node --jitless segfault on mipsel or mips64el #33703

kapouer · 2020-06-03T00:47:49Z

Hi,

using node 12.17.0 on debian mips64el, this fails:
./node --jitless

Otherwise it runs quite nicely.
Log for mips64el (only parallel/test-cli-node-options is "not ok", because it checks --jitless flag):
https://buildd.debian.org/status/fetch.php?pkg=nodejs&arch=mips64el&ver=12.17.0~dfsg-2&stamp=1591045924&raw=0

The bug is probably in v8, but maybe someone already knows something here ?

bnoordhuis · 2020-06-04T08:11:00Z

Is it possible for you to obtain a backtrace (with bt) and the output of disassembly, info registers and info proc mappings? That probably contains some clues.

kapouer · 2020-06-04T08:28:08Z

Yes, as soon as it's rebuilt, in a day or two.

bnoordhuis · 2020-06-09T07:33:56Z

Ping @kapouer.

kapouer · 2020-06-09T07:48:21Z

I'm doomed by the build servers... https://buildd.debian.org/status/package.php?p=nodejs&suite=experimental has been waiting for three days. It should eventually run.

bnoordhuis · 2020-06-09T08:27:27Z

No problem, thanks for the update.

kapouer · 2020-06-13T12:13:48Z

On mips64el, nodejs 12.18.0
Backtrace

Thread 1 "node" received signal SIGSEGV, Segmentation fault.
0x000000fff6b1400c in v8::internal::IrregexpInterpreter::MatchForCallFromJs(unsigned long, int, unsigned long, unsigned long, int*, int, unsigned long, v8::internal::RegExp::CallOrigin, v8::internal::Isolate*, unsigned long) () at ../deps/v8/src/regexp/regexp-interpreter.cc:867
867	../deps/v8/src/regexp/regexp-interpreter.cc: No such file or directory.
(gdb) bt
#0  0x000000fff6b1400c in v8::internal::IrregexpInterpreter::MatchForCallFromJs(unsigned long, int, unsigned long, unsigned long, int*, int, unsigned long, v8::internal::RegExp::CallOrigin, v8::internal::Isolate*, unsigned long) () at ../deps/v8/src/regexp/regexp-interpreter.cc:867
#1  0x000000fff72b882c in Builtins_RegExpPrototypeTest ()
    at ../../deps/v8/../../deps/v8/src/builtins/regexp-source.tq:25
#2  0x000000fff725f430 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit ()
    at ../../deps/v8/../../deps/v8/src/builtins/base.tq:3418

(gdb) disassemble
Dump of assembler code for function _ZN2v88internal19IrregexpInterpreter18MatchForCallFromJsEmimmPiimNS0_6RegExp10CallOriginEPNS0_7IsolateEm:
   0x000000fff6b13fe8 <+0>:	daddiu	sp,sp,-96
   0x000000fff6b13fec <+4>:	sd	gp,72(sp)
   0x000000fff6b13ff0 <+8>:	lui	gp,0x149
   0x000000fff6b13ff4 <+12>:	sd	s8,80(sp)
   0x000000fff6b13ff8 <+16>:	daddu	gp,gp,t9
   0x000000fff6b13ffc <+20>:	move	s8,sp
   0x000000fff6b14000 <+24>:	sd	s0,64(sp)
   0x000000fff6b14004 <+28>:	daddiu	gp,gp,4352
   0x000000fff6b14008 <+32>:	ld	s0,96(s8)
=> 0x000000fff6b1400c <+36>:	ld	t9,13928(gp)
   0x000000fff6b14010 <+40>:	move	v1,a1
   0x000000fff6b14014 <+44>:	move	a2,a0
   0x000000fff6b14018 <+48>:	move	a1,s0
   0x000000fff6b1401c <+52>:	move	a0,s8
   0x000000fff6b14020 <+56>:	sd	ra,88(sp)
   0x000000fff6b14024 <+60>:	sd	v1,40(s8)
   0x000000fff6b14028 <+64>:	sd	a7,16(s8)
   0x000000fff6b1402c <+68>:	sd	a2,48(s8)
   0x000000fff6b14030 <+72>:	sd	a4,32(s8)
   0x000000fff6b14034 <+76>:	jalr	t9


(gdb) info registers 
                  zero               at               v0               v1
 R0   0000000000000000 000000fff6b13fe8 00000095d5130e81 000000d2d1557ed9 
                    a0               a1               a2               a3
 R4   0000007e0d883ad1 0000000000000000 0000007e0d883ae0 0000007e0d883ae8 
                    a4               a5               a6               a7
 R8   000000aaaab03ee4 0000000000000002 0000000000000000 0000000000000001 
                    t0               t1               t2               t3
 R12  000000fff7233540 000000aaaab02dd8 000000fff72b8804 0000000000000006 
                    s0               s1               s2               s3
 R16  000000aaaaaf9b60 000000ffffffb4d0 000000fff6b6cc50 0000000000000000 
                    s4               s5               s6               s7
 R20  0000007e0d8804b1 0000007e0d8804b1 000000aaaaaf9c60 000000d2d1541fa9 
                    t8               t9               k0               k1
 R24  0000000000000020 000000fff7233540 000000aaaabdd720 0000000000000000 
                    gp               sp               s8               ra
 R28  000000fff86c4640 000000ffffffb400 000000ffffffb400 000000fff72b882c 
                status               lo               hi         badvaddr
      0000000004109cf3 0000000000000032 0000000000000000 000000fff86c7ca8 
                 cause               pc
      0000000000800008 000000fff6b1400c 
                  fcsr              fir          restart
              1e001004         00739600 0000000000000000

(gdb) info proc mappings
process 19289
Mapped address spaces:

          Start Addr           End Addr       Size     Offset objfile
         0xcee340000        0xcee341000     0x1000        0x0 
        0x2805240000       0x2805280000    0x40000        0x0 
        0x34eff40000       0x34eff80000    0x40000        0x0 
        0x4c42680000       0x4c42688000     0x8000        0x0 
        0x632be00000       0x632be40000    0x40000        0x0 
        0x7e0d880000       0x7e0d8c0000    0x40000        0x0 
        0x7ff71c0000       0x7ff7200000    0x40000        0x0 
        0x87a8300000       0x87a8340000    0x40000        0x0 
        0x8912840000       0x8912841000     0x1000        0x0 
        0x8912841000       0x8912842000     0x1000        0x0 
        0x8912842000       0x8912867000    0x25000        0x0 
        0x8912867000       0x891287f000    0x18000        0x0 
        0x891287f000       0x891a840000  0x7fc1000        0x0 
        0x95d5100000       0x95d5140000    0x40000        0x0 
        0xaaaaaaa000       0xaaaaaac000     0x2000        0x0 /usr/bin/node
        0xaaaaabb000       0xaaaaabc000     0x1000     0x1000 /usr/bin/node
        0xaaaaabc000       0xaaaaabd000     0x1000     0x2000 /usr/bin/node
        0xaaaaabd000       0xaaaabeb000   0x12e000        0x0 [heap]

> process.config
{
  target_defaults: {
    cflags: [],
    default_configuration: 'Release',
    defines: [ 'NODE_OPENSSL_CERT_STORE' ],
    include_dirs: [],
    libraries: [
      '-lz',         '-luv',
      '-lbrotlidec', '-lbrotlienc',
      '-lcares',     '-lnghttp2',
      '-lcrypto',    '-lssl',
      '-licui18n',   '-licuuc',
      '-licudata'
    ]
  },
  variables: {
    arch_triplet: 'mips64el-linux-gnuabi64',
    asan: 0,
    build_v8_with_gn: false,
    coverage: false,
    dcheck_always_on: 0,
    debug_nghttp2: false,
    debug_node: false,
    enable_lto: false,
    enable_pgo_generate: false,
    enable_pgo_use: false,
    force_dynamic_crt: 1,
    host_arch: 'mips64el',
    icu_gyp_path: 'tools/icu/icu-system.gyp',
    icu_small: false,
    icu_ver_major: '67',
    is_debug: 0,
    llvm_version: '0.0',
    mips_arch_variant: 'rx',
    mips_fpu_mode: 'fp64',
    napi_build_version: '6',
    node_byteorder: 'little',
    node_debug_lib: false,
    node_enable_d8: false,
    node_install_npm: false,
    node_module_version: 72,
    node_no_browser_globals: false,
    node_prefix: '/usr',
    node_relative_path: 'lib/mips64el-linux-gnuabi64/nodejs:share/nodejs:lib/nodejs',
    node_release_urlbase: '',
    node_shared: true,
    node_shared_brotli: true,
    node_shared_cares: true,
    node_shared_http_parser: false,
    node_shared_libuv: true,
    node_shared_nghttp2: true,
    node_shared_openssl: true,
    node_shared_zlib: true,
    node_tag: '',
    node_target_type: 'shared_library',
    node_use_bundled_v8: true,
    node_use_dtrace: false,
    node_use_etw: false,
    node_use_node_code_cache: false,
    node_use_node_snapshot: false,
    node_use_openssl: true,
    node_use_v8_platform: true,
    node_with_ltcg: false,
    node_without_node_options: false,
    openssl_fips: '',
    openssl_is_fips: false,
    shlib_suffix: 'so.72',
    target_arch: 'mips64el',
    v8_can_use_fpu_instructions: true,
    v8_enable_gdbjit: 0,
    v8_enable_i18n_support: 1,
    v8_enable_inspector: 1,
    v8_no_strict_aliasing: 1,
    v8_optimized_debug: 1,
    v8_promise_internal_field_count: 1,
    v8_random_seed: 0,
    v8_trace_maps: 0,
    v8_use_mips_abi_hardfloat: true,
    v8_use_siphash: 1,
    v8_use_snapshot: 1,
    want_separate_host_toolset: 0
  }

> process.versions
{
  node: '12.18.0',
  v8: '7.8.279.23-node.37',
  uv: '1.37.0',
  zlib: '1.2.11',
  brotli: '1.0.7',
  ares: '1.16.1',
  modules: '72',
  nghttp2: '1.41.0',
  napi: '6',
  llhttp: '2.0.4',
  http_parser: '2.9.3',
  openssl: '1.1.1g',
  cldr: '37.0',
  icu: '67.1',
  tz: '2019c',
  unicode: '13.0'
}

bnoordhuis · 2020-06-16T09:09:51Z

Thanks. Can you report this to V8? I don't think this is a bug we can fix.

V8's regexp interpreter is trying to load from address 0xfff86c7ca8 but that address isn't mapped to anything. My hunch is a calling convention mismatch between code generated by gcc and V8.

The binary is compiled on the machine it's run on? If not, you should run configure with ./configure <options> -- -Dv8_host_byteorder=little if they have different endianness.

The build defaulted to the byte order of the host system but that can be different from the endianness of the target system. Refs: nodejs#33703 (comment)

kapouer · 2020-06-16T09:43:13Z

https://bugs.chromium.org/p/v8/issues/detail?id=10618

tomtastic · 2020-06-16T09:47:36Z

https://bugs.chromium.org/p/v8/issues/detail?id=10618

"Permission denied." Is this not public ?

schuay · 2020-06-16T09:49:32Z

It is now.

The build defaulted to the byte order of the host system but that can be different from the endianness of the target system. Refs: #33703 (comment) PR-URL: #33898 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

zjiaz · 2020-07-03T10:09:56Z

Hi, this bug is indeed in v8, and it's fixed in v8 by: [mips] Use t9 as the function call register.

bnoordhuis · 2020-07-03T13:07:39Z

v8/v8@7889803 doesn't apply cleanly to deps/v8 in node master. Anyone want to take a stab at back-porting it?

codebytere · 2020-07-03T14:17:20Z

@bnoordhuis looks like it's already there:

node/deps/v8/src/codegen/mips64/macro-assembler-mips64.cc

Lines 4207 to 4211 in 1d6adf7

    
           void TurboAssembler::Jump(const ExternalReference& reference) { 
        
             li(t9, reference); 
        
             Jump(t9); 
        
           }

I think it should be in 14 as well given that we just updated v8 there so this may just need to go to 12?

The build defaulted to the byte order of the host system but that can be different from the endianness of the target system. Refs: #33703 (comment) PR-URL: #33898 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Original commit message: [mips] Use t9 as the function call register. on mips, we should use t9 when jump to a ExternalReference, because the callee function will consider t9 as the function start address. Change-Id: I56e2bf073fd24b2f3434dfd255d48264bfd0b2cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826417 Auto-Submit: Yu Yin <xwafish@gmail.com> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#63988} Refs: v8/v8@7889803 PR-URL: #34214 Fixes: #33703 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>

bnoordhuis added the mips Issues and PRs related to the MIPS architecture. label Jun 4, 2020

bnoordhuis added a commit to bnoordhuis/io.js that referenced this issue Jun 16, 2020

build: configure byte order for mips targets

09eed07

The build defaulted to the byte order of the host system but that can be different from the endianness of the target system. Refs: nodejs#33703 (comment)

bnoordhuis mentioned this issue Jun 16, 2020

build: configure byte order for mips targets #33898

Closed

zjiaz mentioned this issue Jul 6, 2020

[v12.x] deps: V8: cherry-pick 7889803e82d3 #34214

Closed

2 tasks

santigimeno closed this as completed Oct 22, 2020

137717unity mentioned this issue May 22, 2023

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 137717unity/node#95

Open

snyk-bot mentioned this issue May 23, 2023

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 ron-a20/node#95

Open

wedataintelligence mentioned this issue May 24, 2023

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 wedataintelligence/node#77

Open

baby636 mentioned this issue May 24, 2023

[Snyk] Security upgrade gatsby-plugin-sharp from 2.6.24 to 3.15.0 baby636/node#92

Open

aliceUnhinged613 mentioned this issue Nov 25, 2023

[Snyk] Fix for 28 vulnerabilities aliceUnhinged613/node#98

Open

wedataintelligence mentioned this issue Nov 28, 2023

[Snyk] Fix for 28 vulnerabilities wedataintelligence/node#87

Open

baby636 mentioned this issue Nov 28, 2023

[Snyk] Fix for 37 vulnerabilities baby636/node#110

Open

ron-a20 mentioned this issue Dec 19, 2023

[Snyk] Fix for 30 vulnerabilities ron-a20/node#112

Open

137717unity mentioned this issue Dec 19, 2023

[Snyk] Fix for 30 vulnerabilities 137717unity/node#113

Open

wedataintelligence mentioned this issue Dec 19, 2023

[Snyk] Fix for 30 vulnerabilities wedataintelligence/node#96

Open

aliceUnhinged613 mentioned this issue Dec 19, 2023

[Snyk] Fix for 30 vulnerabilities aliceUnhinged613/node#114

Open

baby636 mentioned this issue Dec 20, 2023

[Snyk] Fix for 43 vulnerabilities baby636/node#126

Open

137717unity mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 137717unity/node#125

Open

aliceUnhinged613 mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 aliceUnhinged613/node#125

Open

ron-a20 mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 ron-a20/node#123

Open

molllyn1 mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 molllyn1/node#109

Open

kissofire mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.2.13 to 3.15.0 kissofire/node#126

Open

wedataintelligence mentioned this issue Apr 14, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 wedataintelligence/node#108

Open

baby636 mentioned this issue Apr 15, 2024

[Snyk] Security upgrade gatsby-plugin-sharp from 2.6.24 to 3.15.0 baby636/node#146

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

node --jitless segfault on mipsel or mips64el #33703

node --jitless segfault on mipsel or mips64el #33703

kapouer commented Jun 3, 2020

bnoordhuis commented Jun 4, 2020

kapouer commented Jun 4, 2020

bnoordhuis commented Jun 9, 2020

kapouer commented Jun 9, 2020

bnoordhuis commented Jun 9, 2020

kapouer commented Jun 13, 2020

bnoordhuis commented Jun 16, 2020

kapouer commented Jun 16, 2020

tomtastic commented Jun 16, 2020

schuay commented Jun 16, 2020

zjiaz commented Jul 3, 2020

bnoordhuis commented Jul 3, 2020

codebytere commented Jul 3, 2020

node --jitless segfault on mipsel or mips64el #33703

node --jitless segfault on mipsel or mips64el #33703

Comments

kapouer commented Jun 3, 2020

bnoordhuis commented Jun 4, 2020

kapouer commented Jun 4, 2020

bnoordhuis commented Jun 9, 2020

kapouer commented Jun 9, 2020

bnoordhuis commented Jun 9, 2020

kapouer commented Jun 13, 2020

bnoordhuis commented Jun 16, 2020

kapouer commented Jun 16, 2020

tomtastic commented Jun 16, 2020

schuay commented Jun 16, 2020

zjiaz commented Jul 3, 2020

bnoordhuis commented Jul 3, 2020

codebytere commented Jul 3, 2020