AddressSanitizer(testRunner_v5.js): heap-use-after-free @rtRef.h:44 in rtRef<rtIObject>::term()

[dwrobel]

pxScene compiled with -fsanitize=thread and run with https://px-apps.sys.comcast.net/pxscene-samples/examples/px-reference/test-run/testRunner_v5.js?tests=file:../../../tests/pxScene2d/testRunner/tests.json gives the following output:

WARNING: ThreadSanitizer: heap-use-after-free (pid=7812)
  Read of size 8 at 0x7b3c0004ec00 by main thread (mutexes: write M368):
    #0 rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44 (pxscene+0x0000004f5cf4)
    #1 rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38 (pxscene+0x0000004f416d)
    #2 rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/src/rtObject.h:238 (pxscene+0x0000004f1ca9)
    #3 rtScriptNodeUtils::rtWrapper<rtObjectRef, rtScriptNodeUtils::rtObjectWrapper>::~rtWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.h:143 (pxscene+0x0000005f4123)
    #4 rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:41 (pxscene+0x0000005f0849)
    #5 rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:43 (pxscene+0x0000005f087b)
    #6 node::ObjectWrap::WeakCallback(v8::WeakCallbackInfo<node::ObjectWrap> const&) /usr/include/node-shared/node_object_wrap.h:103 (pxscene+0x0000005ee087)
    #7 v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) <null> (libnode-shared.so.48+0x0000008698ad)
    #8 uv__queue_done <null> (pxscene+0x000000696faa)
    #9 rtScript::pump() /home/sw/projects/pxscene/pxCore/src/rtScript.cpp:221 (pxscene+0x0000005d77dc)
    #10 sceneWindow::onAnimationTimer() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:385 (pxscene+0x0000005b2813)
    #11 pxWindowNative::onAnimationTimerInternal() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:468 (pxscene+0x0000005ba59a)
    #12 pxWindowNative::animateAndRender() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:836 (pxscene+0x0000005bba06)
    #13 pxWindowNative::runEventLoop() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:574 (pxscene+0x0000005babc9)
    #14 pxEventLoop::run() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:19 (pxscene+0x0000005bf5f1)
    #15 pxMain(int, char**) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:652 (pxscene+0x0000005b120e)
    #16 main /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:34 (pxscene+0x0000005bf67f)

  Previous write of size 8 at 0x7b3c0004ec00 by main thread (mutexes: write M368):
    #0 operator delete(void*) <null> (libtsan.so.0+0x00000006fa94)
    #1 pxArchive::~pxArchive() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxArchive.cpp:28 (pxscene+0x0000005260f3)
    #2 rtObject::Release() /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:314 (pxscene+0x000000628230)
    #3 rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44 (pxscene+0x0000004f5d0b)
    #4 rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38 (pxscene+0x0000004f416d)
    #5 rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/src/rtObject.h:238 (pxscene+0x0000004f1ca9)
    #6 WeakCallback /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.cpp:56 (pxscene+0x0000005f701e)
    #7 v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) <null> (libnode-shared.so.48+0x0000008698ad)
    #8 uv__queue_done <null> (pxscene+0x000000696faa)
    #9 rtScript::pump() /home/sw/projects/pxscene/pxCore/src/rtScript.cpp:221 (pxscene+0x0000005d77dc)
    #10 sceneWindow::onAnimationTimer() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:385 (pxscene+0x0000005b2813)
    #11 pxWindowNative::onAnimationTimerInternal() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:468 (pxscene+0x0000005ba59a)
    #12 pxWindowNative::animateAndRender() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:836 (pxscene+0x0000005bba06)
    #13 pxWindowNative::runEventLoop() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:574 (pxscene+0x0000005babc9)
    #14 pxEventLoop::run() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:19 (pxscene+0x0000005bf5f1)
    #15 pxMain(int, char**) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:652 (pxscene+0x0000005b120e)
    #16 main /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:34 (pxscene+0x0000005bf67f)

  Mutex M368 (0x7b1400000550) created at:
    #0 pthread_mutex_init <null> (libtsan.so.0+0x00000002971e)
    #1 v8::internal::ThreadManager::ThreadManager() <null> (libnode-shared.so.48+0x000000b610b4)
    #2 rtScriptNode::init() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:1047 (pxscene+0x0000005e4fb7)
    #3 rtScript::init() /home/sw/projects/pxscene/pxCore/src/rtScript.cpp:203 (pxscene+0x0000005d76a8)
    #4 pxMain(int, char**) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:538 (pxscene+0x0000005b0f69)
    #5 main /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:34 (pxscene+0x0000005bf67f)

SUMMARY: ThreadSanitizer: heap-use-after-free /home/sw/projects/pxscene/pxCore/src/rtRef.h:44 in rtRef<rtIObject>::term()

[dwrobel]

On today's master this is 100% manifested also by AddressSanitizer when test-runner executes test_promiseRejectionReload.js test:

[Wed May 16 2018 13:31:13 GMT+0200 (CEST)] >>>>>>>>>>>STARTING HANG PREVENTION TIMEOUT for url:../tests/test_promiseRejectionReload.js
AppSceneContext#loadScenePackage0
enabling pxscene require support
Main Module: readyPromise=[object Promise]
AppSceneContext#loadScenePackage0 done

=================================================================
==11783==ERROR: AddressSanitizer: heap-use-after-free on address 0x61100016ee40 at pc 0x00000050b614 bp 0x7ffd0b840200 sp 0x7ffd0b8401f0
READ of size 8 at 0x61100016ee40 thread T0
    #0 0x50b613 in rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44
    #1 0x509000 in rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38
    #2 0x505e14 in rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/../../../src/rtObject.h:240
    #3 0x6fad46 in rtScriptNodeUtils::rtWrapper<rtObjectRef, rtScriptNodeUtils::rtObjectWrapper>::~rtWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.h:161
    #4 0x6f2254 in rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:59
    #5 0x6f2298 in rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:61
    #6 0x6edde7 in node::ObjectWrap::WeakCallback(v8::WeakCallbackInfo<node::ObjectWrap> const&) /usr/include/node8-shared/node_object_wrap.h:124
    #7 0x7ffb9e98d34d in v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) (/lib64/libnode8-shared.so.57+0x9d834d)
    #8 0x7ffb9e98d671 in v8::internal::GlobalHandles::DispatchPendingPhantomCallbacks(bool) (/lib64/libnode8-shared.so.57+0x9d8671)
    #9 0x7ffb9e98e9b9 in v8::internal::GlobalHandles::PostGarbageCollectionProcessing(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0x9d99b9)
    #10 0x7ffb9e9b7e80 in v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa02e80)
    #11 0x7ffb9e9b89ba in v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa039ba)
    #12 0x7ffb9e9b8d6b in v8::internal::Heap::CollectAllGarbage(int, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa03d6b)
    #13 0x7ffb9e9bb2d7 in v8::internal::IncrementalMarkingJob::Task::RunInternal() (/lib64/libnode8-shared.so.57+0xa062d7)
    #14 0x7ffb9e561391 in v8::platform::DefaultPlatform::PumpMessageLoop(v8::Isolate*, v8::platform::MessageLoopBehavior) (/lib64/libnode8-shared.so.57+0x5ac391)
    #15 0x6b453c in rtScriptNode::pump() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:1093
    #16 0x69c160 in rtScript::pump() /home/sw/projects/pxscene/pxCore/src/rtScript.cpp:221
    #17 0x65fe31 in sceneWindow::onAnimationTimer() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:392
    #18 0x66d235 in pxWindowNative::onAnimationTimerInternal() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:496
    #19 0x66f305 in pxWindowNative::animateAndRender() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:864
    #20 0x66df71 in pxWindowNative::runEventLoop() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:602
    #21 0x6764a7 in pxEventLoop::run() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:35
    #22 0x65dc8b in pxMain(int, char**) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:659
    #23 0x676525 in main /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:50
    #24 0x7ffb9a6dff29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
    #25 0x4fe5f9 in _start (/home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxscene+0x4fe5f9)

0x61100016ee40 is located 0 bytes inside of 240-byte region [0x61100016ee40,0x61100016ef30)
freed by thread T0 here:
    #0 0x7ffb9fa89fd0 in operator delete(void*) (/lib64/libasan.so.4+0xe0fd0)
    #1 0x56ee4e in pxArchive::~pxArchive() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxArchive.cpp:46
    #2 0x75a9d4 in rtObject::Release() /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:363
    #3 0x50b642 in rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44
    #4 0x509000 in rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38
    #5 0x505e14 in rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/../../../src/rtObject.h:240
    #6 0x70135e in WeakCallback /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.cpp:74
    #7 0x7ffb9e98d34d in v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) (/lib64/libnode8-shared.so.57+0x9d834d)
    #8 0x7ffb9e98d671 in v8::internal::GlobalHandles::DispatchPendingPhantomCallbacks(bool) (/lib64/libnode8-shared.so.57+0x9d8671)
    #9 0x7ffb9e98e9b9 in v8::internal::GlobalHandles::PostGarbageCollectionProcessing(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0x9d99b9)
    #10 0x7ffb9e9b7e80 in v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa02e80)
    #11 0x7ffb9e9b89ba in v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa039ba)
    #12 0x7ffb9e9b8d6b in v8::internal::Heap::CollectAllGarbage(int, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) (/lib64/libnode8-shared.so.57+0xa03d6b)
    #13 0x7ffb9e9bb2d7 in v8::internal::IncrementalMarkingJob::Task::RunInternal() (/lib64/libnode8-shared.so.57+0xa062d7)
    #14 0x7ffb9e561391 in v8::platform::DefaultPlatform::PumpMessageLoop(v8::Isolate*, v8::platform::MessageLoopBehavior) (/lib64/libnode8-shared.so.57+0x5ac391)
    #15 0x6b453c in rtScriptNode::pump() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:1093
    #16 0x69c160 in rtScript::pump() /home/sw/projects/pxscene/pxCore/src/rtScript.cpp:221
    #17 0x65fe31 in sceneWindow::onAnimationTimer() /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:392
    #18 0x66d235 in pxWindowNative::onAnimationTimerInternal() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:496
    #19 0x66f305 in pxWindowNative::animateAndRender() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:864
    #20 0x66df71 in pxWindowNative::runEventLoop() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxWindowNative.cpp:602
    #21 0x6764a7 in pxEventLoop::run() /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:35
    #22 0x65dc8b in pxMain(int, char**) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene.cpp:659
    #23 0x676525 in main /home/sw/projects/pxscene/pxCore/src/wayland_egl/pxEventLoopNative.cpp:50
    #24 0x7ffb9a6dff29 in __libc_start_main (/lib64/libc.so.6+0x20f29)

previously allocated by thread T0 here:
    #0 0x7ffb9fa89158 in operator new(unsigned long) (/lib64/libasan.so.4+0xe0158)
    #1 0x5f8bfb in pxScene2d::loadArchive(rtString const&, rtObjectRef&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.h:1551
    #2 0x5f0cc2 in pxScene2d::loadArchive_thunk(int, rtValue const*, rtValue&) (/home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxscene+0x5f0cc2)
    #3 0x75e2d1 in rtObjectFunction::Send(int, rtValue const*, rtValue*) /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:630
    #4 0x6e94b9 in rtScriptNodeUtils::rtFunctionWrapper::call(v8::FunctionCallbackInfo<v8::Value> const&) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtFunctionWrapper.cpp:245
    #5 0x7ffb9e664321 in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (/lib64/libnode8-shared.so.57+0x6af321)
    #6 0x7ffb9e6ce5a5  (/lib64/libnode8-shared.so.57+0x7195a5)
    #7 0x10ec480042fc  (<unknown module>)
    #8 0x10ec480bd195  (<unknown module>)
    #9 0x10ec4807abae  (<unknown module>)
    #10 0x10ec48079f28  (<unknown module>)
    #11 0x10ec480f973f  (<unknown module>)
    #12 0x10ec480bd195  (<unknown module>)
    #13 0x10ec480bd195  (<unknown module>)
    #14 0x10ec480bd195  (<unknown module>)
    #15 0x10ec480bd195  (<unknown module>)
    #16 0x10ec480bd195  (<unknown module>)
    #17 0x10ec48004238  (<unknown module>)
    #18 0x10ec48004100  (<unknown module>)
    #19 0x7ffb9e95ef0a  (/lib64/libnode8-shared.so.57+0x9a9f0a)
    #20 0x7ffb9e95f2a4  (/lib64/libnode8-shared.so.57+0x9aa2a4)
    #21 0x7ffb9e64d4fb in v8::Script::Run(v8::Local<v8::Context>) (/lib64/libnode8-shared.so.57+0x6984fb)
    #22 0x7ffb9e64d7f1 in v8::Script::Run() (/lib64/libnode8-shared.so.57+0x6987f1)
    #23 0x6b2a43 in rtNodeContext::runScript(char const*, rtValue*, char const*) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:862
    #24 0x5cf721 in pxScriptView::pxScriptView(char const*, char const*) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3827
    #25 0x5ce54e in pxSceneContainer::setUrl(rtString) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3655
    #26 0x5ec75b in pxSceneContainer::setUrl_PropSetterThunk(rtValue const&) (/home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxscene+0x5ec75b)
    #27 0x75b3d7 in rtObject::Set(char const*, rtValue const*) /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:450
    #28 0x5acd85 in pxObject::Set(char const*, rtValue const*) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:683
    #29 0x75dfd3 in rtObjectRef::Set(char const*, rtValue const*) /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:614

SUMMARY: AddressSanitizer: heap-use-after-free /home/sw/projects/pxscene/pxCore/src/rtRef.h:44 in rtRef<rtIObject>::term()
Shadow bytes around the buggy address:
  0x0c2280025d70: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280025d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280025d90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c2280025da0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280025db0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c2280025dc0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x0c2280025dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280025de0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
  0x0c2280025df0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280025e00: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x0c2280025e10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11783==ABORTING

[madanagopalt]

Hi,

I tried with latest master, but unable to reproduce. Could you please confirm, are you seeing this issue now?

If, please share the steps.It is not getting reproduced, with latest master with mac and linux with both address and thread sanitizers

[dwrobel]

I'm still able to reproduce it using the most recent code:

==24==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001b00c0 at pc 0x0000006c6bf3 bp 0x7ffea30c8100 sp 0x7ffea30c80f0
READ of size 8 at 0x6110001b00c0 thread T0
    #0 0x6c6bf2 in rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44
    #1 0x6c6bf2 in rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38
    #2 0x6c6bf2 in rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/src/rtObject.h:240
    #3 0x6c6bf2 in rtScriptNodeUtils::rtWrapper<rtObjectRef, rtScriptNodeUtils::rtObjectWrapper>::~rtWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.h:161
    #4 0x6c6bf2 in rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:59
    #5 0x6c6c1f in rtScriptNodeUtils::rtObjectWrapper::~rtObjectWrapper() /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtObjectWrapper.cpp:61
    #6 0x7f218c9b8561 in v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) (/lib64/libnode-shared.so.48+0x890561)
    #7 0x7f218c9b86f9 in v8::internal::GlobalHandles::DispatchPendingPhantomCallbacks(bool) (/lib64/libnode-shared.so.48+0x8906f9)
    #8 0x7f218c9b9ebd in v8::internal::GlobalHandles::PostGarbageCollectionProcessing(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x891ebd)
    #9 0x7f218c9d4499 in v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8ac499)
    #10 0x7f218c9d4b62 in v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, char const*, char const*, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8acb62)
    #11 0x7f218c9d4f88 in v8::internal::Heap::CollectAllGarbage(int, char const*, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8acf88)
    #12 0x7f218c98abcb in v8::internal::StackGuard::HandleInterrupts() (/lib64/libnode-shared.so.48+0x862bcb)
    #13 0x7f218cbbcf3c in v8::internal::Runtime_StackGuard(int, v8::internal::Object**, v8::internal::Isolate*) (/lib64/libnode-shared.so.48+0xa94f3c)
    #14 0x2009f1c09166  (<unknown module>)

0x6110001b00c0 is located 0 bytes inside of 240-byte region [0x6110001b00c0,0x6110001b01b0)
freed by thread T0 here:
    #0 0x7f218d569748 in operator delete(void*) (/lib64/libasan.so.5+0xf1748)
    #1 0x74006b in rtObject::Release() /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:363
    #2 0x6d8c75 in rtRef<rtIObject>::term() /home/sw/projects/pxscene/pxCore/src/rtRef.h:44
    #3 0x6d8c75 in rtRef<rtIObject>::~rtRef() /home/sw/projects/pxscene/pxCore/src/rtRef.h:38
    #4 0x6d8c75 in rtObjectRef::~rtObjectRef() /home/sw/projects/pxscene/pxCore/src/rtObject.h:240
    #5 0x6d8c75 in WeakCallback /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtWrapperUtils.cpp:74
    #6 0x7f218c9b8561 in v8::internal::GlobalHandles::PendingPhantomCallback::Invoke(v8::internal::Isolate*) (/lib64/libnode-shared.so.48+0x890561)
    #7 0x7f218c9b86f9 in v8::internal::GlobalHandles::DispatchPendingPhantomCallbacks(bool) (/lib64/libnode-shared.so.48+0x8906f9)
    #8 0x7f218c9b9ebd in v8::internal::GlobalHandles::PostGarbageCollectionProcessing(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x891ebd)
    #9 0x7f218c9d4499 in v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8ac499)
    #10 0x7f218c9d4b62 in v8::internal::Heap::CollectGarbage(v8::internal::GarbageCollector, char const*, char const*, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8acb62)
    #11 0x7f218c9d4f88 in v8::internal::Heap::CollectAllGarbage(int, char const*, v8::GCCallbackFlags) (/lib64/libnode-shared.so.48+0x8acf88)
    #12 0x7f218c98abcb in v8::internal::StackGuard::HandleInterrupts() (/lib64/libnode-shared.so.48+0x862bcb)
    #13 0x7f218cbbcf3c in v8::internal::Runtime_StackGuard(int, v8::internal::Object**, v8::internal::Isolate*) (/lib64/libnode-shared.so.48+0xa94f3c)
    #14 0x2009f1c09166  (<unknown module>)
    #15 0x2009f21ab013  (<unknown module>)
    #16 0x2009f1c3c767  (<unknown module>)
    #17 0x2009f1c37782  (<unknown module>)
    #18 0x2009f1c2234e  (<unknown module>)
    #19 0x7f218c989b64  (/lib64/libnode-shared.so.48+0x861b64)
    #20 0x7f218c989e0e in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) (/lib64/libnode-shared.so.48+0x861e0e)
    #21 0x7f218c7259d6 in v8::internal::Genesis::CallUtilsFunction(v8::internal::Isolate*, char const*) (/lib64/libnode-shared.so.48+0x5fd9d6)
    #22 0x7f218c72c17c in v8::internal::Genesis::InstallExperimentalNatives() (/lib64/libnode-shared.so.48+0x60417c)
    #23 0x7f218c730b5d in v8::internal::Genesis::Genesis(v8::internal::Isolate*, v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>, v8::Local<v8::ObjectTemplate>, v8::ExtensionConfiguration*, v8::internal::GlobalContextType) (/lib64/libnode-shared.so.48+0x608b5d)
    #24 0x7f218c730d2d in v8::internal::Bootstrapper::CreateEnvironment(v8::internal::MaybeHandle<v8::internal::JSGlobalProxy>, v8::Local<v8::ObjectTemplate>, v8::ExtensionConfiguration*, v8::internal::GlobalContextType) (/lib64/libnode-shared.so.48+0x608d2d)
    #25 0x7f218c6deca8 in v8::Context::New(v8::Isolate*, v8::ExtensionConfiguration*, v8::Local<v8::ObjectTemplate>, v8::Local<v8::Value>) (/lib64/libnode-shared.so.48+0x5b6ca8)
    #26 0x7f218c5c7375 in node::makeContext(v8::Isolate*, v8::Local<v8::Object>) (/lib64/libnode-shared.so.48+0x49f375)
    #27 0x6b1b54 in rtNodeContext::clonedEnvironment(rtRef<rtNodeContext>) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:573
    #28 0x6b2e80 in rtNodeContext::rtNodeContext(v8::Isolate*, rtRef<rtNodeContext>) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:355
    #29 0x6b48b3 in rtScriptNode::createContext(bool) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:1348
    #30 0x6b52c0 in rtScriptNode::createContext(char const*, rtRef<rtIScriptContext>&) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:1363
    #31 0x55bfea in pxScriptView::pxScriptView(char const*, char const*) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3787
    #32 0x55dbe0 in pxSceneContainer::setUrl(rtString) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3655

previously allocated by thread T0 here:
    #0 0x7f218d568870 in operator new(unsigned long) (/lib64/libasan.so.5+0xf0870)
    #1 0x58d7dc in pxScene2d::loadArchive(rtString const&, rtObjectRef&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.h:1549
    #2 0x58d7dc in pxScene2d::loadArchive_thunk(int, rtValue const*, rtValue&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.h:1294
    #3 0x6c23b2 in rtScriptNodeUtils::rtFunctionWrapper::call(v8::FunctionCallbackInfo<v8::Value> const&) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtFunctionWrapper.cpp:252
    #4 0x7f218c6fe9f8 in v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (/lib64/libnode-shared.so.48+0x5d69f8)
    #5 0x7f218c737be4  (/lib64/libnode-shared.so.48+0x60fbe4)
    #6 0x7f218c746be2  (/lib64/libnode-shared.so.48+0x61ebe2)
    #7 0x2009f1c09166  (<unknown module>)
    #8 0x2009f21484b4  (<unknown module>)
    #9 0x2009f214f938  (<unknown module>)
    #10 0x2009f1c3090c  (<unknown module>)
    #11 0x2009f21482ea  (<unknown module>)
    #12 0x2009f2147e78  (<unknown module>)
    #13 0x2009f218c97b  (<unknown module>)
    #14 0x2009f21b6da6  (<unknown module>)
    #15 0x2009f221c585  (<unknown module>)
    #16 0x2009f1c37782  (<unknown module>)
    #17 0x2009f1c2234e  (<unknown module>)
    #18 0x7f218c989b64  (/lib64/libnode-shared.so.48+0x861b64)
    #19 0x7f218c989e0e in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) (/lib64/libnode-shared.so.48+0x861e0e)
    #20 0x7f218c6ea8d0 in v8::Script::Run(v8::Local<v8::Context>) (/lib64/libnode-shared.so.48+0x5c28d0)
    #21 0x7f218c6eab05 in v8::Script::Run() (/lib64/libnode-shared.so.48+0x5c2b05)
    #22 0x6ab9f0 in rtNodeContext::runScript(char const*, rtValue*, char const*) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtScriptNode.cpp:864
    #23 0x55cb2b in pxScriptView::pxScriptView(char const*, char const*) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3827
    #24 0x55dbe0 in pxSceneContainer::setUrl(rtString) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:3655
    #25 0x5ae983 in pxSceneContainer::setUrl_PropSetterThunk(rtValue const&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.h:1001
    #26 0x741ede in rtObjectBase::set(char const*, rtValue const&) /home/sw/projects/pxscene/pxCore/src/rtObject.h:87
    #27 0x741ede in rtObjectBase::set(rtObjectRef) /home/sw/projects/pxscene/pxCore/src/rtObject.cpp:481
    #28 0x558188 in pxScene2d::createScene(rtObjectRef, rtObjectRef&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:2207
    #29 0x55a44f in pxScene2d::create(rtObjectRef, rtObjectRef&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.cpp:2037
    #30 0x5adf39 in pxScene2d::create_thunk(int, rtValue const*, rtValue&) /home/sw/projects/pxscene/pxCore/examples/pxScene2d/src/pxScene2d.h:1295
    #31 0x6c23b2 in rtScriptNodeUtils::rtFunctionWrapper::call(v8::FunctionCallbackInfo<v8::Value> const&) /home/sw/projects/pxscene/pxCore/src/rtScriptNode/rtFunctionWrapper.cpp:252

SUMMARY: AddressSanitizer: heap-use-after-free /home/sw/projects/pxscene/pxCore/src/rtRef.h:44 in rtRef<rtIObject>::term()
Shadow bytes around the buggy address:
  0x0c228002dfc0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c228002dfd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228002dfe0: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
  0x0c228002dff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228002e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c228002e010: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x0c228002e020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c228002e030: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
  0x0c228002e040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c228002e050: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c228002e060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==24==ABORTING

If you have problems with reproducibility please try to consider cloning: https://github.com/dwrobel/pxCore/tree/onemw-wayland-egl-47 (it was rebased today to master) then execute on Linux machine (with installed and working properly Docker) the followings steps:

$ cd ci/builds
$ ./dw.sh ./0010-external-breakpad.sh
$ ./dw.sh ./0020-external-dukluv.sh
$ ./dw.sh ./0100-glut-node6-gcc-asan.sh
$ ./dw.sh ../../examples/pxScene2d/src/pxscene-testrunner.sh

[madanagopalt]

Hi Damien,

Will try. Is docker necessary? please clarify.

[dwrobel]

It's a must.

[madanagopalt]

Hi Damien,

Could you please share the steps you made to setup the docker. I haven't tried before. It will be useful, if you can share the steps. I will setup the same. I have ubuntu 14.04

Thanks.

[dwrobel]

I'm not using Ubuntu, especially such aged one, but here's what I googled: https://www.liquidweb.com/kb/how-to-install-docker-on-ubuntu-14-04-lts/

Generally, It's a standard package (https://packages.ubuntu.com/trusty-updates/docker.io). So, please install it and enable the service. Then check if:
$ sudo docker ps
doesn't return error code.

[madanagopalt]

Hi Damien,

Today, I couldn't get the display or xserver running with docker, but able to get pxscene installed within docker.Do we need any special setting for enabling display with docker? please clarify

[dwrobel]

Documentation is available at: https://github.com/dwrobel/pxCore/blob/onemw-wayland-egl-47/ci/builds/README.md

I couldn't get the display or xserver running with docker

The assumption is that you can use either xserver or wayland from your local machine. No extra setup is required (unless it's not configured/available locally). Please check the following:
in your local bash shell:
$ echo DISPLAY=$DISPLAY WAYLAND_DISPLAY=$WAYLAND_DISPLAY XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR
then start docker wrapper:
$ ./dw.sh bash
then from within the docker bash execute echo again:
$ echo DISPLAY=$DISPLAY WAYLAND_DISPLAY=$WAYLAND_DISPLAY XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR

The output from both echo commands should look the same (although on your ubuntu WAYLAND_DISPLAY will most probably not be available).

[kannanmadanagopalt]

Hi,

please check once and confirm whether issue is resolved with dwrobel#16

Thanks.

[dwrobel]

It fixes the issue. That was the culprit dwrobel@a1284b3

I'll also re-test other.

BTW. Does that mean that you can now run Spark in docker?

[kannanmadanagopalt]

yes, I am able to run spark in docker. Also, this is getting reproduced even without running under docker

[kannanmadanagopalt]

thanks for the inputs

[dwrobel]

Do you see also this #1241 ?

[dwrobel]

Fixed, thanks for the help.