decref of orphaned object causes kernel crash #3377

warner · 2021-06-21T08:33:14Z

If an orphaned object (exported by a vat which is then terminated) reaches a refcount of zero, we get a crash while processing the refcount:

  Rejected promise returned by test. Reason:

  Error {
    message: '\'"[undefined]" is not a \'vNN\'-style VatID: "[TypeError: not a string]"',
  }

  › makeError (/home/warner/stuff/agoric/agoric-sdk/node_modules/ses/dist/ses.cjs:2572:17)
  › Function.fail (/home/warner/stuff/agoric/agoric-sdk/node_modules/ses/dist/ses.cjs:2700:20)
  › Object.insistVatID (kernel/.../packages/SwingSet/src/kernel/id.js:30:19)
  › provideVatKeeper (kernel/.../packages/SwingSet/src/kernel/state/kernelKeeper.js:918:8)
  › Object.processRefcounts (kernel/.../packages/SwingSet/src/kernel/state/kernelKeeper.js:898:31)
  › processQueueMessage (kernel/.../packages/SwingSet/src/kernel/kernel.js:676:24)
  › async Object.run (kernel/.../packages/SwingSet/src/kernel/kernel.js:979:7)
  › async test/test-gc-kernel.js:1136:3

It looks like the problem is in processRefCounts when it wants to check the isReachable flag of the exporter. The vat which exported the object is gone, so there is no c-list entry for it, and no flag. processRefCounts fails when it tries to get the vatKeeper for the late vat (and provideVatKeeper returns undefined because it knows the vat is missing) and tries to call vatKeeper.getReachableFlag.

The fix will be to skip the isReachable check (and potential dropExport action) if that vatKeeper is undefined.

I've got a new test in test-gc-kernel.js to exercise this.

The text was updated successfully, but these errors were encountered:

There were two bugs in the kernel's garbage-collection handling of orphaned objects (exports of a vat which is later terminated). * Sending a message to an orphaned vat caused the object's refcount to be incremented, but never decremented again, preventing it from being collected. The root cause was `kernelKeeper.kernelObjectExists` using `.owner` to decide whether the object still exists. Orphaned objects have a `.refcount` but no `.owner`. The fix is to just test `.refcount` instead of `.owner`. #3376 * `kernelKeeper.processRefcounts()` wants to check the `isReachable` flag of the exporting vat, to know whether they need a dropExport message, but orphaned objects have no exporting vat anymore. The check crashed the kernel when it attempted to get a vatKeeper for `undefined`. The immediate fix is to skip this check for orphaned objects, which avoids the crash (#3377). But we still need a fix to delete the refcount=0,0 entry (#3378). closes #3376 closes #3377 refs #3378

warner added bug Something isn't working SwingSet package: SwingSet labels Jun 21, 2021

warner added this to the Testnet: Stress Test Phase milestone Jun 21, 2021

warner self-assigned this Jun 21, 2021

warner mentioned this issue Jun 21, 2021

orphaned objects are not fully GCed: one refcount key is left in the DB #3378

Closed

warner mentioned this issue Jun 21, 2021

fix(swingset): fix GC handling of orphaned objects #3379

Merged

warner closed this as completed in #3379 Jun 21, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

decref of orphaned object causes kernel crash #3377

decref of orphaned object causes kernel crash #3377

warner commented Jun 21, 2021 •

edited

Loading

decref of orphaned object causes kernel crash #3377

decref of orphaned object causes kernel crash #3377

Comments

warner commented Jun 21, 2021 • edited Loading

warner commented Jun 21, 2021 •

edited

Loading