Skip to content

Assertion `!atom_is_free(p)' with -DDUMP_FREE=1 #1

Closed
Closed
Assertion `!atom_is_free(p)' with -DDUMP_FREE=1#1
@bnoordhuis

Description

@bnoordhuis
bnoordhuis
opened on Oct 26, 2023

Upstream bug.

a.out: quickjs.c:3050: JS_AtomGetStrRT: Assertion `!atom_is_free(p)' failed.

Backtrace looks like this:

quickjs-ng/quickjs#1  0x00007ffff7c33b66 in __assert_fail (assertion=0x555555606aa5 "!atom_is_free(p)", file=0x555555606814 "quickjs.c", line=3050, 
    function=0x55555560c500 <__PRETTY_FUNCTION__.52> "JS_AtomGetStrRT") at ./assert/assert.c:101
quickjs-ng/quickjs-tmp#7  0x00005555555636b9 in JS_AtomGetStrRT (rt=0x55555662b480, buf=0x7fffffffd9e0 "\300\036dVUU", buf_size=64, atom=479) at quickjs.c:3050
quickjs-ng/quickjs-tmp#8  0x000055555557e74d in JS_DumpValueShort (rt=0x55555662b480, val=...) at quickjs.c:11925
#9  0x000055555556a43b in __JS_FreeValueRT (rt=0x55555662b480, v=...) at quickjs.c:5485
#10 0x000055555555f299 in JS_FreeValueRT (rt=0x55555662b480, v=...) at /home/bnoordhuis/src/quickjit/quickjs.h:658
#11 0x0000555555569d5d in js_bytecode_function_finalizer (rt=0x55555662b480, val=...) at quickjs.c:5322
#12 0x000055555556a23c in free_object (rt=0x55555662b480, p=0x555556648550) at quickjs.c:5427
#13 0x000055555556a30f in free_gc_object (rt=0x55555662b480, gp=0x555556648550) at quickjs.c:5447
#14 0x000055555556aedf in gc_free_cycles (rt=0x55555662b480) at quickjs.c:5777
#15 0x000055555556b014 in JS_RunGC (rt=0x55555662b480) at quickjs.c:5807
#16 0x00005555555608b6 in JS_FreeRuntime (rt=0x55555662b480) at quickjs.c:1942

And also:

(gdb) f 7
quickjs-ng/quickjs-tmp#7  0x00005555555636b9 in JS_AtomGetStrRT (rt=0x55555662b480, buf=0x7fffffffd9e0 "\300\036dVUU", buf_size=64, atom=479) at quickjs.c:3050
3050                assert(!atom_is_free(p));
(gdb) p *p
Cannot access memory at address 0x1c5

Note to self: atom=479 with the free flag removed is 479 >> 1 == 239 but rt->atom_array[239] doesn't contain a valid entry either.

Interestingly:

(gdb) p rt->atom_free_index 
$1 = 479

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions