Segfault while running JS code

[Srinivasa314]

Version: v14.13.0
Platform: Linux inspiron-3493-srinivasa 5.8.13-arch1-1 #1 SMP PREEMPT Thu, 01 Oct 2020 20:40:35 +0000 x86_64 GNU/Linux

What steps will reproduce the bug?

const v8=require('v8')
v8.getHeapSnapshot()
v8.getHeapSnapshot()

What do you see instead?

Segfault

Additional information

GDB tells that the segfault occurs in this function
Backtrace:

#0  0x0000555555cf371e in v8::base::TemplateHashMapImpl<void*, void*, v8::base::HashEqualityThenKeyMatcher<void*, bool (*)(void*, void*)>, v8::base::DefaultAllocationPolicy>::Probe(void* const&, unsigned int) const ()
#1  0x000055555610f368 in v8::internal::StringsStorage::GetEntry(char const*, int) ()
#2  0x000055555610f6d2 in v8::internal::StringsStorage::GetName(v8::internal::Name) ()
#3  0x00005555561009a3 in v8::internal::V8HeapExplorer::AddEntry(v8::internal::HeapObject) ()
#4  0x00005555560f57ed in v8::internal::V8HeapExplorer::GetEntry(v8::internal::Object) ()
#5  0x0000555556101a48 in v8::internal::V8HeapExplorer::SetGcSubrootReference(v8::internal::Root, char const*, bool, v8::internal::Object) ()
#6  0x0000555556101ef4 in v8::internal::RootsReferencesExtractor::VisitRootPointers(v8::internal::Root, char const*, v8::internal::FullObjectSlot, v8::internal::FullObjectSlot) ()
#7  0x000055555613dd77 in v8::internal::ReadOnlyRoots::Iterate(v8::internal::RootVisitor*) ()
#8  0x0000555556100322 in v8::internal::V8HeapExplorer::IterateAndExtractReferences(v8::internal::HeapSnapshotGenerator*) ()
#9  0x00005555561015b3 in v8::internal::HeapSnapshotGenerator::GenerateSnapshot() ()
#10 0x00005555560f2a80 in v8::internal::HeapProfiler::TakeSnapshot(v8::ActivityControl*, v8::HeapProfiler::ObjectNameResolver*, bool) ()
#11 0x0000555555ac67b9 in node::heap::CreateHeapSnapshotStream(v8::FunctionCallbackInfo<v8::Value> const&) ()
#12 0x0000555555d0b637 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) ()
#13 0x0000555555d0b9fe in ?? ()
#14 0x0000555555d0c24a in ?? ()
#15 0x0000555555d0cba6 in v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) ()

[gireeshpunathil]

reported in #35559 too, though the callstack is different, so let us keep both.

[gireeshpunathil]

able to reproduce.

A pattern that is observed is, main thread is active while gc threads are in the sweeping phase. Not sure if this is valid or not. I guess concurrent marking is valid, but not concurrent sweep?

  6    Thread 0x7ffff4dc9700 (LWP 64112) "node" 0x0000000000dc1073 in v8::internal::Sweeper::RawSweep(v8::internal::Page*, v8::internal::Sweeper::FreeListRebuildingMode, v8::internal::FreeSpaceTreatmentMode, v8::internal::Sweeper::FreeSpaceMayContainInvalidatedSlots, v8::base::LockGuard<v8::base::Mutex, (v8::base::NullBehavior)0> const&) [clone .constprop.198] ()

  5    Thread 0x7ffff55ca700 (LWP 64111) "node" 0x0000000000dc1079 in v8::internal::Sweeper::RawSweep(v8::internal::Page*, v8::internal::Sweeper::FreeListRebuildingMode, v8::internal::FreeSpaceTreatmentMode, v8::internal::Sweeper::FreeSpaceMayContainInvalidatedSlots, v8::base::LockGuard<v8::base::Mutex, (v8::base::NullBehavior)0> const&) [clone .constprop.198] ()

  4    Thread 0x7ffff5dcb700 (LWP 64110) "node" 0x0000000000dc10f9 in v8::internal::Sweeper::RawSweep(v8::internal::Page*, v8::internal::Sweeper::FreeListRebuildingMode, v8::internal::FreeSpaceTreatmentMode, v8::internal::Sweeper::FreeSpaceMayContainInvalidatedSlots, v8::base::LockGuard<v8::base::Mutex, (v8::base::NullBehavior)0> const&) [clone .constprop.198] ()

* 1    Thread 0x7ffff7fd8780 (LWP 64101) "node" 0x0000000000fed380 in v8::internal::StringsStorage::AddOrDisposeString(char*, int) ()

one of the sweeping thread has this stack:

(gdb) where
#0  0x0000000000dc1065 in v8::internal::Sweeper::RawSweep(v8::internal::Page*, v8::internal::Sweeper::FreeListRebuildingMode, v8::internal::FreeSpaceTreatmentMode, v8::internal::Sweeper::FreeSpaceMayContainInvalidatedSlots, v8::base::LockGuard<v8::base::Mutex, (v8::base::NullBehavior)0> const&) [clone .constprop.198] ()
#1  0x0000000000dc2031 in v8::internal::Sweeper::ParallelSweepPage(v8::internal::Page*, v8::internal::AllocationSpace, v8::internal::Sweeper::FreeSpaceMayContainInvalidatedSlots) ()
#2  0x0000000000dc236b in v8::internal::Sweeper::SweeperTask::RunInternal() ()
#3  0x0000000000c6a1fb in non-virtual thunk to v8::internal::CancelableTask::Run() ()
#4  0x0000000000a6fdc5 in node::(anonymous namespace)::PlatformWorkerThread(void*) ()
#5  0x00007ffff71a3ea5 in start_thread () from /lib64/libpthread.so.0
#6  0x00007ffff6ecc8cd in clone () from /lib64/libc.so.6

[addaleax]

I think closing this as a duplicate of #35559 would be fine.

[gireeshpunathil]

root cause identified, and found to be same. fix will come by way of v8 changes. #35559 will track this. closing this.