| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0002680 | NetSurf | Javascript | public | 2019-07-08 08:58 | 2019-07-19 09:22 | ||||
| Reporter | Vincent Sanders | ||||||||
| Assigned To | Vincent Sanders | ||||||||
| Severity | crash | Reproducibility | always | ||||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | 3.9 | ||||||||
| Target Version | 3.9 | Fixed in Version | 3.9 | ||||||
| Summary | 0002680: SIGSEGV, Segmentation fault. when running popular site parallel test | ||||||||
| Description | when running the popular site parallel test nsmonkey exits with segmentation fault while closing windows | ||||||||
| Steps To Reproduce | run test with ./test/monkey_driver.py -m ./nsmonkey -t ../netsurf-test/monkey-test/popular-sites-parallel.yaml -w 'gdbserver :12345' use gdb: target remote localhost:12345 and continue execution | ||||||||
| Additional Information | Thread 1 "nsmonkey" received signal SIGSEGV, Segmentation fault. 0x0000555562967e10 in ?? () (gdb) bt #0 0x0000555562967e10 in ?? () #1 0x000055555566266a in duk_heap_mem_alloc (heap=0x555555beb270, size=66) at content/handlers/javascript/duktape/duktape.c:50191 0000002 0x00005555556629bf in duk__strtable_alloc_hstring (extdata=0x0, strhash=297939073, blen=33, str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", heap=0x555555beb270) at content/handlers/javascript/duktape/duktape.c:52441 #3 duk__strtable_do_intern (strhash=297939073, blen=33, str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", heap=0x555555beb270) at content/handlers/javascript/duktape/duktape.c:52441 #4 duk_heap_strtable_intern (heap=0x555555beb270, str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", blen=<optimized out>) at content/handlers/javascript/duktape/duktape.c:52579 #5 0x0000555555663cfd in duk_heap_strtable_intern_checked (thr=0x5555618826d0, str=<optimized out>, blen=<optimized out>) at content/handlers/javascript/duktape/duktape.c:52625 #6 0x0000555555663d3c in duk_push_lstring (thr=0x5555618826d0, str=<optimized out>, len=<optimized out>) at content/handlers/javascript/duktape/duktape.c:21996 #7 0x0000555555674dbc in duk_get_prop_string (thr=thr@entry=0x5555618826d0, obj_idx=1, obj_idx@entry=-1, key=key@entry=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks") at content/handlers/javascript/duktape/duktape.c:16572 #8 0x0000555555601854 in window_call_callback (clear_entry=true, handle=784, ctx=0x5555618826d0) at build/Linux-monkey/duktape/window.c:87 #9 window_schedule_callback (p=0x55555785b250) at build/Linux-monkey/duktape/window.c:132 #10 0x00005555556bcda5 in monkey_schedule_run () at frontends/monkey/schedule.c:165 #11 0x0000555555588d64 in monkey_run () at frontends/monkey/main.c:277 #12 main (argc=<optimized out>, argv=<optimized out>) at frontends/monkey/main.c:408 (gdb) up #1 0x000055555566266a in duk_heap_mem_alloc (heap=0x555555beb270, size=66) at content/handlers/javascript/duktape/duktape.c:50191 50191 res = heap->alloc_func(heap->heap_udata, size); (gdb) p heap $1 = (duk_heap *) 0x555555beb270 (gdb) p *heap $2 = {flags = 1796561840, alloc_func = 0x555562967e10, realloc_func = 0x0, free_func = 0x0, heap_udata = 0x555555a1af90, fatal_func = 0x555555585eb8 <duk_default_fatal_handler>, heap_allocated = 0x55555782ae60, refzero_list = 0x0, finalize_list = 0x0, activation_free = 0x0, catcher_free = 0x0, ms_trigger_counter = 705016, ms_recursion_depth = 0, ms_base_flags = 0, ms_running = 0, ms_prevent_count = 1, pf_prevent_count = 1, pf_skip_finalizers = 1, creating_error = 0, augmenting_error = 0, lj = {jmpbuf_ptr = 0x0, type = 0, iserror = 0, value1 = {t = 2, v_extra = 0, v = {d = 4.6355940598961254e-310, i = 1907732976, fi = 93825468314096, voidptr = 0x555571b5b1f0, hstring = 0x555571b5b1f0, hobject = 0x555571b5b1f0, hcompfunc = 0x555571b5b1f0, hnatfunc = 0x555571b5b1f0, hthread = 0x555571b5b1f0, hbuffer = 0x555571b5b1f0, heaphdr = 0x555571b5b1f0, lightfunc = 0x555571b5b1f0}}, value2 = {t = 2, v_extra = 0, v = {d = 0, i = 0, fi = 0, voidptr = 0x0, hstring = 0x0, hobject = 0x0, hcompfunc = 0x0, hnatfunc = 0x0, hthread = 0x0, hbuffer = 0x0, heaphdr = 0x0, lightfunc = 0x0}}}, heap_thread = 0x555555bf5290, curr_thread = 0x0, heap_object = 0x555555c09f50, call_recursion_depth = 0, call_recursion_limit = 1000, hash_seed = 1438558069, rnd_state = { 15748112546035340805, 8073118506461634612}, sym_counter = {0, 0}, strtable = 0x55556af890c0, st_mask = 8191, st_size = 8192, st_count = 4650, st_resizing = 0, strcache = {{h = 0x0, bidx = 0, cidx = 0}, {h = 0x0, bidx = 0, cidx = 0}, {h = 0x0, bidx = 0, cidx = 0}, {h = 0x0, bidx = 0, cidx = 0}}, litcache = {{addr = 0x0, h = 0x0} <repeats 83 times>, {addr = 0x0, h = 0x55555f538270}, {addr = 0x0, h = 0x0} <repeats 59 times>, {addr = 0x0, h = 0x55556ac65800}, {addr = 0x0, h = 0x0} <repeats 58 times>, {addr = 0x0, h = 0x5555629b7380}, {addr = 0x0, h = 0x0} <repeats 53 times>}, strs = {0x555555bec8f0, 0x555555bec930, 0x555555bec960, 0x555555bec990, 0x555555bec9d0, 0x555555beca00, 0x555555beca40, 0x555555beca70, 0x555555becaa0, 0x555555becad0, 0x555555becb00, 0x555555bf31c0, 0x555555bf31f0, 0x555555bf3220, 0x555555bf3250, 0x555555bf3280, 0x555555bf32b0, 0x555555bf32f0, 0x555555bf3330, 0x555555bf3370, 0x555555bf33b0, 0x555555bf33f0, 0x555555bf3430, 0x555555bf3470, 0x555555bf34b0, 0x555555bf34f0, 0x555555bf3530, 0x555555bf3570, 0x555555bf35a0, 0x555555bf35d0, 0x555555bf3600, 0x555555bf3630, 0x555555bf3660, 0x555555bf3690, 0x555555bf36c0, 0x555555bf36f0, 0x555555bf3730, 0x555555bf3770, 0x555555bf37b0, 0x555555bf37e0, 0x555555bf3820, 0x555555bf3850, 0x555555bf3890, 0x555555bf38d0, 0x555555bf3910, 0x555555bf3940, 0x555555bf3980, 0x555555bf39c0, 0x555555bf3a00, 0x555555bf3a30, 0x555555bf3a60, 0x555555bf3aa0, 0x555555bf3ae0, 0x555555bf3b10, 0x555555bf3b40, 0x555555bf3b70, 0x555555bf3ba0, 0x555555bf3bd0, 0x555555bf3c00, 0x555555bf3c40, 0x555555bf3c70, 0x555555bf3cb0, 0x555555bf3cf0, 0x555555bf3d20, 0x555555bf3d50, 0x555555bf3d80, --Type <RET> for more, q to quit, c to continue without paging-- 0x555555bf3db0, 0x555555bf3df0, 0x555555bf3e30, 0x555555bf3e60, 0x555555bf3e90, 0x555555bf3ec0, 0x555555bf3f00, 0x555555bf3f40, 0x555555bf3f70, 0x555555bf3fa0, 0x555555bf3fd0, 0x555555bf4010, 0x555555bf4050, 0x555555bf4090, 0x555555bf40e0, 0x555555bf4120, 0x555555bf4160, 0x555555bf41a0, 0x555555bf41d0, 0x555555bf4200, 0x555555bf4230, 0x555555bf4260, 0x555555bf4290, 0x555555bf42c0, 0x555555bf42f0, 0x555555bf4330, 0x555555bf4370, 0x555555bf43a0, 0x555555bf43e0, 0x555555bf4410, 0x555555bf4440, 0x555555bf4470, 0x555555bf44b0, 0x555555bf44f0, 0x555555bf4520, 0x555555bf4550, 0x555555bf4590, 0x555555bf45c0, 0x555555bf45f0, 0x555555bf4630, 0x555555bf4660, 0x555555bf4690, 0x555555bf46c0, 0x555555bf4700, 0x555555bf4740, 0x555555bf4770, 0x555555bf47a0, 0x555555bf47d0, 0x555555bf4800, 0x555555bf4830, 0x555555bf4870, 0x555555bf48b0, 0x555555bf48f0, 0x555555bf4930, 0x555555bf4970, 0x555555bf49b0, 0x555555bf49e0, 0x555555bf4a10, 0x555555bf4a40, 0x555555bf4a80, 0x555555bf4ac0, 0x555555bf4af0, 0x555555bf4b20, 0x555555bf4b50, 0x555555bf4b80, 0x555555bf4bb0, 0x555555bf4be0, 0x555555bf4c20, 0x555555bf4c50, 0x555555bf4c80, 0x555555bf4cc0, 0x555555bf4cf0, 0x555555bf4d20, 0x555555bf4d50, 0x555555bf4d80, 0x555555bf4db0, 0x555555bf4de0, 0x555555bf4e10, 0x555555bf4e40, 0x555555bf4e70, 0x555555bf4ea0, 0x555555bf4ed0, 0x555555bf4f00, 0x555555bf4f30, 0x555555bf4f60, 0x555555bf4f90, 0x555555bf4fc0, 0x555555bf4ff0, 0x555555bf5020, 0x555555bf5050, 0x555555bf5080, 0x555555bf50b0, 0x555555bf50f0, 0x555555bf5130, 0x555555bf5160, 0x555555bf5190, 0x555555bf51c0, 0x555555bf5200, 0x555555bf5230, 0x555555bf5260}} (gdb) list 50186 res = NULL; 50187 DUK_UNREF(res); 50188 goto skip_attempt; 50189 } 50190 #endif 50191 res = heap->alloc_func(heap->heap_udata, size); 50192 if (DUK_LIKELY(res || size == 0)) { 50193 /* For zero size allocations NULL is allowed. */ 50194 return res; 50195 } (gdb) p heap->heap_udata $3 = (void *) 0x555555a1af90 (gdb) p size $4 = 66 (gdb) p res $5 = <optimized out> (gdb) | ||||||||
| Tags | No tags attached. | ||||||||
| Fixed in CI build # | 4716 | ||||||||
| Reported in CI build # | |||||||||
| URL of problem page | |||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
Vincent Sanders (administrator) 2019-07-12 13:47 |
it turns out that when the browser window destroyed the javascript context that the dukky interface was not closing any active container in the context which resulted in callbacks and various other memory references to freed memory. Fixed by simply destroying the active js container before freeing the context |
|
Vincent Sanders (administrator) 2019-07-19 09:22 |
we believe this issue has been fixed in NetSurf 3.9 |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-07-08 08:58 | Vincent Sanders | New Issue | |
| 2019-07-12 13:47 | Vincent Sanders | Assigned To | => Vincent Sanders |
| 2019-07-12 13:47 | Vincent Sanders | Status | new => resolved |
| 2019-07-12 13:47 | Vincent Sanders | Resolution | open => fixed |
| 2019-07-12 13:47 | Vincent Sanders | Fixed in Version | => 3.9 |
| 2019-07-12 13:47 | Vincent Sanders | Target Version | => 3.9 |
| 2019-07-12 13:47 | Vincent Sanders | Fixed in CI build # | => 4716 |
| 2019-07-12 13:47 | Vincent Sanders | Note Added: 0001985 | |
| 2019-07-19 09:22 | Vincent Sanders | Status | resolved => closed |
| 2019-07-19 09:22 | Vincent Sanders | Note Added: 0001989 | |
| Issue History |