version 6.2.1 always got Segment Fault error and crash #7454

mike442144 · 2016-06-28T04:16:21Z

Version:6.2.1, compile from source code and install use make
Platform:Ubuntu 12.04 and 14.04
Subsystem:

With node upgraded to 6.2.1, we got 'Segment Fault error' in several projects. It doesn't happen every time, but the probability is rather high. We've tried 'npm rebuild' according to google search result implying this may have something to do with node native modules. The error still remains.
What's your advice?

bnoordhuis · 2016-06-28T06:58:09Z

Do your projects use native add-ons (find node_modules/ -name \*.node)? If so, start by excluding those.

If crashes still happen, try collecting a backtrace. Turn on core dumps (ulimit -c unlimited) and after a crash, inspect it in gdb: gdb node core, then type thread apply all backtrace full.

Core dumps are normally written to the current working directory but your distro can reconfigure that, see sysctl kernel.core_pattern.

mike442144 · 2016-06-28T11:01:05Z

@bnoordhuis Thanks a lot, firstly, I have no native add-ons in my project, and then we've got a core dump, let me try thread apply all backtrace full.

mike442144 · 2016-06-28T11:13:32Z

@bnoordhuis I have done that, below is all track, what's the matter?

Thread 10 (Thread 0x7fb7edc25700 (LWP 3370)):
#0  0x00007fb7eeff4fd0 in sem_wait ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001131ea8 in v8::base::Semaphore::Wait() ()
No symbol table info available.
#2  0x0000000000fce039 in v8::platform::TaskQueue::GetNext() ()
No symbol table info available.
#3  0x0000000000fce18c in v8::platform::WorkerThread::Run() ()
No symbol table info available.
#4  0x0000000001133190 in v8::base::ThreadEntry(void*) ()
No symbol table info available.
#5  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#6  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#7  0x0000000000000000 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---

Thread 9 (Thread 0x7fb7deffd700 (LWP 3375)):
#0  0x00007fb7eeff2d84 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001128509 in uv_cond_wait (cond=<optimised out>, 
    mutex=<optimised out>) at ../deps/uv/src/unix/thread.c:443
No locals.
#2  0x0000000001119868 in worker (arg=<optimised out>)
    at ../deps/uv/src/threadpool.c:75
        w = <optimised out>
        q = <optimised out>
#3  0x0000000001128031 in uv__thread_start (arg=<optimised out>)
    at ../deps/uv/src/unix/thread.c:52
        ctx_p = <optimised out>
        ctx = {entry = 0x1119820 <worker>, arg = 0x0}
#4  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#5  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 8 (Thread 0x7fb7df7fe700 (LWP 3374)):
#0  0x00007fb7eeff2d84 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001128509 in uv_cond_wait (cond=<optimised out>, 
    mutex=<optimised out>) at ../deps/uv/src/unix/thread.c:443
No locals.
#2  0x0000000001119868 in worker (arg=<optimised out>)
    at ../deps/uv/src/threadpool.c:75
        w = <optimised out>
        q = <optimised out>
#3  0x0000000001128031 in uv__thread_start (arg=<optimised out>)
    at ../deps/uv/src/unix/thread.c:52
        ctx_p = <optimised out>
        ctx = {entry = 0x1119820 <worker>, arg = 0x0}
#4  0x00007fb7eefeee9a in start_thread ()
---Type <return> to continue, or q <return> to quit---
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#5  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 7 (Thread 0x7fb7dffff700 (LWP 3373)):
#0  0x00007fb7eeff2d84 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001128509 in uv_cond_wait (cond=<optimised out>, 
    mutex=<optimised out>) at ../deps/uv/src/unix/thread.c:443
No locals.
#2  0x0000000001119868 in worker (arg=<optimised out>)
    at ../deps/uv/src/threadpool.c:75
        w = <optimised out>
        q = <optimised out>
#3  0x0000000001128031 in uv__thread_start (arg=<optimised out>)
    at ../deps/uv/src/unix/thread.c:52
---Type <return> to continue, or q <return> to quit---
        ctx_p = <optimised out>
        ctx = {entry = 0x1119820 <worker>, arg = 0x0}
#4  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#5  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 6 (Thread 0x7fb7ec922700 (LWP 3372)):
#0  0x00007fb7eeff2d84 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001128509 in uv_cond_wait (cond=<optimised out>, 
    mutex=<optimised out>) at ../deps/uv/src/unix/thread.c:443
No locals.
#2  0x0000000001119868 in worker (arg=<optimised out>)
    at ../deps/uv/src/threadpool.c:75
        w = <optimised out>
---Type <return> to continue, or q <return> to quit---
        q = <optimised out>
#3  0x0000000001128031 in uv__thread_start (arg=<optimised out>)
    at ../deps/uv/src/unix/thread.c:52
        ctx_p = <optimised out>
        ctx = {entry = 0x1119820 <worker>, arg = 0x0}
#4  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#5  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 5 (Thread 0x7fb7ed424700 (LWP 3371)):
#0  0x00007fb7eeff4fd0 in sem_wait ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001131ea8 in v8::base::Semaphore::Wait() ()
No symbol table info available.
#2  0x0000000000fce039 in v8::platform::TaskQueue::GetNext() ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#3  0x0000000000fce18c in v8::platform::WorkerThread::Run() ()
No symbol table info available.
#4  0x0000000001133190 in v8::base::ThreadEntry(void*) ()
No symbol table info available.
#5  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#6  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#7  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 4 (Thread 0x7fb7ee426700 (LWP 3369)):
#0  0x00007fb7eeff4fd0 in sem_wait ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001131ea8 in v8::base::Semaphore::Wait() ()
No symbol table info available.
#2  0x0000000000fce039 in v8::platform::TaskQueue::GetNext() ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#3  0x0000000000fce18c in v8::platform::WorkerThread::Run() ()
No symbol table info available.
#4  0x0000000001133190 in v8::base::ThreadEntry(void*) ()
No symbol table info available.
#5  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#6  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#7  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 3 (Thread 0x7fb7eec27700 (LWP 3368)):
#0  0x00007fb7eeff4fd0 in sem_wait ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001131ea8 in v8::base::Semaphore::Wait() ()
No symbol table info available.
#2  0x0000000000fce039 in v8::platform::TaskQueue::GetNext() ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#3  0x0000000000fce18c in v8::platform::WorkerThread::Run() ()
No symbol table info available.
#4  0x0000000001133190 in v8::base::ThreadEntry(void*) ()
No symbol table info available.
#5  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#6  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#7  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 2 (Thread 0x7fb7f0054700 (LWP 3367)):
#0  0x00007fb7eeff4fd0 in sem_wait ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1  0x0000000001128368 in uv_sem_wait (sem=0x1b85da0)
    at ../deps/uv/src/unix/thread.c:330
        r = <optimised out>
---Type <return> to continue, or q <return> to quit---
#2  0x0000000000f5ffe2 in node::DebugSignalThreadMain(void*) ()
No symbol table info available.
#3  0x00007fb7eefeee9a in start_thread ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#4  0x00007fb7eed1b8bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#5  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 0x7fb7f0046740 (LWP 3366)):
#0  0x0000000000dd2c09 in v8::internal::Runtime::CreateArrayLiteralBoilerplate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::LiteralsArray>, v8::internal::Handle<v8::internal::FixedArray>, bool) ()
No symbol table info available.
#1  0x0000000000dd3deb in v8::internal::CreateArrayLiteralImpl(v8::internal::Isolate*, v8::internal::Handle<v8::internal::LiteralsArray>, int, v8::internal::Handle<v8::internal::FixedArray>, int) ()
No symbol table info available.
#2  0x0000000000dd4c70 in v8::internal::Runtime_CreateArrayLiteral(int, v8::inte---Type <return> to continue, or q <return> to quit---
rnal::Object**, v8::internal::Isolate*) ()
No symbol table info available.
#3  0x000026658380961b in ?? ()
No symbol table info available.
#4  0x00007fffecba0b50 in ?? ()
No symbol table info available.
#5  0x0000266583809561 in ?? ()
No symbol table info available.
#6  0x00007fffecba0af0 in ?? ()
No symbol table info available.
#7  0x00007fffecba0b68 in ?? ()
No symbol table info available.
#8  0x0000266583ba590b in ?? ()
No symbol table info available.
#9  0x0000000300000000 in ?? ()
No symbol table info available.
#10 0x00003d4783904139 in ?? ()
No symbol table info available.
#11 0x0000000100000000 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#12 0x000037441c023749 in ?? ()
No symbol table info available.
#13 0x00007fffecba0ca8 in ?? ()
No symbol table info available.
#14 0x00003d47839ac529 in ?? ()
No symbol table info available.
#15 0x000037441c023719 in ?? ()
No symbol table info available.
#16 0x000037441c01d679 in ?? ()
No symbol table info available.
#17 0x000037441c023749 in ?? ()
No symbol table info available.
#18 0x000037441c01d679 in ?? ()
No symbol table info available.
#19 0x00007fffecba0ba0 in ?? ()
No symbol table info available.
#20 0x000026658380d157 in ?? ()
No symbol table info available.
#21 0x000037441c01d731 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#22 0x00003d47839e3fc1 in ?? ()
No symbol table info available.
#23 0x0000000300000000 in ?? ()
No symbol table info available.
#24 0x000037441c023749 in ?? ()
No symbol table info available.
#25 0x0000000b00000000 in ?? ()
No symbol table info available.
#26 0x00007fffecba0c00 in ?? ()
No symbol table info available.
#27 0x0000266583b9db1f in ?? ()
No symbol table info available.
#28 0x000037441c022361 in ?? ()
No symbol table info available.
#29 0x0000000000000000 in ?? ()
No symbol table info available.

bnoordhuis · 2016-06-28T11:35:04Z

Thanks. Is it possible for you to try a debug build? You can compile one with make -j8 -C out BUILDTYPE=Debug. The binary is placed in out/Debug.

As a quick sanity check, can you open the core file with gdb and run this?

> thread 1
> info registers
> disassemble

mike442144 · 2016-06-28T12:26:38Z

(gdb) info registers
rax            0x75100000   1963982848
rbx            0x1bbbdc0    29081024
rcx            0x20 32
rdx            0x1bfc1e8    29344232
rsi            0x751cac6e   1964813422
rdi            0x0  0
rbp            0x7fffecba09b0   0x7fffecba09b0
rsp            0x7fffecba0910   0x7fffecba0910
r8             0x1  1
r9             0x3d4783904189   67377359241609
r10            0x1bbd700    29087488
r11            0x37441c0237d1   60765667211217
r12            0x0  0
r13            0xb5d    2909
r14            0x0  0
r15            0x1bfc1c8    29344200
rip            0xdd2c09 0xdd2c09 <v8::internal::Runtime::CreateArrayLiteralBoilerplate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::LiteralsArray>, v8::internal::Handle<v8::internal::FixedArray>, bool)+137>
eflags         0x10206  [ PF IF RF ]
cs             0x33 51
ss             0x2b 43
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0
(gdb) disassemble
Dump of assembler code for function _ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb:
   0x0000000000dd2b80 <+0>: push   %rbp
   0x0000000000dd2b81 <+1>: mov    %rsp,%rbp
   0x0000000000dd2b84 <+4>: push   %r15
   0x0000000000dd2b86 <+6>: push   %r14
   0x0000000000dd2b88 <+8>: mov    %r8d,%r14d
   0x0000000000dd2b8b <+11>:    push   %r13
   0x0000000000dd2b8d <+13>:    mov    %rcx,%r13
   0x0000000000dd2b90 <+16>:    push   %r12
   0x0000000000dd2b92 <+18>:    mov    %r8d,%r12d
   0x0000000000dd2b95 <+21>:    push   %rbx
   0x0000000000dd2b96 <+22>:    mov    %rsi,%rbx
   0x0000000000dd2b99 <+25>:    sub    $0x78,%rsp
   0x0000000000dd2b9d <+29>:    mov    %rdi,-0x68(%rbp)
   0x0000000000dd2ba1 <+33>:    mov    %rsi,%rdi
   0x0000000000dd2ba4 <+36>:    mov    %rdx,-0x60(%rbp)
   0x0000000000dd2ba8 <+40>:    callq  0xc8bb90 <_ZN2v88internal7Isolate14native_contextEv>
   0x0000000000dd2bad <+45>:    mov    0x1a40(%rbx),%rdi
   0x0000000000dd2bb4 <+52>:    mov    (%rax),%rax
   0x0000000000dd2bb7 <+55>:    test   %rdi,%rdi
   0x0000000000dd2bba <+58>:    mov    0x5f(%rax),%rsi
   0x0000000000dd2bbe <+62>:    je     0xdd2db8 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+568>
   0x0000000000dd2bc4 <+68>:    callq  0xbda380 <_ZN2v88internal20CanonicalHandleScope6LookupEPNS0_6ObjectE>
   0x0000000000dd2bc9 <+73>:    mov    %rax,%rsi
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2bcc <+76>:    mov    -0x60(%rbp),%rax
   0x0000000000dd2bd0 <+80>:    mov    $0x1,%edx
   0x0000000000dd2bd5 <+85>:    mov    (%rax),%rcx
   0x0000000000dd2bd8 <+88>:    mov    %rcx,%rdi
   0x0000000000dd2bdb <+91>:    and    $0x3,%edi
   0x0000000000dd2bde <+94>:    cmp    $0x1,%rdi
   0x0000000000dd2be2 <+98>:    je     0xdd2ea0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+800>
   0x0000000000dd2be8 <+104>:   mov    %rbx,%rdi
   0x0000000000dd2beb <+107>:   callq  0xbb8ac0 <_ZN2v88internal7Factory11NewJSObjectENS0_6HandleINS0_10JSFunctionEEENS0_13PretenureFlagE>
   0x0000000000dd2bf0 <+112>:   mov    %rax,-0x70(%rbp)
   0x0000000000dd2bf4 <+116>:   mov    0x0(%r13),%rax
   0x0000000000dd2bf8 <+120>:   mov    0x17(%rax),%rsi
   0x0000000000dd2bfc <+124>:   movslq 0x13(%rax),%r13
   0x0000000000dd2c00 <+128>:   mov    %rsi,%rax
   0x0000000000dd2c03 <+131>:   and    $0xfffffffffff00000,%rax
=> 0x0000000000dd2c09 <+137>:   mov    0x38(%rax),%r15
   0x0000000000dd2c0d <+141>:   lea    -0x20(%r15),%rdx
   0x0000000000dd2c11 <+145>:   mov    0x1a40(%rdx),%rdi
   0x0000000000dd2c18 <+152>:   test   %rdi,%rdi
   0x0000000000dd2c1b <+155>:   je     0xdd2e78 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+760>
   0x0000000000dd2c21 <+161>:   callq  0xbda380 <_ZN2v88internal20CanonicalHandleScope6LookupEPNS0_6ObjectE>
   0x0000000000dd2c26 <+166>:   mov    %rax,%r15
   0x0000000000dd2c29 <+169>:   mov    0x1948(%rbx),%rax
   0x0000000000dd2c30 <+176>:   cmp    $0x1,%r12b
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2c34 <+180>:   mov    0x27(%rax),%rdx
   0x0000000000dd2c38 <+184>:   sbb    %eax,%eax
   0x0000000000dd2c3a <+186>:   and    $0xfffffffa,%eax
   0x0000000000dd2c3d <+189>:   lea    0x33(%rax,%r13,1),%eax
   0x0000000000dd2c42 <+194>:   shl    $0x3,%eax
   0x0000000000dd2c45 <+197>:   cltq   
   0x0000000000dd2c47 <+199>:   mov    0xf(%rdx,%rax,1),%rcx
   0x0000000000dd2c4c <+204>:   mov    -0x70(%rbp),%rax
   0x0000000000dd2c50 <+208>:   mov    (%rax),%rsi
   0x0000000000dd2c53 <+211>:   test   %rcx,%rcx
   0x0000000000dd2c56 <+214>:   mov    %rcx,-0x1(%rsi)
   0x0000000000dd2c5a <+218>:   je     0xdd2c86 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+262>
   0x0000000000dd2c5c <+220>:   mov    %rcx,%rax
   0x0000000000dd2c5f <+223>:   and    $0xfffffffffff00000,%rax
   0x0000000000dd2c65 <+229>:   mov    0x38(%rax),%rax
   0x0000000000dd2c69 <+233>:   mov    0x1488(%rax),%rdi
   0x0000000000dd2c70 <+240>:   cmpl   $0x1,0x28(%rdi)
   0x0000000000dd2c74 <+244>:   jle    0xdd2c86 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+262>
   0x0000000000dd2c76 <+246>:   mov    %rcx,%rax
   0x0000000000dd2c79 <+249>:   and    $0x3,%eax
   0x0000000000dd2c7c <+252>:   cmp    $0x1,%rax
   0x0000000000dd2c80 <+256>:   je     0xdd2ec0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+832>
   0x0000000000dd2c86 <+262>:   sub    $0x4,%r13d
   0x0000000000dd2c8a <+266>:   cmp    $0x1,%r13d
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2c8e <+270>:   jbe    0xdd2ed8 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+856>
   0x0000000000dd2c94 <+276>:   mov    (%r15),%r12
   0x0000000000dd2c97 <+279>:   mov    -0x1(%r12),%rax
   0x0000000000dd2c9c <+284>:   cmp    %rax,0x138(%rbx)
   0x0000000000dd2ca3 <+291>:   je     0xdd2d40 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+448>
   0x0000000000dd2ca9 <+297>:   mov    %r15,%rsi
   0x0000000000dd2cac <+300>:   mov    %rbx,%rdi
   0x0000000000dd2caf <+303>:   xor    %r13d,%r13d
   0x0000000000dd2cb2 <+306>:   callq  0xbb4d90 <_ZN2v88internal7Factory14CopyFixedArrayENS0_6HandleINS0_10FixedArrayEEE>
   0x0000000000dd2cb7 <+311>:   mov    %rax,-0x78(%rbp)
   0x0000000000dd2cbb <+315>:   mov    (%r15),%rax
   0x0000000000dd2cbe <+318>:   mov    $0xf,%r12d
   0x0000000000dd2cc4 <+324>:   mov    0xb(%rax),%r9d
   0x0000000000dd2cc8 <+328>:   test   %r9d,%r9d
   0x0000000000dd2ccb <+331>:   jle    0xdd2d36 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+438>
   0x0000000000dd2ccd <+333>:   movzbl %r14b,%eax
   0x0000000000dd2cd1 <+337>:   mov    %eax,-0x7c(%rbp)
   0x0000000000dd2cd4 <+340>:   mov    %rbx,%rax
   0x0000000000dd2cd7 <+343>:   mov    %r15,%rbx
   0x0000000000dd2cda <+346>:   mov    %rax,%r15
   0x0000000000dd2cdd <+349>:   mov    0x1a30(%r15),%rax
   0x0000000000dd2ce4 <+356>:   mov    0x1a28(%r15),%r14
   0x0000000000dd2ceb <+363>:   mov    %rax,-0x48(%rbp)
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2cef <+367>:   mov    0x1a38(%r15),%eax
   0x0000000000dd2cf6 <+374>:   lea    0x1(%rax),%edx
   0x0000000000dd2cf9 <+377>:   mov    %edx,0x1a38(%r15)
   0x0000000000dd2d00 <+384>:   mov    (%rbx),%rdx
   0x0000000000dd2d03 <+387>:   mov    (%rdx,%r12,1),%rsi
   0x0000000000dd2d07 <+391>:   mov    %rsi,%rdx
   0x0000000000dd2d0a <+394>:   and    $0x3,%edx
   0x0000000000dd2d0d <+397>:   cmp    $0x1,%rdx
   0x0000000000dd2d11 <+401>:   je     0xdd2de8 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+616>
   0x0000000000dd2d17 <+407>:   mov    %r14,0x1a28(%r15)
   0x0000000000dd2d1e <+414>:   mov    %eax,0x1a38(%r15)
   0x0000000000dd2d25 <+421>:   mov    (%rbx),%rax
   0x0000000000dd2d28 <+424>:   add    $0x1,%r13d
   0x0000000000dd2d2c <+428>:   add    $0x8,%r12
   0x0000000000dd2d30 <+432>:   cmp    %r13d,0xb(%rax)
   0x0000000000dd2d34 <+436>:   jg     0xdd2cdd <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+349>
   0x0000000000dd2d36 <+438>:   mov    -0x78(%rbp),%rax
   0x0000000000dd2d3a <+442>:   mov    (%rax),%r12
   0x0000000000dd2d3d <+445>:   mov    %rax,%r15
   0x0000000000dd2d40 <+448>:   mov    -0x70(%rbp),%rax
   0x0000000000dd2d44 <+452>:   mov    (%rax),%rbx
   0x0000000000dd2d47 <+455>:   mov    %rbx,%r13
   0x0000000000dd2d4a <+458>:   mov    %r12,0xf(%rbx)
   0x0000000000dd2d4e <+462>:   lea    0xf(%rbx),%r14
   0x0000000000dd2d52 <+466>:   and    $0xfffffffffff00000,%r13
   0x0000000000dd2d59 <+473>:   mov    0x38(%r13),%rax
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2d5d <+477>:   mov    0x1488(%rax),%rdi
   0x0000000000dd2d64 <+484>:   mov    %r12,%rax
   0x0000000000dd2d67 <+487>:   and    $0x3,%eax
   0x0000000000dd2d6a <+490>:   cmpl   $0x1,0x28(%rdi)
   0x0000000000dd2d6e <+494>:   jle    0xdd2ef0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+880>
   0x0000000000dd2d74 <+500>:   cmp    $0x1,%rax
   0x0000000000dd2d78 <+504>:   je     0xdd3220 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1696>
   0x0000000000dd2d7e <+510>:   mov    (%r15),%rax
   0x0000000000dd2d81 <+513>:   mov    -0x70(%rbp),%rbx
   0x0000000000dd2d85 <+517>:   movslq 0xb(%rax),%rax
   0x0000000000dd2d89 <+521>:   mov    (%rbx),%rdx
   0x0000000000dd2d8c <+524>:   mov    %rbx,%rdi
   0x0000000000dd2d8f <+527>:   shl    $0x20,%rax
   0x0000000000dd2d93 <+531>:   mov    %rax,0x17(%rdx)
   0x0000000000dd2d97 <+535>:   callq  0xcbf950 <_ZN2v88internal8JSObject16ValidateElementsENS0_6HandleIS1_EE>
   0x0000000000dd2d9c <+540>:   mov    -0x68(%rbp),%rcx
   0x0000000000dd2da0 <+544>:   mov    %rbx,(%rcx)
   0x0000000000dd2da3 <+547>:   mov    %rcx,%rax
   0x0000000000dd2da6 <+550>:   add    $0x78,%rsp
   0x0000000000dd2daa <+554>:   pop    %rbx
   0x0000000000dd2dab <+555>:   pop    %r12
   0x0000000000dd2dad <+557>:   pop    %r13
   0x0000000000dd2daf <+559>:   pop    %r14
   0x0000000000dd2db1 <+561>:   pop    %r15
   0x0000000000dd2db3 <+563>:   pop    %rbp
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2db4 <+564>:   retq   
   0x0000000000dd2db5 <+565>:   nopl   (%rax)
   0x0000000000dd2db8 <+568>:   mov    0x1a28(%rbx),%rax
   0x0000000000dd2dbf <+575>:   cmp    0x1a30(%rbx),%rax
   0x0000000000dd2dc6 <+582>:   je     0xdd3280 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1792>
   0x0000000000dd2dcc <+588>:   lea    0x8(%rax),%rdx
   0x0000000000dd2dd0 <+592>:   mov    %rdx,0x1a28(%rbx)
   0x0000000000dd2dd7 <+599>:   mov    %rsi,(%rax)
   0x0000000000dd2dda <+602>:   mov    %rax,%rsi
   0x0000000000dd2ddd <+605>:   jmpq   0xdd2bcc <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+76>
   0x0000000000dd2de2 <+610>:   nopw   0x0(%rax,%rax,1)
   0x0000000000dd2de8 <+616>:   mov    -0x1(%rsi),%rdx
   0x0000000000dd2dec <+620>:   movzbl 0xb(%rdx),%edx
   0x0000000000dd2df0 <+624>:   and    $0xfffffffb,%edx
   0x0000000000dd2df3 <+627>:   cmp    $0xa9,%dl
   0x0000000000dd2df6 <+630>:   jne    0xdd2d17 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+407>
   0x0000000000dd2dfc <+636>:   mov    %rsi,%rax
   0x0000000000dd2dff <+639>:   and    $0xfffffffffff00000,%rax
   0x0000000000dd2e05 <+645>:   mov    0x38(%rax),%rcx
   0x0000000000dd2e09 <+649>:   sub    $0x20,%rcx
   0x0000000000dd2e0d <+653>:   mov    0x1a40(%rcx),%rdi
   0x0000000000dd2e14 <+660>:   test   %rdi,%rdi
   0x0000000000dd2e17 <+663>:   je     0xdd2fa0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEE---Type <return> to continue, or q <return> to quit---
NS4_INS0_10FixedArrayEEEb+1056>
   0x0000000000dd2e1d <+669>:   callq  0xbda380 <_ZN2v88internal20CanonicalHandleScope6LookupEPNS0_6ObjectE>
   0x0000000000dd2e22 <+674>:   mov    %rax,%rdx
   0x0000000000dd2e25 <+677>:   mov    %rdx,%rdi
   0x0000000000dd2e28 <+680>:   mov    %rdx,-0x58(%rbp)
   0x0000000000dd2e2c <+684>:   callq  0xd0bb00 <_ZN2v88internal16CompileTimeValue11GetElementsENS0_6HandleINS0_10FixedArrayEEE>
   0x0000000000dd2e31 <+689>:   mov    -0x58(%rbp),%rdx
   0x0000000000dd2e35 <+693>:   mov    %rax,-0x50(%rbp)
   0x0000000000dd2e39 <+697>:   mov    %rdx,%rdi
   0x0000000000dd2e3c <+700>:   callq  0xd0baf0 <_ZN2v88internal16CompileTimeValue14GetLiteralTypeENS0_6HandleINS0_10FixedArrayEEE>
   0x0000000000dd2e41 <+705>:   cmp    $0x1,%eax
   0x0000000000dd2e44 <+708>:   mov    -0x50(%rbp),%rcx
   0x0000000000dd2e48 <+712>:   je     0xdd2fd0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1104>
   0x0000000000dd2e4e <+718>:   cmp    $0x2,%eax
   0x0000000000dd2e51 <+721>:   je     0xdd30f8 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1400>
   0x0000000000dd2e57 <+727>:   test   %eax,%eax
   0x0000000000dd2e59 <+729>:   je     0xdd3080 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1280>
   0x0000000000dd2e5f <+735>:   mov    $0x12ae369,%edx
   0x0000000000dd2e64 <+740>:   xor    %esi,%esi
   0x0000000000dd2e66 <+742>:   mov    $0x123383f,%edi
   0x0000000000dd2e6b <+747>:   xor    %eax,%eax
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2e6d <+749>:   callq  0x112dfd0 <V8_Fatal>
   0x0000000000dd2e72 <+754>:   nopw   0x0(%rax,%rax,1)
   0x0000000000dd2e78 <+760>:   mov    0x1a28(%rdx),%r15
   0x0000000000dd2e7f <+767>:   cmp    0x1a30(%rdx),%r15
   0x0000000000dd2e86 <+774>:   je     0xdd32a1 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1825>
   0x0000000000dd2e8c <+780>:   lea    0x8(%r15),%rax
   0x0000000000dd2e90 <+784>:   mov    %rax,0x1a28(%rdx)
   0x0000000000dd2e97 <+791>:   mov    %rsi,(%r15)
   0x0000000000dd2e9a <+794>:   jmpq   0xdd2c29 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+169>
   0x0000000000dd2e9f <+799>:   nop
   0x0000000000dd2ea0 <+800>:   sub    $0x1,%rcx
   0x0000000000dd2ea4 <+804>:   xor    %edx,%edx
   0x0000000000dd2ea6 <+806>:   and    $0xfffffffffff00000,%rcx
   0x0000000000dd2ead <+813>:   testb  $0x18,0x8(%rcx)
   0x0000000000dd2eb1 <+817>:   sete   %dl
   0x0000000000dd2eb4 <+820>:   jmpq   0xdd2be8 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+104>
   0x0000000000dd2eb9 <+825>:   nopl   0x0(%rax)
   0x0000000000dd2ec0 <+832>:   xor    %edx,%edx
   0x0000000000dd2ec2 <+834>:   sub    $0x4,%r13d
   0x0000000000dd2ec6 <+838>:   callq  0xbfe370 <_ZN2v88internal18IncrementalMarking15RecordWriteSlowEPNS0_10HeapObjectEPPNS0_6ObjectES5_>
   0x0000000000dd2ecb <+843>:   cmp    $0x1,%r13d
   0x0000000000dd2ecf <+847>:   ja     0xdd2c94 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEE---Type <return> to continue, or q <return> to quit---
NS4_INS0_10FixedArrayEEEb+276>
   0x0000000000dd2ed5 <+853>:   nopl   (%rax)
   0x0000000000dd2ed8 <+856>:   mov    %r15,%rsi
   0x0000000000dd2edb <+859>:   mov    %rbx,%rdi
   0x0000000000dd2ede <+862>:   callq  0xbb5170 <_ZN2v88internal7Factory20CopyFixedDoubleArrayENS0_6HandleINS0_16FixedDoubleArrayEEE>
   0x0000000000dd2ee3 <+867>:   mov    %rax,%r15
   0x0000000000dd2ee6 <+870>:   mov    (%rax),%r12
   0x0000000000dd2ee9 <+873>:   jmpq   0xdd2d40 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+448>
   0x0000000000dd2eee <+878>:   xchg   %ax,%ax
   0x0000000000dd2ef0 <+880>:   cmp    $0x1,%rax
   0x0000000000dd2ef4 <+884>:   jne    0xdd2d7e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+510>
   0x0000000000dd2efa <+890>:   sub    $0x1,%r12
   0x0000000000dd2efe <+894>:   and    $0xfffffffffff00000,%r12
   0x0000000000dd2f05 <+901>:   testb  $0x18,0x8(%r12)
   0x0000000000dd2f0b <+907>:   je     0xdd2d7e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+510>
   0x0000000000dd2f11 <+913>:   mov    %rbx,%rax
   0x0000000000dd2f14 <+916>:   and    $0x3,%eax
   0x0000000000dd2f17 <+919>:   cmp    $0x1,%rax
   0x0000000000dd2f1b <+923>:   jne    0xdd2d7e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+510>
   0x0000000000dd2f21 <+929>:   sub    $0x1,%rbx
   0x0000000000dd2f25 <+933>:   and    $0xfffffffffff00000,%rbx
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2f2c <+940>:   testb  $0x18,0x8(%rbx)
   0x0000000000dd2f30 <+944>:   jne    0xdd2d7e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+510>
   0x0000000000dd2f36 <+950>:   mov    0x50(%r13),%rdi
   0x0000000000dd2f3a <+954>:   test   %rdi,%rdi
   0x0000000000dd2f3d <+957>:   jne    0xdd2f4b <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+971>
   0x0000000000dd2f3f <+959>:   mov    %r13,%rdi
   0x0000000000dd2f42 <+962>:   callq  0xc39060 <_ZN2v88internal11MemoryChunk21AllocateOldToNewSlotsEv>
   0x0000000000dd2f47 <+967>:   mov    0x50(%r13),%rdi
   0x0000000000dd2f4b <+971>:   sub    %r13,%r14
   0x0000000000dd2f4e <+974>:   mov    %r14d,%eax
   0x0000000000dd2f51 <+977>:   shr    $0x14,%r14
   0x0000000000dd2f55 <+981>:   mov    %r14,%rsi
   0x0000000000dd2f58 <+984>:   and    $0xfffff,%eax
   0x0000000000dd2f5d <+989>:   shl    $0xa,%rsi
   0x0000000000dd2f61 <+993>:   mov    %eax,%ecx
   0x0000000000dd2f63 <+995>:   mov    %eax,%ebx
   0x0000000000dd2f65 <+997>:   lea    (%rsi,%r14,8),%rdx
   0x0000000000dd2f69 <+1001>:  sar    $0xd,%eax
   0x0000000000dd2f6c <+1004>:  sar    $0x3,%ecx
   0x0000000000dd2f6f <+1007>:  cltq   
   0x0000000000dd2f71 <+1009>:  sar    $0x8,%ebx
   0x0000000000dd2f74 <+1012>:  and    $0x1f,%ecx
   0x0000000000dd2f77 <+1015>:  add    %rdi,%rdx
   0x0000000000dd2f7a <+1018>:  and    $0x1f,%ebx
   0x0000000000dd2f7d <+1021>:  lea    (%rdx,%rax,8),%r12
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2f81 <+1025>:  mov    (%r12),%rax
   0x0000000000dd2f85 <+1029>:  test   %rax,%rax
   0x0000000000dd2f88 <+1032>:  je     0xdd32c1 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1857>
   0x0000000000dd2f8e <+1038>:  movslq %ebx,%rbx
   0x0000000000dd2f91 <+1041>:  mov    $0x1,%edx
   0x0000000000dd2f96 <+1046>:  shl    %cl,%edx
   0x0000000000dd2f98 <+1048>:  or     %edx,(%rax,%rbx,4)
   0x0000000000dd2f9b <+1051>:  jmpq   0xdd2d7e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+510>
   0x0000000000dd2fa0 <+1056>:  mov    0x1a28(%rcx),%rdx
   0x0000000000dd2fa7 <+1063>:  cmp    0x1a30(%rcx),%rdx
   0x0000000000dd2fae <+1070>:  je     0xdd3260 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1760>
   0x0000000000dd2fb4 <+1076>:  lea    0x8(%rdx),%rax
   0x0000000000dd2fb8 <+1080>:  mov    %rax,0x1a28(%rcx)
   0x0000000000dd2fbf <+1087>:  mov    %rsi,(%rdx)
   0x0000000000dd2fc2 <+1090>:  jmpq   0xdd2e25 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+677>
   0x0000000000dd2fc7 <+1095>:  nopw   0x0(%rax,%rax,1)
   0x0000000000dd2fd0 <+1104>:  mov    -0x7c(%rbp),%eax
   0x0000000000dd2fd3 <+1107>:  mov    -0x60(%rbp),%rdx
   0x0000000000dd2fd7 <+1111>:  lea    -0x40(%rbp),%rdi
   0x0000000000dd2fdb <+1115>:  xor    %r9d,%r9d
   0x0000000000dd2fde <+1118>:  xor    %r8d,%r8d
   0x0000000000dd2fe1 <+1121>:  mov    %r15,%rsi
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd2fe4 <+1124>:  mov    %eax,(%rsp)
   0x0000000000dd2fe7 <+1127>:  callq  0xdd32e0 <_ZN2v88internalL30CreateObjectLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS3_INS0_10FixedArrayEEEbbb>
   0x0000000000dd2fec <+1132>:  mov    -0x40(%rbp),%rax
   0x0000000000dd2ff0 <+1136>:  test   %rax,%rax
   0x0000000000dd2ff3 <+1139>:  je     0xdd30ac <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1324>
   0x0000000000dd2ff9 <+1145>:  mov    -0x78(%rbp),%rsi
   0x0000000000dd2ffd <+1149>:  mov    (%rax),%rax
   0x0000000000dd3000 <+1152>:  lea    0x1(%r12),%r11
   0x0000000000dd3005 <+1157>:  mov    (%rsi),%r8
   0x0000000000dd3008 <+1160>:  lea    (%r8,%r12,1),%rdx
   0x0000000000dd300c <+1164>:  mov    %r8,%r9
   0x0000000000dd300f <+1167>:  and    $0xfffffffffff00000,%r9
   0x0000000000dd3016 <+1174>:  mov    %rax,(%rdx)
   0x0000000000dd3019 <+1177>:  mov    0x38(%r9),%rcx
   0x0000000000dd301d <+1181>:  mov    0x1488(%rcx),%rdi
   0x0000000000dd3024 <+1188>:  cmpl   $0x1,0x28(%rdi)
   0x0000000000dd3028 <+1192>:  jle    0xdd3118 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1432>
   0x0000000000dd302e <+1198>:  mov    %rax,%rcx
   0x0000000000dd3031 <+1201>:  and    $0x3,%ecx
   0x0000000000dd3034 <+1204>:  cmp    $0x1,%rcx
   0x0000000000dd3038 <+1208>:  je     0xdd31e0 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1632>
   0x0000000000dd303e <+1214>:  mov    0x1a38(%r15),%eax
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd3045 <+1221>:  mov    %r14,0x1a28(%r15)
   0x0000000000dd304c <+1228>:  sub    $0x1,%eax
   0x0000000000dd304f <+1231>:  mov    %eax,0x1a38(%r15)
   0x0000000000dd3056 <+1238>:  mov    -0x48(%rbp),%rax
   0x0000000000dd305a <+1242>:  cmp    0x1a30(%r15),%rax
   0x0000000000dd3061 <+1249>:  je     0xdd2d25 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+421>
   0x0000000000dd3067 <+1255>:  mov    %rax,0x1a30(%r15)
   0x0000000000dd306e <+1262>:  mov    %r15,%rdi
   0x0000000000dd3071 <+1265>:  callq  0xbda1a0 <_ZN2v88internal11HandleScope16DeleteExtensionsEPNS0_7IsolateE>
   0x0000000000dd3076 <+1270>:  jmpq   0xdd2d25 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+421>
   0x0000000000dd307b <+1275>:  nopl   0x0(%rax,%rax,1)
   0x0000000000dd3080 <+1280>:  mov    -0x7c(%rbp),%eax
   0x0000000000dd3083 <+1283>:  mov    -0x60(%rbp),%rdx
   0x0000000000dd3087 <+1287>:  lea    -0x40(%rbp),%rdi
   0x0000000000dd308b <+1291>:  xor    %r9d,%r9d
   0x0000000000dd308e <+1294>:  mov    $0x1,%r8d
   0x0000000000dd3094 <+1300>:  mov    %r15,%rsi
   0x0000000000dd3097 <+1303>:  mov    %eax,(%rsp)
   0x0000000000dd309a <+1306>:  callq  0xdd32e0 <_ZN2v88internalL30CreateObjectLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS3_INS0_10FixedArrayEEEbbb>
   0x0000000000dd309f <+1311>:  mov    -0x40(%rbp),%rax
   0x0000000000dd30a3 <+1315>:  test   %rax,%rax
   0x0000000000dd30a6 <+1318>:  jne    0xdd2ff9 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEE---Type <return> to continue, or q <return> to quit---
NS4_INS0_10FixedArrayEEEb+1145>
   0x0000000000dd30ac <+1324>:  mov    -0x68(%rbp),%rax
   0x0000000000dd30b0 <+1328>:  mov    %r15,%rbx
   0x0000000000dd30b3 <+1331>:  movq   $0x0,(%rax)
   0x0000000000dd30ba <+1338>:  mov    -0x48(%rbp),%rax
   0x0000000000dd30be <+1342>:  subl   $0x1,0x1a38(%r15)
   0x0000000000dd30c6 <+1350>:  cmp    0x1a30(%r15),%rax
   0x0000000000dd30cd <+1357>:  mov    %r14,0x1a28(%r15)
   0x0000000000dd30d4 <+1364>:  je     0xdd3298 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1816>
   0x0000000000dd30da <+1370>:  mov    %rax,0x1a30(%rbx)
   0x0000000000dd30e1 <+1377>:  mov    %rbx,%rdi
   0x0000000000dd30e4 <+1380>:  callq  0xbda1a0 <_ZN2v88internal11HandleScope16DeleteExtensionsEPNS0_7IsolateE>
   0x0000000000dd30e9 <+1385>:  mov    -0x68(%rbp),%rax
   0x0000000000dd30ed <+1389>:  jmpq   0xdd2da6 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+550>
   0x0000000000dd30f2 <+1394>:  nopw   0x0(%rax,%rax,1)
   0x0000000000dd30f8 <+1400>:  mov    -0x7c(%rbp),%r8d
   0x0000000000dd30fc <+1404>:  mov    -0x60(%rbp),%rdx
   0x0000000000dd3100 <+1408>:  lea    -0x40(%rbp),%rdi
   0x0000000000dd3104 <+1412>:  mov    %r15,%rsi
   0x0000000000dd3107 <+1415>:  callq  0xdd2b80 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb>
   0x0000000000dd310c <+1420>:  jmpq   0xdd2fec <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1132>
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd3111 <+1425>:  nopl   0x0(%rax)
   0x0000000000dd3118 <+1432>:  mov    %rax,%rdx
   0x0000000000dd311b <+1435>:  and    $0x3,%edx
   0x0000000000dd311e <+1438>:  cmp    $0x1,%rdx
   0x0000000000dd3122 <+1442>:  jne    0xdd303e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1214>
   0x0000000000dd3128 <+1448>:  sub    $0x1,%rax
   0x0000000000dd312c <+1452>:  and    $0xfffffffffff00000,%rax
   0x0000000000dd3132 <+1458>:  testb  $0x18,0x8(%rax)
   0x0000000000dd3136 <+1462>:  je     0xdd303e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1214>
   0x0000000000dd313c <+1468>:  mov    %r8,%rax
   0x0000000000dd313f <+1471>:  and    $0x3,%eax
   0x0000000000dd3142 <+1474>:  cmp    $0x1,%rax
   0x0000000000dd3146 <+1478>:  jne    0xdd303e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1214>
   0x0000000000dd314c <+1484>:  sub    $0x1,%r8
   0x0000000000dd3150 <+1488>:  mov    %r8,%rax
   0x0000000000dd3153 <+1491>:  and    $0xfffffffffff00000,%rax
   0x0000000000dd3159 <+1497>:  testb  $0x18,0x8(%rax)
   0x0000000000dd315d <+1501>:  jne    0xdd303e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1214>
   0x0000000000dd3163 <+1507>:  mov    0x50(%r9),%rdi
   0x0000000000dd3167 <+1511>:  add    %r8,%r11
   0x0000000000dd316a <+1514>:  test   %rdi,%rdi
   0x0000000000dd316d <+1517>:  jne    0xdd318b <_ZN2v88internal7Runtime29Cr---Type <return> to continue, or q <return> to quit---
eateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1547>
   0x0000000000dd316f <+1519>:  mov    %r9,%rdi
   0x0000000000dd3172 <+1522>:  mov    %r11,-0x58(%rbp)
   0x0000000000dd3176 <+1526>:  mov    %r9,-0x50(%rbp)
   0x0000000000dd317a <+1530>:  callq  0xc39060 <_ZN2v88internal11MemoryChunk21AllocateOldToNewSlotsEv>
   0x0000000000dd317f <+1535>:  mov    -0x50(%rbp),%r9
   0x0000000000dd3183 <+1539>:  mov    -0x58(%rbp),%r11
   0x0000000000dd3187 <+1543>:  mov    0x50(%r9),%rdi
   0x0000000000dd318b <+1547>:  sub    %r9,%r11
   0x0000000000dd318e <+1550>:  mov    %r11d,%eax
   0x0000000000dd3191 <+1553>:  shr    $0x14,%r11
   0x0000000000dd3195 <+1557>:  mov    %r11,%rsi
   0x0000000000dd3198 <+1560>:  and    $0xfffff,%eax
   0x0000000000dd319d <+1565>:  shl    $0xa,%rsi
   0x0000000000dd31a1 <+1569>:  mov    %eax,%ecx
   0x0000000000dd31a3 <+1571>:  mov    %eax,%edx
   0x0000000000dd31a5 <+1573>:  lea    (%rsi,%r11,8),%rsi
   0x0000000000dd31a9 <+1577>:  sar    $0xd,%eax
   0x0000000000dd31ac <+1580>:  sar    $0x3,%ecx
   0x0000000000dd31af <+1583>:  cltq   
   0x0000000000dd31b1 <+1585>:  sar    $0x8,%edx
   0x0000000000dd31b4 <+1588>:  and    $0x1f,%ecx
   0x0000000000dd31b7 <+1591>:  add    %rdi,%rsi
   0x0000000000dd31ba <+1594>:  and    $0x1f,%edx
   0x0000000000dd31bd <+1597>:  lea    (%rsi,%rax,8),%rsi
   0x0000000000dd31c1 <+1601>:  mov    (%rsi),%rax
   0x0000000000dd31c4 <+1604>:  test   %rax,%rax
   0x0000000000dd31c7 <+1607>:  je     0xdd3238 <_ZN2v88internal7Runtime29Cr---Type <return> to continue, or q <return> to quit---
eateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1720>
   0x0000000000dd31c9 <+1609>:  movslq %edx,%rdx
   0x0000000000dd31cc <+1612>:  mov    $0x1,%esi
   0x0000000000dd31d1 <+1617>:  shl    %cl,%esi
   0x0000000000dd31d3 <+1619>:  or     %esi,(%rax,%rdx,4)
   0x0000000000dd31d6 <+1622>:  jmpq   0xdd303e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1214>
   0x0000000000dd31db <+1627>:  nopl   0x0(%rax,%rax,1)
   0x0000000000dd31e0 <+1632>:  mov    %rax,%rcx
   0x0000000000dd31e3 <+1635>:  mov    %r8,%rsi
   0x0000000000dd31e6 <+1638>:  mov    %r11,-0x90(%rbp)
   0x0000000000dd31ed <+1645>:  mov    %r9,-0x88(%rbp)
   0x0000000000dd31f4 <+1652>:  mov    %rax,-0x58(%rbp)
   0x0000000000dd31f8 <+1656>:  mov    %r8,-0x50(%rbp)
   0x0000000000dd31fc <+1660>:  callq  0xbfe370 <_ZN2v88internal18IncrementalMarking15RecordWriteSlowEPNS0_10HeapObjectEPPNS0_6ObjectES5_>
   0x0000000000dd3201 <+1665>:  mov    -0x50(%rbp),%r8
   0x0000000000dd3205 <+1669>:  mov    -0x58(%rbp),%rax
   0x0000000000dd3209 <+1673>:  mov    -0x88(%rbp),%r9
   0x0000000000dd3210 <+1680>:  mov    -0x90(%rbp),%r11
   0x0000000000dd3217 <+1687>:  jmpq   0xdd3128 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1448>
   0x0000000000dd321c <+1692>:  nopl   0x0(%rax)
   0x0000000000dd3220 <+1696>:  mov    %r12,%rcx
   0x0000000000dd3223 <+1699>:  mov    %r14,%rdx
   0x0000000000dd3226 <+1702>:  mov    %rbx,%rsi
   0x0000000000dd3229 <+1705>:  callq  0xbfe370 <_ZN2v88internal18Incrementa---Type <return> to continue, or q <return> to quit---
lMarking15RecordWriteSlowEPNS0_10HeapObjectEPPNS0_6ObjectES5_>
   0x0000000000dd322e <+1710>:  jmpq   0xdd2efa <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+890>
   0x0000000000dd3233 <+1715>:  nopl   0x0(%rax,%rax,1)
   0x0000000000dd3238 <+1720>:  mov    %rsi,-0x88(%rbp)
   0x0000000000dd323f <+1727>:  mov    %ecx,-0x58(%rbp)
   0x0000000000dd3242 <+1730>:  mov    %edx,-0x50(%rbp)
   0x0000000000dd3245 <+1733>:  callq  0xdd2ab0 <_ZN2v88internal7SlotSet14AllocateBucketEv.isra.56>
   0x0000000000dd324a <+1738>:  mov    -0x88(%rbp),%rsi
   0x0000000000dd3251 <+1745>:  mov    -0x58(%rbp),%ecx
   0x0000000000dd3254 <+1748>:  mov    -0x50(%rbp),%edx
   0x0000000000dd3257 <+1751>:  mov    %rax,(%rsi)
   0x0000000000dd325a <+1754>:  jmpq   0xdd31c9 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1609>
   0x0000000000dd325f <+1759>:  nop
   0x0000000000dd3260 <+1760>:  mov    %rcx,%rdi
   0x0000000000dd3263 <+1763>:  mov    %rsi,-0x58(%rbp)
   0x0000000000dd3267 <+1767>:  mov    %rcx,-0x50(%rbp)
   0x0000000000dd326b <+1771>:  callq  0xbda040 <_ZN2v88internal11HandleScope6ExtendEPNS0_7IsolateE>
   0x0000000000dd3270 <+1776>:  mov    -0x58(%rbp),%rsi
   0x0000000000dd3274 <+1780>:  mov    %rax,%rdx
   0x0000000000dd3277 <+1783>:  mov    -0x50(%rbp),%rcx
   0x0000000000dd327b <+1787>:  jmpq   0xdd2fb4 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+1076>
   0x0000000000dd3280 <+1792>:  mov    %rbx,%rdi
---Type <return> to continue, or q <return> to quit---
   0x0000000000dd3283 <+1795>:  mov    %rsi,-0x48(%rbp)
   0x0000000000dd3287 <+1799>:  callq  0xbda040 <_ZN2v88internal11HandleScope6ExtendEPNS0_7IsolateE>
   0x0000000000dd328c <+1804>:  mov    -0x48(%rbp),%rsi
   0x0000000000dd3290 <+1808>:  jmpq   0xdd2dcc <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+588>
   0x0000000000dd3295 <+1813>:  nopl   (%rax)
   0x0000000000dd3298 <+1816>:  mov    -0x68(%rbp),%rax
   0x0000000000dd329c <+1820>:  jmpq   0xdd2da6 <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+550>
   0x0000000000dd32a1 <+1825>:  mov    %rdx,%rdi
   0x0000000000dd32a4 <+1828>:  mov    %rsi,-0x50(%rbp)
   0x0000000000dd32a8 <+1832>:  mov    %rdx,-0x48(%rbp)
   0x0000000000dd32ac <+1836>:  callq  0xbda040 <_ZN2v88internal11HandleScope6ExtendEPNS0_7IsolateE>
   0x0000000000dd32b1 <+1841>:  mov    -0x50(%rbp),%rsi
   0x0000000000dd32b5 <+1845>:  mov    %rax,%r15
   0x0000000000dd32b8 <+1848>:  mov    -0x48(%rbp),%rdx
   0x0000000000dd32bc <+1852>:  jmpq   0xdd2e8c <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEENS4_INS0_10FixedArrayEEEb+780>
   0x0000000000dd32c1 <+1857>:  mov    %ecx,-0x48(%rbp)
   0x0000000000dd32c4 <+1860>:  callq  0xdd2ab0 <_ZN2v88internal7SlotSet14AllocateBucketEv.isra.56>
   0x0000000000dd32c9 <+1865>:  mov    -0x48(%rbp),%ecx
   0x0000000000dd32cc <+1868>:  mov    %rax,(%r12)
   0x0000000000dd32d0 <+1872>:  jmpq   0xdd2f8e <_ZN2v88internal7Runtime29CreateArrayLiteralBoilerplateEPNS0_7IsolateENS0_6HandleINS0_13LiteralsArrayEEE---Type <return> to continue, or q <return> to quit---
NS4_INS0_10FixedArrayEEEb+1038>
End of assembler dump.

bnoordhuis · 2016-06-28T14:30:23Z

Thanks. The offending code appears to be this:

   0x0000000000dd2beb <+107>:   callq  0xbb8ac0 <_ZN2v88internal7Factory11NewJSObjectENS0_6HandleINS0_10JSFunctionEEENS0_13PretenureFlagE>
   0x0000000000dd2bf0 <+112>:   mov    %rax,-0x70(%rbp)
   0x0000000000dd2bf4 <+116>:   mov    0x0(%r13),%rax
   0x0000000000dd2bf8 <+120>:   mov    0x17(%rax),%rsi
   0x0000000000dd2bfc <+124>:   movslq 0x13(%rax),%r13
   0x0000000000dd2c00 <+128>:   mov    %rsi,%rax
   0x0000000000dd2c03 <+131>:   and    $0xfffffffffff00000,%rax
=> 0x0000000000dd2c09 <+137>:   mov    0x38(%rax),%r15

It's probably a bad pointer dereference but I can't quite place it.

%r13 corresponds to the fourth argument (the function prologue moves %rcx to it), which is a bool. 0x0(%r13) doesn't make sense in that context because it's basically a nullptr dereference. That it doesn't crash until a few instructions later probably means I read it wrong but I don't see how.

Did you have any luck with the debug binary? Do you get crashes with the v6.2.1 release binary from nodejs.org?

mike442144 · 2016-06-28T14:47:06Z

@bnoordhuis Thanks a lot, so you mean I should compile a binary for debugging, current node version I used is 6.2.1 and it is compiled from source. I'll try to compile a binary for debugging, but do you have any idea to quickly resolve the problem because many of our projects in production environment crashed and we really worry about this bug.

bnoordhuis · 2016-06-28T14:54:49Z

I don't have a clear picture as to the cause yet so I'm afraid I can't offer any real advice at this point. You could try downgrading to the latest v4 release and see if that resolves or ameliorates it.

mike442144 · 2016-06-28T15:01:48Z

@bnoordhuis Actually, previously I tried 5.X version but it has a critical problem in garbage collecting. Maybe I need try 4.X.
But, this is also a very critical problem, didn't anybody run into it? Can I at somebody else who are the core developers in nodejs team?

mike442144 · 2016-06-28T16:34:17Z

@bnoordhuis I've done with compiling debug version, what's next? use it to run my project?

bnoordhuis · 2016-06-28T17:46:55Z

Yes. I would like to know if the backtrace from the core dump is the same and whether the --verify_heap flag makes a difference.

Can I at somebody else who are the core developers in nodejs team?

Hey, what do you think I am?

mike442144 · 2016-06-29T03:49:37Z

@bnoordhuis haha, let me try first.

mike442144 · 2016-06-29T09:40:41Z

@bnoordhuis I got below message using debug version:

#
# Fatal error in ../deps/v8/src/runtime/runtime-literals.cc, line 317
# Check failed: *elements != isolate->heap()->empty_fixed_array().
#

==== C stack trace ===============================

 1: V8_Fatal
 2: 0x173e969
 3: 0x173ebfb
 4: 0x173f07b
 5: v8::internal::Runtime_CreateArrayLiteral(int, v8::internal::Object**, v8::internal::Isolate*)
 6: 0x2e88c050961b

bnoordhuis · 2016-06-29T11:17:48Z

Thanks, that is useful info. I believe I have an inkling of the cause.

Does --nocrankshaft make a difference? Does the backtrace in gdb look the same? Let me know if there is a way for me to easily reproduce the crash.

mike442144 · 2016-06-29T12:05:17Z

@bnoordhuis Sure, let me email you the script, the you can easily reproduce. I use ubuntu 12.04.

mike442144 · 2016-06-29T12:31:23Z

@bnoordhuis I've sent you the email, please check. thanks.

bnoordhuis · 2016-06-29T19:27:05Z

I got your email but the script seems to be incomplete. Did you get a chance to test this?

Does --nocrankshaft make a difference? Does the backtrace in gdb look the same?

mike442144 · 2016-06-30T03:04:55Z

@bnoordhuis I can add --nocrankshaft but last time I ran the script it didn't dump core file, what should I do ?

bnoordhuis · 2016-06-30T07:12:30Z

Run it repeatedly until you see a crash or you're satisfied it no longer crashes?

mike442144 · 2016-06-30T09:41:25Z

@bnoordhuis I have ran twice and finished without any error, why?

mike442144 · 2016-06-30T15:08:43Z

@bnoordhuis retried twice again, no error, no crash. what's next?

bnoordhuis · 2016-06-30T15:18:36Z

Was that with --nocrankshaft or without?

mike442144 · 2016-07-01T02:07:27Z

@bnoordhuis with --nocrankshaft, no error. what does --nocrankshaft do to V8?

mike442144 · 2016-07-01T11:18:40Z

@bnoordhuis Another two retries, no error. what's next?

bnoordhuis · 2016-07-01T11:57:52Z

what does --nocrankshaft do to V8?

It disables the optimizer. I had a suspicion the bug was in the way the optimizer deals with array literals.

Can you check if applying v8/v8@d721121 fixes the crash?

$ curl -L https://github.com/v8/v8/commit/d72112161d36cbc257e8e7c19f4809495ef97208.diff | git apply --directory=deps/v8
$ ./configure && make -j8

MylesBorins · 2016-07-01T12:00:35Z

I had no idea you could git apply to a directory... That simplifies so much! Thanks Ben!!!

mike442144 · 2016-07-01T13:09:10Z

@bnoordhuis Sorry, I don't understand what should I do? when I checkout the latest version from https://github.com/v8/v8 and use your command line to apply diff, but got following errors:
error: patch failed: src/crankshaft/hydrogen.cc:6000
error: src/crankshaft/hydrogen.cc: patch does not apply
error: patch failed: src/runtime/runtime-literals.cc:109
error: src/runtime/runtime-literals.cc: patch does not apply
error: patch failed: src/runtime/runtime.h:1125
error: src/runtime/runtime.h: patch does not apply

anything wrong ?

targos · 2016-07-01T13:30:04Z

@mike442144 you should apply diff to https://github.com/nodejs/node, not V8

mike442144 · 2016-07-01T14:25:50Z

@targos Okay, let me try it thanks.

mike442144 · 2016-07-01T14:55:38Z

@targos @bnoordhuis
In node source directory, I executed below command

root@aliyun7:~/node-v6.2.1# curl -L https://github.com/v8/v8/commit/d72112161d36cbc257e8e7c19f4809495ef97208.diff | git apply --directory=deps/v8

and I got the same error:

 error: patch failed: src/crankshaft/hydrogen.cc:6000
 error: src/crankshaft/hydrogen.cc: patch does not apply
 error: patch failed: src/runtime/runtime-literals.cc:109
 error: src/runtime/runtime-literals.cc: patch does not apply
 error: patch failed: src/runtime/runtime.h:1125
 error: src/runtime/runtime.h: patch does not apply

bnoordhuis · 2016-07-01T15:29:18Z

Ah... I could swear it applied to V8 5.0 (what ships with node v6) but it doesn't because of the removal of strong mode in V8 5.1 (what is currently in master.)

What you could try is building node.js master from source and check if you still get the crash. If you do, apply the patch and see if it helps.

I'll look into back-porting the patch to v6 but that will be next week at the soonest.

mike442144 · 2016-07-01T15:57:42Z

@bnoordhuis Thanks, I'll compile from node.js master branch to try again and wait for you to fix it.

mike442144 · 2016-07-04T09:11:57Z

@bnoordhuis Hi Ben, I've retried twice on latest version which is cloned from github without your patch, and the script did well. Does it mean that the team has fixed the bug in latest version? and what's next? waiting for the team to release v6.2.3 or v7.0.0 or anything else should I do?

bnoordhuis · 2016-07-04T09:37:56Z

Was that with or without --nocrankshaft?

and what's next? waiting for the team to release v6.2.3 or v7.0.0 or anything else should I do?

We plan on upgrading to V8 5.1 in v6 the next month or two. I'm going to see if I can back-port the patch before that, though.

mike442144 · 2016-07-05T01:51:23Z

@bnoordhuis without --nocrankshaft, and I have no idea if there is any other bug in v7.0.0-pre, so I think the best solution is apply the patch to v6.2.1 to solve the problem as soon as possible.

mike442144 · 2016-07-08T03:44:07Z

@bnoordhuis Hi Ben, I noticed the 6.3.0 version has just released and what do you think if it has fixed the bug?

mike442144 · 2016-07-08T14:02:56Z

@bnoordhuis Hi Ben, I have tried the v6.3.0 version and ran without --nocrankshaft , I got below error:

#
# Fatal error in ../deps/v8/src/runtime/runtime-literals.cc, line 317
# Check failed: *elements != isolate->heap()->empty_fixed_array().
#

==== C stack trace ===============================

 1: V8_Fatal
 2: 0x18f019d
 3: 0x18f042f
 4: 0x18f08af
 5: v8::internal::Runtime_CreateArrayLiteral(int, v8::internal::Object**, v8::internal::Isolate*)
 6: 0xa5e9050961b

so, I have to wait for you to fix this bug, I'm counting on you.
Master!!!

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{nodejs#35346} Fixes: nodejs#7454 PR-URL: nodejs#7632 Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

mike442144 · 2016-07-18T02:16:20Z

@bnoordhuis Hi, Ben, Do I have to wait new 6.x version release?

bnoordhuis · 2016-07-18T07:37:30Z

Yes, see linked pull request #7633.

mike442144 · 2016-07-18T09:27:46Z

@bnoordhuis Okay, I see. thanks for your effort.

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{nodejs#35346} Fixes: nodejs#7454

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{nodejs#35346} Fixes: nodejs#7454 PR-URL: nodejs#7633 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{#35346} Fixes: #7454 PR-URL: #7633 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{#35346} Fixes: nodejs/node#7454 PR-URL: nodejs/node#7633 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

Original commit message: Quit creating array literal boilerplates from Crankshaft. It's such a corner case. BUG= Review URL: https://codereview.chromium.org/1865013002 Cr-Commit-Position: refs/heads/master@{nodejs#35346} Fixes: nodejs#7454 PR-URL: nodejs#7632 Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

mscdex added the question Issues that look for answers. label Jun 28, 2016

This was referenced Jul 9, 2016

deps: cherry-pick d721121 from v8 upstream #7632

Merged

deps: back-port d721121 from v8 upstream (v6.x) #7633

Closed

bnoordhuis closed this as completed in #7632 Jul 11, 2016

version 6.2.1 always got Segment Fault error and crash #7454

version 6.2.1 always got Segment Fault error and crash #7454

Comments

mike442144 commented Jun 28, 2016

bnoordhuis commented Jun 28, 2016

mike442144 commented Jun 28, 2016 • edited Loading

mike442144 commented Jun 28, 2016

bnoordhuis commented Jun 28, 2016

mike442144 commented Jun 28, 2016

bnoordhuis commented Jun 28, 2016

mike442144 commented Jun 28, 2016

bnoordhuis commented Jun 28, 2016

mike442144 commented Jun 28, 2016

mike442144 commented Jun 28, 2016

bnoordhuis commented Jun 28, 2016

mike442144 commented Jun 29, 2016

mike442144 commented Jun 29, 2016

bnoordhuis commented Jun 29, 2016

mike442144 commented Jun 29, 2016

mike442144 commented Jun 29, 2016

bnoordhuis commented Jun 29, 2016

mike442144 commented Jun 30, 2016

bnoordhuis commented Jun 30, 2016

mike442144 commented Jun 30, 2016

mike442144 commented Jun 30, 2016

bnoordhuis commented Jun 30, 2016

mike442144 commented Jul 1, 2016 • edited Loading

mike442144 commented Jul 1, 2016

bnoordhuis commented Jul 1, 2016

MylesBorins commented Jul 1, 2016 via email

mike442144 commented Jul 1, 2016

targos commented Jul 1, 2016

mike442144 commented Jul 1, 2016

mike442144 commented Jul 1, 2016

bnoordhuis commented Jul 1, 2016

mike442144 commented Jul 1, 2016

mike442144 commented Jul 4, 2016 • edited Loading

bnoordhuis commented Jul 4, 2016

mike442144 commented Jul 5, 2016

mike442144 commented Jul 8, 2016

mike442144 commented Jul 8, 2016

mike442144 commented Jul 18, 2016

bnoordhuis commented Jul 18, 2016

mike442144 commented Jul 18, 2016

mike442144 commented Jun 28, 2016 •

edited

Loading

mike442144 commented Jul 1, 2016 •

edited

Loading

mike442144 commented Jul 4, 2016 •

edited

Loading