chotchki
Copy link
Contributor

@chotchki chotchki commented Jul 30, 2020

I'm trying to narrow down and continue the research by nipunG314 but the stacktrace I'm getting isn't matching my experience in the debugger. I have the stacktrace below but when I step through and past "components\script\dom\servoparser\mod.rs:970" it doesn't actually panic there. I'm trying to trace it but I just wanted to check if I'm reading the stacktrace wrong?

PS C:\dev_tools\code\servo> .\mach run ..\servo_20218\index.html
called `Result::unwrap()` on an `Err` value: HierarchyRequest (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(1), index: PipelineIndex(1) }, at components\script\dom\servoparser\mod.rs:970)
   0: backtrace::backtrace::trace_unsynchronized<closure-1>
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\backtrace-rs-fb8cc3ab7e3059b0\5366f72\src\backtrace\mod.rs:66
   1: servo::backtrace::{{impl}}::fmt
             at C:\dev_tools\code\servo\ports\winit\backtrace.rs:49
   2: core::fmt::write
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libcore\fmt\mod.rs:1117
   3: std::io::Write::write_fmt<std::io::stdio::StdoutLock>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\io\mod.rs:1508
   4: servo::backtrace::print
             at C:\dev_tools\code\servo\ports\winit\backtrace.rs:17
   5: servo::main::{{closure}}
             at C:\dev_tools\code\servo\ports\winit\main2.rs:166
   6: std::panicking::rust_panic_with_hook
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libstd\panicking.rs:530
   7: std::panicking::begin_panic_handler
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libstd\panicking.rs:437
   8: core::panicking::panic_fmt
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libcore\panicking.rs:85
   9: core::option::expect_none_failed
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libcore\option.rs:1273
  10: core::result::Result<script::dom::bindings::root::Root<script::dom::bindings::root::Dom<script::dom::node::Node>>, script::dom::bindings::error::Error>::unwrap<script::dom::bindings::root::Root<script::dom::bindings::root::Dom<script::dom::node::Node>>,sc
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libcore\result.rs:1005
  11: script::dom::servoparser::insert
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:970
  12: script::dom::servoparser::{{impl}}::append
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:1143
  13: html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>::create_root<script::dom::bindings::root::Dom<script::dom::node::Node>,script::dom::servoparser::Sink>
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tree_builder\mod.rs:1273
  14: html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>::step<script::dom::bindings::root::Dom<script::dom::node::Node>,script::dom::servoparser::Sink>
             at C:\dev_tools\code\servo\target\debug\build\html5ever-448f4fa9f783661a\out\rules.rs:44
  15: html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>::process_to_completion<script::dom::bindings::root::Dom<script::dom::node::Node>,script::dom::servoparser::Sink>
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tree_builder\mod.rs:338
  16: html5ever::tree_builder::{{impl}}::process_token<script::dom::bindings::root::Dom<script::dom::node::Node>,script::dom::servoparser::Sink>
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tree_builder\mod.rs:525
  17: html5ever::tokenizer::Tokenizer<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>>::process_token<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::d
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tokenizer\mod.rs:237
  18: html5ever::tokenizer::Tokenizer<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>>::process_token_and_continue<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tokenizer\mod.rs:243
  19: html5ever::tokenizer::Tokenizer<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>>::emit_eof<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::n
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tokenizer\mod.rs:555
  20: html5ever::tokenizer::Tokenizer<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>>::eof_step<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::n
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tokenizer\mod.rs:644
  21: html5ever::tokenizer::Tokenizer<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::Node>, script::dom::servoparser::Sink>>::end<html5ever::tree_builder::TreeBuilder<script::dom::bindings::root::Dom<script::dom::node::
             at C:\Users\chris_rrh0w42\.cargo\registry\src\github.com-1ecc6299db9ec823\html5ever-0.25.1\src\tokenizer\mod.rs:1410
  22: script::dom::servoparser::html::Tokenizer::end
             at C:\dev_tools\code\servo\components\script\dom\servoparser\html.rs:88
  23: script::dom::servoparser::Tokenizer::end
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:659
  24: script::dom::servoparser::ServoParser::finish
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:601
  25: script::dom::servoparser::ServoParser::do_parse_sync
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:525
  26: script::dom::servoparser::{{impl}}::parse_sync::{{closure}}
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:498
  27: profile_traits::time::profile<tuple<>,closure-0>
             at C:\dev_tools\code\servo\components\profile_traits\time.rs:141
  28: script::dom::servoparser::ServoParser::parse_sync
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:490
  29: script::dom::servoparser::ServoParser::close
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:366
  30: script::dom::document::{{impl}}::Close
             at C:\dev_tools\code\servo\components\script\dom\document.rs:5073
  31: script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::close::{{closure}}::{{closure}}
             at C:\dev_tools\code\servo\target\debug\build\script-20cd8854ba91339c\out\Bindings\DocumentBinding.rs:3455
  32: script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::close::{{closure}}
             at C:\dev_tools\code\servo\target\debug\build\script-20cd8854ba91339c\out\Bindings\DocumentBinding.rs:3448
  33: core::ops::function::impls::{{impl}}::call_once<tuple<>,FnMut<tuple<>>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libcore\ops\function.rs:286
  34: std::panic::{{impl}}::call_once<tuple<>,mut FnMut<tuple<>>*>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panic.rs:318
  35: std::panicking::try::do_call<std::panic::AssertUnwindSafe<mut FnMut<tuple<>>*>,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panicking.rs:348
  36: mozjs::typedarray::{{impl}}::from_raw
  37: std::panicking::try<tuple<>,std::panic::AssertUnwindSafe<mut FnMut<tuple<>>*>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panicking.rs:325
  38: std::panic::catch_unwind<std::panic::AssertUnwindSafe<mut FnMut<tuple<>>*>,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panic.rs:394
  39: mozjs::panic::wrap_panic
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\rust-mozjs-8611526964119dd6\5a50c37\src\panic.rs:22
  40: script::dom::bindings::codegen::Bindings::DocumentBinding::DocumentBinding::close
             at C:\dev_tools\code\servo\target\debug\build\script-20cd8854ba91339c\out\Bindings\DocumentBinding.rs:3448
  41: CallJitMethodOp
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\rust-mozjs-8611526964119dd6\5a50c37\src\jsglue.cpp:586
  42: script::dom::bindings::utils::generic_call
             at C:\dev_tools\code\servo\components\script\dom\bindings\utils.rs:527
  43: script::dom::bindings::utils::generic_method
             at C:\dev_tools\code\servo\components\script\dom\bindings\utils.rs:543
  44: CallJSNative
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:456
  45: js::InternalCallOrConstruct
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:548
  46: InternalCall
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:617
  47: js::Call
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:634
  48: js::ForwardingProxyHandler::call
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\proxy\Wrapper.cpp:162
  49: js::CrossCompartmentWrapper::call
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\proxy\CrossCompartmentWrapper.cpp:237
  50: js::Proxy::call
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\proxy\Proxy.cpp:492
  51: js::InternalCallOrConstruct
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:522
  52: InternalCall
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:617
  53: js::CallFromStack
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:621
  54: Interpret
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:3117
  55: js::RunScript
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:423
  56: js::ExecuteKernel
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:810
  57: js::Execute
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\Interpreter.cpp:843
  58: JS_ExecuteScript
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\mozjs-fa11ffc7d4f1cc2d\aa97a46\mozjs\js\src\vm\CompilationAndEvaluation.cpp:480
  59: mozjs::rust::wrappers::JS_ExecuteScript
             at C:\Users\chris_rrh0w42\.cargo\git\checkouts\rust-mozjs-8611526964119dd6\5a50c37\src\rust.rs:1456
  60: script::dom::globalscope::{{impl}}::evaluate_script_on_global_with_result::{{closure}}
             at C:\dev_tools\code\servo\components\script\dom\globalscope.rs:2648
  61: profile_traits::time::profile<bool,closure-0>
             at C:\dev_tools\code\servo\components\profile_traits\time.rs:141
  62: script::dom::globalscope::GlobalScope::evaluate_script_on_global_with_result
             at C:\dev_tools\code\servo\components\script\dom\globalscope.rs:2586
  63: script::dom::htmlscriptelement::HTMLScriptElement::run_a_classic_script
             at C:\dev_tools\code\servo\components\script\dom\htmlscriptelement.rs:1061
  64: script::dom::htmlscriptelement::HTMLScriptElement::execute
             at C:\dev_tools\code\servo\components\script\dom\htmlscriptelement.rs:1023
  65: script::dom::htmlscriptelement::HTMLScriptElement::prepare
             at C:\dev_tools\code\servo\components\script\dom\htmlscriptelement.rs:830
  66: script::dom::servoparser::ServoParser::tokenize<closure-0>
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:575
  67: script::dom::servoparser::ServoParser::do_parse_sync
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:516
  68: script::dom::servoparser::{{impl}}::parse_sync::{{closure}}
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:498
  69: profile_traits::time::profile<tuple<>,closure-0>
             at C:\dev_tools\code\servo\components\profile_traits\time.rs:141
  70: script::dom::servoparser::ServoParser::parse_sync
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:490
  71: script::dom::servoparser::ServoParser::parse_bytes_chunk
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:541
  72: script::dom::servoparser::{{impl}}::process_response_chunk
             at C:\dev_tools\code\servo\components\script\dom\servoparser\mod.rs:873
  73: script::script_thread::ScriptThread::handle_fetch_chunk
             at C:\dev_tools\code\servo\components\script\script_thread.rs:3854
  74: script::script_thread::ScriptThread::handle_msg_from_constellation
             at C:\dev_tools\code\servo\components\script\script_thread.rs:1911
  75: script::script_thread::{{impl}}::handle_msgs::{{closure}}
             at C:\dev_tools\code\servo\components\script\script_thread.rs:1635
  76: script::script_thread::ScriptThread::profile_event<closure-5,core::option::Option<bool>>
             at C:\dev_tools\code\servo\components\script\script_thread.rs:1879
  77: script::script_thread::ScriptThread::handle_msgs
             at C:\dev_tools\code\servo\components\script\script_thread.rs:1629
  78: script::script_thread::ScriptThread::start
             at C:\dev_tools\code\servo\components\script\script_thread.rs:1436
  79: script::script_thread::{{impl}}::create::{{closure}}::{{closure}}
             at C:\dev_tools\code\servo\components\script\script_thread.rs:825
  80: profile_traits::mem::ProfilerChan::run_with_memory_reporting<closure-1,fn(profile_traits::mem::ReportsChan) -> script::script_runtime::CommonScriptMsg,script::script_runtime::CommonScriptMsg,crossbeam_channel::channel::Sender<script::script_thread::MainTh
             at C:\dev_tools\code\servo\components\profile_traits\mem.rs:88
  81: script::script_thread::{{impl}}::create::{{closure}}
             at C:\dev_tools\code\servo\components\script\script_thread.rs:823
  82: std::sys_common::backtrace::__rust_begin_short_backtrace<closure-0,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\sys_common\backtrace.rs:130
  83: std::thread::{{impl}}::spawn_unchecked::{{closure}}::{{closure}}<closure-0,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\thread\mod.rs:475
  84: std::panic::{{impl}}::call_once<tuple<>,closure-0>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panic.rs:318
  85: std::panicking::try::do_call<std::panic::AssertUnwindSafe<closure-0>,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panicking.rs:348
  86: script::dom::worklet::{{impl}}::clone
  87: std::panicking::try<tuple<>,std::panic::AssertUnwindSafe<closure-0>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panicking.rs:325
  88: std::panic::catch_unwind<std::panic::AssertUnwindSafe<closure-0>,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\panic.rs:394
  89: std::thread::{{impl}}::spawn_unchecked::{{closure}}<closure-0,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libstd\thread\mod.rs:474
  90: core::ops::function::FnOnce::call_once<closure-0,tuple<>>
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\libcore\ops\function.rs:233
  91: alloc::boxed::{{impl}}::call_once
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\liballoc\boxed.rs:1074
  92: alloc::boxed::{{impl}}::call_once
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\src\liballoc\boxed.rs:1074
  93: std::sys::windows::thread::{{impl}}::new::thread_start
             at /rustc/6c8927b0cf80ceee19386026cf9d7fd4fd9d486f\/src\libstd\sys\windows\thread.rs:56
  94: BaseThreadInitThunk
  95: RtlUserThreadStart
[2020-07-30T03:25:41Z ERROR servo] called `Result::unwrap()` on an `Err` value: HierarchyRequest
Servo exited with return value -1073741819
PS C:\dev_tools\code\servo>
@jdm
Copy link
Member

@jdm jdm commented Jul 30, 2020

@chotchki perhaps the parser moves through line 970 multiple times, and you are stepping through it one of the earlier, successful iterations?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/dom C-has-manual-testcase E-candidate-for-mentoring I-panic
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
@jdm @chotchki @dguenther @mateon1 @KiChjang @patgronowski @nipunG314
You can’t perform that action at this time.