This is triggered when running gtests with an UBSan build.

To enable this check add the following to your mozconfig:

ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="shift"

Traceback:

netwerk/base/nsProtocolProxyService.cpp:678:56: runtime error: left shift of negative value -1
    #0 0x7f927ec7c910 in mozilla::net::proxy_MaskIPv6Addr(PRIPv6Addr&, unsigned short) netwerk/base/nsProtocolProxyService.cpp
    #1 0x7f927ec7b717 in mozilla::net::nsProtocolProxyService::LoadHostFilters(nsTSubstring<char> const&) netwerk/base/nsProtocolProxyService.cpp:1918:7
    #2 0x7f927d8142fa in mozilla::net::TestProtocolProxyService_LoadHostFilters_Test::TestBody() netwerk/test/gtest/TestProtocolProxyService.cpp:104:8
    #3 0x7f927dc7d55b in testing::Test::Run() testing/gtest/gtest/src/gtest.cc:2519:5
    #4 0x7f927dc7e405 in testing::TestInfo::Run() testing/gtest/gtest/src/gtest.cc:2695:11
    #5 0x7f927dc7ebf1 in testing::TestCase::Run() testing/gtest/gtest/src/gtest.cc:2813:28
    #6 0x7f927dc8c642 in testing::internal::UnitTestImpl::RunAllTests() testing/gtest/gtest/src/gtest.cc:5179:43
    #7 0x7f927dc8c106 in testing::UnitTest::Run() testing/gtest/gtest/src/gtest.cc:4788:10
    #8 0x7f927dcc54f7 in mozilla::RunGTestFunc(int*, char**) testing/gtest/mozilla/GTestRunner.cpp:158:10
    #9 0x7f92884a1570 in XREMain::XRE_mainStartup(bool*) toolkit/xre/nsAppRunner.cpp:3788:16
    #10 0x7f92884aa189 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4722:12
    #11 0x7f92884aabf1 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4816:21
    #12 0x55e609b52cae in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:218:22
    #13 0x55e609b52344 in main browser/app/nsBrowserApp.cpp:300:16

If I try to build with those options I get:

36:01.15 ld.lld: error: duplicate symbol: operator delete[](void*)
36:01.15 >>> defined at asan_new_delete.cc:170 (/builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:170)
36:01.15 >>>            asan_new_delete.cc.o:(operator delete[](void*)) in archive /home/icecold/.mozbuild/clang/lib/clang/8.0.1/lib/linux/libclang_rt.asan_cxx-x86_64.a
36:01.15 >>> defined at cxxalloc.h:59 (/home/icecold/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/mozilla/cxxalloc.h:59)
36:01.15 >>>            ../../../mozalloc/cxxalloc.o:(.text+0x1E)

Any idea on how I could avoid that?
Should I file a bug?

Hmm I must have overlooked something, would you mind trying with this mozconfig?

And to be safe you can add this to src/build/sanitizers/ubsan_shift_blacklist.txt to avoid any other know UB issues.

We should use ~0uL << x instead of ~0L << x because we are working with uint32_t

(In reply to Tyson Smith [:tsmith] from comment #2)

Created attachment 9093368 [details]
mozconfig

Hmm I must have overlooked something, would you mind trying with this mozconfig?

Thanks.
I assume it was ac_add_options --disable-jemalloc that fixed it for me.

https://hg.mozilla.org/mozilla-central/rev/43ea73f1db1a