Skip to content

DartFuzz Crash: ../../runtime/vm/object.cc: 2379: error: expected: thread->no_safepoint_scope_depth() == 0 #40143

New issue
New issue
Closed
Closed
DartFuzz Crash: ../../runtime/vm/object.cc: 2379: error: expected: thread->no_safepoint_scope_depth() == 0#40143
Assignees
rmacnak-google
Labels
area-vmUse area-vm for VM related issues, including code coverage, and the AOT and JIT backends.dartfuzzFound with Dart fuzzing (DartFuzz, libFuzzer, etc.)
@bkonyi

Description

@bkonyi
bkonyi
opened on Jan 14, 2020

Log output:

Isolate (/b/s/w/it0tAOTZ/dart_fuzzJEHNEY) FP NO-FFI FLAT : AOT-DET-DebugX64 - KBC-MIX-SLOWPATH-ReleaseSIMARM64: !DIVERGENCE! 1.85:3969726017 (134 vs 0)

fail1:
134

../../runtime/vm/object.cc: 2379: error: expected: thread->no_safepoint_scope_depth() == 0
version=2.8.0-edge.04e2c97ae48299a3eabf52db438068126a864096 (Tue Jan 14 03:18:04 2020 +0000) on "linux_x64"
thread=16508, isolate=isolate(0x564baef1b800)
  pc 0x0000564bad34f12c fp 0x00007ffc233f4380 dart::Profiler::DumpStackTrace(void*)
  pc 0x0000564bad0c2c02 fp 0x00007ffc233f4460 dart::Assert::Fail(char const*, ...)
  pc 0x0000564bad277823 fp 0x00007ffc233f44d0 dart::Object::Allocate(long, long, dart::Heap::Space)
  pc 0x0000564bad30affc fp 0x00007ffc233f4520 dart::Array::New(long, long, dart::Heap::Space)
  pc 0x0000564bad27f31e fp 0x00007ffc233f4550 dart::Array::New(long, dart::Heap::Space)
  pc 0x0000564bad3fba35 fp 0x00007ffc233f45c0 /b/s/w/ir/pkg/vm/tool/../../../out/DebugX64/gen_snapshot+0x91ba35
  pc 0x0000564bad3fb80f fp 0x00007ffc233f4640 /b/s/w/ir/pkg/vm/tool/../../../out/DebugX64/gen_snapshot+0x91b80f
  pc 0x0000564bad3fc68e fp 0x00007ffc233f4670 /b/s/w/ir/pkg/vm/tool/../../../out/DebugX64/gen_snapshot+0x91c68e
  pc 0x0000564bad3f72d7 fp 0x00007ffc233f4700 dart::RawString* dart::Symbols::NewSymbol<dart::CharArray<unsigned char> >(dart::Thread*, dart::CharArray<unsigned char> const&)
  pc 0x0000564bad3f6ef0 fp 0x00007ffc233f4760 dart::Symbols::FromUTF8(dart::Thread*, unsigned char const*, long)
  pc 0x0000564bad271e88 fp 0x00007ffc233f4800 dart::String::ScrubName(dart::String const&, bool)
  pc 0x0000564bad41627c fp 0x00007ffc233f4850 dart::TypeTestingStubNamer::StringifyType(dart::AbstractType const&) const
  pc 0x0000564bad415f5c fp 0x00007ffc233f4880 dart::TypeTestingStubNamer::StubNameForType(dart::AbstractType const&) const
  pc 0x0000564bad20566e fp 0x00007ffc233f48c0 dart::AssemblyCodeNamer::AssemblyNameFor(long, dart::Code const&)
  pc 0x0000564bad20701c fp 0x00007ffc233f4a70 dart::BlobImageWriter::WriteText(dart::WriteStream*, bool)
  pc 0x0000564bad204bb5 fp 0x00007ffc233f4b10 dart::ImageWriter::Write(dart::WriteStream*, bool)
  pc 0x0000564bad182e54 fp 0x00007ffc233f4cf0 dart::FullSnapshotWriter::WriteIsolateSnapshot(long)
  pc 0x0000564bad18303a fp 0x00007ffc233f4d20 dart::FullSnapshotWriter::WriteFullSnapshot()
  pc 0x0000564bad8b61d2 fp 0x00007ffc233f50b0 Dart_CreateAppAOTSnapshotAsElf
  pc 0x0000564bad098b2c fp 0x00007ffc233f5240 dart::bin::main(int, char**)
-- End of DumpStackTrace
/b/s/w/ir/pkg/vm/tool/precompiler2: line 115: 16508 Aborted                 "$BIN_DIR"/gen_snapshot "$GEN_SNAPSHOT_OPTION" "$GEN_SNAPSHOT_FILENAME" "${OPTIONS[@]}" "$SNAPSHOT_FILE.dill"

To generate reproduction case:

dartfuzz.dart --fp --no-ffi --flat --seed 3969726017 /b/s/w/it0tAOTZ/dart_fuzzJEHNEY/fuzz.dart

VM command line:

$ DART_CONFIGURATION='DebugX64' DART_VM_FLAGS='--enable-asserts' pkg/vm/tool/precompiler2 --deterministic fuzz.dart snapshot
$ pkg/vm/tool/dart_precompiled_runtime2 snapshot

Metadata

Metadata

Assignees

Labels

area-vmUse area-vm for VM related issues, including code coverage, and the AOT and JIT backends.dartfuzzFound with Dart fuzzing (DartFuzz, libFuzzer, etc.)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions