node.js crash in v8 parser

[psinghsp]

Occasionally, we are getting a crash in our node process. The version we use is: 0.10.37. Operating system is: Linux
Linux dall 2.6.38.6-rc1 #1 VXOA 0.0.0.0_56032 SMP Thu Jul 23 11:09:18 PDT 2015 x86_64 x86_64 x86_64 GNU/Linux

Here is the stack trace:
(gdb) bt
#0 0x0000000000880aac in v8::internal::Parser::ParseTryStatement ()
#1 0x0000000000881452 in v8::internal::Parser::ParseStatement ()
#2 0x0000000000880970 in v8::internal::Parser::ParseBlock ()
#3 0x00000000008812f1 in v8::internal::Parser::ParseStatement ()
#4 0x00000000008837bf in v8::internal::Parser::ParseIfStatement ()
#5 0x00000000008814c6 in v8::internal::Parser::ParseStatement ()
#6 0x000000000087c144 in v8::internal::Parser::ParseSourceElements ()
#7 0x000000000087d402 in v8::internal::Parser::ParseFunctionLiteral ()
#8 0x000000000088435b in v8::internal::Parser::ParseLazy ()
#9 0x000000000088461a in v8::internal::Parser::ParseLazy ()
#10 0x000000000088511d in v8::internal::ParserApi::Parse ()
#11 0x000000000071b991 in v8::internal::Compiler::CompileLazy ()
#12 0x000000000083305a in ?? ()
#13 0x000000000083a162 in v8::internal::JSFunction::CompileLazy ()
#14 0x00000000007e6786 in v8::internal::CallIC_Miss ()

I can make the core dump available - but the file is rather huge.

The crash happens due to:
0x0000000000880aac: mov %rax,-0x30001d8(%rbp)
The offset from the frame pointer is clearly bogus.

[jasnell]

Are you able to provide a test case that can be used to replicate the issue?

[psinghsp]

Unfortunately we cannot reproduce it reliably - so it will be hard to create a test case. Is it possible that this crash happens when we call JSON.parse?

[jasnell]

Possibly. Or just a V8 bug. Can you try using either v0.12 or io.js to see if the issue persists there?

[psinghsp]

Sorry for the hassle - it turns out that node.js binary was getting corrupted occasionally.