Assertion failed 'child->OperIs(GT_AND) || child->OperIsCmpCompare()' during 'Lowering nodeinfo'

[kunalspathak]

// Found by Antigen

using System;
using System.Collections.Generic;
using System.Runtime.CompilerServices;
public class TestClass
{
    public struct S1
    {
        public struct S1_D1_F1
        {
            public struct S1_D2_F1
            {
            }
        }
    }
    public struct S2
    {
    }
    public struct S3
    {
    }
    public struct S5
    {
        public struct S5_D1_F2
        {
        }
    }
    static int s_int_15 = 62;
    bool bool_33 = true;
    double double_37 = 2.03125;
    int int_39 = -5;
    string string_43 = "Y5JA1";
    S1.S1_D1_F1.S1_D2_F1 s1_s1_d1_f1_s1_d2_f1_47 = new S1.S1_D1_F1.S1_D2_F1();
    S2 s2_51 = new S2();
    S5.S5_D1_F2 s5_s5_d1_f2_55 = new S5.S5_D1_F2();
    [MethodImpl(MethodImplOptions.NoInlining)]
    public int LeafMethod6()
    {
        unchecked
        {
            return int_39;
        }
    }
    public S5.S5_D1_F2 Method1(out S1.S1_D1_F1.S1_D2_F1 p_s1_s1_d1_f1_s1_d2_f1_57, S2 p_s2_58, out double p_double_59, S3 p_s3_60)
    {
        unchecked
        {
            int int_67 = 62;
            string string_71 = "1X";
            ushort ushort_72 = 2;
            S5.S5_D1_F2 s5_s5_d1_f2_87 = new S5.S5_D1_F2();
            S5.S5_D1_F2 s5_s5_d1_f2_88 = s5_s5_d1_f2_87;
            p_double_59 = 15/4;
            switch (string_71 = 15+4+ string_43)
            {
                case "XCT":
                {
                    switch (15<<4)
                    {
                        case 5:
                        {
                            break;
                        }
                        case 62:
                        {
                            break;
                        }
                        case -5:
                        {
                            break;
                        }
                        default:
                        {
                            switch (15>>4^ (s_int_15 -= int_67 <<= LeafMethod6())& int_67 + int_67& s_int_15 / 15|4)
                            {
                                case 1:
                                {
                                    break;
                                }
                                case 2:
                                {
                                    break;
                                }
                                case -2147483647:
                                {
                                    break;
                                }
                                default:
                                {
                                    break;
                                }
                            }
                            break;
                        }
                    }
                    break;
                }
                case "KW9":
                {
                    break;
                }
                default:
                {
                    while (bool_33&& 15!=4)
                    {
                        try
                        {
                        }
                        finally
                        {
                            while ((ushort_72 <<= int_39 >>= LeafMethod6())<= 15-4)
                            {
                            }
                        }
                    }
                    break;
                }
            }
            return s5_s5_d1_f2_88;
        }
    }
    public void Method0()
    {
        unchecked
        {
            S3 s3_166 = new S3();
            s5_s5_d1_f2_55 = Method1(out s1_s1_d1_f1_s1_d2_f1_47, s2_51, out double_37, s3_166);
            return;
        }
    }
    public static void Main(string[] args)
    {
        new TestClass().Method0();
    }
}
/*
--------- Test ---------  

Environment:

set COMPlus_AltJitName=clrjit_universal_arm64_x64.dll
set COMPlus_AltJit=Method1

Assert failure(PID 27256 [0x00006a78], Thread: 59140 [0xe704]): Assertion failed 'child->OperIs(GT_AND) || child->OperIsCmpCompare()' in 'TestClass:Method1(byref,S2,byref,S3):S5_D1_F2:this' during 'Lowering nodeinfo' (IL size 198; hash 0x9d220244; Tier0-FullOpts)
    File: D:\git\runtime\src\coreclr\jit\lowerarmarch.cpp Line: 2247
    Image: D:\git\runtime\artifacts\tests\coreclr\windows.x64.Checked\tests\Core_Root\CoreRun.exe
*/

[ghost]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Issue Details

---

// Found by Antigen

using System;
using System.Collections.Generic;
using System.Runtime.CompilerServices;
public class TestClass
{
    public struct S1
    {
        public struct S1_D1_F1
        {
            public struct S1_D2_F1
            {
            }
        }
    }
    public struct S2
    {
    }
    public struct S3
    {
    }
    public struct S5
    {
        public struct S5_D1_F2
        {
        }
    }
    static int s_int_15 = 62;
    bool bool_33 = true;
    double double_37 = 2.03125;
    int int_39 = -5;
    string string_43 = "Y5JA1";
    S1.S1_D1_F1.S1_D2_F1 s1_s1_d1_f1_s1_d2_f1_47 = new S1.S1_D1_F1.S1_D2_F1();
    S2 s2_51 = new S2();
    S5.S5_D1_F2 s5_s5_d1_f2_55 = new S5.S5_D1_F2();
    [MethodImpl(MethodImplOptions.NoInlining)]
    public int LeafMethod6()
    {
        unchecked
        {
            return int_39;
        }
    }
    public S5.S5_D1_F2 Method1(out S1.S1_D1_F1.S1_D2_F1 p_s1_s1_d1_f1_s1_d2_f1_57, S2 p_s2_58, out double p_double_59, S3 p_s3_60)
    {
        unchecked
        {
            int int_67 = 62;
            string string_71 = "1X";
            ushort ushort_72 = 2;
            S5.S5_D1_F2 s5_s5_d1_f2_87 = new S5.S5_D1_F2();
            S5.S5_D1_F2 s5_s5_d1_f2_88 = s5_s5_d1_f2_87;
            p_double_59 = 15/4;
            switch (string_71 = 15+4+ string_43)
            {
                case "XCT":
                {
                    switch (15<<4)
                    {
                        case 5:
                        {
                            break;
                        }
                        case 62:
                        {
                            break;
                        }
                        case -5:
                        {
                            break;
                        }
                        default:
                        {
                            switch (15>>4^ (s_int_15 -= int_67 <<= LeafMethod6())& int_67 + int_67& s_int_15 / 15|4)
                            {
                                case 1:
                                {
                                    break;
                                }
                                case 2:
                                {
                                    break;
                                }
                                case -2147483647:
                                {
                                    break;
                                }
                                default:
                                {
                                    break;
                                }
                            }
                            break;
                        }
                    }
                    break;
                }
                case "KW9":
                {
                    break;
                }
                default:
                {
                    while (bool_33&& 15!=4)
                    {
                        try
                        {
                        }
                        finally
                        {
                            while ((ushort_72 <<= int_39 >>= LeafMethod6())<= 15-4)
                            {
                            }
                        }
                    }
                    break;
                }
            }
            return s5_s5_d1_f2_88;
        }
    }
    public void Method0()
    {
        unchecked
        {
            S3 s3_166 = new S3();
            s5_s5_d1_f2_55 = Method1(out s1_s1_d1_f1_s1_d2_f1_47, s2_51, out double_37, s3_166);
            return;
        }
    }
    public static void Main(string[] args)
    {
        new TestClass().Method0();
    }
}
/*
--------- Test ---------  

Environment:

set COMPlus_AltJitName=clrjit_universal_arm64_x64.dll
set COMPlus_AltJit=Method1

Assert failure(PID 27256 [0x00006a78], Thread: 59140 [0xe704]): Assertion failed 'child->OperIs(GT_AND) || child->OperIsCmpCompare()' in 'TestClass:Method1(byref,S2,byref,S3):S5_D1_F2:this' during 'Lowering nodeinfo' (IL size 198; hash 0x9d220244; Tier0-FullOpts)
    File: D:\git\runtime\src\coreclr\jit\lowerarmarch.cpp Line: 2247
    Image: D:\git\runtime\artifacts\tests\coreclr\windows.x64.Checked\tests\Core_Root\CoreRun.exe
*/

Author:	kunalspathak
Assignees:	-
Labels:	area-CodeGen-coreclr
Milestone:	-

[kunalspathak]

@dotnet/jit-contrib @a74nh

[JulieLeeMSFT]

Somehow, I cannot assign this to @a74nh, so I put it under @kunalspathak.

[kunalspathak]

For (s_int_15 -= int_67 <<= LeafMethod6())& int_67 + int_67& s_int_15 / 15|4), we generate this:

N015 ( 35, 19) [000089] -A--G---R--                         ▌  ASG       int    $1c9
N014 (  1,  1) [000088] D------N---                         ├──▌  LCL_VAR   int    V10 loc5         d:2 $VN.Void
N013 ( 35, 19) [000087] ----G------                         └──▌  OR        int    <l:$332, c:$331>
N011 ( 33, 16) [000084] ----G------                            ├──▌  AND       int    <l:$32e, c:$32d>
N005 ( 27,  9) [000083] ----G------                            │  ├──▌  DIV       int    <l:$327, c:$326>
N003 (  6,  4) [000081] ----G------                            │  │  ├──▌  COMMA     int    <l:$323, c:$322>
N001 (  3,  2) [000305] -----------                            │  │  │  ├──▌  LCL_VAR   long   V23 cse0         u:1 $400
N002 (  3,  2) [000310] -----------                            │  │  │  └──▌  LCL_VAR   int    V24 cse1         u:1 <l:$320, c:$321>
N004 (  1,  2) [000082] -----------                            │  │  └──▌  CNS_INT   int    15 $4b
N010 (  5,  6) [000075] -----------                            │  └──▌  AND       int    <l:$329, c:$32a>
N006 (  1,  1) [000063] -----------                            │     ├──▌  LCL_VAR   int    V14 tmp3         u:2 (last use) <l:$320, c:$321>
N009 (  3,  4) [000243] -----------                            │     └──▌  LSH       int    $328
N007 (  1,  1) [000073] -----------                            │        ├──▌  LCL_VAR   int    V13 tmp2         u:2 (last use) $31f
N008 (  1,  2) [000072] -----------                            │        └──▌  CNS_INT   int    1 $46
N012 (  1,  2) [000086] -----------                            └──▌  CNS_INT   int    4 $4c

and we fail in IsValidCompareChain() where we expect the child == GT_AND but is GT_LSH.

[tannergooding]

This is probably related to #75823.

There may be related considerations around #76273

[a74nh]

This is down to contained being quite generic, but the CompareChain being more specific in exactly what it allows.

Maybe the fix is to just say if the child isn't AND or a compare, then just return false.

[a74nh]

Fix looks simple. Getting a patch through testing now.

In addition, I was seeing another issue. With the same program, I get a segfault when I enable jit dumping.

export COMPlus_JitDump=Method1
export COMPlus_TieredCompilation=0

*************** Starting PHASE Do value numbering

*************** In fgValueNumber()
optComputeLoopNestSideEffects for L00
optComputeLoopSideEffectsOfBlock BB21, mostNestedLoop 0
Unmarking LOOP_ALIGN from BB21. Reason= Loop with call.
Memory Initial Value in BB01 is: $180
The SSA definition for ByrefExposed (#1) at start of BB01 is $180 {InitVal($42)}
The SSA definition for GcHeap (#1) at start of BB01 is $180 {InitVal($42)}

***** BB01, STMT00000(before)
N003 (  5,  5) [000002] -A------R--                         *  ASG       int
N002 (  3,  2) [000001] D------N---                         +--*  LCL_VAR   int    V05 loc0         d:2
N001 (  1,  2) [000000] -----------                         \--*  CNS_INT   int    62

N001 [000000]   CNS_INT   62 => $43 {IntCns 62}
N002 [000001]   LCL_VAR   V05 loc0         d:2 => $VN.Void
Tree [000002] assigned VN to local var V05/2: $43 {IntCns 62}
N003 [000002]   ASG       => $VN.Void

***** BB01, STMT00000(after)
N003 (  5,  5) [000002] -A------R--                         *  ASG       int    $VN.Void
N002 (  3,  2) [000001] D------N---                         +--*  LCL_VAR   int    V05 loc0         d:2 $VN.Void
N001 (  1,  2) [000000] -----------                         \--*  CNS_INT   int    62 $43

---------

***** BB01, STMT00001(before)
N003 (  1,  3) [000005] -A------R--                         *  ASG       int
N002 (  1,  1) [000004] D------N---                         +--*  LCL_VAR   int    V06 loc1         d:2
N001 (  1,  2) [000235] -----------                         \--*  CNS_INT   int    2

N001 [000235]   CNS_INT   2 => $44 {IntCns 2}
N002 [000004]   LCL_VAR   V06 loc1         d:2 => $VN.Void
Tree [000005] assigned VN to local var V06/2: $44 {IntCns 2}
N003 [000005]   ASG       => $VN.Void

***** BB01, STMT00001(after)
N003 (  1,  3) [000005] -A------R--                         *  ASG       int    $VN.Void
N002 (  1,  1) [000004] D------N---                         +--*  LCL_VAR   int    V06 loc1         d:2 $VN.Void
N001 (  1,  2) [000235] -----------                         \--*  CNS_INT   int    2 $44

---------

***** BB01, STMT00003(before)
N003 ( 11,  9) [000013] IA------R--                         *  ASG       struct (init)
N002 (  9,  6) [000011] D------N---                         +--*  LCL_VAR   struct<TestClass+S5+S5_D1_F2, 1> V07 loc2         d:2
N001 (  1,  2) [000010] -----------                         \--*  CNS_INT   int    0

N001 [000010]   CNS_INT   0 => $40 {IntCns 0}
N002 [000011]   LCL_VAR   V07 loc2         d:2 => $VN.Void

Thread 1 "corerun" received signal SIGSEGV, Segmentation fault.

Full gdb backtrace:

#0  MethodTable::GetModule (this=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/methodtable.cpp:377
#1  0x0000fffff72513cc in MethodTable::GetMDImport (this=0xaaaaaac51020)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/methodtable.inl:911
#2  MethodTable::GetFullyQualifiedNameInfo (this=0xaaaaaac51020, ppszNamespace=0xffffffffa8b0)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/class.cpp:2112
#3  0x0000fffff72d4dbc in CEEInfo::getClassNameFromMetadata (this=<optimized out>, cls=0xaaaaaac51020,
    namespaceName=0xffffffffa910) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/jitinterface.cpp:6229
#4  0x0000ffffb410d344 in Compiler::eePrintType (this=0xaaaaaac4eef8, printer=0xffffffffa9a0, clsHnd=0xaaaaaac51020,
    includeNamespace=true, includeInstantiation=true)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/eeinterface.cpp:95
#5  0x0000fffff72e63c8 in CEEInfo::runWithSPMIErrorTrap (this=<optimized out>, function=0xffffffffa8b0,
    param=0xaaaaaac51020) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/jitinterface.cpp:10517
#6  0x0000ffffb410cb98 in Compiler::eeRunWithSPMIErrorTrapImp (this=0xaaaaaac4eef8, function=0xffffffffa8b0,
    param=0xffffffffa988) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/ee_il_dll.cpp:1386
#7  Compiler::eeRunWithSPMIErrorTrap<Compiler::eeGetClassName(CORINFO_CLASS_STRUCT_*)::$_2>(void (*)(Compiler::eeGetClassName(CORINFO_CLASS_STRUCT_*)::$_2*), Compiler::eeGetClassName(CORINFO_CLASS_STRUCT_*)::$_2*) (this=<optimized out>,
    function=0xffffffffa8b0, param=0xffffffffa988)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.h:7788
#8  Compiler::eeRunFunctorWithSPMIErrorTrap<Compiler::eeGetClassName(CORINFO_CLASS_STRUCT_*)::$_2>(Compiler::eeGetClassName(CORINFO_CLASS_STRUCT_*)::$_2) (this=<optimized out>, f=...)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.h:7794
#9  Compiler::eeGetClassName (this=0xaaaaaac4eef8, clsHnd=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/ee_il_dll.cpp:1518
#10 0x0000ffffb42ec178 in ValueNumStore::vnDumpZeroObj (this=0xaaaaaac4bb30, comp=0xaaaaaac4eef8, zeroObj=0xffffffffa9f0)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:6932
#11 ValueNumStore::vnDump (this=0xaaaaaac4bb30, comp=0xaaaaaac4eef8, vn=<optimized out>, isPtr=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:6702
#12 0x0000ffffb42ecc1c in Compiler::fgValueNumberLocalStore (this=0xaaaaaac4eef8, storeNode=0xaaaaaac52e58, lclDefNode=
    0xaaaaaac52d68, offset=0, storeSize=1, value=..., normalize=true)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:4884
#13 0x0000ffffb42f8c70 in Compiler::fgValueNumberBlockAssignment (this=0xaaaaaac4eef8, tree=0xaaaaaac52e58)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:8419
#14 0x0000ffffb42f4f70 in Compiler::fgValueNumberTree (this=0xaaaaaac4eef8, tree=0xaaaaaac52e58)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:8620
#15 0x0000ffffb42f3b64 in Compiler::fgValueNumberBlock (this=<optimized out>, blk=0xaaaaaac51388)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:7806
#16 0x0000ffffb42f2db0 in Compiler::fgValueNumber (this=0xaaaaaac4eef8)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/valuenum.cpp:7581
#17 0x0000ffffb42b98f4 in Phase::Run (this=0xffffffffaf30)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/phase.cpp:61
--Type <RET> for more, q to quit, c to continue without paging--
#18 0x0000ffffb40fbed0 in DoPhase (_compiler=0xaaaaaac4eef8, _phase=PHASE_VALUE_NUMBER, _action=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/phase.h:136
#19 Compiler::compCompile (this=0xaaaaaac4eef8, methodCodePtr=<optimized out>, methodCodeSize=<optimized out>,
    compileFlags=<optimized out>) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:4765
#20 0x0000ffffb40fed30 in Compiler::compCompileHelper (this=0xaaaaaac4eef8, classPtr=<optimized out>,
    compHnd=<optimized out>, methodInfo=<optimized out>, methodCodePtr=0xffffffffb958, methodCodeSize=0xffffffffbb4c,
    compileFlags=0xffffffffb970) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:6614
#21 0x0000ffffb40fd4f8 in Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::$_4::operator()(Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::__JITParam*) const (
    this=<optimized out>, __JITpParam=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:5778
#22 Compiler::compCompile (this=0xaaaaaac4eef8, classPtr=0xffffb76e34c8, methodCodePtr=0xffffffffb958,
    methodCodeSize=0xffffffffbb4c, compileFlags=0xffffffffb970)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:5797
#23 0x0000ffffb40ffba8 in jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_6::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::{lambda(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_6::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*)#1}::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_6::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:7260
#24 jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_6::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const (this=<optimized out>,
    __JITpParam=<optimized out>) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:7285
#25 jitNativeCode (methodHnd=0xffffb76e5ef0, classPtr=0xffffb76e34c8, compHnd=0xffffffffbcf0, methodInfo=0xffffffffbb80,
    methodCodePtr=0xffffffffb958, methodCodeSize=0xffffffffbb4c, compileFlags=0xffffffffb970, inlineInfoPtr=0x0)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/compiler.cpp:7287
#26 0x0000ffffb410af50 in CILJit::compileMethod (this=<optimized out>, compHnd=0xffffffffbcf0, methodInfo=0xffffffffbb80,
    flags=<optimized out>, entryAddress=0xffffffffbb50, nativeSizeOfCode=0xffffffffbb4c)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/jit/ee_il_dll.cpp:259
#27 0x0000fffff72ebd5c in invokeCompileMethodHelper (jitMgr=0xaaaaaab5ea40, comp=0xffffffffbcf0, info=0xffffffffbb80,
    jitFlags=..., nativeEntry=0xffffffffbb50, nativeSizeOfCode=0xffffffffbb4c)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/jitinterface.cpp:12376
#28 0x0000fffff72ebe10 in invokeCompileMethod (jitMgr=0xaaaaaac51020, comp=0xffffffffa8b0, info=0xffffffffa910,
    jitFlags=..., nativeEntry=0x1, nativeSizeOfCode=0xaaaaaac0ae00)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/jitinterface.cpp:12439
#29 0x0000fffff72ecdf0 in UnsafeJitFunction (config=<optimized out>, ILHeader=0xffffffffc770, flags=...,
--Type <RET> for more, q to quit, c to continue without paging--
    pSizeOfCode=0xffffffffc864) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/jitinterface.cpp:12912
#30 0x0000fffff733ff30 in MethodDesc::JitCompileCodeLocked (this=0xffffb76e5ef0, pConfig=0xffffffffcb30,
    pEntry=0xaaaaaacd3ca0, pSizeOfCode=0xffffffffc864, pFlags=0xffffffffc8c8)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:952
#31 0x0000fffff733faa8 in MethodDesc::JitCompileCodeLockedEventWrapper (this=0xffffb76e5ef0, pConfig=0xffffffffcb30,
    pEntry=0xaaaaaacd3ca0) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:823
#32 0x0000fffff733f024 in MethodDesc::JitCompileCode (this=0xffffb76e5ef0, pConfig=0xffffffffcb30)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:763
#33 0x0000fffff733e4d4 in MethodDesc::PrepareILBasedCode (this=0xffffb76e5ef0, pConfig=0xffffffffcb30)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:426
#34 0x0000fffff726afec in CodeVersionManager::PublishVersionableCodeIfNecessary (this=0xaaaaaab5b1e8,
    pMethodDesc=0xffffb76e5ef0, callerGCMode=CallerGCMode::Coop, doBackpatchRef=0xffffffffcc58,
    doFullBackpatchRef=<optimized out>) at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/codeversion.cpp:1698
#35 0x0000fffff7342de0 in MethodDesc::DoPrestub (this=0xffffb76e5ef0, pDispatchingMT=0x0, callerGCMode=CallerGCMode::Coop)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:2109
#36 0x0000fffff7342410 in PreStubWorker (pTransitionBlock=<optimized out>, pMD=<optimized out>)
    at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/prestub.cpp:1938
#37 0x0000fffff76168f8 in ThePreStub () at /home/alahay01/dotnet/runtime_cmpassert/src/coreclr/vm/arm64/asmhelpers.S:556
#38 0x0000ffffb7541874 in ?? ()
#39 0x0000ffffffffd190 in ?? ()
#40 0x0000fffff7a6fd00 in vtable for NativeExceptionHolder<RunMain(MethodDesc*, short, int*, REF<PtrArray>*)::$_2> ()
   from /home/alahay01/dotnet/runtime_cmpassert/artifacts/bin/coreclr/Linux.arm64.Checked/libcoreclr.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

I worked around the issue by:

--- a/src/coreclr/jit/valuenum.cpp
+++ b/src/coreclr/jit/valuenum.cpp
@@ -6699,7 +6699,7 @@ void ValueNumStore::vnDump(Compiler* comp, ValueNum vn, bool isPtr)
                 vnDumpBitCast(comp, &funcApp);
                 break;
             case VNF_ZeroObj:
-                vnDumpZeroObj(comp, &funcApp);
+                // vnDumpZeroObj(comp, &funcApp);
                 break;

             default:

No idea what this is doing, so I'll leave that for someone else. (does that require a new issue?)

[kunalspathak]

Fixed by #76662