"attempt to create unaligned slice" if built by a rustc with suport for debug_assert!()

[ghost]

Firefox built with a rustc that was compiled with debug-assertions = true (in its config.toml) crashes/coredumps on startup without any error messages.

GeckoCrashOOL's aReason arg is: attempt to create unaligned slice

Here's the coredump stacktrace that points to servo(in first relevant frame, frame 14): https://gist.github.com/xftroxgpx/74a354e94a55dcc16b4e1aa2f5829695
and other info in the comments.

The only 2 occurrences of string attempt to create unaligned slice is in rust's code in file src/libcore/slice/mod.rs, looks like this:

debug_assert!(data as usize % mem::align_of::<T>() == 0, "attempt to create unaligned slice");

If this is a trivial error that doesn't matter, feel free to close this issue.
I'm recompiling rust with debug-assertions = false now, so I won't be hitting this issue again.

[highfive]

cc @emilio

[jdm]

@emilio This might interest you - it's coming from FontFamilyList::new.

[jdm]

servo/components/style/values/computed/font.rs

Line 592 in 8de1b8d

names.ensure_capacity(families.len());

in particular.

[SimonSapin]

This code:

servo/components/style/gecko_bindings/sugar/ns_t_array.rs

Lines 42 to 45 in 7a64588

	unsafe fn slice_begin(&self) -> *mut T {
	debug_assert!(!self.mBuffer.is_null());
	(self.mBuffer as *const nsTArrayHeader).offset(1) as *mut _
	}

Seems to match that one:

https://searchfox.org/mozilla-central/rev/fef7f858efb695a76010b4c624da5277c16e95b3/xpcom/ds/nsTArray.h#1015

  // This method provides direct access to the array elements.
  // @return A pointer to the first element of the array.  If the array is
  // empty, then this pointer must not be dereferenced.
  elem_type* Elements() { return reinterpret_cast<elem_type*>(Hdr() + 1); }

However, neither of them seems to correctly account of the alignment requirement of the element type.

The header is:

https://searchfox.org/mozilla-central/rev/fef7f858efb695a76010b4c624da5277c16e95b3/xpcom/ds/nsTArray.h#211

struct nsTArrayHeader {
  uint32_t mLength;
  uint32_t mCapacity : 31;
  uint32_t mIsAutoArray : 1;
};

… which is 4-bytes aligned, but FontFamilyName contains a pointer and so is 8-bytes aligned on x86-64:

https://searchfox.org/mozilla-central/rev/fef7f858efb695a76010b4c624da5277c16e95b3/gfx/thebes/gfxFontFamilyList.h#161

  RefPtr<nsAtom> mName;  // null if mType != eFamily_named

[SimonSapin]

nsTArray has worked this way (elements start after the (u32, u32) header without any padding) for 13 years https://bugzilla.mozilla.org/show_bug.cgi?id=321997.

@froydnj, I’m told you would be the person to ask about this. How much of a problem are misaligned pointers, in C++? As far as I understand, this Rust std debug_assert!() exists because misaligned &T references are UB in Rust.

[froydnj]

How much of a problem are misaligned pointers, in C++?

I can't find the right verbiage in the standard right now (if it exists), but you are Not Supposed To Do That. That being said, it's fairly common to dereference unaligned pointers and have it Just Work because the world runs on x86ish processors, which don't trap on unaligned pointer accesses. Fixing up such brokenness is a common problem when porting to ARM/MIPS/PPC/etc. Recent (v7-a?) ARM chips have settings to fixup unaligned accesses and I think it's pretty common to just flip those bits on.

I can see that nsTArrayHeader's alignof is 4...but I'm not sure how you get a nsTArrayHeader* that's not 8-byte aligned, since asking the memory allocator for an 8-byte thing (an nsTArrayHeader) or larger (a header with space for data) is going to hand you back a pointer that's at least 8-byte aligned. Unless these pointers are getting created by Rust, and Rust is silently making them 4-byte aligned, or something? Who is creating that unaligned pointer?

[SimonSapin]

It’s possible that only

https://searchfox.org/mozilla-central/rev/fef7f858efb695a76010b4c624da5277c16e95b3/xpcom/ds/nsTArray.cpp#14

nsTArrayHeader sEmptyTArrayHeader = {0, 0, 0};

… is misaligned in practice. Maybe deref

servo/components/style/gecko_bindings/sugar/ns_t_array.rs

Lines 16 to 25 in 7a64588

	fn deref<'a>(&'a self) -> &'a [T] {
	unsafe { slice::from_raw_parts(self.slice_begin(), self.header().mLength as usize) }
	}
	}
	impl<T> DerefMut for nsTArray<T> {
	fn deref_mut<'a>(&'a mut self) -> &'a mut [T] {
	unsafe { slice::from_raw_parts_mut(self.slice_begin(), self.header().mLength as usize) }
	}
	}

… should only use self.slice_begin() to create a Rust slice when self.header().mLength is non-zero?

[froydnj]

Oh, duh, that makes a certain amount of sense. We could also just add alignas to that variable, which I think would be the cleaner fix: no extra branches.

[emilio]

Yeah, +1 to adding alignas() to sEmptyTArrayHeader. Sorry for the lag in seeing this :)

[ghost]

Hi. I just hit this again. Could someone recommend a workaround/patch ? (other than recompiling rustc with debug-assertions=false)

Meanwhile I'll see if I can figure out how to do this.

new gdb crash, like in OP

...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `firefox -P 21708'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7f6e9a776740 (LWP 24950))]
(gdb) frame 0
#0  raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
50	in ../sysdeps/unix/sysv/linux/raise.c
(gdb) frame 1
#1  0x00007f6e92d68869 in nsProfileLock::FatalSignalHandler (signo=11, info=0x7ffcfaa2fb30, 
    context=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/profile/nsProfileLock.cpp:165
165	      raise(signo);
(gdb) frame 2
#2  0x00007f6e936cca68 in WasmTrapHandler (signum=11, info=0x7ffcfaa2fb30, context=0x7ffcfaa2fa00)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/js/src/wasm/WasmSignalHandlers.cpp:706
706	    previousSignal->sa_sigaction(signum, info, context);
(gdb) frame 3
#3  <signal handler called>
(gdb) frame 4
#4  MOZ_CrashOOL (aFilename=<optimized out>, aLine=4794, 
    aReason=0x7ffcfaa2fe6a "attempt to create unaligned slice")
    at ../../dist/include/mozilla/Assertions.h:314
314	  MOZ_REALLY_CRASH(aLine);
(gdb) frame 5
#5  0x00007f6e92d77a8b in GeckoCrashOOL (aFilename=<optimized out>, aLine=4794, 
    aReason=0x7ffcfaa2fe6a "attempt to create unaligned slice")
    at ../../../toolkit/xre/nsAppRunner.cpp:4817
4817	  MOZ_CrashOOL(aFilename, aLine, aReason);
(gdb) frame 6
#6  0x00007f6e9376b7f3 in gkrust_shared::panic_hook (info=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/library/rust/shared/lib.rs:232
232	        GeckoCrashOOL(filename.as_ptr() as *const c_char, line as c_int,
(gdb) frame 7
#7  0x00007f6e93769b89 in core::ops::function::Fn::call ()
    at /home/xftroxgpx/build/2nonpkgs/rust.stuff/rust/rust/src/libcore/ops/function.rs:69
69	    extern "rust-call" fn call(&self, args: Args) -> Self::Output;
(gdb) frame 8
#8  0x00007f6e9453ec1d in std::panicking::rust_panic_with_hook (payload=..., message=..., 
    file_line_col=<optimized out>) at src/libstd/panicking.rs:482
482	                (*ptr)(&info);
(gdb) frame 9
#9  0x00007f6e9453e8d2 in std::panicking::continue_panic_fmt (info=0x7ffcfaa30428)
    at src/libstd/panicking.rs:385
385	    rust_panic_with_hook(
(gdb) frame 10
#10 0x00007f6e9453e7b6 in rust_begin_unwind (info=0x12ba) at src/libstd/panicking.rs:312
312	    continue_panic_fmt(&info)
(gdb) frame 11
#11 0x00007f6e94573980 in core::panicking::panic_fmt (fmt=..., file_line_col=<optimized out>)
    at src/libcore/panicking.rs:85
85	    unsafe { panic_impl(&pi) }
(gdb) frame 12
#12 0x00007f6e9457387c in core::panicking::panic (expr_file_line_col=<optimized out>)
    at src/libcore/panicking.rs:49
49	    panic_fmt(fmt::Arguments::new_v1(&[expr], &[]), &(file, line, col))
(gdb) frame 13
#13 0x00007f6e940b2199 in core::slice::from_raw_parts (data=0x7f6e96ba86d4, len=140724513472106)
    at /home/xftroxgpx/build/2nonpkgs/rust.stuff/rust/rust/src/libcore/macros.rs:10
10	        $crate::panicking::panic(&($msg, file!(), line!(), __rust_unstable_column!()))
(gdb) frame 14
#14 0x00007f6e940b7af0 in style::gecko_bindings::sugar::ns_t_array::<impl style::gecko_bindings::structs::root::nsTArray<T>>::ensure_capacity (self=0x7f6e85a4a8a8, cap=1)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/gecko_bindings/sugar/ns_t_array.rs:51
51	        if cap >= self.len() {
(gdb) frame 15
#15 0x00007f6e941f2b83 in style::values::computed::font::FontFamilyList::new (families=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/values/computed/font.rs:592
592	            names.ensure_capacity(families.len());
(gdb) frame 16
#16 0x00007f6e9425a57d in style::values::specified::font::FontFamily::parse_specified::{{closure}} (
    v=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/values/specified/font.rs:558
558	            .map(|v| FontFamily::Values(FontFamilyList::new(v.into_boxed_slice())))
(gdb) frame 17
#17 0x00007f6e942564d1 in <core::result::Result<T, E>>::map (self=..., op=...)
    at /home/xftroxgpx/build/2nonpkgs/rust.stuff/rust/rust/src/libcore/result.rs:458
458	            Ok(t) => Ok(op(t)),
(gdb) frame 18
#18 0x00007f6e9425a542 in style::values::specified::font::FontFamily::parse_specified (
    input=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/values/specified/font.rs:556
556	        input
(gdb) frame 19
#19 0x00007f6e9425a61d in <style::values::specified::font::FontFamily as style::parser::Parse>::parse (input=0x7ffcfaa2fe6a)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/values/specified/font.rs:608
608	        FontFamily::parse_specified(input)
(gdb) frame 20
#20 0x00007f6e942aa20a in style::properties::longhands::font_family::parse (context=0x7ffcfaa2fe6a, 
    input=0x7ffcfaa2fe6a)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/longhands/font.rs:67
warning: Source file is more recent than executable.
67	            specified::FontFamily::parse(context, input)
(gdb) frame 21
#21 0x00007f6e942aa2f7 in style::properties::longhands::font_family::parse_declared (
    context=0x7ffcfaa2fe6a, input=0x7ffcfaa2fe6a)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/longhands/font.rs:113
113	                parse(context, input)
(gdb) frame 22
#22 0x00007f6e94220a07 in style::properties::LonghandId::parse_value (self=<optimized out>, 
    context=<optimized out>, input=0x7ffcfaa30072)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/properties.rs:38071
warning: Source file is more recent than executable.
38071	                    longhands::font_family::parse_declared(context, input)
(gdb) frame 23
#23 0x00007f6e9422641c in style::properties::PropertyDeclaration::parse_into::{{closure}}::{{closure}} (input=0x7ffcfaa30072)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/properties.rs:46006
46006	                    input.parse_entirely(|input| id.parse_value(context, input))
(gdb) frame 24
#24 0x00007f6e9421a428 in cssparser::parser::Parser::parse_entirely (self=0x7ffcfaa30c10, parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:596
596	        let result = parse(self)?;
(gdb) frame 25
#25 0x00007f6e942267b5 in style::properties::PropertyDeclaration::parse_into::{{closure}} ()
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/properties.rs:46006
46006	                    input.parse_entirely(|input| id.parse_value(context, input))
(gdb) frame 26
#26 0x00007f6e9421101b in <core::result::Result<T, E>>::or_else (self=..., op=...)
    at /home/xftroxgpx/build/2nonpkgs/rust.stuff/rust/rust/src/libcore/result.rs:707
707	            Err(e) => op(e),
(gdb) frame 27
#27 0x00007f6e94226022 in style::properties::PropertyDeclaration::parse_into (
    declarations=<optimized out>, id=..., context=<optimized out>, input=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/obj-x86_64-pc-linux-gnu/x86_64-unknown-linux-gnu/release/build/style-fe4b2f1dae48e05a/out/properties.rs:46000
46000	                input.try(CSSWideKeyword::parse).map(|keyword| {
(gdb) frame 28
#28 0x00007f6e94081102 in <style::properties::declaration_block::PropertyDeclarationParser<'a, 'b> as cssparser::rules_and_declarations::DeclarationParser<'i>>::parse_value::{{closure}} (input=0x2)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/properties/declaration_block.rs:1297
1297	            PropertyDeclaration::parse_into(self.declarations, id, self.context, input)
(gdb) frame 29
#29 0x00007f6e94067821 in cssparser::parser::Parser::parse_entirely (self=0x7ffcfaa30c10, parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:596
596	        let result = parse(self)?;
(gdb) frame 30
#30 0x00007f6e9405e2a5 in cssparser::parser::parse_until_before (parser=0x7ffcfaa31030, 
    delimiters=..., parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:906
906	        result = delimited_parser.parse_entirely(parse);
(gdb) frame 31
#31 0x00007f6e941c7686 in cssparser::parser::Parser::parse_until_before (self=0x7ffcfaa2fe6a, 
    delimiters=..., parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:659
659	        parse_until_before(self, delimiters, parse)
(gdb) frame 32
#32 0x00007f6e941cc363 in <style::properties::declaration_block::PropertyDeclarationParser<'a, 'b> as cssparser::rules_and_declarations::DeclarationParser<'i>>::parse_value (self=<optimized out>, 
    name=..., input=0x7ffcfaa31030)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/properties/declaration_block.rs:1296
1296	        input.parse_until_before(Delimiter::Bang, |input| {
(gdb) frame 33
#33 0x00007f6e9404e80b in <cssparser::rules_and_declarations::DeclarationListParser<'i, 't, 'a, P> as core::iter::iterator::Iterator>::next::{{closure}} (input=0x7ffcfaa31030)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/rules_and_declarations.rs:276
276	                            parser.parse_value(name, input)
(gdb) frame 34
#34 0x00007f6e940716cc in cssparser::parser::Parser::parse_entirely (self=0x7ffcfaa31030, parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:596
596	        let result = parse(self)?;
(gdb) frame 35
#35 0x00007f6e94061565 in cssparser::parser::parse_until_before (parser=0x7ffcfaa31b30, 
    delimiters=..., parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:906
906	        result = delimited_parser.parse_entirely(parse);
(gdb) frame 36
#36 0x00007f6e94076741 in cssparser::parser::Parser::parse_until_before (self=0x7ffcfaa2fe6a, 
    delimiters=..., parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:659
659	        parse_until_before(self, delimiters, parse)
(gdb) frame 37
#37 0x00007f6e940589ad in cssparser::parser::parse_until_after (parser=0x7ffcfaa31b30, 
    delimiters=..., parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:932
932	    let result = parser.parse_until_before(delimiters, parse);
(gdb) frame 38
#38 0x00007f6e9419c554 in <cssparser::rules_and_declarations::DeclarationListParser<'i, 't, 'a, P> as core::iter::iterator::Iterator>::next (self=0x7ffcfaa31378)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/rules_and_declarations.rs:274
274	                        parse_until_after::<'i, 't, _, _, _>(self.input, Delimiter::Semicolon, |input| {
(gdb) frame 39
#39 0x00007f6e941cc75a in style::properties::declaration_block::parse_property_declaration_list (
    context=0x7ffcfaa318a8, input=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/properties/declaration_block.rs:1323
1323	    while let Some(declaration) = iter.next() {
(gdb) frame 40
#40 0x00007f6e9448fec3 in <style::stylesheets::rule_parser::NestedRuleParser<'a, 'b> as cssparser::rules_and_declarations::QualifiedRuleParser<'i>>::parse_block (self=0x7ffcfaa31940, selectors=..., 
    source_location=..., input=0x7ffcfaa2fe6a)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/stylesheets/rule_parser.rs:592
592	        let declarations = parse_property_declaration_list(&context, input);
(gdb) frame 41
#41 0x00007f6e94078d74 in <style::stylesheets::rule_parser::TopLevelRuleParser<'a> as cssparser::rules_and_declarations::QualifiedRuleParser<'i>>::parse_block (self=<optimized out>, prelude=..., 
    location=..., input=0x7ffcfaa300a0)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/stylesheets/rule_parser.rs:315
315	        QualifiedRuleParser::parse_block(&mut self.nested(), prelude, location, input).map(
(gdb) frame 42
#42 0x00007f6e94057861 in cssparser::rules_and_declarations::parse_qualified_rule::{{closure}} (
    input=0x7ffcfaa300a0)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/rules_and_declarations.rs:520
520	                move |input| parser.parse_block(prelude, location, input),
(gdb) frame 43
#43 0x00007f6e9406aa51 in cssparser::parser::Parser::parse_entirely (self=0x7ffcfaa31b30, parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:596
596	        let result = parse(self)?;
(gdb) frame 44
#44 0x00007f6e9405aaa3 in cssparser::parser::parse_nested_block (parser=0x7ffcfaa32060, parse=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/parser.rs:966
966	        result = nested_parser.parse_entirely(parse);
(gdb) frame 45
#45 0x00007f6e941a38b1 in cssparser::rules_and_declarations::parse_qualified_rule (
    input=0x7ffcfaa32060, parser=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/rules_and_declarations.rs:518
518	            parse_nested_block::<'i, 't, _, _, _>(
(gdb) frame 46
#46 0x00007f6e9419a6f5 in <cssparser::rules_and_declarations::RuleListParser<'i, 't, 'a, P> as core::iter::iterator::Iterator>::next (self=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/third_party/rust/cssparser/src/rules_and_declarations.rs:392
392	                let result = parse_qualified_rule(self.input, &mut self.parser);
(gdb) frame 47
#47 0x00007f6e940da27c in style::stylesheets::stylesheet::Stylesheet::parse_rules (css=..., 
    url_data=<optimized out>, origin=<optimized out>, namespaces=0x7ffcfaa323b0, 
    shared_lock=0x7f6e85837d00, stylesheet_loader=..., error_reporter=..., 
    quirks_mode=selectors::context::QuirksMode::NoQuirks, line_number_offset=1, use_counters=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/stylesheets/stylesheet.rs:390
390	            while let Some(result) = iter.next() {
(gdb) frame 48
#48 0x00007f6e940d9705 in style::stylesheets::stylesheet::StylesheetContents::from_str (css=..., 
    url_data=..., origin=style::stylesheets::origin::Origin::UserAgent, shared_lock=0x7f6e85837d00, 
    stylesheet_loader=..., error_reporter=..., 
    quirks_mode=selectors::context::QuirksMode::NoQuirks, line_number_offset=1, use_counters=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/components/style/stylesheets/stylesheet.rs:86
86	        let (rules, source_map_url, source_url) = Stylesheet::parse_rules(
(gdb) frame 49
^[[A#49 0x00007f6e93f1265a in Servo_StyleSheet_FromUTF8Bytes (loader=<optimized out>, 
    stylesheet=0x7f6e86297740, load_data=<optimized out>, bytes=<optimized out>, 
    mode=<optimized out>, extra_data=<optimized out>, line_number_offset=<optimized out>, 
    quirks_mode=<optimized out>, reusable_sheets=<optimized out>, use_counters=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/servo/ports/geckolib/glue.rs:1389
1389	    Arc::new(StylesheetContents::from_str(
(gdb) frame 50
#50 0x00007f6e91cf50e7 in mozilla::StyleSheet::ParseSheetSync (this=0x7f6e86297740, 
    aLoader=<optimized out>, aBytes=..., aLoadData=<optimized out>, aLineNumber=<optimized out>, 
    aReusableSheets=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/StyleSheet.cpp:946
946	      Servo_StyleSheet_FromUTF8Bytes(
(gdb) frame 51
#51 0x00007f6e91ce0ea6 in mozilla::css::Loader::ParseSheet (this=0x7f6e85952460, aBytes=..., 
    aLoadData=0x7f6e86297920, aAllowAsync=mozilla::css::Loader::AllowAsyncParse::Yes)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/Loader.cpp:1556
1556	    sheet->ParseSheetSync(this, aBytes, aLoadData, aLoadData->mLineNumber);
(gdb) frame 52
#52 0x00007f6e91cf130f in mozilla::css::StreamLoader::OnStopRequest (this=0x7f6e859524c0, 
    aRequest=<optimized out>, aContext=<optimized out>, aStatus=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/StreamLoader.cpp:110
110	  mSheetLoadData->mLoader->ParseSheet(utf8String, mSheetLoadData,
(gdb) frame 53
#53 0x00007f6e9070aec1 in nsSyncLoadService::PushSyncStreamToListener (aIn=..., 
    aListener=0x7f6e859524c0, aChannel=0x7f6e85aa4d20)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/dom/base/nsSyncLoadService.cpp:363
363	  aListener->OnStopRequest(aChannel, nullptr, rv);
(gdb) frame 54
#54 0x00007f6e91cddc4f in mozilla::css::Loader::LoadSheet (this=<optimized out>, 
    aLoadData=0x7f6e86297920, aSheetState=<optimized out>, aIsPreload=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/Loader.cpp:1328
1328	    return nsSyncLoadService::PushSyncStreamToListener(stream.forget(),
(gdb) frame 55
#55 0x00007f6e91ce2ee1 in mozilla::css::Loader::InternalLoadNonDocumentSheet (this=0x7f6e85952460, 
    aURL=<optimized out>, aIsPreload=<optimized out>, aParsingMode=<optimized out>, 
    aUseSystemPrincipal=<optimized out>, aOriginPrincipal=<optimized out>, 
    aPreloadEncoding=<optimized out>, aSheet=<optimized out>, aObserver=<optimized out>, 
    aCORSMode=<optimized out>, aReferrerPolicy=<optimized out>, aIntegrity=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/Loader.cpp:2210
2210	  rv = LoadSheet(data, state, aIsPreload);
(gdb) frame 56
#56 0x00007f6e91ce2b6e in mozilla::css::Loader::LoadSheetSync (this=0x7f6e85952460, aURL=
    0x7f6e85874200, aParsingMode=mozilla::css::SheetParsingMode::eAgentSheetFeatures, 
    aUseSystemPrincipal=true, aSheet=0x7f6e85a53ac0)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/style/Loader.cpp:2115
2115	  return InternalLoadNonDocumentSheet(aURL, false, aParsingMode,
(gdb) frame 57
#57 0x00007f6e91cb8a9e in nsLayoutStylesheetCache::LoadSheet (this=<optimized out>, 
    aURI=<optimized out>, aSheet=<optimized out>, 
    aParsingMode=mozilla::css::SheetParsingMode::eAgentSheetFeatures, 
    aFailureAction=<optimized out>) at ../../../layout/style/nsLayoutStylesheetCache.cpp:302
302	  nsresult rv = gCSSLoader->LoadSheetSync(aURI, aParsingMode, true, aSheet);
(gdb) frame 58
#58 0x00007f6e91cb8880 in nsLayoutStylesheetCache::LoadSheetURL (aURL=<optimized out>, 
    aSheet=<optimized out>, aParsingMode=mozilla::css::SheetParsingMode::eAgentSheetFeatures, 
    aFailureAction=mozilla::css::eCrash, this=<optimized out>)
    at ../../../layout/style/nsLayoutStylesheetCache.cpp:243
243	  LoadSheet(uri, aSheet, aParsingMode, aFailureAction);
(gdb) frame 59
#59 nsLayoutStylesheetCache::nsLayoutStylesheetCache (this=0x7f6e85a53a80)
    at ../../dist/include/mozilla/UserAgentStyleSheetList.h:26
26	STYLE_SHEET(HTML, "resource://gre-resources/html.css", false)
(gdb) frame 60
#60 0x00007f6e91cb8cf6 in nsLayoutStylesheetCache::Singleton ()
    at ../../../layout/style/nsLayoutStylesheetCache.cpp:187
187	    gStyleCache = new nsLayoutStylesheetCache;
(gdb) frame 61
^[[A#61 0x00007f6e91d9219c in nsDocumentViewer::CreateStyleSet (this=0x7f6e85869160, aDocument=
    0x7f6e8586d000)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/base/nsDocumentViewer.cpp:2295
2295	  auto cache = nsLayoutStylesheetCache::Singleton();
(gdb) frame 62
#62 0x00007f6e91d91bbc in nsDocumentViewer::InitPresentationStuff (this=0x7f6e85869160, 
    aDoInitialReflow=false)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/base/nsDocumentViewer.cpp:734
734	  UniquePtr<ServoStyleSet> styleSet = CreateStyleSet(mDocument);
(gdb) frame 63
#63 0x00007f6e91d918ae in nsDocumentViewer::InitInternal (this=0x7f6e85869160, 
    aParentWidget=<optimized out>, aState=0x0, aBounds=..., aDoCreation=<optimized out>, 
    aNeedMakeCX=<optimized out>, aForceSetNewDocument=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/base/nsDocumentViewer.cpp:983
983	    rv = InitPresentationStuff(!makeCX);
(gdb) frame 64
#64 0x00007f6e91d914a1 in nsDocumentViewer::Init (this=0x12ba, aParentWidget=0x7ffcfaa2fe6a, 
    aBounds=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/layout/base/nsDocumentViewer.cpp:716
716	  return InitInternal(aParentWidget, nullptr, aBounds, true);
(gdb) frame 65
#65 0x00007f6e92a59926 in nsDocShell::SetupNewViewer (this=0x7f6e8583f000, 
    aNewViewer=0x7f6e85869160)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/docshell/base/nsDocShell.cpp:8381
8381	  if (NS_FAILED(mContentViewer->Init(widget, bounds))) {
(gdb) frame 66
#66 0x00007f6e92a591af in nsDocShell::Embed (this=0x7f6e8583f000, aContentViewer=0x7f6e85869160, 
    aCommand=<optimized out>, aExtraInfo=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/docshell/base/nsDocShell.cpp:6276
6276	  nsresult rv = SetupNewViewer(aContentViewer);
(gdb) frame 67
#67 0x00007f6e92a5d4bd in nsDocShell::CreateAboutBlankContentViewer (this=<optimized out>, 
    aPrincipal=<optimized out>, aBaseURI=0x7f6e85837a40, aTryToSaveOldPresentation=<optimized out>, 
    aCheckPermitUnload=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/docshell/base/nsDocShell.cpp:7126
7126	        rv = Embed(viewer, "", 0);
(gdb) frame 68
#68 0x00007f6e92a840ee in nsWebShellWindow::Initialize (this=0x7f6e8ab9e1b0, 
    aParent=<optimized out>, aOpener=<optimized out>, aUrl=0x0, aInitialWidth=<optimized out>, 
    aInitialHeight=<optimized out>, aIsHiddenWindow=<optimized out>, aOpeningTab=0x0, aOpenerWindow=
    0x0, widgetInitData=...)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/xpfe/appshell/nsWebShellWindow.cpp:233
233	    rv = mDocShell->CreateAboutBlankContentViewer(principal);
(gdb) frame 69
#69 0x00007f6e92a82345 in nsAppShellService::JustCreateTopWindow (this=<optimized out>, 
    aParent=<optimized out>, aUrl=<optimized out>, aChromeMask=4161799686, 
    aInitialWidth=<optimized out>, aInitialHeight=-89980768, aIsHiddenWindow=false, 
    aOpeningTab=<optimized out>, aOpenerWindow=<optimized out>, aResult=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/xpfe/appshell/nsAppShellService.cpp:664
664	  nsresult rv = window->Initialize(
(gdb) frame 70
#70 0x00007f6e92a8296c in nsAppShellService::CreateTopLevelWindow (this=0x12ba, aParent=0x0, 
    aUrl=0x7ffcfaa2fe6a, aChromeMask=4161799686, aInitialWidth=2, aInitialHeight=-89980768, 
    aOpeningTab=0x0, aOpenerWindow=0x0, aResult=0x7ffcfaa33008)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/xpfe/appshell/nsAppShellService.cpp:184
184	  rv = JustCreateTopWindow(aParent, aUrl, aChromeMask, aInitialWidth,
(gdb) frame 71
#71 0x00007f6e92cbdaeb in nsAppStartup::CreateChromeWindow2 (this=<optimized out>, 
    aParent=<optimized out>, aChromeFlags=<optimized out>, aOpeningTab=0x0, 
    aOpener=<optimized out>, aNextTabParentId=<optimized out>, aCancel=<optimized out>, 
    _retval=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/components/startup/nsAppStartup.cpp:637
637	    appShell->CreateTopLevelWindow(
(gdb) frame 72
#72 0x00007f6e92d487e5 in nsWindowWatcher::CreateChromeWindow (this=<optimized out>, aFeatures=..., 
    aParentChrome=0x0, aChromeFlags=4161799686, aOpeningTabParent=0x0, aOpener=0x0, 
    aNextTabParentId=<optimized out>, aResult=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/components/windowwatcher/nsWindowWatcher.cpp:410
410	  nsresult rv = windowCreator2->CreateChromeWindow2(
(gdb) frame 73
#73 0x00007f6e92d4806a in nsWindowWatcher::OpenWindowInternal (this=<optimized out>, 
    aParent=<optimized out>, aUrl=<optimized out>, aName=<optimized out>, 
    aFeatures=<optimized out>, aCalledFromJS=<optimized out>, aDialog=<optimized out>, 
    aNavigate=<optimized out>, aArgv=<optimized out>, aIsPopupSpam=<optimized out>, 
    aForceNoOpener=<optimized out>, aLoadState=<optimized out>, aResult=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/components/windowwatcher/nsWindowWatcher.cpp:865
865	        rv = CreateChromeWindow(features, parentChrome, chromeFlags, nullptr,
(gdb) frame 74
#74 0x00007f6e92d45e8d in nsWindowWatcher::OpenWindow (this=0x7f6e85a02740, aParent=0x0, 
    aUrl=0x7f6e94e8be20 <kProfileManagerURL> "chrome://mozapps/content/profile/profileSelection.xul", aName=0x7f6e949a8f74 "_blank", aFeatures=0x7f6e94b04463 "centerscreen,chrome,modal,titlebar", 
    aArguments=<optimized out>, aResult=<optimized out>)
    at /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/toolkit/components/windowwatcher/nsWindowWatcher.cpp:289
289	  return OpenWindowInternal(aParent, aUrl, aName, aFeatures,
(gdb) frame 75
#75 0x00007f6e92d73ae4 in ShowProfileManager (aProfileSvc=<optimized out>, aNative=<optimized out>)
    at ../../../toolkit/xre/nsAppRunner.cpp:1949
1949	      rv = windowWatcher->OpenWindow(nullptr, kProfileManagerURL, "_blank",
(gdb) frame 76
#76 SelectProfile (aResult=<optimized out>, aProfileSvc=<optimized out>, aNative=<optimized out>, 
    aStartOffline=<optimized out>, aProfileName=<optimized out>)
    at ../../../toolkit/xre/nsAppRunner.cpp:2125
2125	    return ShowProfileManager(aProfileSvc, aNative);
(gdb) frame 77
#77 XREMain::XRE_mainStartup (this=<optimized out>, aExitFlag=<optimized out>)
    at ../../../toolkit/xre/nsAppRunner.cpp:3806
3806	  rv = SelectProfile(getter_AddRefs(mProfileLock), mProfileSvc, mNativeApp,
(gdb) frame 78
#78 0x00007f6e92d771ef in XREMain::XRE_main (this=0x7ffcfaa336d0, argc=3, argv=0x7ffcfaa349f8, 
    aConfig=...) at ../../../toolkit/xre/nsAppRunner.cpp:4456
4456	  result = XRE_mainStartup(&exit);
(gdb) frame 79
#79 0x00007f6e92d778f0 in XRE_main (argc=-89981334, argv=0x7ffcfaa2fe6a, aConfig=...)
    at ../../../toolkit/xre/nsAppRunner.cpp:4553
4553	  int result = main.XRE_main(argc, argv, aConfig);
(gdb) frame 80
#80 0x000055f530f79e85 in do_main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at ../../../browser/app/nsBrowserApp.cpp:214
214	  return gBootstrap->XRE_main(argc, argv, config);
(gdb) frame 81
#81 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at ../../../browser/app/nsBrowserApp.cpp:293
293	  int result = do_main(argc, argv, envp);
(gdb) frame 82
#0  0x0000000000000000 in ?? ()
(gdb) 

[ghost]

I'll try nsTArrayHeader alignas(8) sEmptyTArrayHeader = {0, 0, 0};

[ghost]

oops: error: 'alignas' attribute cannot be applied to types

 0:13.00 In file included from Unified_cpp_xpcom_ds1.cpp:65:
 0:13.00 /home/xftroxgpx/build/1packages/4used/firefox-hg/makepkg_pacman/firefox-hg/src/firefox-hg/xpcom/ds/nsTArray.cpp:14:16: error: 'alignas' attribute cannot be applied to types
 0:13.00 nsTArrayHeader alignas(8) sEmptyTArrayHeader = {0, 0, 0};
 0:13.00                ^
 0:13.00 1 error generated.

[jdm]

Does alignas(8) nsTArrayHeader sEmptyTArrayHeader = {0, 0, 0}; work?

[ghost]

Does alignas(8) nsTArrayHeader sEmptyTArrayHeader = {0, 0, 0}; work?

That did work! Thank you jdm!
And firefox doesn't crash anymore!!

This is all I changed:

diff -r a559b84032a8 xpcom/ds/nsTArray.cpp
--- a/xpcom/ds/nsTArray.cpp	Tue Jan 15 12:38:06 2019 +0200
+++ b/xpcom/ds/nsTArray.cpp	Tue Jan 15 17:15:32 2019 +0100
@@ -11,7 +11,7 @@
 #include "mozilla/CheckedInt.h"
 #include "mozilla/IntegerPrintfMacros.h"
 
-nsTArrayHeader sEmptyTArrayHeader = {0, 0, 0};
+alignas(8) nsTArrayHeader sEmptyTArrayHeader = {0, 0, 0};
 
 bool IsTwiceTheRequiredBytesRepresentableAsUint32(size_t aCapacity,
                                                   size_t aElemSize) {

I'm keeping this issue open, if someone wants to submit a PR with "closes #22613" that'd be great! oops, nsTArray.cpp is not part of servo, my bad.
Thanks everyone for your knowledge&time!

[ghost]

Closing since nsTArray.cpp is not part of servo.
but I made https://bugzilla.mozilla.org/show_bug.cgi?id=1520418

Thank you all!