[Mono-bugs] [Bug 566295] New: sigsegv in mono_save_args while JITting a verified method

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sun Dec 20 11:16:24 EST 2009


http://bugzilla.novell.com/show_bug.cgi?id=566295

http://bugzilla.novell.com/show_bug.cgi?id=566295#c0


           Summary: sigsegv in mono_save_args while JITting a verified
                    method
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: JIT
        AssignedTo: lupus at novell.com
        ReportedBy: spouliot at novell.com
         QAContact: mono-bugs at lists.ximian.com
                CC: rkumpera at novell.com
          Found By: ---
           Blocker: ---


Created an attachment (id=333578)
 --> (http://bugzilla.novell.com/attachment.cgi?id=333578)
assembly to reproduce crash

MONO_PATH=/opt/mono/lib/moonlight/plugin/ gdb --args mono --security=core-clr
--compile-all System.Windows.Browser.sigabrt.117791.dll

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x421d1950 (LWP 19863)]
0x000000000044cf94 in mono_save_args (cfg=0xacb400, sig=0xa420b0, sp=0xad0e98)
at method-to-ir.c:4208
4208            EMIT_NEW_ARGSTORE (cfg, store, i, *sp);
(gdb) bt
#0  0x000000000044cf94 in mono_save_args (cfg=0xacb400, sig=0xa420b0,
sp=0xad0e98) at method-to-ir.c:4208
#1  0x00000000004524b0 in mono_method_to_ir (cfg=0xacb400, method=0xa42080,
start_bblock=0xad0f78, end_bblock=0xad1080, return_var=0xad0f28, 
    dont_inline=0xad81a0, inline_args=0xad0e90, inline_offset=1,
is_virtual_call=0) at method-to-ir.c:5566
#2  0x000000000044d6cd in inline_method (cfg=0xacb400, cmethod=0xa42080,
fsig=0xa74130, sp=0xad0e90, ip=0x7f3ee91fc40a "(o\001", real_offset=1, 
    dont_inline=0xad8180, inline_allways=0) at method-to-ir.c:4353
#3  0x000000000045cfaf in mono_method_to_ir (cfg=0xacb400, method=0xad6aa0,
start_bblock=0xad0a50, end_bblock=0xad0b58, return_var=0x0,
dont_inline=0xad8180, 
    inline_args=0x0, inline_offset=0, is_virtual_call=0) at method-to-ir.c:6581
#4  0x000000000041f7bd in mini_method_compile (method=0xad6aa0, opts=55667199,
domain=0x7f3ee9225db0, run_cctors=0, compile_aot=0, parts=0) at mini.c:3402
#5  0x00000000004a3d32 in compile_all_methods_thread_main (args=0x7ffff1394f00)
at driver.c:881
#6  0x00000000005af87a in start_wrapper (data=0xa28400) at threads.c:662
#7  0x000000000065896b in thread_start_routine (args=0x9fbc30) at
wthreads.c:286
#8  0x0000000000671b86 in GC_start_routine (arg=0x7f3ee9226e70) at
pthread_support.c:1390
#9  0x00007f3ee8465040 in start_thread () from /lib64/libpthread.so.0
#10 0x00007f3ee7f8208d in clone () from /lib64/libc.so.6
#11 0x0000000000000000 in ?? ()
(gdb) p sp
$1 = (MonoInst **) 0xad0e98
(gdb) p *sp
$2 = (MonoInst *) 0x0
(gdb) p i
$3 = 1
(gdb) p store
$4 = (MonoInst *) 0xad12c8
(gdb) p *store
$5 = {opcode = 426, type = 0 '\0', ssa_op = 0, flags = 0 '\0', dreg = -1, sreg1
= -1, sreg2 = -1, sreg3 = -1, next = 0x0, prev = 0x0, data = {op = {{src = 0x0, 
        var = 0x0, const_val = 0, p = 0x0, method = 0x0, signature = 0x0,
many_blocks = 0x0, target_block = 0x0, args = 0x0, vtype = 0x0, klass = 0x0, 
        phi_args = 0x0, call_inst = 0x0}, {src = 0x0, var = 0x0, const_val = 0,
p = 0x0, method = 0x0, signature = 0x0, many_blocks = 0x0, target_block = 0x0, 
        args = 0x0, vtype = 0x0, klass = 0x0, phi_args = 0x0, call_inst =
0x0}}, i8const = 0, r8const = 0}, cil_code = 0x7f3ee91fc40a "(o\001", backend =
{
    reg3 = 0, arg_info = 0, size = 0, memcpy_args = 0x0, data = 0x0,
shift_amount = 0, is_pinvoke = 0, record_cast_details = 0, spill_var = 0x0, 
    source_opcode = 0}, klass = 0x9d9aa8}
(gdb) p cfg
$6 = (MonoCompile *) 0xacb400
(gdb) p *cfg
$7 = {method = 0xad6aa0, mempool = 0xad0750, varinfo = 0xad4dc0, vars =
0xac2130, ret = 0xad0800, bb_entry = 0xad0a50, bb_exit = 0xad0b58, bb_init =
0xad0d68, 
  bblocks = 0x0, cil_offset_to_bb = 0xad1188, state_pool = 0x0, cbb = 0xad0f78,
prev_ins = 0x0, patch_info = 0x0, jit_info = 0x0, dynamic_info = 0x0, 
  num_bblocks = 7, locals_start = 2, num_varinfo = 5, varinfo_count = 64,
stack_offset = 0, max_ireg = 0, cil_offset_to_bb_len = 8,
locals_min_stack_offset = 0, 
  locals_max_stack_offset = 0, rs = 0xab96e0, spill_info = {0x0 <repeats 16
times>}, spill_count = 0, spill_info_len = {0 <repeats 16 times>}, 
  inlined_method = 0xa42080, domainvar = 0x0, got_var = 0x0, locals = 0xad0f78,
rgctx_var = 0x0, args = 0x421cee80, arg_types = 0xad11c8, 
  current_method = 0xa42080, method_to_register = 0xad6aa0, generic_context =
0x0, vret_addr = 0x0, ip = 0x7f3ee91fc40a "(o\001", aliasing_info = 0x0, 
  spvars = 0x0, exvars = 0x0, ldstr_list = 0x0, domain = 0x7f3ee9225db0,
real_offset = 1, cbb_hash = 0x0, next_vreg = 22, generic_sharing_context = 0x0, 
  cil_start = 0x7f3ee91f635d "\002\003(?", native_code = 0x0, code_size = 0,
code_len = 0, prolog_end = 0, epilog_begin = 0, used_int_regs = 0, opt =
55667199, 
  prof_options = 0, flags = 0, comp_done = 0, verbose_level = 0, stack_usage =
0, param_area = 0, frame_reg = 0, sig_cookie = 0, disable_aot = 0, 
  disable_ssa = 0, disable_llvm = 0, enable_extended_bblocks = 0, run_cctors =
0, need_lmf_area = 0, compile_aot = 0, compile_llvm = 0, got_var_allocated = 0, 
  ret_var_is_local = 0, ret_var_set = 0, globalra = 0, unverifiable = 0,
skip_visibility = 0, disable_reuse_registers = 0, disable_reuse_stack_slots =
0, 
  disable_initlocals_opt = 0, disable_omit_fp = 0, disable_vreg_to_lvreg = 0,
disable_deadce_vars = 0, extend_live_ranges = 0, has_got_slots = 0, 
  uses_rgctx_reg = 0, uses_vtable_reg = 0, uses_simd_intrinsics = 0,
keep_cil_nops = 0, gen_seq_points = 0, debug_info = 0x0, lmf_offset = 0,
intvars = 0xad0780, 
  coverage_info = 0x0, token_info_hash = 0xa97680, arch = {lmf_offset = 0,
localloc_offset = 0, reg_save_area_offset = 0, stack_alloc_size = 0, omit_fp =
0, 
    omit_fp_computed = 0, no_pushes = 1, cinfo = 0xad09a8, async_point_count =
0, vret_addr_loc = 0x0}, inline_depth = 1, exception_type = 0, exception_data =
0, 
  exception_message = 0x0, exception_ptr = 0x0, encoded_unwind_ops = 0x0,
encoded_unwind_ops_len = 0, unwind_ops = 0x0, reginfo = 0x0, reginfo_len = 0, 
  vreg_to_inst = 0xad0850, vreg_to_inst_len = 32, orig_method = 0xad6aa0,
abs_patches = 0x0, tailcall_valuetype_addrs = 0x0, iconv_raw_var = 0x0, 
  fconv_to_r8_x_var = 0x0, simd_ctor_var = 0x0, dyn_call_var = 0x0, seq_points
= 0x0, got_offset = 0}
(gdb)

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the mono-bugs mailing list