Crash when creating runtimes on multiple threads; Debugging showed that internally the two runtimes used the same memory map for their v8 engines

[rscarson]

Related to rscarson/rustyscript#228

Multiple users are reporting a segfault when instantiating JsRuntime instances on multiple threads

From one user's report:

Debugging showed that internally the two runtimes used the same memory map for their v8 engines, causing segfault. Fixed it via creating snapshots of the runtimes, which made them reference their own memory map not a global one.

Issue was reported on some Linux hosts, I cannot reproduce it on my end

[tpisto]

Can confirm that this still happens in deno_core 0.331.0 in x86 Linux.

[huin]

I'm also seeing this on x86_64 Linux.

(gdb) bt
#0  0x00005555561704bf in v8::internal::wasm::WasmCodePointerTable::AllocateUninitializedEntry() () at ../../../../v8/src/wasm/wasm-code-pointer-table-inl.h:73
#1  0x0000555556166125 in v8::internal::Isolate::Isolate(v8::internal::IsolateGroup*) () at ../../../../v8/src/execution/isolate.cc:4110
#2  0x0000555556164e2b in v8::internal::Isolate::New() () at ../../../../v8/src/execution/isolate.cc:3974
#3  0x000055555603b29f in v8::Isolate::New(v8::Isolate::CreateParams const&) () at ../../../../v8/src/api/api.cc:9910
#4  0x0000555555fb50ce in v8::isolate::Isolate::new_impl (params=...) at src/isolate.rs:634
#5  0x0000555555fb5316 in v8::isolate::Isolate::new (params=...) at src/isolate.rs:654
#6  0x0000555555f03f37 in travdata_rs::extraction::tableextract::estransform::ESTransformer::isolate_thread (request_recv=...) at src/extraction/tableextract/estransform.rs:109
#7  0x0000555555de31a3 in travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure#0} () at src/extraction/tableextract/estransform.rs:75
#8  0x0000555555eb6c23 in std::sys::backtrace::__rust_begin_short_backtrace<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()> (f=...)
    at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/sys/backtrace.rs:154
#9  0x0000555555f8d9b3 in std::thread::{impl#0}::spawn_unchecked_::{closure#1}::{closure#0}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()> ()
    at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/thread/mod.rs:538
#10 0x0000555555e45ed3 in core::panic::unwind_safe::{impl#23}::call_once<(), std::thread::{impl#0}::spawn_unchecked_::{closure#1}::{closure_env#0}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()>> (self=...) at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/core/src/panic/unwind_safe.rs:272
#11 0x0000555555ea3bb0 in std::panicking::try::do_call<core::panic::unwind_safe::AssertUnwindSafe<std::thread::{impl#0}::spawn_unchecked_::{closure#1}::{closure_env#0}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()>>, ()> (data=0x7fffd07f78c8) at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/panicking.rs:557
#12 0x0000555555f8d9db in __rust_try ()
#13 0x0000555555f8d45b in std::panicking::try<(), core::panic::unwind_safe::AssertUnwindSafe<std::thread::{impl#0}::spawn_unchecked_::{closure#1}::{closure_env#0}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()>>> (f=...) at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/panicking.rs:520
#14 std::panic::catch_unwind<core::panic::unwind_safe::AssertUnwindSafe<std::thread::{impl#0}::spawn_unchecked_::{closure#1}::{closure_env#0}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()>>, ()> (f=...) at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/panic.rs:358
#15 std::thread::{impl#0}::spawn_unchecked_::{closure#1}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()> ()
    at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/std/src/thread/mod.rs:537
#16 0x0000555555f46ece in core::ops::function::FnOnce::call_once<std::thread::{impl#0}::spawn_unchecked_::{closure_env#1}<travdata_rs::extraction::tableextract::estransform::{impl#1}::new::{closure_env#0}, ()>, ()> () at /rustc/90b35a6239c3d8bdabc530a6a0816f7ff89a0aaf/library/core/src/ops/function.rs:250
#17 0x0000555557ba7b4b in alloc::boxed::{impl#48}::call_once<(), dyn core::ops::function::FnOnce<(), Output=()>, alloc::alloc::Global> () at alloc/src/boxed.rs:2454
#18 alloc::boxed::{impl#48}::call_once<(), alloc::boxed::Box<dyn core::ops::function::FnOnce<(), Output=()>, alloc::alloc::Global>, alloc::alloc::Global> () at alloc/src/boxed.rs:2454
#19 std::sys::pal::unix::thread::{impl#2}::new::thread_start () at std/src/sys/pal/unix/thread.rs:105
#20 0x00007ffff5542d02 in start_thread () from /nix/store/wn7v2vhyyyi6clcyn0s9ixvl7d4d87ic-glibc-2.40-36/lib/libc.so.6
#21 0x00007ffff55c23ac in __clone3 () from /nix/store/wn7v2vhyyyi6clcyn0s9ixvl7d4d87ic-glibc-2.40-36/lib/libc.so.6

This stack trace is similar to the one reported on denoland/deno#27159 - which was marked as a duplicate of this issue.

This is happening on a unit test on a Rust project that I'm working on, where I have three test cases, each of which are calling v8::isolate::Isolate::new (stack frames in travdata_rs are from my project's code). I'm using a std::sync::OnceLock to ensure a single initialisation of v8.

Note: I'm actually using the v8 crate (and serde_v8), rather than deno_core.