search

microsoft / ClearScript

A library for adding scripting to .NET applications. Supports V8 (Windows, Linux, macOS) and JScript/VBScript (Windows).
https://microsoft.github.io/ClearScript/
MIT License
1.79k stars 149 forks source link

Exception 0xc000001d "invalid instruction" #609

Closed EinmalIM closed 1 week ago

EinmalIM commented 2 weeks ago

We are using ClearScript v8 in Version 7.4.5 on Windows x64 from .Net 4.x code and sometimes we run into a process crash with exception 0xc000001d "invalid instruction". The call stack ends like this:

ClearScriptV8.win-x64.dll!00007fff15ab845c()
ClearScriptV8.win-x64.dll!00007fff15a80e11()
ClearScriptV8.win-x64.dll!00007fff15a54b3c()

... [Managed to Native Transition]
ClearScript.V8.dll!Microsoft.ClearScript.V8.SplitProxy.V8SplitProxyNative.Impl_Windows_X64.Microsoft.ClearScript.V8.SplitProxy.IV8SplitProxyNative.V8Context_ExecuteCode(Microsoft.ClearScript.V8.SplitProxy.V8Context.Handle hContext, string resourceName, string sourceMapUrl, ulong uniqueId, Microsoft.ClearScript.DocumentKind documentKind, System.IntPtr pDocumentInfo, string code, bool evaluate) ClearScript.V8.dll!Microsoft.ClearScript.V8.SplitProxy.V8ContextProxyImpl.Execute.AnonymousMethod0(Microsoft.ClearScript.V8.SplitProxy.IV8SplitProxyNative instance) ClearScript.V8.dll!Microsoft.ClearScript.V8.SplitProxy.V8SplitProxyNative.Invoke<System.Canon>(System.Func<Microsoft.ClearScript.V8.SplitProxy.IV8SplitProxyNative, System.__Canon> func) ClearScript.V8.dll!Microsoft.ClearScript.V8.V8ScriptEngine.ExecuteInternal(Microsoft.ClearScript.UniqueDocumentInfo documentInfo, string code, bool evaluate) Unknown

Does that sound familiar to you?

We have crash dumps. Would it be possible that you take a look?

Kind regards Sven

ClearScriptLib commented 2 weeks ago

Hi @EinmalIM,

Does that sound familiar to you?

No.

We have crash dumps. Would it be possible that you take a look?

Sure, but a minimum sample that reproduces the crash is more likely to be revealing.

Thanks!

EinmalIM commented 2 weeks ago

We don't know which part of the problematic script is causing the issue. It is executed successfully several times and at some point its execution crashes. So, we have no clue how to create a minimal repro sample.

Can I send you a download link to the dump a private message or email?

ClearScriptLib commented 2 weeks ago

Hello @EinmalIM,

So, we have no clue how to create a minimal repro sample.

Sure, that's understandable. Can you tell us anything about how your application uses ClearScript? For example, how large are your scripts? How large is the managed API you're exposing to the script engine? Do you use multiple script engines in a single process? Do you run scripts on multiple threads? How "chatty" is the interaction between your scripts and your host? Any information could be useful.

Can I send you a download link to the dump a private message or email?

Absolutely! You can post a link here or send email to ClearScript@microsoft.com.

Thank you!

EinmalIM commented 2 weeks ago

I emailed you some details and a link to a dump file.

In addition: the crashes happen after the host is running for a while and its working size has grown quite a bit. The dump files are 3.5GB and bigger, so the process is using about that size in RAM. The host is running as 64 bit process with 8GB of RAM.

ClearScriptLib commented 2 weeks ago

I emailed you some details and a link to a dump file.

Hmm, we haven't received your email. Please verify the address and resend if necessary.

EinmalIM commented 2 weeks ago

I just resent the email - maybe it was blocked because of a zipped js which I attached?

ClearScriptLib commented 2 weeks ago

Thanks @EinmalIM! We've received your email and successfully downloaded the crash dump.

ClearScriptLib commented 2 weeks ago

Hi @EinmalIM,

Your crash dump indicates that V8 ran out of memory – a situation in which it forcefully terminates the process. Here's the native stack trace with symbols, starting at the final jump into native code:

ClearScriptV8.win-x64.dll!v8::base::OS::Abort() Line 1211   C++
ClearScriptV8.win-x64.dll!v8::base::FatalOOM(v8::base::OOMType type, const char * msg) Line 94  C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::Utils::ReportOOMFailure(v8::internal::Isolate * i_isolate=0x0000025ddb4bf000, const char * location=0x00007fff16e25bbd, const v8::OOMDetails & details={...}) Line 341 C++
ClearScriptV8.win-x64.dll!v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate * i_isolate=0x0000025ddb4bf000, const char * location=0x00007fff16e25bbd, const v8::OOMDetails & details={...}) Line 301  C++
ClearScriptV8.win-x64.dll!v8::internal::Heap::FatalProcessOutOfMemory(const char * location) Line 6306  C++
ClearScriptV8.win-x64.dll!v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace space, v8::internal::GarbageCollectionReason gc_reason, const v8::GCCallbackFlags gc_callback_flags) Line 1773   C++
ClearScriptV8.win-x64.dll!v8::internal::HeapAllocator::AllocateRawWithLightRetrySlowPath(int size=48, v8::internal::AllocationType allocation=kYoung, v8::internal::AllocationOrigin origin=kGeneratedCode, v8::internal::AllocationAlignment alignment=kTaggedAligned) Line 111    C++
ClearScriptV8.win-x64.dll!v8::internal::HeapAllocator::AllocateRawWithRetryOrFailSlowPath(int size=48, v8::internal::AllocationType allocation=kYoung, v8::internal::AllocationOrigin origin=kGeneratedCode, v8::internal::AllocationAlignment alignment=kTaggedAligned) Line 124   C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::internal::HeapAllocator::AllocateRawWith(int size, v8::internal::AllocationType allocation=kYoung, v8::internal::AllocationOrigin origin, v8::internal::AllocationAlignment alignment) Line 245    C++
ClearScriptV8.win-x64.dll!v8::internal::Factory::NewFillerObject(int size=48, v8::internal::AllocationAlignment alignment=kTaggedAligned, v8::internal::AllocationType allocation=kYoung, v8::internal::AllocationOrigin origin=kGeneratedCode) Line 345    C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::internal::__RT_impl_Runtime_AllocateInYoungGeneration(v8::internal::Arguments<0> isolate={...}, v8::internal::Isolate *) Line 509  C++
ClearScriptV8.win-x64.dll!v8::internal::Runtime_AllocateInYoungGeneration(int args_length, unsigned __int64 * args_object, v8::internal::Isolate * isolate=0x0000025ddb4bf000) Line 485 C++
ClearScriptV8.win-x64.dll!Builtins_CEntry_Return1_ArgvOnStack_NoBuiltinExit()   C++
ClearScriptV8.win-x64.dll!Builtins_FastNewFunctionContextFunction() C++
ClearScriptV8.win-x64.dll!Builtins_ArrayForEach()   C++
ClearScriptV8.win-x64.dll!Builtins_AsyncFunctionAwaitResolveClosure()   C++
ClearScriptV8.win-x64.dll!Builtins_PromiseFulfillReactionJob()  C++
ClearScriptV8.win-x64.dll!Builtins_RunMicrotasks()  C++
ClearScriptV8.win-x64.dll!Builtins_JSRunMicrotasksEntry()   C++
ClearScriptV8.win-x64.dll!v8::internal::`anonymous namespace'::Invoke(v8::internal::Isolate * isolate=0x0000017fe3600020, const v8::internal::`anonymous namespace'::InvokeParams & params={...}) Line 433  C++
ClearScriptV8.win-x64.dll!v8::internal::`anonymous namespace'::InvokeWithTryCatch(v8::internal::Isolate * isolate=0x0000025ddb4bf000, const v8::internal::`anonymous namespace'::InvokeParams & params={...}) Line 475  C++
ClearScriptV8.win-x64.dll!v8::internal::Execution::TryRunMicrotasks(v8::internal::Isolate * isolate, v8::internal::MicrotaskQueue * microtask_queue) Line 576   C++
ClearScriptV8.win-x64.dll!v8::internal::MicrotaskQueue::RunMicrotasks(v8::internal::Isolate * isolate=0x0000025ddb4bf000) Line 177  C++
ClearScriptV8.win-x64.dll!v8::internal::MicrotaskQueue::PerformCheckpointInternal(v8::Isolate * v8_isolate=0x0000025ddb4bf000) Line 128 C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::internal::MicrotaskQueue::PerformCheckpoint(v8::Isolate * isolate) Line 48 C++
ClearScriptV8.win-x64.dll!v8::internal::Isolate::FireCallCompletedCallbackInternal(v8::internal::MicrotaskQueue * microtask_queue) Line 5499    C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::internal::Isolate::FireCallCompletedCallback(v8::internal::MicrotaskQueue * microtask_queue) Line 1688 C++
[Inline Frame] ClearScriptV8.win-x64.dll!v8::CallDepthScope<1>::~CallDepthScope() Line 201  C++
ClearScriptV8.win-x64.dll!v8::Module::Evaluate(v8::Local<v8::Context> context) Line 2484    C++
ClearScriptV8.win-x64.dll!V8ContextImpl::Execute(const V8DocumentInfo & documentInfo, const StdString & code, bool evaluate) Line 648   C++
ClearScriptV8.win-x64.dll!V8Context_ExecuteCode(const V8EntityHandle<V8Context> & handle, StdString && resourceName, StdString && sourceMapUrl, unsigned __int64 uniqueId, DocumentKind documentKind=JavaScriptModule, void * pvDocumentInfo=0x0000025dbc466078, const StdString & code={...}, char evaluate='\x1', V8Value & result={...}) Line 1237   C++
[Managed to Native Transition]

Based on this stack, all we can say is that your application was attempting to execute a standard JavaScript (ES6) module when the out-of-memory (OOM) condition occurred. The V8 code line that initiated the crash is here.

By default, V8 chooses a relatively low size limit for the JavaScript heap even on 64-bit systems. You may be able to stave off OOM by using a larger heap or enabling emergency heap expansion (see V8RuntimeConstraints). However, these techniques can only offer limited protection against buggy or malicious scripts.

Please let us know if we can assist further. Thanks!

EinmalIM commented 2 weeks ago

Thanks for the quick analysis of the dump!

That gives us a good idea, where to look for changes in the scripts to avoid excessiv memory usage.

ClearScriptLib commented 1 week ago

Please reopen this issue if you have additional findings or questions about this topic. Thank you!