Skip to content

DCHECK crash in heap::base::Stack::SaveContext #246

Closed
@codebytere

Description

@codebytere

As of https://chromium-review.googlesource.com/c/v8/v8/+/4017512, there is a worker test that crashes deterministically in Node.js: parallel/test-worker-init-failure with the following stacktrace:

Stacktrace
not ok 2980 parallel/test-worker-init-failure
  ---
  duration_ms: 2.908
  severity: fail
  exitcode: 1
  stack: |-
    child stdout: 
    
    child stderr: 
    
    #
    # Fatal error in ../../v8/src/heap/base/stack.cc, line 190
    # Debug check failed: check_invariant implies IsOnCurrentStack(stack_start_).
    #
    #
    #
    #FailureMessage Object: 0x7fffe11bcff0
     1: 0x55f4adeaa0b2  [/home/builduser/project/src/out/Default/electron]
     2: 0x55f4aa69dff9  [/home/builduser/project/src/out/Default/electron]
     3: 0x55f4aa69dc15  [/home/builduser/project/src/out/Default/electron]
     4: 0x55f4a67b2aaa heap::base::Stack::SaveContext(bool) [/home/builduser/project/src/out/Default/electron]
     5: 0x55f4a5c1b644 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [/home/builduser/project/src/out/Default/electron]
     6: 0x55f4a5c0fb79 v8::internal::HeapAllocator::AllocateRawWithLightRetrySlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [/home/builduser/project/src/out/Default/electron]
     7: 0x55f4a5c0fc25 v8::internal::HeapAllocator::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [/home/builduser/project/src/out/Default/electron]
     8: 0x55f4a5bd523c v8::internal::Factory::NewFillerObject(int, v8::internal::AllocationAlignment, v8::internal::AllocationType, v8::internal::AllocationOrigin) [/home/builduser/project/src/out/Default/electron]
     9: 0x55f4a6266846  [/home/builduser/project/src/out/Default/electron]
    10: 0x55f4a6266358  [/home/builduser/project/src/out/Default/electron]
    11: 0x55f43feb2c78 
    Trace/breakpoint trap (core dumped)
    
    
    node:assert:124
      throw new AssertionError(obj);
      ^
    
    AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
    
    133 !== 0
    
        at ChildProcess.<anonymous> (/home/builduser/project/src/third_party/electron_node/test/parallel/test-worker-init-failure.js:69:12)
        at ChildProcess.<anonymous> (/home/builduser/project/src/third_party/electron_node/test/common/index.js:446:15)
        at ChildProcess.emit (node:events:513:28)
        at ChildProcess._handle.onexit (node:internal/child_process:291:12) {
      generatedMessage: true,
      code: 'ERR_ASSERTION',
      actual: 133,
      expected: 0,
      operator: 'strictEqual'
    }
    
    Node.js v18.12.1

I'm not quite sure why this is happening, but there is a comment in the CL:

With WASM stack switching, the main invariant is violated, as the current active stack may call JS/Blink/GC and reside somewhere else.

that indicates it may have to do with stack intricacies in a Worker context?

cc @targos

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions