2019-07-16 16:04 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002680NetSurfJavascriptpublic2019-07-12 13:47
ReporterVincent Sanders 
Assigned ToVincent Sanders 
SeveritycrashReproducibilityalways 
StatusresolvedResolutionfixed 
Product Version3.9 
Target Version3.9Fixed in Version3.9 
Summary0002680: SIGSEGV, Segmentation fault. when running popular site parallel test
Descriptionwhen running the popular site parallel test nsmonkey exits with segmentation fault while closing windows
Steps To Reproducerun test with

./test/monkey_driver.py -m ./nsmonkey -t ../netsurf-test/monkey-test/popular-sites-parallel.yaml -w 'gdbserver :12345'

use gdb:
target remote localhost:12345
and continue execution

Additional InformationThread 1 "nsmonkey" received signal SIGSEGV, Segmentation fault.
0x0000555562967e10 in ?? ()
(gdb) bt
#0 0x0000555562967e10 in ?? ()
#1 0x000055555566266a in duk_heap_mem_alloc (heap=0x555555beb270, size=66)
    at content/handlers/javascript/duktape/duktape.c:50191
0000002 0x00005555556629bf in duk__strtable_alloc_hstring (extdata=0x0, strhash=297939073, blen=33,
    str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", heap=0x555555beb270)
    at content/handlers/javascript/duktape/duktape.c:52441
#3 duk__strtable_do_intern (strhash=297939073, blen=33,
    str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", heap=0x555555beb270)
    at content/handlers/javascript/duktape/duktape.c:52441
#4 duk_heap_strtable_intern (heap=0x555555beb270,
    str=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks", blen=<optimized out>)
    at content/handlers/javascript/duktape/duktape.c:52579
#5 0x0000555555663cfd in duk_heap_strtable_intern_checked (thr=0x5555618826d0,
    str=<optimized out>, blen=<optimized out>)
    at content/handlers/javascript/duktape/duktape.c:52625
#6 0x0000555555663d3c in duk_push_lstring (thr=0x5555618826d0, str=<optimized out>,
    len=<optimized out>) at content/handlers/javascript/duktape/duktape.c:21996
#7 0x0000555555674dbc in duk_get_prop_string (thr=thr@entry=0x5555618826d0, obj_idx=1,
    obj_idx@entry=-1, key=key@entry=0x555555761a58 "\377\377NETSURF_DUKTAPE_WindowCallbacks")
    at content/handlers/javascript/duktape/duktape.c:16572
#8 0x0000555555601854 in window_call_callback (clear_entry=true, handle=784, ctx=0x5555618826d0)
    at build/Linux-monkey/duktape/window.c:87
#9 window_schedule_callback (p=0x55555785b250) at build/Linux-monkey/duktape/window.c:132
#10 0x00005555556bcda5 in monkey_schedule_run () at frontends/monkey/schedule.c:165
#11 0x0000555555588d64 in monkey_run () at frontends/monkey/main.c:277
#12 main (argc=<optimized out>, argv=<optimized out>) at frontends/monkey/main.c:408
(gdb) up
#1 0x000055555566266a in duk_heap_mem_alloc (heap=0x555555beb270, size=66)
    at content/handlers/javascript/duktape/duktape.c:50191
50191 res = heap->alloc_func(heap->heap_udata, size);
(gdb) p heap
$1 = (duk_heap *) 0x555555beb270
(gdb) p *heap
$2 = {flags = 1796561840, alloc_func = 0x555562967e10, realloc_func = 0x0, free_func = 0x0,
  heap_udata = 0x555555a1af90, fatal_func = 0x555555585eb8 <duk_default_fatal_handler>,
  heap_allocated = 0x55555782ae60, refzero_list = 0x0, finalize_list = 0x0, activation_free = 0x0,
  catcher_free = 0x0, ms_trigger_counter = 705016, ms_recursion_depth = 0, ms_base_flags = 0,
  ms_running = 0, ms_prevent_count = 1, pf_prevent_count = 1, pf_skip_finalizers = 1,
  creating_error = 0, augmenting_error = 0, lj = {jmpbuf_ptr = 0x0, type = 0, iserror = 0,
    value1 = {t = 2, v_extra = 0, v = {d = 4.6355940598961254e-310, i = 1907732976,
        fi = 93825468314096, voidptr = 0x555571b5b1f0, hstring = 0x555571b5b1f0,
        hobject = 0x555571b5b1f0, hcompfunc = 0x555571b5b1f0, hnatfunc = 0x555571b5b1f0,
        hthread = 0x555571b5b1f0, hbuffer = 0x555571b5b1f0, heaphdr = 0x555571b5b1f0,
        lightfunc = 0x555571b5b1f0}}, value2 = {t = 2, v_extra = 0, v = {d = 0, i = 0, fi = 0,
        voidptr = 0x0, hstring = 0x0, hobject = 0x0, hcompfunc = 0x0, hnatfunc = 0x0,
        hthread = 0x0, hbuffer = 0x0, heaphdr = 0x0, lightfunc = 0x0}}},
  heap_thread = 0x555555bf5290, curr_thread = 0x0, heap_object = 0x555555c09f50,
  call_recursion_depth = 0, call_recursion_limit = 1000, hash_seed = 1438558069, rnd_state = {
    15748112546035340805, 8073118506461634612}, sym_counter = {0, 0}, strtable = 0x55556af890c0,
  st_mask = 8191, st_size = 8192, st_count = 4650, st_resizing = 0, strcache = {{h = 0x0,
      bidx = 0, cidx = 0}, {h = 0x0, bidx = 0, cidx = 0}, {h = 0x0, bidx = 0, cidx = 0}, {h = 0x0,
      bidx = 0, cidx = 0}}, litcache = {{addr = 0x0, h = 0x0} <repeats 83 times>, {addr = 0x0,
      h = 0x55555f538270}, {addr = 0x0, h = 0x0} <repeats 59 times>, {addr = 0x0,
      h = 0x55556ac65800}, {addr = 0x0, h = 0x0} <repeats 58 times>, {addr = 0x0,
      h = 0x5555629b7380}, {addr = 0x0, h = 0x0} <repeats 53 times>}, strs = {0x555555bec8f0,
    0x555555bec930, 0x555555bec960, 0x555555bec990, 0x555555bec9d0, 0x555555beca00,
    0x555555beca40, 0x555555beca70, 0x555555becaa0, 0x555555becad0, 0x555555becb00,
    0x555555bf31c0, 0x555555bf31f0, 0x555555bf3220, 0x555555bf3250, 0x555555bf3280,
    0x555555bf32b0, 0x555555bf32f0, 0x555555bf3330, 0x555555bf3370, 0x555555bf33b0,
    0x555555bf33f0, 0x555555bf3430, 0x555555bf3470, 0x555555bf34b0, 0x555555bf34f0,
    0x555555bf3530, 0x555555bf3570, 0x555555bf35a0, 0x555555bf35d0, 0x555555bf3600,
    0x555555bf3630, 0x555555bf3660, 0x555555bf3690, 0x555555bf36c0, 0x555555bf36f0,
    0x555555bf3730, 0x555555bf3770, 0x555555bf37b0, 0x555555bf37e0, 0x555555bf3820,
    0x555555bf3850, 0x555555bf3890, 0x555555bf38d0, 0x555555bf3910, 0x555555bf3940,
    0x555555bf3980, 0x555555bf39c0, 0x555555bf3a00, 0x555555bf3a30, 0x555555bf3a60,
    0x555555bf3aa0, 0x555555bf3ae0, 0x555555bf3b10, 0x555555bf3b40, 0x555555bf3b70,
    0x555555bf3ba0, 0x555555bf3bd0, 0x555555bf3c00, 0x555555bf3c40, 0x555555bf3c70,
    0x555555bf3cb0, 0x555555bf3cf0, 0x555555bf3d20, 0x555555bf3d50, 0x555555bf3d80,
--Type <RET> for more, q to quit, c to continue without paging--
    0x555555bf3db0, 0x555555bf3df0, 0x555555bf3e30, 0x555555bf3e60, 0x555555bf3e90,
    0x555555bf3ec0, 0x555555bf3f00, 0x555555bf3f40, 0x555555bf3f70, 0x555555bf3fa0,
    0x555555bf3fd0, 0x555555bf4010, 0x555555bf4050, 0x555555bf4090, 0x555555bf40e0,
    0x555555bf4120, 0x555555bf4160, 0x555555bf41a0, 0x555555bf41d0, 0x555555bf4200,
    0x555555bf4230, 0x555555bf4260, 0x555555bf4290, 0x555555bf42c0, 0x555555bf42f0,
    0x555555bf4330, 0x555555bf4370, 0x555555bf43a0, 0x555555bf43e0, 0x555555bf4410,
    0x555555bf4440, 0x555555bf4470, 0x555555bf44b0, 0x555555bf44f0, 0x555555bf4520,
    0x555555bf4550, 0x555555bf4590, 0x555555bf45c0, 0x555555bf45f0, 0x555555bf4630,
    0x555555bf4660, 0x555555bf4690, 0x555555bf46c0, 0x555555bf4700, 0x555555bf4740,
    0x555555bf4770, 0x555555bf47a0, 0x555555bf47d0, 0x555555bf4800, 0x555555bf4830,
    0x555555bf4870, 0x555555bf48b0, 0x555555bf48f0, 0x555555bf4930, 0x555555bf4970,
    0x555555bf49b0, 0x555555bf49e0, 0x555555bf4a10, 0x555555bf4a40, 0x555555bf4a80,
    0x555555bf4ac0, 0x555555bf4af0, 0x555555bf4b20, 0x555555bf4b50, 0x555555bf4b80,
    0x555555bf4bb0, 0x555555bf4be0, 0x555555bf4c20, 0x555555bf4c50, 0x555555bf4c80,
    0x555555bf4cc0, 0x555555bf4cf0, 0x555555bf4d20, 0x555555bf4d50, 0x555555bf4d80,
    0x555555bf4db0, 0x555555bf4de0, 0x555555bf4e10, 0x555555bf4e40, 0x555555bf4e70,
    0x555555bf4ea0, 0x555555bf4ed0, 0x555555bf4f00, 0x555555bf4f30, 0x555555bf4f60,
    0x555555bf4f90, 0x555555bf4fc0, 0x555555bf4ff0, 0x555555bf5020, 0x555555bf5050,
    0x555555bf5080, 0x555555bf50b0, 0x555555bf50f0, 0x555555bf5130, 0x555555bf5160,
    0x555555bf5190, 0x555555bf51c0, 0x555555bf5200, 0x555555bf5230, 0x555555bf5260}}

(gdb) list
50186 res = NULL;
50187 DUK_UNREF(res);
50188 goto skip_attempt;
50189 }
50190 #endif
50191 res = heap->alloc_func(heap->heap_udata, size);
50192 if (DUK_LIKELY(res || size == 0)) {
50193 /* For zero size allocations NULL is allowed. */
50194 return res;
50195 }
(gdb) p heap->heap_udata
$3 = (void *) 0x555555a1af90
(gdb) p size
$4 = 66
(gdb) p res
$5 = <optimized out>
(gdb)
TagsNo tags attached.
Fixed in CI build #4716
Reported in CI build #
URL of problem page
Attached Files

-Relationships
+Relationships

-Notes
Vincent Sanders

~0001985

Vincent Sanders (administrator)

it turns out that when the browser window destroyed the javascript context that the dukky interface was not closing any active container in the context which resulted in callbacks and various other memory references to freed memory.

Fixed by simply destroying the active js container before freeing the context
+Notes

-Issue History
Date Modified Username Field Change
2019-07-08 08:58 Vincent Sanders New Issue
2019-07-12 13:47 Vincent Sanders Assigned To => Vincent Sanders
2019-07-12 13:47 Vincent Sanders Status new => resolved
2019-07-12 13:47 Vincent Sanders Resolution open => fixed
2019-07-12 13:47 Vincent Sanders Fixed in Version => 3.9
2019-07-12 13:47 Vincent Sanders Target Version => 3.9
2019-07-12 13:47 Vincent Sanders Fixed in CI build # => 4716
2019-07-12 13:47 Vincent Sanders Note Added: 0001985
+Issue History