Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

si_signo=Trace/breakpoint trap(5), si_code=128, si_addr=(nil) #38248

Closed
feli-citas opened this issue Sep 6, 2019 · 5 comments
Closed

si_signo=Trace/breakpoint trap(5), si_code=128, si_addr=(nil) #38248

feli-citas opened this issue Sep 6, 2019 · 5 comments
Assignees
@bkonyi @aartbik @feli-citas
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)

Comments

@feli-citas
Copy link
Contributor

fuzz.dart.txt
run with

dart fuzz.dart.txt

===== CRASH =====
si_signo=Trace/breakpoint trap(5), si_code=128, si_addr=(nil)
version=2.6.0-edge.5a45050d1e165f9790292631724a59688bc36a5a (Thu Sep 5 17:27:06 2019 +0000) on "linux_x64"
thread=196509, isolate=main(0x561b5ad7a100)
Stack dump aborted because InitialRegisterCheck failed.
@feli-citas feli-citas added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.) labels Sep 6, 2019
@aartbik
Copy link
Contributor

aartbik commented Sep 6, 2019

I could reproduce this error with a version before the fix, but that fix is now in (and I assumed the nightly would have picked that one up). Can you confirm from when this failure is, @feli-citas ?

../../runtime/vm/compiler/backend/il.cc: 2351: error: expected: IsRepresentable(result, representation())

@feli-citas
Copy link
Contributor Author

feli-citas commented Sep 6, 2019
edited
Loading

Report can be found here: https://logs.chromium.org/logs/dart/buildbucket/cr-buildbucket.appspot.com/8903100430609819232/+/steps/make_a_fuzz_shard_24/0/stdout?format=raw

Isolate (/b/s/w/itj2PJB0/dart_fuzzPVCTMH) FFI FP : KBC-CMP-DET-ReleaseX64 - JIT-O3-SLOWPATH-ReleaseX64: !DIVERGENCE! 1.37:2577388643 (0 vs -6)
  
fail2:
-6
  

===== CRASH =====
si_signo=Trace/breakpoint trap(5), si_code=128, si_addr=(nil)                                                                                                                                                                                                                             
version=2.6.0-edge.981be872061e464dedb3b9b7ddff4382bd00b5f1 (Fri Sep 6 01:17:07 2019 +0000) on "linux_x64"
thread=1682, isolate=main(0x560939224100)
Stack dump aborted because InitialRegisterCheck failed.

@feli-citas
Copy link
Contributor Author 

sdk/out/DebugX64/dart fuzz.dart.txt

Missing deopt info for pc 7fe22ed82a71
0x7fe228f82020    55                     push rbp
0x7fe228f82021    4889e5                 movq rbp,rsp
0x7fe228f82024    4154                   push r12
0x7fe228f82026    4157                   push pp
0x7fe228f82028    4d8b7c2427             movq pp,[r12+0x27]
0x7fe228f8202d    4883ec68               subq rsp,0x68
0x7fe228f82031    493b6648               cmpq rsp,[thr+0x48]
...
../../runtime/vm/deopt_instructions.cc: 66: error: expected: !deopt_info.IsNull()
version=2.6.0-edge.46d706410869f66703ea8ebb708475e93b4c924c (Fri Sep 6 17:00:24 2019 +0000) on "linux_x64"
thread=31821, isolate=main(0x556b94457800)
  pc 0x0000556b91eda2dc fp 0x00007fe22c0f6da0 dart::Profiler::DumpStackTrace(void*)
  pc 0x0000556b91afe622 fp 0x00007fe22c0f6e80 dart::Assert::Fail(char const*, ...)
  pc 0x0000556b91d86df2 fp 0x00007fe22c0f6f00 ./out/DebugX64/dart+0x1a04df2
  pc 0x0000556b91f4d9c9 fp 0x00007fe22c0f70c0 DLRT_DeoptimizeCopyFrame
  pc 0x00007fe22dc01c85 fp 0x00007fe22c0f7260 Unknown symbol
  pc 0x00007fe228f82e73 fp 0x00007fe22c0f72f0 Unknown symbol
  pc 0x00007fe22ed82a71 fp 0x00007fe22c0f7348 Unknown symbol
  pc 0x00007fe22dc0173a fp 0x00007fe22c0f73a8 Unknown symbol
  pc 0x0000556b91d6b08c fp 0x00007fe22c0f7450 dart::DartEntry::InvokeFunction(dart::Function const&, dart::Array const&, dart::Array const&, unsigned long)
  pc 0x0000556b91e5043f fp 0x00007fe22c0f74c0 dart::Field::EvaluateInitializer() const
  pc 0x0000556b91e50117 fp 0x00007fe22c0f7500 dart::Field::Initialize() const
  pc 0x0000556b91f4e8a1 fp 0x00007fe22c0f7590 dart::DRT_InitStaticField(dart::NativeArguments)
  pc 0x00007fe22dc01197 fp 0x00007fe22c0f75d8 Unknown symbol
  pc 0x00007fe2299f9edb fp 0x00007fe22c0f7610 Unknown symbol
  pc 0x00007fe2299f20d7 fp 0x00007fe22c0f76d0 Unknown symbol
  pc 0x00007fe2299f1527 fp 0x00007fe22c0f7710 Unknown symbol
  pc 0x00007fe2299f1337 fp 0x00007fe22c0f7748 Unknown symbol
  pc 0x00007fe2299f04ff fp 0x00007fe22c0f7790 Unknown symbol
  pc 0x00007fe2299caa3a fp 0x00007fe22c0f77d0 Unknown symbol
  pc 0x00007fe2299f01ce fp 0x00007fe22c0f7808 Unknown symbol
  pc 0x00007fe22dc0173a fp 0x00007fe22c0f7878 Unknown symbol
  pc 0x0000556b91d6b08c fp 0x00007fe22c0f7920 dart::DartEntry::InvokeFunction(dart::Function const&, dart::Array const&, dart::Array const&, unsigned long)
  pc 0x0000556b91d6db8b fp 0x00007fe22c0f7980 dart::DartLibraryCalls::HandleMessage(dart::Object const&, dart::Instance const&)
  pc 0x0000556b91dbe3be fp 0x00007fe22c0f7b80 dart::IsolateMessageHandler::HandleMessage(std::__2::unique_ptr<dart::Message, std::__2::default_delete<dart::Message> >)
  pc 0x0000556b91dfebee fp 0x00007fe22c0f7c10 dart::MessageHandler::HandleMessages(dart::MonitorLocker*, bool, bool)
  pc 0x0000556b91dffb36 fp 0x00007fe22c0f7c90 dart::MessageHandler::TaskCallback()
  pc 0x0000556b91f92d7c fp 0x00007fe22c0f7ce0 dart::ThreadPool::Worker::Loop()
  pc 0x0000556b91f92864 fp 0x00007fe22c0f7d30 dart::ThreadPool::Worker::Main(unsigned long)
  pc 0x0000556b91ed40c5 fp 0x00007fe22c0f7e70 ./out/DebugX64/dart+0x1b520c5
-- End of DumpStackTrace

Duplicate of #38230 ?

@aartbik
Copy link
Contributor

aartbik commented Sep 10, 2019
edited
Loading

Indeed, still crashes even without the slowpath or other flags on today's master:

Missing deopt info for pc 7f496ed82a71
.....
../../runtime/vm/deopt_instructions.cc: 66: error: expected: !deopt_info.IsNull()
version=2.6.0-edge.2e8d9128486b57b437046045d898a7ff0e6f9289 (Mon Sep 9 17:00:47 2019 +0000) on "linux_x64"
thread=113679, isolate=main(0x55f5b6cf6c00)
  pc 0x000055f5b4f40aec fp 0x00007f496bcf4da0 dart::Profiler::DumpStackTrace(void*)
  pc 0x000055f5b4b6a5f2 fp 0x00007f496bcf4e80 dart::Assert::Fail(char const*, ...)
  pc 0x000055f5b4deff12 fp 0x00007f496bcf4f00 /usr/local/google/home/ajcbik/drive2/dart/sdk/out/DebugX64/dart+0x1a1af12
  pc 0x000055f5b4fb0be9 fp 0x00007f496bcf50c0 DLRT_DeoptimizeCopyFrame
  pc 0x00007f496dc01c85 fp 0x00007f496bcf5260 Unknown symbol
  pc 0x00007f4968cc0eb3 fp 0x00007f496bcf52f0 Unknown symbol
  pc 0x00007f496ed82a71 fp 0x00007f496bcf5348 Unknown symbol
  pc 0x00007f496dc0173a fp 0x00007f496bcf53a8 Unknown symbol
  pc 0x000055f5b4dd420c fp 0x00007f496bcf5450 dart::DartEntry::InvokeFunction(dart::Function const&, dart::Array const&, dart::Array const&, unsigned long)
  pc 0x000055f5b4eb9cef fp 0x00007f496bcf54c0 dart::Field::EvaluateInitializer() const
  pc 0x000055f5b4eb99c7 fp 0x00007f496bcf5500 dart::Field::Initialize() const
  pc 0x000055f5b4fb1ac1 fp 0x00007f496bcf5590 dart::DRT_InitStaticField(dart::NativeArguments)

Hacking the reason string a bit gives a bit of a clue:

Deoptimizing (reason 5 'Unknown') at pc=00007f1c10702a71 fp=00007f1c0f4bd348 'file:///usr/local/google/home/ajcbik/Repo/DART/fuzz38248.dart_::_init_var8' (count 0)
../../runtime/vm/deopt_instructions.cc: 73: error: expected: !deopt_info.IsNull()

@aartbik
Copy link
Contributor

aartbik commented Sep 10, 2019
edited
Loading

Easy to write a small reproducer. The kernel binary flow graph builder was not dealing with OSR in FieldInitializer methods yet! Fix is pending.

This was referenced Sep 10, 2019
Closed
Closed
Closed
Closed
Closed
Closed
Closed
dart-bot pushed a commit that referenced this issue Sep 10, 2019
@aartbik
[vm/compiler] Better be ready for OSR in field init
2305d9f 
Rationale:
OSR was happening in a field initializer, but the kernel
binary flow graph builder assumed this never happened.
With regression test.

#38248

Change-Id: I91243b4422cac76ec7ee2460d466bd0e1cf608ee
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/116558
Reviewed-by: Alexander Markov <alexmarkov@google.com>
Reviewed-by: Ryan Macnak <rmacnak@google.com>
Commit-Queue: Aart Bik <ajcbik@google.com>
@aartbik aartbik closed this as completed Sep 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bkonyi bkonyi

@aartbik aartbik

@feli-citas feli-citas

Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bkonyi @aartbik @feli-citas