EXC_BAD_ACCESS on macOS/arm64
targos opened this issue · comments
$ lldb out/Debug/node test/parallel/test-zlib-convenience-methods.js
(lldb) target create "out/Debug/node"
Current executable set to '/Users/targos/git/nodejs/canary/out/Debug/node' (arm64).
(lldb) settings set -- target.run-args "test/parallel/test-zlib-convenience-methods.js"
(lldb) run
Process 7598 launched: '/Users/targos/git/nodejs/canary/out/Debug/node' (arm64)
node was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 7598 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x1200c05d4)
frame #0: 0x0000000100a2902c node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool std::__1::__cxx_atomic_compare_exchange_strong<int>(__a=0x00000001200c05d4, __value=16, __success=memory_order_release, __failure=memory_order_relaxed) at atomic:1034:12 [opt]
1031 template<class _Tp>
1032 _LIBCPP_INLINE_VISIBILITY
1033 bool __cxx_atomic_compare_exchange_strong(__cxx_atomic_base_impl<_Tp> volatile* __a, _Tp* __expected, _Tp __value, memory_order __success, memory_order __failure) _NOEXCEPT {
-> 1034 return __c11_atomic_compare_exchange_strong(&__a->__a_value, __expected, __value, static_cast<__memory_order_underlying_t>(__success), static_cast<__memory_order_underlying_t>(__to_failure_order(__failure)));
1035 }
1036 template<class _Tp>
1037 _LIBCPP_INLINE_VISIBILITY
Target 0: (node) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x1200c05d4)
* frame #0: 0x0000000100a2902c node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool std::__1::__cxx_atomic_compare_exchange_strong<int>(__a=0x00000001200c05d4, __value=16, __success=memory_order_release, __failure=memory_order_relaxed) at atomic:1034:12 [opt]
frame #1: 0x0000000100a29028 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] std::__1::__atomic_base<int, false>::compare_exchange_strong(this=0x00000001200c05d4, __d=16, __s=memory_order_release, __f=memory_order_relaxed) volatile at atomic:1668:17 [opt]
frame #2: 0x0000000100a29028 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool std::__1::atomic_compare_exchange_strong_explicit<int>(__o=0x00000001200c05d4, __d=16, __s=memory_order_release, __f=memory_order_relaxed) at atomic:2128:17 [opt]
frame #3: 0x0000000100a29028 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] v8::base::Release_CompareAndSwap(ptr=0x00000001200c05d4, old_value=0, new_value=16) at atomicops.h:166:3 [opt]
frame #4: 0x0000000100a29028 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] unsigned int v8::base::AsAtomicImpl<int>::Release_CompareAndSwap<unsigned int>(addr=0x00000001200c05d4, old_value=0, new_value=16) at atomic-utils.h:127:43 [opt]
frame #5: 0x0000000100a29028 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool v8::base::AsAtomicImpl<int>::SetBits<unsigned int>(addr=0x00000001200c05d4, bits=16, mask=16) at atomic-utils.h:164:19 [opt]
frame #6: 0x0000000100a29018 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool v8::internal::MarkBit::Set<(v8::internal::AccessMode)0>() at marking.h:68:10 [opt]
frame #7: 0x0000000100a29018 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] bool v8::internal::Marking::WhiteToGrey<(v8::internal::AccessMode)0>(v8::internal::MarkBit) at marking.h:419:20 [opt]
frame #8: 0x0000000100a29018 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] v8::internal::MarkingStateBase<v8::internal::MarkingState, (v8::internal::AccessMode)0>::WhiteToGrey(this=<unavailable>, obj=HeapObject @ x19) at marking-visitor.h:85:12 [opt]
frame #9: 0x0000000100a29018 node`v8::internal::MarkingBarrier::MarkValue(v8::internal::HeapObject, v8::internal::HeapObject) [inlined] v8::internal::MarkingBarrier::WhiteToGreyAndPush(this=0x000060000290c230, obj=HeapObject @ x19) at marking-barrier-inl.h:61:22 [opt]
frame #10: 0x0000000100a29018 node`v8::internal::MarkingBarrier::MarkValue(this=0x000060000290c230, host=<unavailable>, value=HeapObject @ x19) at marking-barrier-inl.h:33:7 [opt]
frame #11: 0x0000000100a7b19c node`v8::internal::MarkingBarrier::Write(this=0x000060000290c230, host=HeapObject @ x21, slot=v8::internal::HeapObjectSlot @ x20, value=HeapObject @ x19) at marking-barrier.cc:48:7 [opt]
frame #12: 0x00000001009fed1c node`v8::internal::WriteBarrier::MarkingFromCode(unsigned long, unsigned long) [inlined] v8::internal::WriteBarrier::MarkingSlow(heap=<unavailable>, host=<unavailable>, slot=<unavailable>) at heap-write-barrier.cc:43:20 [opt]
frame #13: 0x00000001009fecf4 node`v8::internal::WriteBarrier::MarkingFromCode(unsigned long, unsigned long) [inlined] v8::internal::WriteBarrier::Marking(host=<unavailable>, slot=<unavailable>) at heap-write-barrier-inl.h:285:3 [opt]
frame #14: 0x00000001009fece8 node`v8::internal::WriteBarrier::MarkingFromCode(unsigned long, unsigned long) [inlined] v8::internal::WriteBarrier::Marking(host=<unavailable>, slot=<unavailable>, value=<unavailable>) at heap-write-barrier-inl.h:278:3 [opt]
frame #15: 0x00000001009fecc8 node`v8::internal::WriteBarrier::MarkingFromCode(raw_host=54801174918641, raw_slot=54801174918688) at heap-write-barrier.cc:95:3 [opt]
frame #16: 0x00000001014749d8 node`Builtins_RecordWriteSaveFP + 856
frame #17: 0x0000000101483fec node`Builtins_CompileLazy + 1228
frame #18: 0x0000000101482b24 node`Builtins_InterpreterEntryTrampoline + 260
frame #19: 0x0000000101482b24 node`Builtins_InterpreterEntryTrampoline + 260
frame #20: 0x0000000101482b24 node`Builtins_InterpreterEntryTrampoline + 260
frame #21: 0x000000012015a8e8
frame #22: 0x0000000101482b24 node`Builtins_InterpreterEntryTrampoline + 260
frame #23: 0x0000000120151938
frame #24: 0x0000000101480830 node`Builtins_JSEntryTrampoline + 176
frame #25: 0x00000001014804c4 node`Builtins_JSEntry + 164
frame #26: 0x0000000100939b20 node`v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [inlined] v8::internal::GeneratedCode<unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**>::Call(args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>, args=<unavailable>) at simulator.h:156:12 [opt]
frame #27: 0x0000000100939b1c node`v8::internal::(anonymous namespace)::Invoke(isolate=0x0000000118028000, params=0x000000016fdf61e8)::InvokeParams const&) at execution.cc:428:33 [opt]
frame #28: 0x0000000100938c90 node`v8::internal::Execution::Call(isolate=0x0000000118028000, callable=Handle<v8::internal::Object> @ x23, receiver=Handle<v8::internal::Object> @ x22, argc=0, argv=0x0000000000000000) at execution.cc:526:10 [opt]
frame #29: 0x00000001006c7958 node`v8::Function::Call(this=<unavailable>, context=<unavailable>, recv=(val_ = 0x00000001089b8c00), argc=0, argv=0x0000000000000000) at api.cc:5284:7 [opt]
frame #30: 0x00000001000754bc node`node::InternalCallbackScope::Close(this=0x000000016fdf6620) at callback.cc:160:22
frame #31: 0x000000010007617c node`node::InternalMakeCallback(env=0x000000010896a600, resource=(val_ = 0x00000001089b9380), recv=(val_ = 0x00000001089b9380), callback=(val_ = 0x000000010895fc20), argc=0, argv=0x0000000000000000, asyncContext=(async_id = 2, trigger_async_id = 1)) at callback.cc:219:9
frame #32: 0x00000001000ac0ac node`node::AsyncWrap::MakeCallback(this=0x0000000107b064a0, cb=(val_ = 0x000000010895fc20), argc=0, argv=0x0000000000000000) at async_wrap.cc:662:27
frame #33: 0x0000000100449628 node`node::(anonymous namespace)::CompressionStream<node::(this=0x0000000107b064a0, status=0)::ZlibContext>::AfterThreadPoolWork(int) at node_zlib.cc:426:5
frame #34: 0x00000001001c989c node`node::ThreadPoolWork::ScheduleWork(this=0x0000000107b064e8, req=0x0000000107b064e8, status=0)::'lambda'(uv_work_s*, int)::operator()(uv_work_s*, int) const at threadpoolwork-inl.h:44:15
frame #35: 0x00000001001c9838 node`node::ThreadPoolWork::ScheduleWork(req=0x0000000107b064e8, status=0)::'lambda'(uv_work_s*, int)::__invoke(uv_work_s*, int) at threadpoolwork-inl.h:41:7
frame #36: 0x0000000101448fc8 node`uv__queue_done(w=0x0000000107b06540, err=0) at threadpool.c:339:3
frame #37: 0x0000000101448de0 node`uv__work_done(handle=0x0000000104929bb0) at threadpool.c:318:5
frame #38: 0x0000000101450e78 node`uv__async_io(loop=0x0000000104929ae8, w=0x0000000104929d58, events=1) at async.c:163:5
frame #39: 0x0000000101470fa8 node`uv__io_poll(loop=0x0000000104929ae8, timeout=0) at kqueue.c:374:9
frame #40: 0x000000010145150c node`uv_run(loop=0x0000000104929ae8, mode=UV_RUN_DEFAULT) at core.c:389:5
frame #41: 0x000000010007a164 node`node::SpinEventLoop(env=0x000000010896a600) at embed_helpers.cc:37:7
frame #42: 0x00000001002e1128 node`node::NodeMainInstance::Run(this=0x000000016fdff190, exit_code=0x000000016fdff124, env=0x000000010896a600) at node_main_instance.cc:140:18
frame #43: 0x00000001002e0bbc node`node::NodeMainInstance::Run(this=0x000000016fdff190) at node_main_instance.cc:132:3
frame #44: 0x00000001001b3c80 node`node::Start(argc=2, argv=0x000000016fdff400) at node.cc:1207:38
frame #45: 0x0000000101998390 node`main(argc=2, argv=0x000000016fdff400) at node_main.cc:127:10
frame #46: 0x000000010779508c dyld`start + 520
@nodejs/v8
This is likely already fixed; the problem there was a missing scope to flip MAP_JIT state from X to W during marking (iiuc). Probably the same here.
@verwaest This build is with a V8 commit/lkgr from this morning: v8/v8@9662376
Can you please file a bug with v8 in that case?
Fixed upstream, thank you!