[Mono-bugs] [Bug 331958] New: JIT crashes when using big structures in local variables (AMD64)
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Oct 8 16:56:03 EDT 2007
https://bugzilla.novell.com/show_bug.cgi?id=331958
Summary: JIT crashes when using big structures in local variables
(AMD64)
Product: Mono: Runtime
Version: 1.2
Platform: x86-64
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: P5 - None
Component: JIT
AssignedTo: lupus at novell.com
ReportedBy: s-kiess at web.de
QAContact: mono-bugs at ximian.com
Found By: ---
The following program:
struct X0 { byte b; }
struct X1 { X0 x1; X0 x2; }
struct X2 { X1 x1; X1 x2; }
struct X3 { X2 x1; X2 x2; }
struct X4 { X3 x1; X3 x2; }
struct X5 { X4 x1; X4 x2; }
struct X6 { X5 x1; X5 x2; }
struct X7 { X6 x1; X6 x2; }
struct X8 { X7 x1; X7 x2; }
struct X9 { X8 x1; X8 x2; }
struct X10 { X9 x1; X9 x2; }
struct X11 { X10 x1; X10 x2; }
struct X12 { X11 x1; X11 x2; }
struct X13 { X12 x1; X12 x2; }
struct X14 { X13 x1; X13 x2; }
struct X15 { X14 x1; X14 x2; }
struct X16 { X15 x1; X15 x2; }
struct X17 { X16 x1; X16 x2; }
struct X18 { X17 x1; X17 x2; }
class Test {
public static void Main() {
X18 x;
}
}
will crash on SVN trunk r87095:
*** glibc detected *** /home/steffen/mono-svn/bin/mono: malloc(): memory
corruption: 0x0000000000893c10 ***
======= Backtrace: =========
/lib/libc.so.6[0x2b2e5bf76324]
/lib/libc.so.6(__libc_malloc+0x93)[0x2b2e5bf77cb3]
/lib/libc.so.6(vasprintf+0x3e)[0x2b2e5bf6d07e]
/usr/lib/libglib-2.0.so.0(g_vasprintf+0x20)[0x2b2e5b5f7770]
/usr/lib/libglib-2.0.so.0(g_strdup_vprintf+0x20)[0x2b2e5b5e9190]
/usr/lib/libglib-2.0.so.0(g_logv+0x198)[0x2b2e5b5d30b8]
/usr/lib/libglib-2.0.so.0(g_log+0x83)[0x2b2e5b5d3343]
/usr/lib/libglib-2.0.so.0(g_assert_warning+0x76)[0x2b2e5b5d33c6]
/home/steffen/mono-svn/bin/mono[0x42d787]
/home/steffen/mono-svn/bin/mono[0x4fa3a9]
/home/steffen/mono-svn/bin/mono[0x5191e8]
/home/steffen/mono-svn/bin/mono[0x519bba]
/home/steffen/mono-svn/bin/mono[0x51a19a]
/home/steffen/mono-svn/bin/mono(mono_runtime_exec_main+0xcd)[0x481d1d]
/home/steffen/mono-svn/bin/mono(mono_runtime_run_main+0x184)[0x481ff4]
/home/steffen/mono-svn/bin/mono(mono_main+0x5e1)[0x416931]
/lib/libc.so.6(__libc_start_main+0xf4)[0x2b2e5bf21b44]
/home/steffen/mono-svn/bin/mono(realloc+0x361)[0x415de9]
======= Memory map: ========
00400000-005dd000 r-xp 00000000 fd:01 6457338
/home/steffen/mono-svn/bin/mono
007dc000-007df000 rw-p 001dc000 fd:01 6457338
/home/steffen/mono-svn/bin/mono
007df000-008ad000 rw-p 007df000 00:00 0 [heap]
40000000-40020000 rwxp 40000000 00:00 0
40020000-40021000 ---p 40020000 00:00 0
40021000-40024000 rw-p 40021000 00:00 0
40024000-4002d000 ---p 40024000 00:00 0
4002d000-40225000 rw-p 4002d000 00:00 0
2aaaaaaac000-2aaaaaadc000 rw-p 2aaaaaaac000 00:00 0
2aaaaaadc000-2aaaaaae0000 rwxp 2aaaaaadc000 00:00 0
2aaaaaae0000-2aaaaaaf0000 rw-p 2aaaaaae0000 00:00 0
2aaaaaaf0000-2aaaaaaf1000 r-xp 00000000 fd:00 5718152
/tmp/y.exe
2aaaaaaf1000-2aaaaad5b000 r-xp 00000000 fd:01 13139972
/home/steffen/mono-svn/lib/mono/2.0/mscorlib.dll
2aaaaad5b000-2aaaaad7a000 r--p 00000000 fd:00 5901559
/usr/share/locale/de/LC_MESSAGES/libc.mo
2aaaaad7a000-2aaaaad81000 r--s 00000000 fd:00 5899487
/usr/lib/gconv/gconv-modules.cache
2aaaaad81000-2aaaaad85000 rwxp 2aaaaad81000 00:00 0
2aaaaad96000-2aaaaad9d000 r-xp 00000000 fd:00 12468235
/lib/libnss_compat-2.6.1.so
2aaaaad9d000-2aaaaaf9d000 ---p 00007000 fd:00 12468235
/lib/libnss_compat-2.6.1.so
2aaaaaf9d000-2aaaaaf9f000 rw-p 00007000 fd:00 12468235
/lib/libnss_compat-2.6.1.so
2aaaaaf9f000-2aaaaafb4000 r-xp 00000000 fd:00 12468230
/lib/libnsl-2.6.1.so
2aaaaafb4000-2aaaab1b4000 ---p 00015000 fd:00 12468230
/lib/libnsl-2.6.1.so
2aaaab1b4000-2aaaab1b6000 rw-p 00015000 fd:00 12468230
/lib/libnsl-2.6.1.so
2aaaab1b6000-2aaaab1b8000 rw-p 2aaaab1b6000 00:00 0
2aaaab1b8000-2aaaab1c2000 r-xp 00000000 fd:00 12468228
/lib/libnss_nis-2.6.1.so
2aaaab1c2000-2aaaab3c1000 ---p 0000a000 fd:00 12468228
/lib/libnss_nis-2.6.1.so
2aaaab3c1000-2aaaab3c3000 rw-p 00009000 fd:00 12468228
/lib/libnss_nis-2.6.1.so
2aaaab3c3000-2aaaab3cd000 r-xp 00000000 fd:00 12468243
/lib/libnss_files-2.6.1.so
2aaaab3cd000-2aaaab5cc000 ---p 0000a000 fd:00 12468243
/lib/libnss_files-2.6.1.so
2aaaab5cc000-2aaaab5ce000 rw-p 00009000 fd:00 12468243
/lib/libnss_files-2.6.1.so
2aaaab5ce000-2aaaab657000 rw-p 2aaaab5ce000 00:00 0
2aaaab657000-2aaaab7a0000 rw-s 00000000 fd:01 81018882
/home/steffen/.wapi/shared_data-fips-Linux-x86_64-328-11-0
2aaaab7a0000-2aaaabb89000 rw-s 00000000 fd:01 81018883
/home/steffen/.wapi/shared_fileshare-fips-Linux-x86_64-40-11-0
2aaaabb89000-2aaaabb8a000 rw-p 2aaaabb89000 00:00 0
2aaaabb8a000-2aaaabbc9000 ---p 2aaaabb8a000 00:00 0
2aaaabbc9000-2aaaabbe9000 rw-p 2aaaabbc9000 00:00 0
2aaaabbfe000-2aaaabc0b000 r-xp 00000000 fd:00 12468268
/lib/libgcc_s.so.1
2aaaabc0b000-2aaaabe0b000 ---p 0000d000 fd:00 12468268
/lib/libgcc_s.so.1
2aaaabe0b000-2aaaabe0c000 rw-p 0000d000 fd:00 12468268
/lib/libgcc_s.so.1
2aaaac000000-2aaaac021000 rw-p 2aaaac000000 00:00 0
2aaaac021000-2aaab0000000 ---p 2aaaac021000 00:00 0
2b2e5af6f000-2b2e5af8c000 r-xp 00000000 fd:00 12468229
/lib/ld-2.6.1.so
2b2e5af8c000-2b2e5af8f000 rw-p 2b2e5af8c000 00:00 0
2b2e5af8f000-2b2e5b0c7000 r--p 00000000 fd:00 5918187
/usr/lib/locale/locale-archive
2b2e5b18b000-2b2e5b18d000 rw-p 0001c000 fd:00 12468229
/lib/ld-2.6.1.so
2b2e5b18d000-2b2e5b191000 r-xp 00000000 fd:00 5903678
/usr/lib/libgthread-2.0.so.0.1400.0
2b2e5b191000-2b2e5b390000 ---p 00004000 fd:00 5903678
/usr/lib/libgthread-2.0.so.0.1400.0
2b2e5b390000-2b2e5b391000 rw-p 00003000 fd:00 5903678
/usr/lib/libgthread-2.0.so.0.1400.0
2b2e5b391000-2b2e5b399000 r-xp 00000000 fd:00 12468227
/lib/librt-2.6.1.so
2b2e5b399000-2b2e5b598000 ---p 00008000 fd:00 12468227
/lib/librt-2.6.1.so
2b2e5b598000-2b2e5b59a000 rw-p 00007000 fd:00 12468227
/lib/librt-2.6.1.so
2b2e5b59a000-2b2e5b662000 r-xp 00000000 fd:00 5903675
/usr/lib/libglib-2.0.so.0.1400.0
2b2e5b662000-2b2e5b861000 ---p 000c8000 fd:00 5903675
/usr/lib/libglib-2.0.so.0.1400.0
2b2e5b861000-2b2e5b863000 rw-p 000c7000 fd:00 5903675
/usr/lib/libglib-2.0.so.0.1400.0
2b2e5b863000-2b2e5b865000 r-xp 00000000 fd:00 12468238
/lib/libdl-2.6.1.so
2b2e5b865000-2b2e5ba65000 ---p 00002000 fd:00 12468238
/lib/libdl-2.6.1.so
2b2e5ba65000-2b2e5ba67000 rw-p 00002000 fd:00 12468238
/lib/libdl-2.6.1.so
2b2e5ba67000-2b2e5ba68000 rw-p 2b2e5ba67000 00:00 0
2b2e5ba68000-2b2e5ba7d000 r-xp 00000000 fd:00 12468241
/lib/libpthread-2.6.1.so
2b2e5ba7d000-2b2e5bc7d000 ---p 00015000 fd:00 12468241
/lib/libpthread-2.6.1.so
2b2e5bc7d000-2b2e5bc7f000 rw-p 00015000 fd:00 12468241 Stacktrace:
Native stacktrace:
/home/steffen/mono-svn/bin/mono [0x52c9bd]
/lib/libpthread.so.0 [0x2b2e5ba76100]
/lib/libc.so.6(gsignal+0x35) [0x2b2e5bf35635]
/lib/libc.so.6(abort+0x110) [0x2b2e5bf37090]
/lib/libc.so.6 [0x2b2e5bf6e49b]
/lib/libc.so.6 [0x2b2e5bf76324]
/lib/libc.so.6(__libc_malloc+0x93) [0x2b2e5bf77cb3]
/lib/libc.so.6(vasprintf+0x3e) [0x2b2e5bf6d07e]
/usr/lib/libglib-2.0.so.0(g_vasprintf+0x20) [0x2b2e5b5f7770]
/usr/lib/libglib-2.0.so.0(g_strdup_vprintf+0x20) [0x2b2e5b5e9190]
/usr/lib/libglib-2.0.so.0(g_logv+0x198) [0x2b2e5b5d30b8]
/usr/lib/libglib-2.0.so.0(g_log+0x83) [0x2b2e5b5d3343]
/usr/lib/libglib-2.0.so.0(g_assert_warning+0x76) [0x2b2e5b5d33c6]
/home/steffen/mono-svn/bin/mono [0x42d787]
/home/steffen/mono-svn/bin/mono [0x4fa3a9]
/home/steffen/mono-svn/bin/mono [0x5191e8]
/home/steffen/mono-svn/bin/mono [0x519bba]
/home/steffen/mono-svn/bin/mono [0x51a19a]
/home/steffen/mono-svn/bin/mono(mono_runtime_exec_main+0xcd) [0x481d1d]
/home/steffen/mono-svn/bin/mono(mono_runtime_run_main+0x184) [0x481ff4]
/home/steffen/mono-svn/bin/mono(mono_main+0x5e1) [0x416931]
/lib/libc.so.6(__libc_start_main+0xf4) [0x2b2e5bf21b44]
/home/steffen/mono-svn/bin/mono(realloc+0x361) [0x415de9]
When replacing the line
X18 x;
by
X17 x;
the program will no longer crash on svn trunk but still on mono 1.2.5.1 with
another error message (this is probably related or the same bug):
** ERROR **: file mini-amd64.c: line 4749 (mono_arch_emit_epilog): assertion
failed: (cfg->arch.stack_alloc_size < (1 << 16))
aborting...
Stacktrace:
Native stacktrace:
mono [0x584d97]
mono [0x565931]
/lib/libpthread.so.0 [0x2b99d6af2100]
/lib/libc.so.6(gsignal+0x35) [0x2b99d6fb1635]
/lib/libc.so.6(abort+0x110) [0x2b99d6fb3090]
/usr/lib/libglib-2.0.so.0(g_logv+0x395) [0x2b99d664f2b5]
/usr/lib/libglib-2.0.so.0(g_log+0x83) [0x2b99d664f343]
/usr/lib/libglib-2.0.so.0(g_assert_warning+0x76) [0x2b99d664f3c6]
mono [0x46142e]
mono [0x56257a]
mono [0x563e5b]
mono [0x564a67]
mono [0x5651cf]
mono [0x5652aa]
mono [0x5656e3]
mono(mono_runtime_invoke+0x31) [0x48c182]
mono(mono_runtime_exec_main+0x23e) [0x48d696]
mono(mono_runtime_run_main+0x2f5) [0x48d203]
mono(mono_jit_exec+0xb7) [0x41684d]
mono [0x41691d]
mono(mono_main+0x151b) [0x417faf]
mono(realloc+0x3f3) [0x415a53]
/lib/libc.so.6(__libc_start_main+0xf4) [0x2b99d6f9db44]
mono(realloc+0x349) [0x4159a9]
Debug info from gdb:
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x2b99d72d82e0 (LWP 20350)]
[New Thread 0x40224950 (LWP 20352)]
[New Thread 0x40013950 (LWP 20351)]
0x00002b99d701a20b in fork () from /lib/libc.so.6
3 Thread 0x40013950 (LWP 20351) 0x00002b99d6af17b1 in nanosleep ()
from /lib/libpthread.so.0
2 Thread 0x40224950 (LWP 20352) 0x00002b99d6aee7a6 in
pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
1 Thread 0x2b99d72d82e0 (LWP 20350) 0x00002b99d701a20b in fork ()
from /lib/libc.so.6
Thread 3 (Thread 0x40013950 (LWP 20351)):
#0 0x00002b99d6af17b1 in nanosleep () from /lib/libpthread.so.0
#1 0x0000000000506682 in collection_thread (unused=0x0) at collection.c:34
#2 0x00002b99d6aea317 in start_thread () from /lib/libpthread.so.0
#3 0x00002b99d7053b1d in clone () from /lib/libc.so.6
#4 0x0000000000000000 in ?? ()
Thread 2 (Thread 0x40224950 (LWP 20352)):
#0 0x00002b99d6aee7a6 in pthread_cond_wait@@GLIBC_2.3.2 ()
from /lib/libpthread.so.0
#1 0x000000000050b4b9 in timedwait_signal_poll_cond (cond=0x2aaaab5f6268,
mutex=0x2aaaab5f6240, timeout=0x0, alertable=0) at handles.c:1413
#2 0x000000000050b7e7 in _wapi_handle_timedwait_signal_handle (handle=0x404,
timeout=0x0, alertable=0) at handles.c:1493
#3 0x000000000050b5ad in _wapi_handle_wait_signal_handle (handle=0x404,
alertable=0) at handles.c:1453
#4 0x000000000051c7f0 in WaitForSingleObjectEx (handle=0x404,
timeout=4294967295, alertable=0) at wait.c:200
#5 0x00000000004a5190 in finalizer_thread (unused=0x0) at gc.c:835
#6 0x00000000004c0891 in start_wrapper (data=0x8cabd0) at threads.c:319
#7 0x000000000051acba in thread_start_routine (args=0x2aaaab6697f8)
at threads.c:253
#8 0x0000000000537708 in GC_start_routine ()
#9 0x00002b99d6aea317 in start_thread () from /lib/libpthread.so.0
#10 0x00002b99d7053b1d in clone () from /lib/libc.so.6
#11 0x0000000000000000 in ?? ()
Thread 1 (Thread 0x2b99d72d82e0 (LWP 20350)):
#0 0x00002b99d701a20b in fork () from /lib/libc.so.6
#1 0x00002b99d6675017 in ?? () from /usr/lib/libglib-2.0.so.0
#2 0x00002b99d6675b24 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0
#3 0x00002b99d6675fb8 in g_spawn_command_line_sync ()
from /usr/lib/libglib-2.0.so.0
#4 0x0000000000584e42 in mono_handle_native_sigsegv (signal=6,
ctx=0x7fffd4abaad0) at mini-exceptions.c:1081
#5 0x0000000000565931 in sigabrt_signal_handler (_dummy=6,
info=0x7fffd4abac00, context=0x7fffd4abaad0) at mini.c:11141
#6 <signal handler called>
#7 0x00002b99d6fb1635 in raise () from /lib/libc.so.6
#8 0x00002b99d6fb3090 in abort () from /lib/libc.so.6
#9 0x00002b99d664f2b5 in g_logv () from /usr/lib/libglib-2.0.so.0
#10 0x00002b99d664f343 in g_log () from /usr/lib/libglib-2.0.so.0
#11 0x00002b99d664f3c6 in g_assert_warning () from /usr/lib/libglib-2.0.so.0
#12 0x000000000046142e in mono_arch_emit_epilog (cfg=0x913bc0)
at mini-amd64.c:4749
#13 0x000000000056257a in mono_codegen (cfg=0x913bc0) at mini.c:10039
#14 0x0000000000563e5b in mini_method_compile (method=0x87bdd8, opts=5318911,
domain=0x2aaaaaacce00, run_cctors=1, compile_aot=0, parts=0)
at mini.c:10565
#15 0x0000000000564a67 in mono_jit_compile_method_inner (method=0x87bdd8,
target_domain=0x2aaaaaacce00, opt=5318911) at mini.c:10725
#16 0x00000000005651cf in mono_jit_compile_method_with_opt (method=0x87bdd8,
opt=5318911) at mini.c:10878
#17 0x00000000005652aa in mono_jit_compile_method (method=0x87bdd8)
at mini.c:10896
#18 0x00000000005656e3 in mono_jit_runtime_invoke (method=0x87bdd8, obj=0x0,
params=0x7fffd4abbd80, exc=0x0) at mini.c:11014
#19 0x000000000048c182 in mono_runtime_invoke (method=0x87bdd8, obj=0x0,
params=0x7fffd4abbd80, exc=0x0) at object.c:1991
#20 0x000000000048d696 in mono_runtime_exec_main (method=0x87bdd8,
args=0x2aaaaaad9fa0, exc=0x0) at object.c:2781
#21 0x000000000048d203 in mono_runtime_run_main (method=0x87bdd8, argc=0,
argv=0x7fffd4abc1b8, exc=0x0) at object.c:2616
#22 0x000000000041684d in mono_jit_exec (domain=0x2aaaaaacce00,
assembly=0x8c1910, argc=1, argv=0x7fffd4abc1b0) at driver.c:543
#23 0x000000000041691d in main_thread_handler (user_data=0x7fffd4abbf80)
at driver.c:578
#24 0x0000000000417faf in mono_main (argc=2, argv=0x7fffd4abc1a8)
at driver.c:1046
#25 0x0000000000415a53 in main (argc=2, argv=0x7fffd4abc1a8) at main.c:6
#26 0x00002b99d6f9db44 in __libc_start_main () from /lib/libc.so.6
#27 0x00000000004159a9 in _start ()
#0 0x00002b99d701a20b in fork () from /lib/libc.so.6
=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list