double free or corruption segfault in node
Closed this issue · 4 comments
jons commented
as of yet undiagnosed.
[New Thread 0x7ffff4065700 (LWP 29010)]
connect "50-206-84-136-static.hfc.comcastbusiness.net" "50.206.84.136"
[bbe0] connection from 50-206-84-136-static.hfc.comcastbusiness.net (50.206.84.136)
helo "ylmf-pc"
[bbe0] helo ylmf-pc
close
[bbe0] connection closed
*** glibc detected *** /usr/local/bin/node-gdb: double free or corruption (!prev): 0x00000000019d3b70 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x75be6)[0x7ffff6d00be6]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7ffff6d0598c]
/usr/local/bin/node-gdb(_ZN4node7smalloc12CallbackInfo4FreeEPcPv+0x1c)[0x10c70ea]
/usr/local/bin/node-gdb(_ZN4node7smalloc12CallbackInfo12WeakCallbackEPN2v87IsolateENS2_5LocalINS2_6ObjectEEE+0x12d)[0x10c732f]
/usr/local/bin/node-gdb(_ZN4node7smalloc12CallbackInfo12WeakCallbackERKN2v816WeakCallbackDataINS2_6ObjectES1_EE+0x47)[0x10c5741]
/usr/local/bin/node-gdb(_ZN2v88internal13GlobalHandles4Node31PostGarbageCollectionProcessingEPNS0_7IsolateE+0x1c3)[0xc999af]
/usr/local/bin/node-gdb(_ZN2v88internal13GlobalHandles31PostGarbageCollectionProcessingENS0_16GarbageCollectorE+0x142)[0xc9ac38]
/usr/local/bin/node-gdb(_ZN2v88internal4Heap24PerformGarbageCollectionENS0_16GarbageCollectorENS_15GCCallbackFlagsE+0x39d)[0xcc6b13]
/usr/local/bin/node-gdb(_ZN2v88internal4Heap14CollectGarbageENS0_16GarbageCollectorEPKcS4_NS_15GCCallbackFlagsE+0x26e)[0xcc5e08]
/usr/local/bin/node-gdb(_ZN2v88internal4Heap14CollectGarbageENS0_15AllocationSpaceEPKcNS_15GCCallbackFlagsE+0x53)[0xab7975]
/usr/local/bin/node-gdb(_ZN2v88internal7Factory11NewJSObjectENS0_6HandleINS0_10JSFunctionEEENS0_13PretenureFlagE+0x185)[0xc6d237]
/usr/local/bin/node-gdb[0xefc62a]
/usr/local/bin/node-gdb[0xefc7e6]
/usr/local/bin/node-gdb(_ZN2v88internal17Runtime_NewObjectEiPPNS0_6ObjectEPNS0_7IsolateE+0x85)[0xefc71e]
[0xaff1d0740e]
======= Memory map: ========
00400000-0171d000 r-xp 00000000 fe:01 407295 /usr/local/bin/node-gdb
0191c000-01936000 rwxp 0131c000 fe:01 407295 /usr/local/bin/node-gdb
01936000-01b8b000 rwxp 00000000 00:00 0 [heap]
aff19fa000-aff1a00000 ---p 00000000 00:00 0
aff1a00000-aff1a05000 rwxp 00000000 00:00 0
aff1a05000-aff1a06000 ---p 00000000 00:00 0
aff1a06000-aff1a07000 rwxp 00000000 00:00 0
aff1a07000-aff1b00000 ---p 00000000 00:00 0
aff1b00000-aff1b05000 rwxp 00000000 00:00 0
aff1b05000-aff1b06000 ---p 00000000 00:00 0
aff1b06000-aff1b07000 rwxp 00000000 00:00 0
aff1b07000-aff1c00000 ---p 00000000 00:00 0
aff1c00000-aff1c05000 rwxp 00000000 00:00 0
aff1c05000-aff1c06000 ---p 00000000 00:00 0
aff1c06000-aff1c07000 rwxp 00000000 00:00 0
aff1c07000-aff1d00000 ---p 00000000 00:00 0
aff1d00000-aff1d05000 rwxp 00000000 00:00 0
aff1d05000-aff1d06000 ---p 00000000 00:00 0
aff1d06000-aff1dff000 rwxp 00000000 00:00 0
aff1dff000-b0119fa000 ---p 00000000 00:00 0
a65c7600000-a65c7700000 rwxp 00000000 00:00 0
b01cbc00000-b01cbd00000 rwxp 00000000 00:00 0
fd5c4bbd000-fd5c4cbd000 rwxp 00000000 00:00 0
fd5c4cbd000-fd5c4dbd000 ---p 00000000 00:00 0
14f615700000-14f615715000 rwxp 00000000 00:00 0
16f7bb800000-16f7bb825000 rwxp 00000000 00:00 0
1cdaf843e000-1cdaf843f000 r-xp 00000000 00:00 0
218b90000000-218b90200000 rwxp 00000000 00:00 0
218b90200000-218b91000000 ---p 00000000 00:00 0
218b91000000-218b91200000 rwxp 00000000 00:00 0
218b91200000-218b92000000 ---p 00000000 00:00 0
28390a500000-28390a600000 rwxp 00000000 00:00 0
2d6b8d2ab000-2d6b8d2c0000 ---p 00000000 00:00 0
2d6b8d2c0000-2d6b8d2e0000 rwxp 00000000 00:00 0
2d6b8d2e0000-2d6b8d30b000 ---p 00000000 00:00 0
32c1a2b00000-32c1a2b35000 rwxp 00000000 00:00 0
3627a5c00000-3627a5c25000 rwxp 00000000 00:00 0
3a651bf00000-3a651bfe5000 rwxp 00000000 00:00 0
3d0057600000-3d0057700000 rwxp 00000000 00:00 0
7fffec000000-7fffec021000 rwxp 00000000 00:00 0
7fffec021000-7ffff0000000 ---p 00000000 00:00 0
7ffff3064000-7ffff3065000 ---p 00000000 00:00 0
7ffff3065000-7ffff3865000 rwxp 00000000 00:00 0
7ffff3865000-7ffff3866000 ---p 00000000 00:00 0
7ffff3866000-7ffff4066000 rwxp 00000000 00:00 0
7ffff4066000-7ffff4067000 ---p 00000000 00:00 0
7ffff4067000-7ffff4867000 rwxp 00000000 00:00 0
7ffff4867000-7ffff4868000 ---p 00000000 00:00 0
7ffff4868000-7ffff5068000 rwxp 00000000 00:00 0
7ffff5068000-7ffff5069000 ---p 00000000 00:00 0
7ffff5069000-7ffff5869000 rwxp 00000000 00:00 0
7ffff5869000-7ffff586a000 ---p 00000000 00:00 0
7ffff586a000-7ffff606a000 rwxp 00000000 00:00 0
7ffff606a000-7ffff606b000 ---p 00000000 00:00 0
7ffff606b000-7ffff686b000 rwxp 00000000 00:00 0
7ffff686b000-7ffff6878000 r-xp 00000000 fe:01 925697 /home/jon/node-milter/libmilter/libmilter.so.2.0.0
7ffff6878000-7ffff6a77000 ---p 0000d000 fe:01 925697 /home/jon/node-milter/libmilter/libmilter.so.2.0.0
7ffff6a77000-7ffff6a78000 rwxp 0000c000 fe:01 925697 /home/jon/node-milter/libmilter/libmilter.so.2.0.0
7ffff6a78000-7ffff6a7b000 rwxp 00000000 00:00 0
7ffff6a7b000-7ffff6a8a000 r-xp 00000000 fe:01 1059197 /home/jon/node-milter/build/Release/milter.node
7ffff6a8a000-7ffff6c8a000 ---p 0000f000 fe:01 1059197 /home/jon/node-milter/build/Release/milter.node
7ffff6c8a000-7ffff6c8b000 rwxp 0000f000 fe:01 1059197 /home/jon/node-milter/build/Release/milter.node
7ffff6c8b000-7ffff6e0c000 r-xp 00000000 fe:01 131614 /lib/x86_64-linux-gnu/libc-2.13.so
7ffff6e0c000-7ffff700c000 ---p 00181000 fe:01 131614 /lib/x86_64-linux-gnu/libc-2.13.so
7ffff700c000-7ffff7010000 r-xp 00181000 fe:01 131614 /lib/x86_64-linux-gnu/libc-2.13.so
7ffff7010000-7ffff7011000 rwxp 00185000 fe:01 131614 /lib/x86_64-linux-gnu/libc-2.13.so
7ffff7011000-7ffff7016000 rwxp 00000000 00:00 0
7ffff7016000-7ffff702d000 r-xp 00000000 fe:01 131631 /lib/x86_64-linux-gnu/libpthread-2.13.so
7ffff702d000-7ffff722c000 ---p 00017000 fe:01 131631 /lib/x86_64-linux-gnu/libpthread-2.13.so
7ffff722c000-7ffff722d000 r-xp 00016000 fe:01 131631 /lib/x86_64-linux-gnu/libpthread-2.13.so
7ffff722d000-7ffff722e000 rwxp 00017000 fe:01 131631 /lib/x86_64-linux-gnu/libpthread-2.13.so
7ffff722e000-7ffff7232000 rwxp 00000000 00:00 0
7ffff7232000-7ffff7247000 r-xp 00000000 fe:01 131581 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7247000-7ffff7447000 ---p 00015000 fe:01 131581 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7447000-7ffff7448000 rwxp 00015000 fe:01 131581 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7448000-7ffff74c9000 r-xp 00000000 fe:01 131412 /lib/x86_64-linux-gnu/libm-2.13.so
7ffff74c9000-7ffff76c8000 ---p 00081000 fe:01 131412 /lib/x86_64-linux-gnu/libm-2.13.so
7ffff76c8000-7ffff76c9000 r-xp 00080000 fe:01 131412 /lib/x86_64-linux-gnu/libm-2.13.so
7ffff76c9000-7ffff76ca000 rwxp 00081000 fe:01 131412 /lib/x86_64-linux-gnu/libm-2.13.so
7ffff76ca000-7ffff77b2000 r-xp 00000000 fe:01 401850 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7ffff77b2000-7ffff79b2000 ---p 000e8000 fe:01 401850 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7ffff79b2000-7ffff79ba000 r-xp 000e8000 fe:01 401850 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7ffff79ba000-7ffff79bc000 rwxp 000f0000 fe:01 401850 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17
7ffff79bc000-7ffff79d1000 rwxp 00000000 00:00 0
7ffff79d1000-7ffff79d3000 r-xp 00000000 fe:01 131622 /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff79d3000-7ffff7bd3000 ---p 00002000 fe:01 131622 /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff7bd3000-7ffff7bd4000 r-xp 00002000 fe:01 131622 /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff7bd4000-7ffff7bd5000 rwxp 00003000 fe:01 131622 /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff7bd5000-7ffff7bdc000 r-xp 00000000 fe:01 131630 /lib/x86_64-linux-gnu/librt-2.13.so
7ffff7bdc000-7ffff7ddb000 ---p 00007000 fe:01 131630 /lib/x86_64-linux-gnu/librt-2.13.so
7ffff7ddb000-7ffff7ddc000 r-xp 00006000 fe:01 131630 /lib/x86_64-linux-gnu/librt-2.13.so
7ffff7ddc000-7ffff7ddd000 rwxp 00007000 fe:01 131630 /lib/x86_64-linux-gnu/librt-2.13.so
7ffff7ddd000-7ffff7dfd000 r-xp 00000000 fe:01 131628 /lib/x86_64-linux-gnu/ld-2.13.so
7ffff7feb000-7ffff7ff1000 rwxp 00000000 00:00 0
7ffff7ff9000-7ffff7ffb000 rwxp 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r-xp 0001f000 fe:01 131628 /lib/x86_64-linux-gnu/ld-2.13.so
7ffff7ffd000-7ffff7ffe000 rwxp 00020000 fe:01 131628 /lib/x86_64-linux-gnu/ld-2.13.so
7ffff7ffe000-7ffff7fff000 rwxp 00000000 00:00 0
7ffffffde000-7ffffffff000 rwxp 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff6cbd165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) info threads
Id Target Id Frame
115 Thread 0x7ffff4065700 (LWP 29010) "node-gdb" 0x00007ffff7021344 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
6 Thread 0x7ffff4866700 (LWP 24564) "node-gdb" 0x00007ffff7024de7 in do_sigwait () from /lib/x86_64-linux-gnu/libpthread.so.0
5 Thread 0x7ffff5067700 (LWP 24563) "node-gdb" 0x00007ffff7021344 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
4 Thread 0x7ffff5868700 (LWP 24562) "node-gdb" 0x00007ffff7021344 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
3 Thread 0x7ffff6069700 (LWP 24561) "node-gdb" 0x00007ffff7021344 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
2 Thread 0x7ffff686a700 (LWP 24560) "node-gdb" 0x00007ffff6d60453 in select () from /lib/x86_64-linux-gnu/libc.so.6
* 1 Thread 0x7ffff7fec720 (LWP 24557) "node-gdb" 0x00007ffff6cbd165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff6cbd165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6cc03e0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6cf739b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff6d00be6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007ffff6d0598c in free () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00000000010c70ea in node::smalloc::CallbackInfo::Free (data=0x19d3b70 "X&\001\367\377\177") at ../src/smalloc.cc:82
#6 0x00000000010c732f in node::smalloc::CallbackInfo::WeakCallback (this=0x19d3b20, isolate=0x193f100, object=...) at ../src/smalloc.cc:142
#7 0x00000000010c5741 in node::smalloc::CallbackInfo::WeakCallback (data=...) at ../src/smalloc.cc:124
#8 0x0000000000c999af in v8::internal::GlobalHandles::Node::PostGarbageCollectionProcessing (this=0x1996ed0, isolate=0x193f100) at ../deps/v8/src/global-handles.cc:250
#9 0x0000000000c9ac38 in v8::internal::GlobalHandles::PostGarbageCollectionProcessing (this=0x195afa0, collector=v8::internal::SCAVENGER) at ../deps/v8/src/global-handles.cc:638
#10 0x0000000000cc6b13 in v8::internal::Heap::PerformGarbageCollection (this=0x193f120, collector=v8::internal::SCAVENGER, gc_callback_flags=v8::kNoGCCallbackFlags) at ../deps/v8/src/heap/heap.cc:1105
#11 0x0000000000cc5e08 in v8::internal::Heap::CollectGarbage (this=0x193f120, collector=v8::internal::SCAVENGER, gc_reason=0x11fda29 "allocation failure", collector_reason=0x0,
gc_callback_flags=v8::kNoGCCallbackFlags) at ../deps/v8/src/heap/heap.cc:842
#12 0x0000000000ab7975 in v8::internal::Heap::CollectGarbage (this=0x193f120, space=v8::internal::NEW_SPACE, gc_reason=0x11fda29 "allocation failure", callbackFlags=v8::kNoGCCallbackFlags)
at ../deps/v8/src/heap/heap-inl.h:581
#13 0x0000000000c6d237 in v8::internal::Factory::NewJSObject (this=0x193f100, constructor=..., pretenure=v8::internal::NOT_TENURED) at ../deps/v8/src/factory.cc:1493
#14 0x0000000000efc62a in v8::internal::Runtime_NewObjectHelper (isolate=0x193f100, constructor=..., site=...) at ../deps/v8/src/runtime.cc:8323
#15 0x0000000000efc7e6 in v8::internal::__RT_impl_Runtime_NewObject (args=..., isolate=0x193f100) at ../deps/v8/src/runtime.cc:8341
#16 0x0000000000efc71e in v8::internal::Runtime_NewObject (args_length=1, args_object=0x7fffffff9bb8, isolate=0x193f100) at ../deps/v8/src/runtime.cc:8335
#17 0x000000aff1d0740e in ?? ()
#18 0x0000218b910b6f11 in ?? ()
#19 0x000000aff1d07361 in ?? ()
#20 0x00007fffffff9b90 in ?? ()
#21 0x00007fffffff9be8 in ?? ()
#22 0x000000aff1d56fde in ?? ()
#23 0x00003d0057645221 in ?? ()
#24 0x00003d0057645221 in ?? ()
#25 0x0000000000000000 in ?? ()
jons commented
according to this community post you have to additionally Ref and Unref your persistent values: https://groups.google.com/forum/#!searchin/nodejs/segfault$20%22double$20free%22/nodejs/hjAIT7rDQXA/QTf1xCmNeYAJ
jons commented
according to this list thread the problem is my async trigger handle (or maybe some other uv handle) is not ref/unref'd correctly http://grokbase.com/t/gg/nodejs/126gyz35b7/node-addon-threads-and-libuv-ref-counter-c so possibly cleanup is happening while smfi_main is still performing work
jons commented
the libuv documentation states that a uv_async_t handle is always active, so i don't need to ref or unref it. http://docs.libuv.org/en/v1.x/handle.html and i don't believe i'm using any other handles without realizing it.
jons commented
using --expose-gc and placing global.gc() in the helo callback (or anywhere probably) triggers the same segfault, with a marginally different call stack.