Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dartfuzz: attempt to execute illegal instruction on RISCV64 #49472

Closed
rmacnak-google opened this issue Jul 18, 2022 · 0 comments
Closed

dartfuzz: attempt to execute illegal instruction on RISCV64 #49472

rmacnak-google opened this issue Jul 18, 2022 · 0 comments
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)

Comments

@rmacnak-google
Copy link
Contributor

$ dart runtime/tools/dartfuzz/dartfuzz.dart --no-fp --ffi --no-flat --seed 123062266 fuzz.dart
$ out/ReleaseSIMRISCV64/dart --optimization_level=3 --deterministic --old_gen_heap_size=128 fuzz.dart
...
===== CRASH =====
si_signo=Segmentation fault(11), si_code=1, si_addr=0xffffffffb1aab121
version=2.19.0-edge.ea7f3d4d967be60ff78d3abbc12bcd67c7a28af9 (be) (Sat Jul 16 06:59:02 2022 +0000) on "linux_simriscv64"
pid=19546, thread=19576, isolate_group=main(0x5578b5e70800), isolate=main(0x5578b5d69800)
isolate_instructions=5578b48d57a0, vm_instructions=5578b48d57a0
  pc 0x00005578b4bb008d fp 0x00007f02c12fe3b0 dart::StackFrameIterator::NextFrame()+0x5d
  pc 0x00005578b4ba810c fp 0x00007f02c12fe4a0 dart::Simulator::PrintStack()+0x6c
  pc 0x00005578b4ba819e fp 0x00007f02c12fe4d0 dart::Simulator::IllegalInstruction(dart::Instr)+0x1e
  pc 0x00005578b4ba6113 fp 0x00007f02c12fe510 dart::Simulator::ExecuteNoTrace()+0x1d23
  pc 0x00005578b4ba43bb fp 0x00007f02c12fe540 dart::Simulator::Call(long, long, long, long, long, bool, bool)+0xab
  pc 0x00005578b4a46419 fp 0x00007f02c12fe5f0 dart::DartEntry::InvokeCode(dart::Code const&, unsigned long, dart::Array const&, dart::Array const&, dart::Thread*)+0x149
  pc 0x00005578b4a4626f fp 0x00007f02c12fe660 dart::DartEntry::InvokeFunction(dart::Function const&, dart::Array const&, dart::Array const&, unsigned long)+0x12f
  pc 0x00005578b4a486ac fp 0x00007f02c12fe6b0 dart::DartLibraryCalls::HandleMessage(long, dart::Instance const&)+0x14c
  pc 0x00005578b4a6e99e fp 0x00007f02c12fec40 dart::IsolateMessageHandler::HandleMessage(std::__2::unique_ptr<dart::Message, std::__2::default_delete<dart::Message>>)+0x34e
  pc 0x00005578b4a97e0d fp 0x00007f02c12fecb0 dart::MessageHandler::HandleMessages(dart::MonitorLocker*, bool, bool)+0x14d
  pc 0x00005578b4a984eb fp 0x00007f02c12fed00 dart::MessageHandler::TaskCallback()+0x1db
  pc 0x00005578b4bc0698 fp 0x00007f02c12fed80 dart::ThreadPool::WorkerLoop(dart::ThreadPool::Worker*)+0x148
  pc 0x00005578b4bc0af8 fp 0x00007f02c12fedb0 dart::ThreadPool::Worker::Main(unsigned long)+0x78
  pc 0x00005578b4b2de68 fp 0x00007f02c12fee70 /b/s/w/ir/out/ReleaseSIMRISCV64/dart+0x2112e68
-- End of DumpStackTrace

logs

@rmacnak-google rmacnak-google added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.) labels Jul 18, 2022
copybara-service bot pushed a commit that referenced this issue Jul 25, 2022
TEST=dartfuzz
Bug: #49472
Change-Id: Ib3dc89b969197a8d27c330dfbcd4029dbf9dd22e
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/251848
Reviewed-by: Daco Harkes <dacoharkes@google.com>
Commit-Queue: Ryan Macnak <rmacnak@google.com>
copybara-service bot pushed a commit that referenced this issue Jul 25, 2022
…tor.

TEST=ci
Bug: #48846
Bug: #49472
Change-Id: I9083d1c4e2ff633d22747f80ce1fed970e2f771a
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/251849
Reviewed-by: Daco Harkes <dacoharkes@google.com>
Commit-Queue: Ryan Macnak <rmacnak@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)
Projects
None yet
Development

No branches or pull requests

1 participant