Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[gardening] Iso-stress is found a crash #56230

Closed
dcharkes opened this issue Jul 12, 2024 · 1 comment
Closed

[gardening] Iso-stress is found a crash #56230

dcharkes opened this issue Jul 12, 2024 · 1 comment
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. gardening vm-gc Related to the VM's garbage collector

Comments

@dcharkes
Copy link
Contributor

si_code=SEGV_MAPERR(1), si_addr=0x27

It looks like we tried to access memory with an offset of 0x28 on a tagged pointer, but instead the memory location did not contain a tagged pointer but 0x0.

This smells like a GC error. But I don't see any recent GC CLs. @rmacnak-google

https://logs.chromium.org/logs/dart/buildbucket/cr-buildbucket/8742676889150128513/+/u/collect_shards/Run_Isolate_Stress_Tests_shard_2/task_stdout_stderr:_Run_Isolate_Stress_Tests_shard_2

[/b/s/w/ir/cache/builder/sdk/runtime/tests/concurrency/../../../tests/standalone/io/http_client_exception_test.dart] finished

===== CRASH =====
si_signo=Segmentation fault(11), si_code=SEGV_MAPERR(1), si_addr=0x27
version=3.6.0-edge (main) (Unknown timestamp) on "linux_x64"
pid=1283828, thread=1283841, isolate_group=main(0x5589e84685d0), isolate=wrapper3769(0x7fd10c000cd0)
os=linux, arch=x64, comp=no, sim=no
isolate_instructions=5589e64ac4c0, vm_instructions=5589e64ac4c0
fp=7fd1ad1f8458, sp=7fd1ad1f83f0, pc=7fd1d0183520
  pc 0x00007fd1d0183520 fp 0x00007fd1ad1f8458 [Stub] SmiLessInlineCache+0x0
  pc 0x00007fd1ac201337 fp 0x00007fd1ad1f84c0 [Unoptimized] _rootRunUnary@4048458+0x117
  pc 0x00007fd1b7978e43 fp 0x00007fd1ad1f8558 [Unoptimized] _CustomZone@4048458.runUnary+0x1c3
  pc 0x00007fd1ac24e22d fp 0x00007fd1ad1f85e0 [Unoptimized] _CustomZone@4048458.runUnaryGuarded+0x10d
  pc 0x00007fd1b79451f7 fp 0x00007fd1ad1f8638 [Unoptimized] _BufferingStreamSubscription@4048458._sendData@4048458+0x277
  pc 0x00007fd1b7944d9c fp 0x00007fd1ad1f8678 [Unoptimized] _BufferingStreamSubscription@4048458._add@4048458+0x21c
  pc 0x00007fd1b794483c fp 0x00007fd1ad1f86b8 [Unoptimized] _SyncStreamController@4048458._sendData@4048458+0x18c
  pc 0x00007fd1b79443ff fp 0x00007fd1ad1f86f8 [Unoptimized] _StreamController@4048458._add@4048458+0x1af
  pc 0x00007fd1b79440ce fp 0x00007fd1ad1f8738 [Unoptimized] _StreamController@4048458.add+0x1ee
  pc 0x00007fd1565d51f5 fp 0x00007fd1ad1f8778 [Unoptimized] _HttpServer@17463476._handleRequest@17463476+0x105
  pc 0x00007fd1565d28dc fp 0x00007fd1ad1f87c8 [Unoptimized] new _HttpConnection@17463476..<anonymous closure>+0x87c
  pc 0x00007fd1ac201681 fp 0x00007fd1ad1f8848 [Unoptimized] _rootRunUnary@4048458+0x141
  pc 0x00007fd1ac201337 fp 0x00007fd1ad1f88b0 [Unoptimized] _rootRunUnary@4048458+0x117
  pc 0x00007fd1b7978e43 fp 0x00007fd1ad1f8948 [Unoptimized] _CustomZone@4048458.runUnary+0x1c3
  pc 0x00007fd1ac24e22d fp 0x00007fd1ad1f89d0 [Unoptimized] _CustomZone@4048458.runUnaryGuarded+0x10d
  pc 0x00007fd1b79451f7 fp 0x00007fd1ad1f8a28 [Unoptimized] _BufferingStreamSubscription@4048458._sendData@4048458+0x277
  pc 0x00007fd1b7944d9c fp 0x00007fd1ad1f8a68 [Unoptimized] _BufferingStreamSubscription@4048458._add@4048458+0x21c
  pc 0x00007fd1b794483c fp 0x00007fd1ad1f8aa8 [Unoptimized] _SyncStreamController@4048458._sendData@4048458+0x18c
  pc 0x00007fd1b79443ff fp 0x00007fd1ad1f8ae8 [Unoptimized] _StreamController@4048458._add@4048458+0x1af
  pc 0x00007fd1b79440ce fp 0x00007fd1ad1f8b28 [Unoptimized] _StreamController@4048458.add+0x1ee
  pc 0x00007fd1565af9f6 fp 0x00007fd1ad1f8b80 [Unoptimized] _HttpParser@17463476._headersEnd@17463476+0xfc6
  pc 0x00007fd1565aa1d1 fp 0x00007fd1ad1f8c20 [Unoptimized] _HttpParser@17463476._doParse@17463476+0x5c31
  pc 0x00007fd1565a3ea5 fp 0x00007fd1ad1f8c88 [Unoptimized] _HttpParser@17463476._parse@17463476+0xc5
  pc 0x00007fd1565ad2f6 fp 0x00007fd1ad1f8cc0 [Unoptimized] _HttpParser@17463476._onData@17463476+0x156
  pc 0x00007fd1565ad163 fp 0x00007fd1ad1f8d00 [Unoptimized] _HttpParser@17463476._onData@17463476+0x83
  pc 0x00007fd1ac201681 fp 0x00007fd1ad1f8d80 [Unoptimized] _rootRunUnary@4048458+0x141
  pc 0x00007fd1ac201337 fp 0x00007fd1ad1f8de8 [Unoptimized] _rootRunUnary@4048458+0x117
  pc 0x00007fd1b7978e43 fp 0x00007fd1ad1f8e80 [Unoptimized] _CustomZone@4048458.runUnary+0x1c3
  pc 0x00007fd1ac24e22d fp 0x00007fd1ad1f8f08 [Unoptimized] _CustomZone@4048458.runUnaryGuarded+0x10d
  pc 0x00007fd1b79451f7 fp 0x00007fd1ad1f8f60 [Unoptimized] _BufferingStreamSubscription@4048458._sendData@4048458+0x277
  pc 0x00007fd1b7944d9c fp 0x00007fd1ad1f8fa0 [Unoptimized] _BufferingStreamSubscription@4048458._add@4048458+0x21c
  pc 0x00007fd1b794483c fp 0x00007fd1ad1f8fe0 [Unoptimized] _SyncStreamController@4048458._sendData@4048458+0x18c
  pc 0x00007fd1b79443ff fp 0x00007fd1ad1f9020 [Unoptimized] _StreamController@4048458._add@4048458+0x1af
  pc 0x00007fd1b79440ce fp 0x00007fd1ad1f9060 [Unoptimized] _StreamController@4048458.add+0x1ee
  pc 0x00007fd15dd860f8 fp 0x00007fd1ad1f90b0 [Unoptimized] _Socket@15069316._onData@15069316+0x1f8
  pc 0x00007fd165e35683 fp 0x00007fd1ad1f90f0 [Unoptimized] _Socket@15069316._onData@15069316+0x83
  pc 0x00007fd1ac2017d6 fp 0x00007fd1ad1f9170 [Unoptimized] _rootRunUnary@4048458+0x296
  pc 0x00007fd1ac201337 fp 0x00007fd1ad1f91d8 [Unoptimized] _rootRunUnary@4048458+0x117
  pc 0x00007fd1b7978e43 fp 0x00007fd1ad1f9270 [Unoptimized] _CustomZone@4048458.runUnary+0x1c3
  pc 0x00007fd1ac24e22d fp 0x00007fd1ad1f92f8 [Unoptimized] _CustomZone@4048458.runUnaryGuarded+0x10d
  pc 0x00007fd1b79451f7 fp 0x00007fd1ad1f9350 [Unoptimized] _BufferingStreamSubscription@4048458._sendData@4048458+0x277
  pc 0x00007fd1b7944d9c fp 0x00007fd1ad1f9390 [Unoptimized] _BufferingStreamSubscription@4048458._add@4048458+0x21c
  pc 0x00007fd1b794483c fp 0x00007fd1ad1f93d0 [Unoptimized] _SyncStreamController@4048458._sendData@4048458+0x18c
  pc 0x00007fd1b79443ff fp 0x00007fd1ad1f9410 [Unoptimized] _StreamController@4048458._add@4048458+0x1af
  pc 0x00007fd1b79440ce fp 0x00007fd1ad1f9450 [Unoptimized] _StreamController@4048458.add+0x1ee
  pc 0x00007fd167389bd5 fp 0x00007fd1ad1f9490 [Unoptimized] new _RawSocket@15069316..<anonymous closure>+0xb5
  pc 0x00007fd16d7056ea fp 0x00007fd1ad1f94e8 [Unoptimized] _NativeSocket@15069316.issueReadEvent.issue+0x5ba
  pc 0x00007fd1b79755c7 fp 0x00007fd1ad1f9530 [Unoptimized] _microtaskLoop@4048458+0x1d7
  pc 0x00007fd1b7974fb2 fp 0x00007fd1ad1f9570 [Unoptimized] _startMicrotaskLoop@4048458+0xa2
  pc 0x00007fd1b7974363 fp 0x00007fd1ad1f9598 [Unoptimized] _startMicrotaskLoop@4048458+0x73
  pc 0x00007fd1b7937d19 fp 0x00007fd1ad1f95d8 [Unoptimized] _runPendingImmediateCallback@1026248+0xe9
  pc 0x00007fd1b7924a36 fp 0x00007fd1ad1f9618 [Unoptimized] _RawReceivePort@1026248._handleMessage@1026248+0x1a6
  pc 0x00007fd1d0182556 fp 0x00007fd1ad1f9690 [Stub] InvokeDartCode+0x96
  pc 0x00005589e65ed855 fp 0x00007fd1ad1f96f0 dart::DartEntry::InvokeFunction+0x165
  pc 0x00005589e65ef213 fp 0x00007fd1ad1f9730 dart::DartLibraryCalls::HandleMessage+0x123
  pc 0x00005589e660c85f fp 0x00007fd1ad1f9cc0 dart::IsolateMessageHandler::HandleMessage+0x2bf
  pc 0x00005589e662ec1a fp 0x00007fd1ad1f9d30 dart::MessageHandler::HandleMessages+0x11a
  pc 0x00005589e662f018 fp 0x00007fd1ad1f9d80 dart::MessageHandler::TaskCallback+0x1f8
  pc 0x00005589e672be07 fp 0x00007fd1ad1f9e00 dart::ThreadPool::WorkerLoop+0x137
  pc 0x00005589e672c092 fp 0x00007fd1ad1f9e30 dart::ThreadPool::Worker::Main+0x72
  pc 0x00005589e66b5d66 fp 0x00007fd1ad1f9ef0 dart::ThreadStart+0xd6
-- End of DumpStackTrace
=> Running "out/ReleaseX64/dart --disable-dart-dev --no-inline-alloc --use-slow-path --deoptimize-on-runtime-call-every=3 runtime/tests/concurrency/generated_stress_test.dart.jit.dill" failed with -6
@dcharkes dcharkes added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. gardening crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. vm-gc Related to the VM's garbage collector labels Jul 12, 2024
@rmacnak-google
Copy link
Contributor

I managed to get a reproduction under rr. There is a lazy deopt that triggers when the await stub enters the runtime to allocate a SuspendState. The await stub saves the return address that was patched to the lazy deopt stub, and later when the GC is visiting this SuspendState it uses the stack map for the lazy deopt stub instead of the one for the suspended function.

copybara-service bot pushed a commit that referenced this issue Jul 16, 2024
@rmacnak-google
[vm] Mark AllocateSuspendState runtime entry as not allowing a deopt …
5bc107c 
…safepoint.

The suspend stubs need to save the real pc, not the lazy deopt stub entry, otherwise pointer visiting for the SuspendState will incorrectly use the stackmap for the lazy deopt stub.

TEST=iso-stress
Bug: #56230
Change-Id: Ie6f9fe5744849f6e6b5bbcbafcb82e6cfb4c4500
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/375763
Commit-Queue: Ryan Macnak <rmacnak@google.com>
Reviewed-by: Alexander Markov <alexmarkov@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. gardening vm-gc Related to the VM's garbage collector
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcharkes @rmacnak-google