sdk
sdk copied to clipboard
Published
20 hours ago •
dart-lang
dart-lang
VM crash with SEGV_MAPERR on dart-fuzz bot
From dart-fuzz bot:
===== CRASH =====
si_signo=Segmentation fault(11), si_code=SEGV_MAPERR(1), si_addr=0x27daadd
-- BEGIN REPRODUCE --
DART SDK REVISION:
dart runtime/tools/dartfuzz/dartfuzz.dart --no-fp --no-ffi --flat --seed 656373376 fuzz.dart
-- RUN 1 --
out/ReleaseX64C/dart --profiler --force_evacuation --no_array_bounds_check_elimination --old_gen_heap_size=128 /b/s/w/it31rrdx0s/dart_fuzzUACCYQ/fuzz.dart
-- RUN 2 --
out/DebugSIMARM/dart --profiler --profile_vm=false --profile_vm=false --verify_after_gc --compactor_tasks=2 --no_enable_peephole --inlining_hotness=15 --old_gen_heap_size=128 /b/s/w/it31rrdx0s/dart_fuzzUACCYQ/fuzz.dart
-- END REPRODUCE --
Log: https://logs.chromium.org/logs/dart/buildbucket/cr-buildbucket/8713113813214013105/+/u/collect_shards/dartfuzz_-_generated_programs_shard_3/task_stdout_stderr:dartfuzz-_generated_programs_shard_3
Another dart-fuzz shard crashed differently, but these crashes could be related: https://github.com/dart-lang/sdk/issues/60809#issuecomment-2935747512
The crash is reproducible via
out/DebugSIMARM/dart --profiler --profile_vm=false --profile_vm=false --verify_after_gc --compactor_tasks=2 --no_enable_peephole --inlining_hotness=15 --old_gen_heap_size=128 fuzz.dart
Stack trace from gdb:
Thread 15 "DartWorker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf0e7fb40 (LWP 1440214)]
dart::ProfilerDartStackWalker::CallerPC (this=0xf0e7d178) at out/DebugSIMARM/../../runtime/vm/profiler.cc:1110
1110 return reinterpret_cast<uword*>(*caller_pc_ptr);
(gdb) bt
#0 dart::ProfilerDartStackWalker::CallerPC (this=0xf0e7d178) at out/DebugSIMARM/../../runtime/vm/profiler.cc:1110
#1 dart::ProfilerDartStackWalker::walk (this=0xf0e7d178) at out/DebugSIMARM/../../runtime/vm/profiler.cc:1098
#2 0x5902a9c1 in dart::CollectSample (isolate=<optimized out>, exited_dart_code=<optimized out>, in_dart_code=<optimized out>, sample=0xf6b28fc0, native_stack_walker=0xf0e7d140, dart_stack_walker=0xf0e7d178, pc=4025156384,
fp=<optimized out>, sp=4131384612, counters=<optimized out>) at ../../buildtools/linux-x64/clang/bin/../include/c++/v1/__atomic/support/c11.h:181
#3 0x5902a80b in dart::Profiler::SampleThread (thread=0x594ed360, state=...) at out/DebugSIMARM/../../runtime/vm/profiler.cc:1469
#4 0x590c2dab in dart::ThreadInterrupterLinux::ThreadInterruptSignalHandler (signal=27, info=0xf0e7d28c, context_=0xf0e7d30c) at out/DebugSIMARM/../../runtime/vm/thread_interrupter_linux.cc:44
#5 <signal handler called>
#6 0x590922ff in dart::Simulator::HandleRList (this=0x594e0b90, instr=0xefeb0320, load=<optimized out>) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:1354
#7 0x5909637f in dart::Simulator::DecodeType4 (instr=<optimized out>, this=<optimized out>) at ../../runtime/vm/constants_arm.h:1295
#8 dart::Simulator::InstructionDecodeImpl (instr=<optimized out>, this=<optimized out>) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3429
#9 dart::Simulator::ExecuteNoTrace (this=0x594e0b90) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3489
#10 0x59097c42 in dart::Simulator::Execute (this=0x594e0b90) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3473
#11 dart::Simulator::Call (this=0x594e0b90, entry=-146261336, parameter0=-270235455, parameter1=-145710623, parameter2=-271981547, parameter3=1498338144, fp_return=<optimized out>, fp_args=<optimized out>)
at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3615
#12 0x58e4ed36 in dart::InvokeDartCode(unsigned int, dart::Array const&, dart::Array const&, dart::Thread*)::$_0::operator()(unsigned int, unsigned int, unsigned int, dart::Thread*) const (entry_point=<optimized out>,
arguments_descriptor=<optimized out>, arguments=4022985749, thread=0x594ed360, this=<optimized out>) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:109
#13 dart::InvokeDartCode (entry_point=<optimized out>, arguments_descriptor=..., arguments=..., thread=0x594ed360) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:117
#14 dart::DartEntry::InvokeFunction (function=..., arguments=..., arguments_descriptor=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:160
#15 0x58e4eb2a in dart::DartEntry::InvokeFunction (function=..., arguments=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:39
#16 0x58e51000 in dart::DartLibraryCalls::InstanceCreate (lib=..., class_name=..., constructor_name=..., arguments=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:625
#17 0x58e77c0a in dart::Exceptions::Create (type=dart::Exceptions::kRange, arguments=...) at out/DebugSIMARM/../../runtime/vm/exceptions.cc:1285
#18 0x58e765dc in dart::Exceptions::ThrowByType (type=dart::Exceptions::kRange, arguments=...) at out/DebugSIMARM/../../runtime/vm/exceptions.cc:1097
#19 0x5904fe50 in dart::DRT_HelperRangeError (zone=<optimized out>, arguments=..., isolate=<optimized out>, thread=<optimized out>) at out/DebugSIMARM/../../runtime/vm/runtime_entry.cc:232
#20 DRT_RangeError (arguments=...) at out/DebugSIMARM/../../runtime/vm/runtime_entry.cc:204
#21 0x590925c8 in dart::Simulator::SupervisorCall (this=0x594e0b90, instr=0x594e581c) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:1438
#22 0x59093e61 in dart::Simulator::DecodeType7 (this=0x594e0b90, instr=0x594e581c) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:2503
#23 0x590963f9 in dart::Simulator::InstructionDecodeImpl (instr=<optimized out>, this=<optimized out>) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3441
#24 dart::Simulator::ExecuteNoTrace (this=0x594e0b90) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3489
#25 0x59097c42 in dart::Simulator::Execute (this=0x594e0b90) at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3473
#26 dart::Simulator::Call (this=0x594e0b90, entry=-146261336, parameter0=-175816055, parameter1=-145710719, parameter2=-171442059, parameter3=1498338144, fp_return=<optimized out>, fp_args=<optimized out>)
at out/DebugSIMARM/../../runtime/vm/simulator_arm.cc:3615
#27 0x58e4ed36 in dart::InvokeDartCode(unsigned int, dart::Array const&, dart::Array const&, dart::Thread*)::$_0::operator()(unsigned int, unsigned int, unsigned int, dart::Thread*) const (entry_point=<optimized out>,
arguments_descriptor=<optimized out>, arguments=4123525237, thread=0x594ed360, this=<optimized out>) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:109
#28 dart::InvokeDartCode (entry_point=<optimized out>, arguments_descriptor=..., arguments=..., thread=0x594ed360) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:117
#29 dart::DartEntry::InvokeFunction (function=..., arguments=..., arguments_descriptor=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:160
#30 0x58e4eb2a in dart::DartEntry::InvokeFunction (function=..., arguments=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:39
#31 0x58e518bf in dart::DartLibraryCalls::HandleMessage (port_id=4689016238103787, message=...) at out/DebugSIMARM/../../runtime/vm/dart_entry.cc:735
#32 0x58e8f971 in dart::IsolateMessageHandler::HandleMessage (this=<optimized out>, message=...) at out/DebugSIMARM/../../runtime/vm/isolate.cc:1539
#33 0x58ed1df0 in dart::MessageHandler::HandleMessages (this=0x594e0a70, ml=0xf0e7f118, allow_normal_messages=<optimized out>, allow_multiple_normal_messages=<optimized out>) at out/DebugSIMARM/../../runtime/vm/message_handler.cc:229
#34 0x58ed2aa3 in dart::MessageHandler::TaskCallback (this=0x594e0a70) at out/DebugSIMARM/../../runtime/vm/message_handler.cc:443
#35 0x58ed3999 in dart::MessageHandlerTask::Run (this=0x594dd080) at out/DebugSIMARM/../../runtime/vm/message_handler.cc:31
#36 0x590c4288 in dart::ThreadPool::WorkerLoop (this=0x594de2c0, worker=0x594dc4e0) at out/DebugSIMARM/../../runtime/vm/thread_pool.cc:207
#37 0x590c4b70 in dart::ThreadPool::Worker::Main (args=1498268896) at out/DebugSIMARM/../../runtime/vm/thread_pool.cc:367
#38 0x590210eb in dart::ThreadStart (data_ptr=0x594dfe30) at out/DebugSIMARM/../../runtime/vm/os_thread_linux.cc:97
#39 0xf7cd2781 in ?? () from /lib/i386-linux-gnu/libc.so.6
#40 0xf7d68df8 in ?? () from /lib/i386-linux-gnu/libc.so.6
Given the location of the crash, this is probably the same as https://github.com/dart-lang/sdk/issues/60810.
/cc @rmacnak-google @bkonyi