-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
snapshot cause EXC_BAD_ACCESS #40832
Comments
#38905 (comment) Need to report a issue to v8. |
This is tracked in V8 as https://bugs.chromium.org/p/v8/issues/detail?id=12718 - it appears that there is a mismatch when the snapshot is de/serialized, so a ScopeInfo gets corrupted (apart from that, some string in the constant pools of certain bytecodes are corrupted too) and caused the crash - I am currently tracing down where that mismatch is coming from (aside: #42466 still reproduces this error when the snippet is run to build into the embedded snapshot, so that rules out issues with |
FYI I've confirmed that https://chromium-review.googlesource.com/c/v8/v8/+/3616553 can fix this though I reverted it soon after landing it due to another memory corruption that seems to be only reproducible with chromium (which I am trying to fix..). |
I've applied your fix as patch to current master and confirming that it's fixed segfault with above trace.
I cannot provide minimal example (it's 20mb of js). Also, if you're interested, here are benchmarks of evaluating 20 mb file (it's different nodes versions but still):
|
@goloveychuk Sorry for missing the reply in this thread. From a glance of the stack trace, this looks like a different kind of memory corruption. My instinct is that the node/deps/v8/src/snapshot/deserializer.cc Lines 436 to 437 in 6bbc559
might be bogus. Can you open a separate issue for this bug, and mention it in the tracking issue (#44014) ? Thanks! I'll be closing this issue since the bug it references should now be fixed by https://chromium-review.googlesource.com/c/v8/v8/+/3793525. |
Not able to reproduce in current master |
Version
v18.0.0-pre
Platform
Darwin MY-MC0 19.5.0 Darwin Kernel Version 19.5.0: Thu Apr 30 18:25:59 PDT 2020; root:xnu-6153.121.1~7/RELEASE_X86_64 x86_64
Subsystem
No response
What steps will reproduce the bug?
Nodejs loads a specific snapshot, and causes a memory error
EXC_BAD_ACCESS
.This happens on Macos platform and Linux platform.
How often does it reproduce? Is there a required condition?
I'm modifying nodejs to support loading third party snapshots.
This happens when you snapshot a javascjrpt file:
and loads the snapshot when nodejs bootstrap.
This also happens with the new feature user land snapshots.
I added a test case on the v8 and did not find this problem:
test case output:
It seems that this is an issue of nodejs.
What is the expected behavior?
No response
What do you see instead?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: