8000 V8 Segfault - difficult to reproduce · Issue #6017 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

V8 Segfault - difficult to reproduce #6017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tejohnso opened this issue Jun 12, 2016 · 6 comments
Closed

V8 Segfault - difficult to reproduce #6017

tejohnso opened this issue Jun 12, 2016 · 6 comments
Labels
crash 💥

Comments

@tejohnso
Copy link
tejohnso commented Jun 12, 2016
edited
Loading

I'm getting a segfault in the renderer process on both win64 and lnx64. I've not yet isolated a minimal test case but the interrupt always occurs at NewFromUtf8.

Program received signal SIGSEGV, Segmentation fault.
0x00007f0f7cacba08 in v8::String::NewFromUtf8(v8::Isolate_, char const_, v8::String::NewStringType, int) ()

This is on the latest release 1.2.2.
@enlight
Copy link
Contributor
enlight commented Jun 13, 2016

Is there a stack trace or a crash dump?

@tejohnso
Copy link
Author

Program received signal SIGABRT, Aborted.
0x00007f0f6fcd1cc9 in GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) where
#0 0x00007f0f6fcd1cc9 in GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f0f6fcd50d8 in GI_abort () at abort.c:89
#2 0x00007f0f7b56f992 in base::debug::BreakDebugger() ()
from app/libbase.so
#3 0x00007f0f7b570564 in ?? ()
from app/libbase.so
#4
#5 0x00007f0f7cacba08 in v8::String::NewFromUtf8(v8::Isolate, char const, v8::String::NewStringType, int) ()
from app/libv8.so
#6 0x0000000000977592 in mate::Converterbase::BasicStringPiece<std::string, void>::ToV8(v8::Isolate, base::BasicStringPiecestd::string const&) ()
#7 0x0000000000905aad in v8::Localv8::Value mate::ConvertToV8base::BasicStringPiece<std::string >(v8::Isolate, base::BasicStringPiecestd::string const&) ()
#8 0x00000000009059fd in mate::StringToV8(v8::Isolate, base::BasicStringPiecestd::string const&) ()
#9 0x0000000000930cfb in v8::Localv8::Value mate::EmitEvent<char [5]>(v8::Isolate, v8::Localv8::Object, char const (&) [5]) ()
#10 0x0000000000930245 in atom::AtomRendererClient::WillReleaseScriptContext(v8::Localv8::Context, content::RenderFrame*) ()

@zcbenz zcbenz added the blocked/need-info ❌ Cannot proceed without more information label Jun 13, 2016
@zcbenz
Copy link
Contributor
zcbenz commented Jun 13, 2016

I don't have any idea from the stack trace.

@tejohnso
Copy link
Author

Aside from trying to create a repeatable minimal test case, is there something else that would help?

@tejohnso
Copy link
Author
tejohnso commented Jun 13, 2016
edited
Loading

I found ELECTRON_ENABLE_STACK_DUMPING and received a dump that might be more helpful

Received signal 11 SEGV_MAPERR 000c00000000
#0 0x7f304dc62d6b
#1 0x7f304861d340
#2 0x0000008e062c node::Environment::isolate()
#3 0x00000093021d atom::AtomRendererClient::WillReleaseScriptContext()
#4 0x000000930569 atom::(anonymous namespace)::AtomRenderFrameObserver::WillReleaseScriptContext()
#5 0x7f3049f6a4ea content::RenderFrameImpl::willReleaseScriptContext()
#6 0x7f304b3f8d34
#7 0x7f304b3faed0 blink::WindowProxyManager::clearForClose()
#8 0x7f304b3c39fa blink::ScriptController::clearForClose()
#9 0x7f304b92f60d blink::LocalFrame::detach()
#10 0x7f304b907a8b blink::Frame::detachChildren()
#11 0x7f304b92f57e blink::LocalFrame::detach()
#12 0x7f304bacb925
#13 0x7f304bad0ae7 blink::ContainerNode::willRemoveChild()
#14 0x7f304bad08ad blink::ContainerNode::removeChild()
#15 0x7f304bb35c77 blink::Node::removeChild()
#16 0x7f304b551264
#17 0x7f304f1d0faa v8::internal::FunctionCallbackArguments::Call()
#18 0x7f304f203be4
#19 0x7f304f20e6ef
#20 0x35fe7c9092a7
r8: 00007f3049f6a520 r9: 0000000000000007 r10: 0000280d16a0c880 r11: 000000004140e967
r12: 00007fffc8d56d58 r13: 00007fffc8d570a0 r14: 0000000000000000 r15: 0000299aedb8b048
di: 0000000c00000000 si: 0000000000000110 bp: 00007fffc8d56c90 bx: 00007fffc8d56d38
dx: 0000299aedb8b048 ax: 0000000c00000000 cx: 0000299aedb8b048 sp: 00007fffc8d56c90
ip: 00000000008e062c efl: 0000000000010206 cgf: 0000000000000033 erf: 0000000000000004
trp: 000000000000000e msk: 0000000000000000 cr2: 0000000c00000000
[end of stack trace]

This one as well

Received signal 11 000000000000
#0 0x7f6f9e75fd6b
#1 0x7f6f9911a340
#2 0x7f6f9fcbaa08 v8::String::NewFromUtf8()
#3 0x000000977592 mate::Converter<>::ToV8()
#4 0x000000905aad mate::ConvertToV8<>()
#5 0x0000009059fd mate::StringToV8()
#6 0x000000930cfb ZN4mate9EmitEventIA5_cJEEEN2v85LocalINS2_5ValueEEEPNS2_7IsolateENS3_INS2_6ObjectEEERKT_DpRKT0
#7 0x000000930245 atom::AtomRendererClient::WillReleaseScriptContext()
#8 0x000000930569 atom::(anonymous namespace)::AtomRenderFrameObserver::WillReleaseScriptContext()
#9 0x7f6f9aa674ea content::RenderFrameImpl::willReleaseScriptContext()
#10 0x7f6f9bef5d34
#11 0x7f6f9bef7ed0 blink::WindowProxyManager::clearForClose()
#12 0x7f6f9bec09fa blink::ScriptController::clearForClose()
#13 0x7f6f9c42c60d blink::LocalFrame::detach()
#14 0x7f6f9c404a8b blink::Frame::detachChildren()
#15 0x7f6f9c42c57e blink::LocalFrame::detach()
#16 0x7f6f9c5c8925
#17 0x7f6f9c5cdae7 blink::ContainerNode::willRemoveChild()
#18 0x7f6f9c5cd8ad blink::ContainerNode::removeChild()
#19 0x7f6f9c632c77 blink::Node::removeChild()
#20 0x7f6f9c04e264
#21 0x7f6f9fccdfaa v8::internal::FunctionCallbackArguments::Call()
#22 0x7f6f9fd00be4
#23 0x7f6f9fd0b6ef
#24 0x0008443092a7
r8: 00007f6f9aa67520 r9: 0000000000000007 r10: 00001d93dbb4ce00 r11: 0000000018bf2ba7
r12: 00007ffc73a5c7f8 r13: 00007ffc73a5cb40 r14: 0000000000c97c79 r15: 4100002145bb7f29
di: 4100002145bb7f29 si: 0000000000c97c79 bp: 0000000000000000 bx: 0000000000000004
dx: 0000000000000000 ax: 0000000000000000 cx: 0000000000000004 sp: 00007ffc73a5c5a0
ip: 00007f6f9fcbaa08 efl: 0000000000010287 cgf: 0000000000000033 erf: 0000000000000000
trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

@zcbenz zcbenz added bug crash 💥 and removed blocked/need-info ❌ Cannot proceed without more information labels Jun 16, 2016
@zcbenz zcbenz mentioned this issue Jun 16, 2016
Closed
@juturu
Copy link
Contributor
juturu commented Jun 16, 2016

Posting the following stack trace as well which i was able to hit with debugger on.

INVALID_POINTER_WRITE
Tid [0x3b0c]
Frame [0x00]: v8!v8::CpuProfileNode::GetHitLineCount

LAST_CONTROL_TRANSFER: from 6a815e93 to 6a80047a

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
6ac2ac2c v8!v8::CpuProfileNode::GetHitLineCount+0xadba
017b8348 v8!v8::String::NewFromUtf8+0x23
0018de64 electron!mate::Converterbase::BasicStringPiece<std::basic_string<char,std::char_traits<char,std::allocator > >,void>::ToV8+0x30
0018de64 electron!mate::ConvertToV8base::BasicStringPiece<std::basic_string<char,std::char_traits<char,std::allocator > > >+0x14
0018de64 electron!mate::StringToV8+0x20
68000000 electron!mate::EmitEvent<char [5]>+0x52
0a35c390 electron!atom::AtomRendererClient::WillReleaseScriptContext+0x74
5bf48628 electron!atom::`anonymous namespace'::AtomRenderFrameObserver::WillReleaseScriptContext+0x31

@zcbenz zcbenz mentioned this issue Jun 20, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash 💥
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@enlight @zcbenz @tejohnso @juturu
0