Closed
Description
Environment:
- Version: v12.13.1
- Platform: Linux server 4.4.0-36-generic (Ubuntu - 20GB RAM)
Probably a V8 issue, but can severely affect the stability of node.js processes.
This issue doesn't reproduce with node 10.13, only with node 12.
With the below simple code, I manage to get an internal array with more than 112M cells which cause the 'invalid array length' fatal error.
This isn't a real 'out of memory' issue, but an array size limit error.
It reproduces also when increasing the old space size using '--max-old-space-size=8192' (process halts ~1.2GB in any case).
"use strict";
const co = require('co');
function* test() {
for (let i = 0; i < 1000000000; i++) {
function* a() {}
yield* a();
if (i % 1000000 == 0) {
console.log("Cycle", i, process.memoryUsage().heapUsed);
}
}
}
co(function*(){
yield* test();
})
After few minutes at cycle 105M, the node process crash with the following error:
Cycle 105000000 1176098488
<--- Last few GCs --->
[6422:0x3a3feb0] 262277 ms: Scavenge 1161.3 (1178.4) -> 1150.5 (1181.7) MB, 6.2 / 0.0 ms (average mu = 0.939, current mu = 0.939) allocation failure
[6422:0x3a3feb0] 262336 ms: Scavenge 1174.1 (1191.4) -> 1163.3 (1194.7) MB, 6.5 / 0.0 ms (average mu = 0.939, current mu = 0.939) allocation failure
[6422:0x3a3feb0] 262395 ms: Scavenge 1186.8 (1203.9) -> 1176.0 (1207.2) MB, 7.0 / 0.0 ms (average mu = 0.939, current mu = 0.939) allocation failure
<--- JS stacktrace --->
==== JS stack trace =========================================
0: ExitFrame [pc: 0x1374fd9]
Security context: 0x2d89a7ac08a1 <JSObject>
1: test(aka test) [0x3038f06001e9] [/home/test_generators/test_generators.js:~4] [pc=0x3dbc7f842f1e](this=0x38a3372404a9 <undefined>)
2: next [0x2d89a7ae3651](this=0x3038f0600149 <JSGenerator>,0x38a3372404a9 <undefined>)
3: /* anonymous */ [0x3038f06002c9] [/home/test_generators/test_generators.js:15] [bytecode=0x10099225ec79 offset=88](th...
FATAL ERROR: invalid array length Allocation failed - JavaScript heap out of memory
1: 0x9da7c0 node::Abort() [node]
2: 0x9db976 node::OnFatalError(char const*, char const*) [node]
3: 0xb39f1e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node]
4: 0xb3a299 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node]
5: 0xce5635 [node]
6: 0xcc24a5 v8::internal::Factory::CopyWeakArrayListAndGrow(v8::internal::Handle<v8::internal::WeakArrayList>, int, v8::internal::AllocationType) [node]
7: 0xebe86a v8::internal::WeakArrayList::EnsureSpace(v8::internal::Isolate*, v8::internal::Handle<v8::internal::WeakArrayList>, int, v8::internal::AllocationType) [node]
8: 0xebeb3b v8::internal::PrototypeUsers::Add(v8::internal::Isolate*, v8::internal::Handle<v8::internal::WeakArrayList>, v8::internal::Handle<v8::internal::Map>, int*) [node]
9: 0xe88054 v8::internal::JSObject::LazyRegisterPrototypeUser(v8::internal::Handle<v8::internal::Map>, v8::internal::Isolate*) [node]
10: 0xeb1384 v8::internal::Map::GetOrCreatePrototypeChainValidityCell(v8::internal::Handle<v8::internal::Map>, v8::internal::Isolate*) [node]
11: 0xd68e5c v8::internal::LoadHandler::LoadFromPrototype(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Map>, v8::internal::Handle<v8::internal::JSReceiver>, v8::internal::Handle<v8::internal::Smi>, v8::internal::MaybeObjectHandle, v8::internal::MaybeObjectHandle) [node]
12: 0xd70e67 v8::internal::LoadIC::ComputeHandler(v8::internal::LookupIterator*) [node]
13: 0xd77bcd v8::internal::LoadIC::UpdateCaches(v8::internal::LookupIterator*) [node]
14: 0xd7824c v8::internal::LoadIC::Load(v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Name>) [node]
15: 0xd7cf01 v8::internal::Runtime_LoadIC_Miss(int, unsigned long*, v8::internal::Isolate*) [node]
16: 0x1374fd9 [node]
Aborted (core dumped)
Should I open a bug to V8 regarding this issue?