Crash Issue Encountered in V8 Version 11.0.20.226 During Heap Snapshot

218 views
Skip to first unread message

苏世睿

unread,
Nov 29, 2023, 3:25:36 AM11/29/23
to v8-dev
Hi all,
I have compiled a debug version of the V8 dynamic library for an Android project. However, a crash has occurred while performing a Heap Snapshot. The details of the issue, including the crash stack, are as follows:

                                                                                                    # Fatal error in ../src/heap/heap-inl.h, line 251

                                                                                                    # Debug check failed: AllowHeapAllocation::IsAllowed().

                                                                                                    #FailureMessage Object: 0x6fd5268d80

V8_Fatal(char const*, int, char const*, ...) logging.cc:203
v8::base::(anonymous namespace)::DefaultDcheckHandler(char const*, int, char const*) logging.cc:64
v8::internal::AllocationResult v8::internal::HeapAllocator::AllocateRaw<(v8::internal::AllocationType)0>(int, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) heap-allocator-inl.h:66
v8::internal::HeapObject v8::internal::HeapAllocator::AllocateRawWith<(v8::internal::HeapAllocator::AllocationRetryMode)1>(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) heap-allocator-inl.h:221
v8::internal::Factory::AllocateRaw(int, v8::internal::AllocationType, v8::internal::AllocationAlignment) factory.cc:344
v8::internal::FactoryBase<v8::internal::Factory>::AllocateRaw(int, v8::internal::AllocationType, v8::internal::AllocationAlignment) factory-base.cc:1140
v8::internal::FactoryBase<v8::internal::Factory>::AllocateRawWithImmortalMap(int, v8::internal::AllocationType, v8::internal::Map, v8::internal::AllocationAlignment) factory-base.cc:1131
v8::internal::MaybeHandle<v8::internal::SeqOneByteString> v8::internal::FactoryBase<v8::internal::Factory>::NewRawStringWithMap<v8::internal::SeqOneByteString>(int, v8::internal::Map, v8::internal::AllocationType) factory-base.cc:675
v8::internal::FactoryBase<v8::internal::Factory>::NewRawOneByteString(int, v8::internal::AllocationType) factory-base.cc:687
v8::internal::Factory::NewStringFromTwoByte(unsigned short const*, int, v8::internal::AllocationType) factory.cc:931
v8::(anonymous namespace)::NewString(v8::internal::Factory*, v8::NewStringType, v8::base::Vector<unsigned short const>) api.cc:7147
v8::String::NewFromTwoByte(v8::Isolate*, unsigned short const*, v8::NewStringType, int) api.cc:7204
convertToString(v8::Global<v8::Context> const&, v8::Isolate*, v8_inspector::StringView) v8inspector_channel.cpp:32
V8InspectorChannelImpl::sendNotification(std::__ndk1::unique_ptr<v8_inspector::StringBuffer, std::__ndk1::default_delete<v8_inspector::StringBuffer>>) v8inspector_channel.cpp:54
v8_inspector::V8InspectorSessionImpl::SendProtocolNotification(std::__ndk1::unique_ptr<v8_crdtp::Serializable, std::__ndk1::default_delete<v8_crdtp::Serializable>>) v8-inspector-session-impl.cc:221
non-virtual thunk to v8_inspector::V8InspectorSessionImpl::SendProtocolNotification(std::__ndk1::unique_ptr<v8_crdtp::Serializable, std::__ndk1::default_delete<v8_crdtp::Serializable>>) 0x0000005593df4290
v8_inspector::protocol::HeapProfiler::Frontend::reportHeapSnapshotProgress(int, int, v8_crdtp::detail::ValueMaybe<bool>) 0x0000005593d987f4

v8_inspector::(anonymous namespace)::HeapSnapshotProgress::ReportProgressValue(unsigned int, unsigned int) v8-heap-profiler-agent-impl.cc:40
v8::internal::HeapSnapshotGenerator::ProgressReport(bool) heap-snapshot-generator.cc:2765

v8::internal::V8HeapExplorer::IterateAndExtractReferences(v8::internal::HeapSnapshotGenerator*) heap-snapshot-generator.cc:2115

v8::internal::HeapSnapshotGenerator::FillReferences() heap-snapshot-generator.cc:2778
v8::internal::HeapSnapshotGenerator::GenerateSnapshot() heap-snapshot-generator.cc:2737
v8::internal::HeapProfiler::TakeSnapshot(v8::HeapProfiler::HeapSnapshotOptions) heap-profiler.cc:96
v8::HeapProfiler::TakeHeapSnapshot(v8::HeapProfiler::HeapSnapshotOptions const&) api.cc:10670
v8_inspector::V8HeapProfilerAgentImpl::takeHeapSnapshot(v8_crdtp::detail::ValueMaybe<bool>, v8_crdtp::detail::ValueMaybe<bool>, v8_crdtp::detail::ValueMaybe<bool>, v8_crdtp::detail::ValueMaybe<bool>) v8-heap-profiler-agent-impl.cc:298
v8_inspector::protocol::HeapProfiler::DomainDispatcherImpl::takeHeapSnapshot(v8_crdtp::Dispatchable const&) 0x0000005593d9a184

dinf...@chromium.org

unread,
Dec 1, 2023, 3:46:30 AM12/1/23
to v8-dev
Hi!

Please file a bug for this with information on how to reproduce this on tip-of-tree. Thanks!

苏世睿

unread,
Dec 3, 2023, 11:49:08 PM12/3/23
to v8-dev
I just found a simply way to reproduce this:
Firstly, build d8 with the following args.gn:

is_debug = true

symbol_level=2

target_cpu = "x64"

v8_target_cpu = "x64"


Then, Create a file named inspector-demo.js:

// inspector-demo.js

// Receiver function called by d8.

function receive(message) {

  print(message)

}


const msg = JSON.stringify({

  id: 0,

  method: 'HeapProfiler.takeHeapSnapshot',

  params: {

          reportProgress: true,

          captureNumericValue: false,

          exposeInternals: false}

});


// Call the function provided by d8.

send(msg);


finally,Run this file by executing 'd8 --enable-inspector inspector-demo.js'.

苏世睿

unread,
Dec 13, 2023, 3:30:38 AM12/13/23
to v8-dev

Hi! Is there any progress on this? 
Or am I currently performing a non-standard operation?
Message has been deleted

Clemens Backes

unread,
Jan 8, 2024, 5:49:37 AM1/8/24
to v8-...@googlegroups.com
I uploaded this to Clusterfuzz, which resulted in https://crbug.com/1515833.

On Wed, Dec 13, 2023 at 2:24 PM 苏世睿 <shir...@gmail.com> wrote:
Hi! Is there any progress on this? 
Or am I currently performing a non-standard operation?

苏世睿 <shir...@gmail.com> 于2023年12月4日周一 12:49写道:
--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/409a9bd7-303e-4022-89d7-96a8c7e5bfabn%40googlegroups.com.

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CABNx07W8eP_g4vVTwHh89SRU7DnnCAAYSTf%3D4L34UkD%3DiDD%2BUg%40mail.gmail.com.


--

Clemens Backes

Software Engineer

clem...@google.com

Google Germany GmbH

Erika-Mann-Straße 33

80636 München


Geschäftsführer: Paul Manicle, Liana Sebastian   

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg


Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.


This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.


Message has been deleted

苏世睿

unread,
Jan 11, 2024, 10:25:38 PM1/11/24
to v8-dev
Thank you .
Reply all
Reply to author
Forward
0 new messages