Giter Club home page Giter Club logo

Comments (2)

dlespiau avatar dlespiau commented on June 5, 2024

Played with an LD_PRELOAD library to trace all calls to malloc/free and see what happens. I can see the double free:

malloc 340   0x7f1594000ef0 ./log-malloc.so(+0xb4e)[0x7f15a5ca0b4e]
./log-malloc.so(malloc+0xa3)[0x7f15a5ca0c6b]
jk(_cgo_930f4c6fb697_Cfunc__Cmalloc+0x14)[0x9cce24]
jk[0x6dcc00]

free   0x7f1594000ef0 ./log-malloc.so(+0xb4e)[0x7f15a5ca0b4e]
./log-malloc.so(free+0x8f)[0x7f15a5ca0e1f]
jk[0x6dcc00]

*** Error in `jk': double free or corruption (out): 0x00007f1594000ef0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f15a4e8f7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7f15a4e9837a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f15a4e9c53c]
./log-malloc.so(free+0x38)[0x7f15a5ca0dc8]
jk(_ZN2v88internal20ArrayBufferCollector15FreeAllocationsEv+0x8e)[0xf9814e]
jk(_ZN2v88internal20ArrayBufferCollector11FreeingTask11RunInternalEv+0x146)[0xf983f6]
jk(_ZN2v88platform12WorkerThread3RunEv+0x36)[0x9d39c6]
jk[0xe0b330]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f15a5a8a6ba]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f15a4f1f41d]

and

$ go tool addr2line `which jk`
0x6dcc00
runtime.asmcgocall
/home/damien/go-1.11.1/src/runtime/asm_amd64.s:641

from jk.

dlespiau avatar dlespiau commented on June 5, 2024

Instrumenting v8worker2 a bit we get:

js -> go: send 0x2f28060 (84)
go -> js: sendbytes 0x7f88c40008c0 (340)
00000000  10 00 00 00 00 00 0a 00  0a 00 00 00 09 00 04 00  |................|
00000010  0a 00 00 00 0c 00 00 00  00 01 06 00 08 00 04 00  |................|
00000020  06 00 00 00 04 00 00 00  26 01 00 00 72 00 6f 00  |........&...r.o.|
00000030  6f 00 74 00 20 00 3d 00  20 00 74 00 72 00 75 00  |o.t. .=. .t.r.u.|
00000040  65 00 0a 00 0a 00 5b 00  2a 00 5d 00 0a 00 63 00  |e.....[.*.]...c.|
00000050  68 00 61 00 72 00 73 00  65 00 74 00 20 00 3d 00  |h.a.r.s.e.t. .=.|
00000060  20 00 75 00 74 00 66 00  2d 00 38 00 0a 00 69 00  | .u.t.f.-.8...i.|
00000070  6e 00 64 00 65 00 6e 00  74 00 5f 00 73 00 74 00  |n.d.e.n.t._.s.t.|
00000080  79 00 6c 00 65 00 20 00  3d 00 20 00 73 00 70 00  |y.l.e. .=. .s.p.|
00000090  61 00 63 00 65 00 0a 00  69 00 6e 00 64 00 65 00  |a.c.e...i.n.d.e.|
000000a0  6e 00 74 00 5f 00 73 00  69 00 7a 00 65 00 20 00  |n.t._.s.i.z.e. .|
000000b0  3d 00 20 00 32 00 0a 00  65 00 6e 00 64 00 5f 00  |=. .2...e.n.d._.|
000000c0  6f 00 66 00 5f 00 6c 00  69 00 6e 00 65 00 20 00  |o.f._.l.i.n.e. .|
000000d0  3d 00 20 00 6c 00 66 00  0a 00 69 00 6e 00 73 00  |=. .l.f...i.n.s.|
000000e0  65 00 72 00 74 00 5f 00  66 00 69 00 6e 00 61 00  |e.r.t._.f.i.n.a.|
000000f0  6c 00 5f 00 6e 00 65 00  77 00 6c 00 69 00 6e 00  |l._.n.e.w.l.i.n.|
00000100  65 00 20 00 3d 00 20 00  74 00 72 00 75 00 65 00  |e. .=. .t.r.u.e.|
00000110  0a 00 74 00 72 00 69 00  6d 00 5f 00 74 00 72 00  |..t.r.i.m._.t.r.|
00000120  61 00 69 00 6c 00 69 00  6e 00 67 00 5f 00 77 00  |a.i.l.i.n.g._.w.|
00000130  68 00 69 00 74 00 65 00  73 00 70 00 61 00 63 00  |h.i.t.e.s.p.a.c.|
00000140  65 00 20 00 3d 00 20 00  74 00 72 00 75 00 65 00  |e. .=. .t.r.u.e.|
00000150  0a 00 00 00                                       |....|
js -> go: send 0x2f28120 (76)
go -> js: sendbytes 0x7f88cc000a20 (22776)
js -> go: send 0x7f88c4003290 (224)
*** Error in `jk': double free or corruption (out): 0x00007f88c40008c0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f88d75a07e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7f88d75a937a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f88d75ad53c]
jk(_ZN2v88internal20ArrayBufferCollector15FreeAllocationsEv+0x8e)[0xf9823e]
jk(_ZN2v88internal20ArrayBufferCollector11FreeingTask11RunInternalEv+0x146)[0xf984e6]
jk(_ZN2v88platform12WorkerThread3RunEv+0x36)[0x9d3ab6]
jk[0xe0b420]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f88d819b6ba]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f88d763041d]

So the buffer we are talking about is the go -> js buffer that is allocated with the result of the the first read() (content of test-issue-0071/.editorconfig as utf-16 it seems).

The problem is that this buffer is owned by the Go part (SendBytes does both the allocation and free of that buffer). For some reason the js garbage collection frees it?

from jk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.