Hi Michael, Yes, it was on Windows 10 x86_64. I have been maintaining an open-source project Javet <https://github.com/caoccao/Javet> that embeds Node.js and V8 in JVM. The crash was reported by a Javet user and reproduced by me. Also, Marek had the same issue. I believe it also applies to Linux and MacOS.
Thank you, Sam On Fri, Jun 7, 2024 at 6:49 PM Michael Lippautz <mlippa...@chromium.org> wrote: > Filed https://issues.chromium.org/u/1/issues/345640547 so this gets > picked up by propert rotations. > > When you say > "Start thread 2 and call v8Isolate->GetHeapStatistics() periodically.", > what's your environment? This is not running in Chrome, right? > > On Fri, Jun 7, 2024 at 6:22 AM Sam Cao <sjtucao...@gmail.com> wrote: > >> Hi V8 Dev, >> >> I'd like to report a potential bug in ConcurrentMarking::RunMajor(). >> >> *Fatal Error* >> # >> # Fatal error in , line 0 >> # Check failed: !IsFreeSpaceOrFillerMap(map). >> # >> # >> # >> #FailureMessage Object: 00000083D21FF440 >> ==== C stack trace =============================== >> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA557BB+1514667 >> ] >> (No symbol) [0x00007FFF4A77D497] >> (No symbol) [0x00007FFF4A820BBA] >> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AB234A1+2357649 >> ] >> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AB3AB62+2453586 >> ] >> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA570A6+1521046 >> ] >> CrashForExceptionInNonABICompliantCodeRange [0x00007FFF4AA5A466+1534294 >> ] >> >> *Reproduce* >> >> 1. Set max heap size to 8096 >> 2. Start thread 1 and execute the following JS code. >> var a = []; >> for (let i = 0; i < 100000000; i++) { >> a.push({test:'test'}); >> } >> 3. Start thread 2 and call v8Isolate->GetHeapStatistics() >> periodically. >> >> There is a high chance that V8 will crash with the fatal error posted >> above. >> >> *Analysis* >> I reviewed the source code of 12.5.227.6 and found there is only one call >> to IsFreeSpaceOrFillerMap() inside ConcurrentMarking::RunMajor() as follows. >> [image: 01.png] >> >> It seems this check is not always valid when that V8 isolate is busy >> allocating memory. It used to be working well before this check was added. >> >> Please check this issue out. >> >> Thank you, >> Sam >> >> -- >> -- >> v8-dev mailing list >> v8-dev@googlegroups.com >> http://groups.google.com/group/v8-dev >> --- >> You received this message because you are subscribed to the Google Groups >> "v8-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to v8-dev+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/v8-dev/73909b1a-6ab5-4014-bdf2-9b2be2a253bdn%40googlegroups.com >> <https://groups.google.com/d/msgid/v8-dev/73909b1a-6ab5-4014-bdf2-9b2be2a253bdn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > -- > v8-dev mailing list > v8-dev@googlegroups.com > http://groups.google.com/group/v8-dev > --- > You received this message because you are subscribed to a topic in the > Google Groups "v8-dev" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/v8-dev/TCGnZKjYFEI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > v8-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/v8-dev/CAH%2BmL5Caw_Qv8a08e9opsjQiT3efdMdOeuLnu4sqDS2OjimD-Q%40mail.gmail.com > <https://groups.google.com/d/msgid/v8-dev/CAH%2BmL5Caw_Qv8a08e9opsjQiT3efdMdOeuLnu4sqDS2OjimD-Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- -- caocao -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CADa8QzGOwTObRfS3F-%3Dy25idFN8L6qtzaywN%3DKad150W0fpXPw%40mail.gmail.com.
