ladybird icon indicating copy to clipboard operation
ladybird copied to clipboard
Published 3 weeks ago verified publisher icon LadybirdBrowser

LibJS: Inconsistent stack overflow in GCC sanitizers build

Open AtkinsSJ opened this issue 8 months ago • 2 comments

For a while, our GCC sanitizers build has been having inconsistent failures due to ASAN. It fails in TestJS, but it's not clear from the logs which test is the problem.

ASAN output, taken from this run:

==28685==ERROR: AddressSanitizer: stack-overflow on address 0x7ffeed2e3ea8 (pc 0x7f79fa3f4400 bp 0x7ffeed2e7ed0 sp 0x7ffeed2e3ea8 T0)
    #0 0x7f79fa3f4400 in JS::Shape::property_table() const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Shape.cpp:224
    #1 0x7f79fa4d27a9 in JS::Shape::lookup(JS::StringOrSymbol const&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Shape.cpp:217
    #2 0x7f79f9f9762a in JS::Object::storage_set(JS::PropertyKey const&, JS::ValueAndAttributes const&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Object.cpp:1206
    #3 0x7f79f8eaa627 in JS::validate_and_apply_property_descriptor(JS::Object*, JS::PropertyKey const&, bool, JS::PropertyDescriptor const&, AK::Optional<JS::PropertyDescriptor> const&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/AbstractOperations.cpp:284
    #4 0x7f79f9f5cc44 in JS::Object::internal_define_own_property(JS::PropertyKey const&, JS::PropertyDescriptor const&, AK::Optional<JS::PropertyDescriptor>*) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Object.cpp:859
    #5 0x7f79f9f68cc7 in JS::Object::define_property_or_throw(JS::PropertyKey const&, JS::PropertyDescriptor const&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Object.cpp:224
    #6 0x7f79f94c872d in JS::ECMAScriptFunctionObject::initialize(JS::Realm&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:458
    #7 0x7f79f9532cce in GC::Ref<JS::ECMAScriptFunctionObject> JS::Realm::create<JS::ECMAScriptFunctionObject, AK::NonnullRefPtr<JS::SharedFunctionInstanceData>, GC::Ptr<JS::Environment>&, GC::Ptr<JS::PrivateEnvironment>&, JS::Object&>(AK::NonnullRefPtr<JS::SharedFunctionInstanceData>&&, GC::Ptr<JS::Environment>&, GC::Ptr<JS::PrivateEnvironment>&, JS::Object&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Realm.h:45
    #8 0x7f79f9509575 in JS::ECMAScriptFunctionObject::create_from_function_node(JS::FunctionNode const&, AK::FlyString, GC::Ref<JS::Realm>, GC::Ptr<JS::Environment>, GC::Ptr<JS::PrivateEnvironment>) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:138
    #9 0x7f79f877abf8 in JS::Bytecode::new_function(JS::VM&, JS::FunctionNode const&, AK::Optional<JS::Bytecode::IdentifierTableIndex> const&, AK::Optional<JS::Bytecode::Operand> const&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:1302
    #10 0x7f79f8632af6 in JS::Bytecode::Op::NewFunction::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2706
    #11 0x7f79f873895a in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:657
    #12 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #13 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #14 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #15 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #16 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #17 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #18 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #19 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #20 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #21 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #22 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #23 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #24 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #25 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #26 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #27 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #28 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #29 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #30 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #31 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #32 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #33 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #34 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #35 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #36 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #37 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #38 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #39 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #40 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #41 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #42 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #43 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #44 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #45 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #46 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #47 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #48 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #49 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #50 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #51 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #52 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #53 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #54 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #55 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #56 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #57 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #58 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #59 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #60 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #61 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #62 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #63 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #64 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #65 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #66 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #67 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #68 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #69 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #70 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #71 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #72 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #73 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #74 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #75 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #76 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #77 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #78 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #79 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #80 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #81 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #82 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #83 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #84 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #85 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #86 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #87 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #88 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #89 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #90 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #91 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #92 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #93 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #94 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #95 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #96 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #97 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #98 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #99 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #100 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #101 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #102 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #103 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #104 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #105 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #106 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #107 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #108 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #109 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #110 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #111 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #112 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #113 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #114 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #115 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #116 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #117 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #118 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #119 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #120 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #271 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #272 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #273 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #274 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #275 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #276 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #277 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #278 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #279 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #280 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #281 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #282 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #283 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #284 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #285 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #286 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #287 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #288 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #289 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #290 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #291 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #292 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #293 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #294 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #295 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #296 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #297 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #298 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #299 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #300 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637
    #301 0x7f79f87291ea in JS::Bytecode::Interpreter::run_bytecode(unsigned long) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:590
    #302 0x7f79f875957f in JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:753
    #303 0x7f79f9491009 in JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body(JS::VM&) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:904
    #304 0x7f79f9491009 in JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/ECMAScriptFunctionObject.cpp:535
    #305 0x7f79f86d8159 in JS::Bytecode::Op::Call::execute_impl(JS::Bytecode::Interpreter&) const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Bytecode/Interpreter.cpp:2637

SUMMARY: AddressSanitizer: stack-overflow /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Shape.cpp:224 in JS::Shape::property_table() const
==28685==ABORTING
Sanitizer errors happened while running tests; see the Test step above.

AtkinsSJ avatar Apr 29 '25 11:04 AtkinsSJ

hello Analysis of the Error

  1. The Error: ERROR: AddressSanitizer: stack-overflow on address 0x7ffeed2e3ea8 ...

    • This clearly indicates that the program exhausted the call stack space allocated to the thread running the test. The program tried to use memory below the current stack pointer (sp), hitting the guard page or exceeding the allocated stack limit.

  2. The Location: JS::Shape::property_table() const /home/runner/work/ladybird/ladybird/Libraries/LibJS/Runtime/Shape.cpp:224

    • This is where ASan detected the overflow. It means that when property_table() was called and tried to allocate its own stack frame (for local variables, return address, etc.), it pushed the stack pointer beyond the allowed boundary.

  3. The Stack Trace:

    • The most striking feature is the extremely repetitive sequence of calls dominating the trace (frames #14 through #305 and likely beyond, truncated in the log):
      • JS::Bytecode::Op::Call::execute_impl
      • JS::ECMAScriptFunctionObject::internal_call
      • JS::ECMAScriptFunctionObject::ordinary_call_evaluate_body
      • JS::Bytecode::Interpreter::run_executable
      • JS::Bytecode::Interpreter::run_bytecode
    • This pattern strongly suggests very deep recursion originating from the JavaScript code being executed. A JS function is calling another function (or itself) repeatedly, causing the C++ interpreter functions (which manage the execution) to call each other deeply, consuming stack space with each nested call.

  4. The Root Cause:

    • The actual root cause is almost certainly not a bug within JS::Shape::property_table() itself, but rather a piece of JavaScript code executed during TestJS that enters excessively deep recursion.
    • The stack overflow happened to manifest when property_table() was called simply because that's when the stack limit was finally breached. It could have potentially happened in many other functions called at that recursion depth.

Why it's Inconsistent:

  • Specific Test: Only one (or a few) specific JS tests likely trigger this deep recursion. If the test execution order varies or some tests are skipped under certain conditions, the failure might appear intermittent.
  • Resource Limits: Stack limits can sometimes vary slightly depending on the environment or how the process is launched. A run might just stay under the limit sometimes and just exceed it others.
  • Memory Layout: Minor changes in memory layout due to unrelated code changes or build options could slightly alter stack usage, pushing it over the edge only occasionally.

Debugging Strategy

The immediate goal is to identify the specific JavaScript test file that causes this recursion.

  1. Improve Test Runner Logging: Modify the TestJS execution framework (CTest, custom script, etc.) to print the name of the JS test file immediately before it starts executing it.

    • Example (conceptual): 
      // In your test runner logic
for test_file in js_test_files:
  print(f"--- Running test: {test_file} ---", flush=True) // Add this line!
  run_js_interpreter(test_file)
  print(f"--- Finished test: {test_file} ---", flush=True) // Optional: good for seeing successful completions
    • When the ASan crash occurs, the last test name printed to the log before the ASan error output will be the culprit. Ensure the output is flushed (flush=True in Python, std::cout << std::flush or fflush(stdout) in C++) so you see the message before the crash terminates the program.

  2. Force Serial Execution: If your tests run in parallel, force them to run serially (e.g., ctest -j1, or whatever mechanism your test runner uses). This makes the logging approach in step 1 reliable.

  3. Analyze the Culprit JS: Once you identify the failing .js file, examine its code for:

    • Direct recursion (a function calling itself).
    • Indirect recursion (function A calls B, B calls A; or A calls B, B calls C, C calls A, etc.).
    • Check the base cases for the recursion – is there a condition that stops it? Is it reachable?

  4. Increase Stack Size (for Diagnosis): As a temporary diagnostic step (not a fix), you could try increasing the stack size available to the test process (e.g., ulimit -s unlimited in the shell before running ctest, or linker flags). If this makes the crash go away or changes the stack depth significantly, it further confirms the stack overflow diagnosis.

In summary: The ASan report points to a stack overflow caused by deep recursion in the executed JavaScript code. The priority is to modify the test runner to log the currently executing test file name to pinpoint the source of the recursion.

Pavan3861 avatar Apr 29 '25 17:04 Pavan3861

@Pavan3861 Please don't clutter our issue tracker with AI slop

ADKaster avatar Apr 29 '25 17:04 ADKaster

This is still an issue, one of the problems that stands out for me the most in the CI jobs.

Does anyone have any clue why the test would do the repetitive / recursive calling?

I'll run it locally to see if I can reproduce it.

Here are the failures from the last 24 hours that I found:

https://github.com/LadybirdBrowser/ladybird/actions/runs/18350962266/job/52270539254#step:15:268

https://github.com/LadybirdBrowser/ladybird/actions/runs/18350843631/job/52270113964?pr=6263

https://github.com/LadybirdBrowser/ladybird/actions/runs/18335005238/job/52217283897#step:15:268

https://github.com/LadybirdBrowser/ladybird/actions/runs/18331998448/job/52208599100#step:15:268

https://github.com/LadybirdBrowser/ladybird/actions/runs/18325939672/job/52190331863#step:15:268

https://github.com/LadybirdBrowser/ladybird/actions/runs/18324783058/job/52186488207#step:15:268

rcorsi avatar Oct 08 '25 17:10 rcorsi

In the recent failures, the issue is around Libraries/LibJS/Bytecode/Interpreter.cpp:346 where the stack overflow has been detected.

Stack size limit is checked in Libraries/LibJS/Runtime/VM.h:109, and I guess ASAN is only showing us the last 300 stack frames even though there might be thousands of them.

Found the following that gives the impression that increasing the stack size when running under ASAN might not be a bad idea as ASAN itself increases stack usage.

https://news.ycombinator.com/item?id=26715446

rcorsi avatar Oct 08 '25 18:10 rcorsi

A few more discussions about increasing the stack size

https://clang.llvm.org/docs/AddressSanitizer.html

the previous one has the comment: AddressSanitizer uses more stack memory. We have seen up to 3x increase.

https://github.com/google/sanitizers/issues/98

https://github.com/google/sanitizers/issues/60

https://undo.io/resources/addresssanitizer-and-undo/

the previous one has the comment: ASan also imposes a larger (up to 3x) memory overhead for stack memory.

https://developercommunity.visualstudio.com/t/Increase-the-default-stack-size-when-usi/10970798?space=8&ftype=idea&sort=votes&stateGroup=active

rcorsi avatar Oct 08 '25 23:10 rcorsi

I am able to reproduce the issue locally. I have 6 failures on 36 attempts. 16.6% reproduction.

I will try to use the ASAN flag sleep_before_dying to connect with gdb to see if I can gather more information.

Image

rcorsi avatar Oct 08 '25 23:10 rcorsi

I got some information about one of the runners by adding some commands. See #6327

Look in the "Test Checks" tab of the run below.

https://github.com/LadybirdBrowser/ladybird/actions/runs/18390236159/job/52398641725?pr=6327

I can see that the soft stack size limit was changed from the usual Ubuntu default of 8MB to 16MB in /etc/security/limits.conf file. At the end of the file there is:

* soft nofile 65536
* hard nofile 65536
* soft stack 16384
* hard stack 16384

According to the output below of ulimit -H -a the hard limit has not been affected, still unlimited for the stack size.

#### Hard System Limits
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) unlimited
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 257231
max locked memory           (kbytes, -l) 8192
max memory size             (kbytes, -m) unlimited
open files                          (-n) 65536
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) unlimited
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 257231
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

But the soft limit is set to 16MB as the configuration requested.

#### Soft System Limits
real-time non-blocking time  (microseconds, -R) unlimited
core file size              (blocks, -c) 0
data seg size               (kbytes, -d) unlimited
scheduling priority                 (-e) 0
file size                   (blocks, -f) unlimited
pending signals                     (-i) 257231
max locked memory           (kbytes, -l) 8192
max memory size             (kbytes, -m) unlimited
open files                          (-n) 65536
pipe size                (512 bytes, -p) 8
POSIX message queues         (bytes, -q) 819200
real-time priority                  (-r) 0
stack size                  (kbytes, -s) 16384
cpu time                   (seconds, -t) unlimited
max user processes                  (-u) 257231
virtual memory              (kbytes, -v) unlimited
file locks                          (-x) unlimited

rcorsi avatar Oct 09 '25 22:10 rcorsi

Previously I mentioned that I was able to reproduce the issue, but I forgot that I actually lowered the bash process stack size to 1MB (with ulimit -s 1024) when I was able to reproduce this. When stack size is at 8MB the problem does not occur.

As the runner is already at 16MB, I don't know how this affects the issue. I am testing locally, not in a github runner environment, so don't know all differences.

I will continue working locally to gather more information. I'm even going to set the stack size to 16MB same as the runner to see if there will be any failures.

rcorsi avatar Oct 09 '25 22:10 rcorsi

Problem java script is: Libraries/LibJS/Tests/runtime-error-call-stack-size.js

By doing the following:

  • repeatedly only running test-js
  • by dumping the java script file name of the test path in Libraries/LibTest/JavaScriptTestRunner.h:217 in parse_script()
  • by using --verbose flag on ctest so that js file name path is visible.
  • by setting the stack size to 1MB on my local machine

I was able to cause 5 failures out of 100 attempts.

Java script test file that is always the cause of the stack-overflow is Libraries/LibJS/Tests/runtime-error-call-stack-size.js which is an infinite recursion test. Seems sometimes the stack size is just right to cause ASAN to complain. Most likely we need to change the buffer before throwing exception due to stack size exceeded in the code to leave more room to avoid ASAN capturing this fault.

rcorsi avatar Oct 10 '25 11:10 rcorsi

@trflynn89 you worked this year on Libraries/LibJS/Tests/runtime-error-call-stack-size.js. Seems it might be a source of problems.

It is most likely the cause of the infamous randomly failing CI test-js with AddressSanitizer:DEADLYSIGNAL and AddressSanitizer: stack-overflow .

I can cause it to fail locally as it does in CI by doing what I mention in the previous post.

Should we be changing the 32kb on Libraries/LibJS/Runtime/VM.h:115 to something else 64kb or make it all the same as 96kb?

rcorsi avatar Oct 10 '25 11:10 rcorsi

Attaching the full backtrace from gdb bt_test-js-stack-overflow.txt

It look like the code in Libraries/LibJS/Runtime/VM.h is working well on frames 11 through 26 and going to recover from the stack overflow, but then maybe a few bytes are missing and ASAN takes over.

rcorsi avatar Oct 10 '25 13:10 rcorsi

Or should we be making a fix in AK/StackInfo.cpp? on line 114 maybe multiple by 2 the guard page size. Just an idea.

rcorsi avatar Oct 10 '25 13:10 rcorsi

Just looking carefully at the links of the failed CI runs I put in this issue. All of them are on "Linux, x86_64, Sanitizer, GNU / CI".

Locally I am testing on Ubuntu 25.04 and using GNU g++14.2.0, real hardware.

And CI Runner is

  Virtualization: kvm
Operating System: Ubuntu 24.04.3 LTS
          Kernel: Linux 6.5.13
    Architecture: x86-64

rcorsi avatar Oct 10 '25 15:10 rcorsi

I just completed running locally, loops of 100 test runs of just test-js.

Failure results are as follows:

Stack Size       Failures
  1MB              5/100
  2MB              4/100
  3MB              1/100
  4MB              0/100
  5MB              0/100
  6MB              0/100
  7MB              0/100
  8MB              0/100
 16MB              0/100
 24MB              0/100
 32MB              0/100

rcorsi avatar Oct 10 '25 18:10 rcorsi

Increasing the system stack size (using ulimit -s XXXXX) will not help in this case. Ladybird's Linux Github Runner's system soft limit for stack size is at 16MB, which is double the usual default Ubuntu limit of 8MB.

Required fix would be similar to: 323c9edbb9207f53e9d7fef818631c08ad076cc9 where the javascript VM stack size usage limit is checked to not exceed 32kb in most cases and 96kb for macOS+ASAN. Should we make the 96kb value be used for any environment which is using ASAN?!?

Checking this locally by increasing limit from 32kb to 36kb, so far so good.

Also checking it in CI, with five good jobs with no issues related to AddressSanitizer:DEADLYSIGNAL or stack-overflow.

Five CI jobs with fix are part of PR #6327:

First one is good

https://github.com/LadybirdBrowser/ladybird/actions/runs/18437168927

Next one is good, but LibWeb failed on Timeout: Text/input/input-file-accept.html

https://github.com/LadybirdBrowser/ladybird/actions/runs/18437508395

Next one is good

https://github.com/LadybirdBrowser/ladybird/actions/runs/18437801833

Next one is good

https://github.com/LadybirdBrowser/ladybird/actions/runs/18438142699

Next one is good

https://github.com/LadybirdBrowser/ladybird/actions/runs/18438520666

rcorsi avatar Oct 12 '25 04:10 rcorsi