Memory leak due to increasing RetainedMaps size in V8 (Fixed upstream)

[tunamagur0]

Version

v22.14.0

Platform

Linux 5.15.167.4-microsoft-standard-WSL2 #1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Subsystem

v8

What steps will reproduce the bug?

1. Run the below script with --expose-gc.
2. Wait for some time.
3. Check the automatically generated heap snapshots.
4. Inspect the following path in the snapshots:
   (system) > system / NativeContext > retained_maps :: system / WeakArrayList
5. Observe that its size keeps increasing over time.

Note:
The increase is gradual, so it may take several hours to see a significant difference.
However, even within a shorter period, a steady increase should still be observable.

const v8 = require('v8');
const ws = new WeakSet();

for (let i = 0; i < 1e10; i++) {
  function A() {
    this.a = 'a';
    this.b = 'b';
    this.c = 'c';
  }
  function B() {
    this.a = 'a';
    this.b = 'b';
    this.c = 'c';
  }
  function C() {
    this.a = 'a';
    this.b = 'b';
    this.c = 'c';
  }
  function D() {
    this.a = 'a';
    this.b = 'b';
    this.c = 'c';
  }
  function E() {
    this.a = 'a';
    this.b = 'b';
    this.c = 'c';
  }

  const a = new A();
  const b = new B();
  const c = new C();
  const d = new D();
  const e = new E();
  ws.add(a);
  ws.add(b);
  ws.add(c);
  ws.add(d);
  ws.add(e);
  gc();

  if (i % 10000 === 0) {
    v8.writeHeapSnapshot();
  }
}

How often does it reproduce? Is there a required condition?

It reproduces consistently.

What is the expected behavior? Why is that the expected behavior?

RetainedMaps size should remain stable over time.

What do you see instead?

• The size of RetainedMaps (visible in heap snapshots under (system) > system / NativeContext > retained_maps :: system / WeakArrayList) keeps increasing over time.
• This increase is gradual but persistent, leading to higher memory consumption over extended runtimes.
  Eventually, this could result in performance degradation or excessive memory usage.

Below are screenshots showing the memory usage:
v22.14.0

at startup	after ~9 hours

v22.14.0 (with the patch applied)

at startup	after ~5 hours

Additional information

• This issue started occurring in Node.js 22.0.0 and later, after the following V8 commit was integrated:
  e5a29df7b41416de67730d2968c61745b54be66c
• The root cause of the issue has been identified and fixed upstream in V8:
  V8 Issue 398528460
• I manually applied the fix (Chromium Patch 6330019) to Node.js 22.14.0, built it, and confirmed that the problem was resolved.

[juanarbol]

That's amazing! Could you please send us your patch?

This https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-V8.md may be handy

[tunamagur0]

@juanarbol
I'm not entirely sure about the process, but I've created a pull request. Could you please take a look at it when you have a moment?

[schmod]

Was this ever cherry-picked into the 22.x series? I don't see anything in the changelog indicating that it was...

[tunamagur0]

Was this ever cherry-picked into the 22.x series? I don't see anything in the changelog indicating that it was...

I think this will be released in the next version.