Multiple crashes in Node.js (e.g. in RunAndClearNativeImmediates and CleanupHookCallback)

[krenni1]

Node.js Version

v18.20.4

NPM Version

v9.6.7

Operating System

Windows x86_64

Subsystem

Other

Description

We are experiencing sporadic crashes and the crash signatures are different most of the time. I provided two crash examples in the output which show the methods mentioned in the title.

Some details about our application:

• we use napi to use C++ objects in JavaScript. Those objects handle asynchronous requests
• we use yao-pkg
• we load .node files which were compiled against a different version of Node.js (v22.8.0) than our application. This is outside our control and worked so far - but now we wonder if that could be an issue.

I know this is all very vague but I was hoping someone experiences similar crashes and maybe has an idea how to solve this or can provide ideas how to find the root cause of such crashes.

Minimal Reproduction

Sporadic

Output

Crash call stack 1:

[Inline Frame] MyServer.exe!node::Environment::RunAndClearNativeImmediates::__l2::<lambda_5a704f9ee0c767d828bb3be29d779ea4>::operator()(node::CallbackQueue<void,node::Environment *> *) Line 1104 C++
MyServer.exe!node::Environment::RunAndClearNativeImmediates(bool only_refed) Line 1117 C++
MyServer.exe!node::Environment::CheckImmediate(uv_check_s * handle) Line 1257 C++
MyServer.exe!uv__check_invoke(uv_loop_s * loop) Line 121 C
MyServer.exe!uv_run(uv_loop_s * loop, uv_run_mode mode) Line 633 C
MyServer.exe!node::SpinEventLoop(node::Environment * env) Line 39 C++
[Inline Frame] MyServer.exe!node::NodeMainInstance::Run(int *) Line 146 C++
MyServer.exe!node::NodeMainInstance::Run() Line 138 C++
MyServer.exe!node::LoadSnapshotDataAndRun(const node::SnapshotData * * snapshot_data_ptr, const node::InitializationResult * result) Line 1222 C++
MyServer.exe!node::Start(int argc, char * * argv) Line 1271 C++
MyServer.exe!wmain(int argc, wchar_t * * wargv) Line 89 C++
[Inline Frame] MyServer.exe!invoke_main() Line 90 C++
MyServer.exe!__scrt_common_main_seh() Line 288 C++
kernel32.dll!BaseThreadInitThunk() Unknown
ntdll.dll!RtlUserThreadStart() Unknown

Crash call stack 2:

[Inline Frame] MyServer.exe!std::_Hash<std::_Uset_traits<node::CleanupQueue::CleanupHookCallback,std::_Uhash_comparenode::CleanupQueue::CleanupHookCallback,node::CleanupQueue::CleanupHookCallback::Hash,node::CleanupQueue::CleanupHookCallback::Equal,std::allocatornode::CleanupQueue::CleanupHookCallback,0>>::_Insert_new_node_before(const unsigned __int64) Line 1586 C++
MyServer.exe!std::_Hash<std::_Uset_traits<node::CleanupQueue::CleanupHookCallback,std::_Uhash_comparenode::CleanupQueue::CleanupHookCallback,node::CleanupQueue::CleanupHookCallback::Hash,node::CleanupQueue::CleanupHookCallback::Equal,std::allocatornode::CleanupQueue::CleanupHookCallback,0>>::emplace<void (__cdecl*&)(void ),void * &,unsigned __int64>(void()(void ) & <_Vals_0>, void * & <_Vals_1>, unsigned __int64 && <_Vals_2>) Line 633 C++
[Inline Frame] MyServer.exe!node::CleanupQueue::Add(void()(void ) cb, void * arg) Line 30 C++
[Inline Frame] MyServer.exe!node::Realm::AddCleanupHook(void()(void *)) Line 130 C++
MyServer.exe!node::BaseObject::BaseObject(node::Realm * realm, v8::Localv8::Object object) Line 27 C++
[Inline Frame] MyServer.exe!node::BaseObject::{ctor}(node::Environment *) Line 36 C++
[Inline Frame] MyServer.exe!node::AsyncWrap::{ctor}(node::Environment *) Line 517 C++
MyServer.exe!node::AsyncWrap::AsyncWrap(node::Environment * env, v8::Localv8::Object object, node::AsyncWrap::ProviderType provider, double execution_async_id, bool silent) Line 498 C++
MyServer.exe!node::AsyncWrap::AsyncWrap(node::Environment * env, v8::Localv8::Object object, node::AsyncWrap::ProviderType provider, double execution_async_id) Line 491 C++
MyServer.exe!node::HandleWrap::HandleWrap(node::Environment * env, v8::Localv8::Object object, uv_handle_s * handle, node::AsyncWrap::ProviderType provider) Line 126 C++
MyServer.exe!node::LibuvStreamWrap::LibuvStreamWrap(node::Environment * env, v8::Localv8::Object object, uv_stream_s * stream, node::AsyncWrap::ProviderType provider) Line 131 C++
MyServer.exe!node::ConnectionWrapnode::TCPWrap,uv_tcp_s::ConnectionWrapnode::TCPWrap,uv_tcp_s(node::Environment * env, v8::Localv8::Object object, node::AsyncWrap::ProviderType provider) Line 29 C++
[Inline Frame] MyServer.exe!node::TCPWrap::{ctor}(node::Environment *) Line 178 C++
MyServer.exe!node::TCPWrap::New(const v8::FunctionCallbackInfov8::Value & args) Line 173 C++
MyServer.exe!v8::internal::FunctionCallbackArguments::Call(v8::internal::Taggedv8::internal::FunctionTemplateInfo function) Line 115 C++
MyServer.exe!v8::internal::anonymous namespace'::HandleApiCallHelper<1>(v8::internal::Isolate * isolate, v8::internal::Handle<v8::internal::HeapObject> new_target, v8::internal::Handle<v8::internal::FunctionTemplateInfo> fun_data, v8::internal::Handle<v8::internal::Object> receiver, unsigned __int64 * argv, int argc) Line 112 C++ MyServer.exe!v8::internal::Builtins::InvokeApiFunction(v8::internal::Isolate * isolate, bool is_construct, v8::internal::Handle<v8::internal::FunctionTemplateInfo> function, v8::internal::Handle<v8::internal::Object> receiver, int argc, v8::internal::Handle<v8::internal::Object> * args, v8::internal::Handle<v8::internal::HeapObject> new_target) Line 195 C++ MyServer.exe!v8::internal::anonymous namespace'::Invoke(v8::internal::Isolate * isolate, const v8::internal::`anonymous-namespace'::InvokeParams & params) Line 316 C++
MyServer.exe!v8::internal::Execution::New(v8::internal::Isolate * isolate, v8::internal::Handlev8::internal::Object constructor, v8::internal::Handlev8::internal::Object new_target, int argc, v8::internal::Handlev8::internal::Object * argv) Line 542 C++
MyServer.exe!v8::Function::NewInstanceWithSideEffectType(v8::Localv8::Context context, int argc, v8::Localv8::Value * argv, v8::SideEffectType side_effect_type) Line 5484 C++
MyServer.exe!v8::Function::NewInstance(v8::Localv8::Context context, int argc, v8::Localv8::Value * argv) Line 5452 C++
MyServer.exe!node::TCPWrap::Instantiate(node::Environment * env, node::AsyncWrap * parent, node::TCPWrap::SocketType type) Line 67 C++
MyServer.exe!node::ConnectionWrapnode::TCPWrap,uv_tcp_s::OnConnection(uv_stream_s * handle, int status) Line 52 C++
MyServer.exe!uv__process_tcp_accept_req(uv_loop_s * loop, uv_tcp_s * handle, uv_req_s * raw_req) Line 1179 C
[Inline Frame] MyServer.exe!uv__process_reqs(uv_loop_s *) Line 167 C
MyServer.exe!uv_run(uv_loop_s * loop, uv_run_mode mode) Line 658 C
MyServer.exe!node::SpinEventLoopInternal(node::Environment * env) Line 42 C++
[Inline Frame] MyServer.exe!node::NodeMainInstance::Run(node::ExitCode *) Line 110 C++
MyServer.exe!node::NodeMainInstance::Run() Line 100 C++
MyServer.exe!node::StartInternal(int argc, char * * argv) Line 1530 C++
MyServer.exe!node::Start(int argc, char * * argv) Line 1538 C++
MyServer.exe!wmain(int argc, wchar_t * * wargv) Line 93 C++
[Inline Frame] MyServer.exe!invoke_main() Line 90 C++
MyServer.exe!__scrt_common_main_seh() Line 288 C++
kernel32.dll!BaseThreadInitThunk() Unknown
ntdll.dll!RtlUserThreadStart() Unknown

Before You Submit

• I have looked for issues that already exist before submitting this
• My issue follows the guidelines in the README file, and follows the 'How to ask a good question' guide at https://stackoverflow.com/help/how-to-ask

[krenni1]

Turned out one of the node files we loaded caused the issue (it accessed something which was freed already due to wrong reference counting). I recommend to use AppVerifier from Microsoft in such cases.