-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
received SIGSEGV on rejecting a promise #13782
Comments
I can't reproduce locally. Can you turn on core dump ( |
@bnoordhuis And I'm trying to get the backtrace without forever. sudo gdb xxx/xxx/node
(gdb) run xxx/xxx/start.js Then the backtrace is found. Thread 1 "node" received signal SIGSEGV, Segmentation fault.
0x000000000109a411 in node::PromiseRejectCallback(v8::PromiseRejectMessage) ()
(gdb) bt
#0 0x000000000109a411 in node::PromiseRejectCallback(v8::PromiseRejectMessage) ()
#1 0x0000000000d550cf in v8::internal::Isolate::ReportPromiseReject(v8::internal::Handle<v8::internal::JSObject>, v8::internal::Handle<v8::internal::Object>, v8::PromiseRejectEvent) ()
#2 0x0000000000eb6f79 in v8::internal::Runtime_PromiseRejectEvent(int, v8::internal::Object**, v8::internal::Isolate*) ()
#3 0x00003234f0c092a7 in ?? ()
#4 0x00003234f0c091e1 in ?? ()
#5 0x00003234f0c091e1 in ?? ()
#6 0x00007fffffffa4b0 in ?? ()
#7 0x0000000300000000 in ?? ()
#8 0x00007fffffffa510 in ?? ()
#9 0x00003234f132c385 in ?? ()
#10 0x000020c102904271 in ?? ()
#11 0x000031dd11950629 in ?? ()
#12 0x00002590b51f77c9 in ?? ()
#13 0x000020c102904271 in ?? ()
#14 0x0000088ec92189f1 in ?? ()
#15 0x0000088ec9217f61 in ?? ()
#16 0x00007fffffffa550 in ?? ()
#17 0x00003234f132c1f0 in ?? ()
#18 0x000031dd11950629 in ?? () Should get any more dump? |
Thanks, that's helpful. Can you paste the output of |
okay! (gdb) info registers
rax 0xb343411eaf1 12318839794417
rbx 0x7fffffffa168 140737488331112
rcx 0x7fffffff9f70 140737488330608
rdx 0x0 0
rsi 0xb3434104201 12318839685633
rdi 0x0 0
rbp 0x7fffffff9fb0 0x7fffffff9fb0
rsp 0x7fffffff9f70 0x7fffffff9f70
r8 0x1 1
r9 0x1e49320 31757088
r10 0x25 37
r11 0x36336dd04381 59594513597313
r12 0x1e372f0 31683312
r13 0x7fffffffa170 140737488331120
r14 0x1e75068 31936616
r15 0x1e75068 31936616
rip 0x109a411 0x109a411 <node::PromiseRejectCallback(v8::PromiseRejectMessage)+97>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
---Type <return> to continue, or q <return> to quit---
fs 0x0 0
gs 0x0 0
|
Let me guess, those examples you posted are running inside a contextify context? |
In fact, these codes are running on JSDOM. (1-1) [email protected](my use) var jsdom = require('jsdom').jsdom;
jsdom.env('<p>JSDOM!</p>', [],(er, win) => {
Promise.resolve().then(() => new Promise( (rsl, rej) => rej('ERROR') )['catch']((e){
console.log(e); // => output "ERROR" string
});
}); (1-2) [email protected](my use) jsdom.env('<p>JSDOM!</p>', [],(er, win) => {
win.Proimse = global.Promise;
with(win) {
new Promise( (rsl, rej) => rej('ERROR') )['catch']( (e)=> console.log(e) );
// => Segmentation fault: 11
}
}); (2-1) [email protected](checking module)
(2-2) [email protected](checking module)
Should think is contextify bug? |
Yes, it's a contextify issue. Contexts created by node have a pointer to node's execution environment but contextify's contexts don't. The segfault you get is node trying to look up that pointer. Unfortunately, there is no way for node to check if a context has that pointer or not. FWIW, you shouldn't need contextify with node 8 (and neither with node 6, I think), the built-in vm module should be able to do everything contextify does. In fact, I thought jsdom was already using vm. Perhaps you are using an old version? |
I understand the reason! ADDITIONAL: |
v6.11.0
Linux 4.4.0-79-generic Revert "path: resolve normalize drive letter to lower case" #100-Ubuntu SMP Wed May 17 19:58:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz
I encountered the problem on my app.
Fact:
The sources (1) and (5) occurs SIGSEGV
But (2), (3), (4) hasn't the problem.
Option:
--max_old_space_size=1024 --expose-gc
and the process is forked process by forever.
(*) catch( ... ) part is written only in (1).
(1)
(2)
(3)
(4)
(5)
I wonder when this phenomena will reproduce in what condition.
The text was updated successfully, but these errors were encountered: