Node.js v14.15.5 segfault in v8::internal::ConcurrentMarking::Run

Version: 14.15.5
Platform: Linux WorkMachine 5.11.1-arch1-1 #1 SMP PREEMPT Tue, 23 Feb 2021 14:05:30 +0000 x86_64 GNU/Linux
Subsystem: v8 ?

What steps will reproduce the bug?

As far as we found out, the segfault happens if Node.js sends/receives lots of data via sockets and processes it in an expensive synchronous method (e.g. JSON.parse).
The original problem involved some basic JSON data processing where the data was received from a RabbitMQ using the amqplib npm package. Meanwhile we were able to recreate the problem by only using Node.js internal mechanisms (net package) in this sample repository:

https://github.com/hellivan/nodejs-14.15.5-ConcurrentMarking-segfault

How often does it reproduce? Is there a required condition?

The error only reproduces under uncertain conditions that are difficult to replicate. Under normal circumstances, it may possible that the application runs for hours and then crashes without a reason. However it may also happen that it crashes right after the start.

What is the expected behavior?

Node.js runtime should execute JS application without interruptions.

What do you see instead?

Node.js crashes with a SIGSEGV.

Additional information

During the analysis of the original application crashes, we were able to extract some coredumps which are listed below. Due to privacy reasons we replaced some paths in the results. Due to the complexity of the original application, we created a reduced sample application, which we hope reproduces the same segmentation fault as the original one. During our tests, we found out that other Node.js versions may be affected by this bug, too. We were able to sporadically reproduce the issue for Node.js versions 14.16.0 and 15.10.0.

If you need any help or information regarding the coredumps please let me know.

1. Coredump

General information about node instance

(llnode) v8 nodeinfo Information for process id 27845 (process=0x262d71a01d81) Platform = linux, Architecture = x64, Node Version = v14.15.5 Component versions (process.versions=0x30ed2c5c1b69): ares = 1.16.1 brotli = 1.0.9 cldr = 37.0 icu = 67.1 llhttp = 2.1.3 modules = 83 napi = 7 nghttp2 = 1.41.0 node = 14.15.5 openssl = 1.1.1i tz = 2020a unicode = 13.0 uv = 1.40.0 v8 = 8.4.371.19-node.18 zlib = 1.2.11 Release Info (process.release=0x30ed2c5c1951): name = node lts = Fermium sourceUrl = https://nodejs.org/download/release/v14.15.5/node-v14.15.5.tar.gz headersUrl = https://nodejs.org/download/release/v14.15.5/node-v14.15.5-headers.tar.gz Executable Path = /home/user/.nvm/versions/node/v14.15.5/bin/node Command line arguments (process.argv=0x30ed2c5c1871): [0] = '/home/user/user.nvm/versions/node/v14.15.5/bin/node' [1] = '/home/user/app.js' Node.js Command line arguments (process.execArgv=0x30ed2c5c1a49):

List of all threads

(llnode) thread list Process 27845 stopped * thread #1: tid = 27847, 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364, name = 'node', stop reason = signal SIGSEGV thread #2: tid = 27848, 0x0000000000cfc324 node`v8::internal::ConcurrentMarkingVisitor::VisitPointersInSnapshot(v8::internal::HeapObject, v8::internal::SlotSnapshot const&) + 68, stop reason = signal 0 thread #3: tid = 27849, 0x0000000000cff987 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1303, stop reason = signal 0 thread #4: tid = 27851, 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #5: tid = 27850, 0x00007f2db786c8e2 libc.so.6`malloc + 770, stop reason = signal 0 thread #6: tid = 27845, 0x0000000000d49001 node`v8::internal::IncrementalMarking::RecordWriteSlow(v8::internal::HeapObject, v8::internal::FullHeapObjectSlot, v8::internal::HeapObject) + 65, stop reason = signal 0 thread #7: tid = 27853, 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #8: tid = 27852, 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #9: tid = 27846, 0x00007f2db78e039e libc.so.6`epoll_wait + 94, stop reason = signal 0 thread #10: tid = 27854, 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #11: tid = 27855, 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0

Threads' backtrace

(llnode) bt all * thread #1, name = 'node', stop reason = signal SIGSEGV * frame #0: 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #4: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #2, stop reason = signal 0 frame #0: 0x0000000000cfc324 node`v8::internal::ConcurrentMarkingVisitor::VisitPointersInSnapshot(v8::internal::HeapObject, v8::internal::SlotSnapshot const&) + 68 frame #1: 0x0000000000d02069 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 11257 frame #2: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #3: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #3, stop reason = signal 0 frame #0: 0x0000000000cff987 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1303 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #4: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #4, stop reason = signal 0 frame #0: 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f2db79bfb98 libpthread.so.0`__new_sem_wait_slow64.constprop.0 + 152 frame #2: 0x000000000138a312 node`uv_sem_wait at thread.c:626:9 frame #3: 0x000000000138a300 node`uv_sem_wait(sem=0x0000000004465600) at thread.c:682 frame #4: 0x0000000000afbd45 node`node::inspector::(anonymous namespace)::StartIoThreadMain(void*) + 53 frame #5: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #6: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #5, stop reason = signal 0 frame #0: 0x00007f2db786c8e2 libc.so.6`malloc + 770 frame #1: 0x00007f2db7bd14da libstdc++.so.6`operator new(unsigned long) at new_op.cc:50:22 frame #2: 0x0000000000cfd960 node`std::__detail::_Map_base<v8::internal::MemoryChunk*, std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData>, std::allocator<std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData> >, std::__detail::_Select1st, std::equal_to<v8::internal::MemoryChunk*>, v8::internal::MemoryChunk::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true>, true>::operator[](v8::internal::MemoryChunk* const&) + 160 frame #3: 0x0000000000cfdbf9 node`v8::internal::ConcurrentMarkingVisitor::ShouldVisit(v8::internal::HeapObject) + 185 frame #4: 0x0000000000d02735 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 12997 frame #5: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #6: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #7: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #8: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #6, stop reason = signal 0 frame #0: 0x0000000000d49001 node`v8::internal::IncrementalMarking::RecordWriteSlow(v8::internal::HeapObject, v8::internal::FullHeapObjectSlot, v8::internal::HeapObject) + 65 frame #1: 0x0000000000e2da31 node`v8::internal::JsonParser<unsigned short>::BuildJsonObject(v8::internal::JsonParser<unsigned short>::JsonContinuation const&, std::vector<v8::internal::JsonProperty, std::allocator<v8::internal::JsonProperty> > const&, v8::internal::Handle<v8::internal::Map>) + 5569 frame #2: 0x0000000000e2e795 node`v8::internal::JsonParser<unsigned short>::ParseJsonValue() + 2565 frame #3: 0x0000000000e2ee8f node`v8::internal::JsonParser<unsigned short>::ParseJson() + 15 frame #4: 0x0000000000c24805 node`v8::internal::Builtin_Impl_JsonParse(v8::internal::BuiltinArguments, v8::internal::Isolate*) + 197 frame #5: 0x0000000000c24f06 node`v8::internal::Builtin_JsonParse(int, unsigned long*, v8::internal::Isolate*) + 22 frame #6: 0x0000000001401319 node`Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 57 frame #7: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #8: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #9: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #10: 0x000015ea04052b87 frame #11: 0x00000000013944f9 node`Builtins_ArgumentsAdaptorTrampoline + 185 frame #12: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #13: 0x000015ea04060a94 frame #14: 0x000015ea040527cc frame #15: 0x000015ea04065d15 frame #16: 0x000015ea0405ebc2 frame #17: 0x000015ea040562cc frame #18: 0x00000000013982da node`Builtins_JSEntryTrampoline + 90 frame #19: 0x00000000013980b8 node`Builtins_JSEntry + 120 frame #20: 0x0000000000cc2cf1 node`v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) + 449 frame #21: 0x0000000000cc3b5f node`v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 95 frame #22: 0x0000000000b8ba54 node`v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) + 324 frame #23: 0x000000000096ad61 node`node::InternalCallbackScope::Close() + 1233 frame #24: 0x000000000096b357 node`node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) + 647 frame #25: 0x0000000000978f69 node`node::AsyncWrap::MakeCallback(v8::Local<v8::Function>, int, v8::Local<v8::Value>*) + 121 frame #26: 0x0000000000acf2d8 node`node::StreamBase::CallJSOnreadMethod(long, v8::Local<v8::ArrayBuffer>, unsigned long, node::StreamBase::StreamBaseJSChecks) (.constprop.105) + 168 frame #27: 0x0000000000ad2cc6 node`node::EmitToJSStreamListener::OnStreamRead(long, uv_buf_t const&) + 886 frame #28: 0x0000000000adc2b8 node`node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) + 120 frame #29: 0x0000000001387267 node`uv__read(stream=0x00000000047c8cf0) at stream.c:1239:7 frame #30: 0x0000000001387c20 node`uv__stream_io(loop=<unavailable>, w=0x00000000047c8d78, events=1) at stream.c:1306:5 frame #31: 0x000000000138e615 node`uv__io_poll at linux-core.c:462:11 frame #32: 0x000000000137c468 node`uv_run(loop=0x000000000446c7c0, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #33: 0x0000000000a44974 node`node::NodeMainInstance::Run() + 580 frame #34: 0x00000000009d1e15 node`node::Start(int, char**) + 277 frame #35: 0x00007f2db7808b25 libc.so.6`__libc_start_main + 213 frame #36: 0x00000000009694cc node`_start + 41 thread #7, stop reason = signal 0 frame #0: 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f2db79bd260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #8, stop reason = signal 0 frame #0: 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f2db79bd260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #9, stop reason = signal 0 frame #0: 0x00007f2db78e039e libc.so.6`epoll_wait + 94 frame #1: 0x000000000138e9c4 node`uv__io_poll at linux-core.c:324:14 frame #2: 0x000000000137c468 node`uv_run(loop=0x00000000046db7f8, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #3: 0x0000000000a75f4b node`node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start()::'lambda'(void*)::_FUN(void*) + 123 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #10, stop reason = signal 0 frame #0: 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f2db79bd260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67 thread #11, stop reason = signal 0 frame #0: 0x00007f2db79c39ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f2db79bd260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f2db79b7299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f2db78e0053 libc.so.6`__clone + 67

2. Coredump

List of all threads

(llnode) thread list Process 37891 stopped * thread #1: tid = 37896, 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364, name = 'node', stop reason = signal SIGSEGV thread #2: tid = 37891, 0x0000000000e26c23 node`v8::internal::JsonParser<unsigned short>::ScanJsonString(bool) + 51, stop reason = signal 0 thread #3: tid = 37894, 0x0000000000cff9ac node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1340, stop reason = signal 0 thread #4: tid = 37897, 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #5: tid = 37892, 0x00007fe44a88039e libc.so.6`epoll_wait + 94, stop reason = signal 0 thread #6: tid = 37899, 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #7: tid = 37900, 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #8: tid = 37898, 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #9: tid = 37893, 0x0000000000cff944 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1236, stop reason = signal 0 thread #10: tid = 37895, 0x0000000000cfd8e7 node`std::__detail::_Map_base<v8::internal::MemoryChunk*, std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData>, std::allocator<std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData> >, std::__detail::_Select1st, std::equal_to<v8::internal::MemoryChunk*>, v8::internal::MemoryChunk::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true>, true>::operator[](v8::internal::MemoryChunk* const&) + 39, stop reason = signal 0 thread #11: tid = 37901, 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0

Threads' backtrace

(llnode) bt all * thread #1, name = 'node', stop reason = signal SIGSEGV * frame #0: 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #4: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #2, stop reason = signal 0 frame #0: 0x0000000000e26c23 node`v8::internal::JsonParser<unsigned short>::ScanJsonString(bool) + 51 frame #1: 0x0000000000e2e0e0 node`v8::internal::JsonParser<unsigned short>::ParseJsonValue() + 848 frame #2: 0x0000000000e2ee8f node`v8::internal::JsonParser<unsigned short>::ParseJson() + 15 frame #3: 0x0000000000c24805 node`v8::internal::Builtin_Impl_JsonParse(v8::internal::BuiltinArguments, v8::internal::Isolate*) + 197 frame #4: 0x0000000000c24f06 node`v8::internal::Builtin_JsonParse(int, unsigned long*, v8::internal::Isolate*) + 22 frame #5: 0x0000000001401319 node`Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 57 frame #6: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #7: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #8: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #9: 0x000029ced67d30a7 frame #10: 0x00000000013944f9 node`Builtins_ArgumentsAdaptorTrampoline + 185 frame #11: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #12: 0x000029ced67d9b94 frame #13: 0x000029ced67ddf4c frame #14: 0x000029ced67dda70 frame #15: 0x000029ced67df222 frame #16: 0x000029ced67d630c frame #17: 0x00000000013982da node`Builtins_JSEntryTrampoline + 90 frame #18: 0x00000000013980b8 node`Builtins_JSEntry + 120 frame #19: 0x0000000000cc2cf1 node`v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) + 449 frame #20: 0x0000000000cc3b5f node`v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 95 frame #21: 0x0000000000b8ba54 node`v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) + 324 frame #22: 0x000000000096ad61 node`node::InternalCallbackScope::Close() + 1233 frame #23: 0x000000000096b357 node`node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) + 647 frame #24: 0x0000000000978f69 node`node::AsyncWrap::MakeCallback(v8::Local<v8::Function>, int, v8::Local<v8::Value>*) + 121 frame #25: 0x0000000000acf2d8 node`node::StreamBase::CallJSOnreadMethod(long, v8::Local<v8::ArrayBuffer>, unsigned long, node::StreamBase::StreamBaseJSChecks) (.constprop.105) + 168 frame #26: 0x0000000000ad2cc6 node`node::EmitToJSStreamListener::OnStreamRead(long, uv_buf_t const&) + 886 frame #27: 0x0000000000adc2b8 node`node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) + 120 frame #28: 0x0000000001387267 node`uv__read(stream=0x0000000005a70cf0) at stream.c:1239:7 frame #29: 0x0000000001387c20 node`uv__stream_io(loop=<unavailable>, w=0x0000000005a70d78, events=1) at stream.c:1306:5 frame #30: 0x000000000138e615 node`uv__io_poll at linux-core.c:462:11 frame #31: 0x000000000137c468 node`uv_run(loop=0x000000000446c7c0, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #32: 0x0000000000a44974 node`node::NodeMainInstance::Run() + 580 frame #33: 0x00000000009d1e15 node`node::Start(int, char**) + 277 frame #34: 0x00007fe44a7a8b25 libc.so.6`__libc_start_main + 213 frame #35: 0x00000000009694cc node`_start + 41 thread #3, stop reason = signal 0 frame #0: 0x0000000000cff9ac node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1340 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #4: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #4, stop reason = signal 0 frame #0: 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007fe44a95fb98 libpthread.so.0`__new_sem_wait_slow64.constprop.0 + 152 frame #2: 0x000000000138a312 node`uv_sem_wait at thread.c:626:9 frame #3: 0x000000000138a300 node`uv_sem_wait(sem=0x0000000004465600) at thread.c:682 frame #4: 0x0000000000afbd45 node`node::inspector::(anonymous namespace)::StartIoThreadMain(void*) + 53 frame #5: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #6: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #5, stop reason = signal 0 frame #0: 0x00007fe44a88039e libc.so.6`epoll_wait + 94 frame #1: 0x000000000138e9c4 node`uv__io_poll at linux-core.c:324:14 frame #2: 0x000000000137c468 node`uv_run(loop=0x00000000059837f8, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #3: 0x0000000000a75f4b node`node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start()::'lambda'(void*)::_FUN(void*) + 123 frame #4: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #5: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #6, stop reason = signal 0 frame #0: 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007fe44a95d260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #5: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #7, stop reason = signal 0 frame #0: 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007fe44a95d260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #5: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #8, stop reason = signal 0 frame #0: 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007fe44a95d260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #5: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #9, stop reason = signal 0 frame #0: 0x0000000000cff944 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1236 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #4: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #10, stop reason = signal 0 frame #0: 0x0000000000cfd8e7 node`std::__detail::_Map_base<v8::internal::MemoryChunk*, std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData>, std::allocator<std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData> >, std::__detail::_Select1st, std::equal_to<v8::internal::MemoryChunk*>, v8::internal::MemoryChunk::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true>, true>::operator[](v8::internal::MemoryChunk* const&) + 39 frame #1: 0x0000000000cfdbf9 node`v8::internal::ConcurrentMarkingVisitor::ShouldVisit(v8::internal::HeapObject) + 185 frame #2: 0x0000000000d02044 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 11220 frame #3: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #4: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #5: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #6: 0x00007fe44a880053 libc.so.6`__clone + 67 thread #11, stop reason = signal 0 frame #0: 0x00007fe44a9639ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007fe44a95d260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007fe44a957299 libpthread.so.0`start_thread + 233 frame #5: 0x00007fe44a880053 libc.so.6`__clone + 67

3. Coredump

List of all threads

(llnode) thread list Process 39590 stopped * thread #1: tid = 39593, 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364, name = 'node', stop reason = signal SIGSEGV thread #2: tid = 39591, 0x00007f129312c39e libc.so.6`epoll_wait + 94, stop reason = signal 0 thread #3: tid = 39590, 0x0000000000d6e0f4 node`v8::internal::MainMarkingVisitor<v8::internal::MajorMarkingState>::ShouldVisit(v8::internal::HeapObject) + 20, stop reason = signal 0 thread #4: tid = 39597, 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #5: tid = 39599, 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #6: tid = 39596, 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #7: tid = 39594, 0x0000000000cfd8d3 node`std::__detail::_Map_base<v8::internal::MemoryChunk*, std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData>, std::allocator<std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData> >, std::__detail::_Select1st, std::equal_to<v8::internal::MemoryChunk*>, v8::internal::MemoryChunk::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true>, true>::operator[](v8::internal::MemoryChunk* const&) + 19, stop reason = signal 0 thread #8: tid = 39598, 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #9: tid = 39595, 0x0000000000cff98e node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1310, stop reason = signal 0 thread #10: tid = 39600, 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202, stop reason = signal 0 thread #11: tid = 39592, 0x00007f129320c6e0 libpthread.so.0`__lll_lock_wait + 48, stop reason = signal 0

Threads' backtrace

(llnode) bt all * thread #1, name = 'node', stop reason = signal SIGSEGV * frame #0: 0x0000000000cff9c4 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1364 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #4: 0x00007f129312c053 libc.so.6`__clone + 67 thread #2, stop reason = signal 0 frame #0: 0x00007f129312c39e libc.so.6`epoll_wait + 94 frame #1: 0x000000000138e9c4 node`uv__io_poll at linux-core.c:324:14 frame #2: 0x000000000137c468 node`uv_run(loop=0x00000000058ac7f8, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #3: 0x0000000000a75f4b node`node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start()::'lambda'(void*)::_FUN(void*) + 123 frame #4: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f129312c053 libc.so.6`__clone + 67 thread #3, stop reason = signal 0 frame #0: 0x0000000000d6e0f4 node`v8::internal::MainMarkingVisitor<v8::internal::MajorMarkingState>::ShouldVisit(v8::internal::HeapObject) + 20 frame #1: 0x0000000000d7c8f1 node`unsigned long v8::internal::MarkCompactCollector::ProcessMarkingWorklist<(v8::internal::MarkCompactCollector::MarkingWorklistProcessingMode)0>(unsigned long) + 2785 frame #2: 0x0000000000d4e1c4 node`v8::internal::IncrementalMarking::Step(double, v8::internal::IncrementalMarking::CompletionAction, v8::internal::StepOrigin) + 276 frame #3: 0x0000000000d4ed44 node`v8::internal::IncrementalMarking::AdvanceOnAllocation() (.part.106) + 228 frame #4: 0x0000000000d4f178 node`v8::internal::IncrementalMarking::Observer::Step(int, unsigned long, unsigned long) + 216 frame #5: 0x0000000000d37e4f node`v8::internal::AllocationObserver::AllocationStep(int, unsigned long, unsigned long) + 47 frame #6: 0x0000000000db794f node`v8::internal::SpaceWithLinearArea::InlineAllocationStep(unsigned long, unsigned long, unsigned long, unsigned long) + 175 frame #7: 0x0000000000db7a4c node`v8::internal::NewSpace::EnsureAllocation(int, v8::internal::AllocationAlignment) + 188 frame #8: 0x0000000000d3ef72 node`v8::internal::Heap::AllocateRaw(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) + 290 frame #9: 0x0000000000d46b68 node`v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) + 40 frame #10: 0x0000000000d0c4a2 node`v8::internal::Factory::AllocateRaw(int, v8::internal::AllocationType, v8::internal::AllocationAlignment) + 146 frame #11: 0x0000000000d06324 node`v8::internal::FactoryBase<v8::internal::Factory>::AllocateRawWithImmortalMap(int, v8::internal::AllocationType, v8::internal::Map, v8::internal::AllocationAlignment) + 20 frame #12: 0x0000000000d06dc3 node`v8::internal::FactoryBase<v8::internal::Factory>::NewByteArray(int, v8::internal::AllocationType) + 51 frame #13: 0x0000000000e2c8a5 node`v8::internal::JsonParser<unsigned short>::BuildJsonObject(v8::internal::JsonParser<unsigned short>::JsonContinuation const&, std::vector<v8::internal::JsonProperty, std::allocator<v8::internal::JsonProperty> > const&, v8::internal::Handle<v8::internal::Map>) + 1077 frame #14: 0x0000000000e2e795 node`v8::internal::JsonParser<unsigned short>::ParseJsonValue() + 2565 frame #15: 0x0000000000e2ee8f node`v8::internal::JsonParser<unsigned short>::ParseJson() + 15 frame #16: 0x0000000000c24805 node`v8::internal::Builtin_Impl_JsonParse(v8::internal::BuiltinArguments, v8::internal::Isolate*) + 197 frame #17: 0x0000000000c24f06 node`v8::internal::Builtin_JsonParse(int, unsigned long*, v8::internal::Isolate*) + 22 frame #18: 0x0000000001401319 node`Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 57 frame #19: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #20: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #21: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #22: 0x0000176914ed8a07 frame #23: 0x00000000013944f9 node`Builtins_ArgumentsAdaptorTrampoline + 185 frame #24: 0x000000000139a5c2 node`Builtins_InterpreterEntryTrampoline + 194 frame #25: 0x0000176914ee1334 frame #26: 0x0000176914ed864c frame #27: 0x0000176914eda206 frame #28: 0x0000176914edefa2 frame #29: 0x0000176914ed62cc frame #30: 0x00000000013982da node`Builtins_JSEntryTrampoline + 90 frame #31: 0x00000000013980b8 node`Builtins_JSEntry + 120 frame #32: 0x0000000000cc2cf1 node`v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) + 449 frame #33: 0x0000000000cc3b5f node`v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) + 95 frame #34: 0x0000000000b8ba54 node`v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) + 324 frame #35: 0x000000000096ad61 node`node::InternalCallbackScope::Close() + 1233 frame #36: 0x000000000096b357 node`node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) + 647 frame #37: 0x0000000000978f69 node`node::AsyncWrap::MakeCallback(v8::Local<v8::Function>, int, v8::Local<v8::Value>*) + 121 frame #38: 0x0000000000acf2d8 node`node::StreamBase::CallJSOnreadMethod(long, v8::Local<v8::ArrayBuffer>, unsigned long, node::StreamBase::StreamBaseJSChecks) (.constprop.105) + 168 frame #39: 0x0000000000ad2cc6 node`node::EmitToJSStreamListener::OnStreamRead(long, uv_buf_t const&) + 886 frame #40: 0x0000000000adc2b8 node`node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) + 120 frame #41: 0x0000000001387267 node`uv__read(stream=0x0000000005999cf0) at stream.c:1239:7 frame #42: 0x0000000001387c20 node`uv__stream_io(loop=<unavailable>, w=0x0000000005999d78, events=1) at stream.c:1306:5 frame #43: 0x000000000138e615 node`uv__io_poll at linux-core.c:462:11 frame #44: 0x000000000137c468 node`uv_run(loop=0x000000000446c7c0, mode=UV_RUN_DEFAULT) at core.c:385:5 frame #45: 0x0000000000a44974 node`node::NodeMainInstance::Run() + 580 frame #46: 0x00000000009d1e15 node`node::Start(int, char**) + 277 frame #47: 0x00007f1293054b25 libc.so.6`__libc_start_main + 213 frame #48: 0x00000000009694cc node`_start + 41 thread #4, stop reason = signal 0 frame #0: 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f1293209260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f129312c053 libc.so.6`__clone + 67 thread #5, stop reason = signal 0 frame #0: 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f1293209260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f129312c053 libc.so.6`__clone + 67 thread #6, stop reason = signal 0 frame #0: 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f129320bb98 libpthread.so.0`__new_sem_wait_slow64.constprop.0 + 152 frame #2: 0x000000000138a312 node`uv_sem_wait at thread.c:626:9 frame #3: 0x000000000138a300 node`uv_sem_wait(sem=0x0000000004465600) at thread.c:682 frame #4: 0x0000000000afbd45 node`node::inspector::(anonymous namespace)::StartIoThreadMain(void*) + 53 frame #5: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #6: 0x00007f129312c053 libc.so.6`__clone + 67 thread #7, stop reason = signal 0 frame #0: 0x0000000000cfd8d3 node`std::__detail::_Map_base<v8::internal::MemoryChunk*, std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData>, std::allocator<std::pair<v8::internal::MemoryChunk* const, v8::internal::MemoryChunkData> >, std::__detail::_Select1st, std::equal_to<v8::internal::MemoryChunk*>, v8::internal::MemoryChunk::Hasher, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true>, true>::operator[](v8::internal::MemoryChunk* const&) + 19 frame #1: 0x0000000000cfdbf9 node`v8::internal::ConcurrentMarkingVisitor::ShouldVisit(v8::internal::HeapObject) + 185 frame #2: 0x0000000000d02735 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 12997 frame #3: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #4: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #5: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #6: 0x00007f129312c053 libc.so.6`__clone + 67 thread #8, stop reason = signal 0 frame #0: 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f1293209260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f129312c053 libc.so.6`__clone + 67 thread #9, stop reason = signal 0 frame #0: 0x0000000000cff98e node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 1310 frame #1: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #2: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #3: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #4: 0x00007f129312c053 libc.so.6`__clone + 67 thread #10, stop reason = signal 0 frame #0: 0x00007f129320f9ba libpthread.so.0`__futex_abstimed_wait_common64 + 202 frame #1: 0x00007f1293209260 libpthread.so.0`pthread_cond_wait@@GLIBC_2.3.2 + 512 frame #2: 0x000000000138a4d9 node`uv_cond_wait at thread.c:780:7 frame #3: 0x0000000001376ed4 node`worker(arg=0x0000000000000000) at threadpool.c:76:7 frame #4: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #5: 0x00007f129312c053 libc.so.6`__clone + 67 thread #11, stop reason = signal 0 frame #0: 0x00007f129320c6e0 libpthread.so.0`__lll_lock_wait + 48 frame #1: 0x00007f1293205573 libpthread.so.0`__pthread_mutex_lock + 227 frame #2: 0x0000000000d02eb2 node`v8::internal::ConcurrentMarking::Run(int, v8::internal::ConcurrentMarking::TaskState*) + 14914 frame #3: 0x0000000000c6c9eb node`non-virtual thunk to v8::internal::CancelableTask::Run() + 59 frame #4: 0x0000000000a71405 node`node::(anonymous namespace)::PlatformWorkerThread(void*) + 405 frame #5: 0x00007f1293203299 libpthread.so.0`start_thread + 233 frame #6: 0x00007f129312c053 libc.so.6`__clone + 67

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Node.js v14.15.5 segfault in v8::internal::ConcurrentMarking::Run #37553

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

1. Coredump

General information about node instance

List of all threads

Threads' backtrace

2. Coredump

List of all threads

Threads' backtrace

3. Coredump

List of all threads

Threads' backtrace

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Node.js v14.15.5 segfault in v8::internal::ConcurrentMarking::Run #37553

Description

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

1. Coredump

General information about node instance

List of all threads

Threads' backtrace

2. Coredump

List of all threads

Threads' backtrace

3. Coredump

List of all threads

Threads' backtrace

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions