Corruption detected by heap verifier #60552

rmacnak-google · 2025-04-16T21:35:09Z

Exhausted heap space, trying to allocate 752 bytes.
../../runtime/vm/heap/verifier.cc: 37: error: Unmarked object encountered 0x7f6ffcf88090

version=3.9.0-edge (main) (Unknown timestamp) on "linux_x64"
pid=143309, thread=143317, isolate_group=main(0x63a0fa965b20), isolate=(nil)((nil))
os=linux, arch=x64, comp=no, sim=no
isolate_instructions=7f6ffe054000, vm_instructions=63a0e0f89560
fp=7f6ff75fb550, sp=7f6ff75fb420, pc=63a0e166ae7c
  pc 0x000063a0e166ae7c fp 0x00007f6ff75fb550 dart::Profiler::DumpStackTrace+0x7c
  pc 0x000063a0e0f89754 fp 0x00007f6ff75fb630 dart::Assert::Fail+0x84
  pc 0x000063a0e176124c fp 0x00007f6ff75fb660 dart::VerifyObjectVisitor::VisitObject+0x13c
  pc 0x000063a0e173d9d9 fp 0x00007f6ff75fb6c0 dart::Page::VisitObjects+0xd9
  pc 0x000063a0e174128d fp 0x00007f6ff75fb740 dart::PageSpace::VisitObjects+0x5d
  pc 0x000063a0e172e6ca fp 0x00007f6ff75fb7b0 dart::Heap::CreateAllocatedObjectSet+0x1aa
  pc 0x000063a0e172e7a0 fp 0x00007f6ff75fbef0 dart::Heap::VerifyGC+0x50
  pc 0x000063a0e175114a fp 0x00007f6ff75fbf80 dart::Scavenger::Scavenge+0x33a
  pc 0x000063a0e172d428 fp 0x00007f6ff75fc080 dart::Heap::CollectNewSpaceGarbage+0x1f8
  pc 0x000063a0e172b5ae fp 0x00007f6ff75fc0e0 dart::Heap::AllocateNew+0x15e
  pc 0x000063a0e156b548 fp 0x00007f6ff75fc160 dart::Object::Allocate+0x78
  pc 0x000063a0e15fcb77 fp 0x00007f6ff75fc1c0 dart::OneByteString::New+0xb7
  pc 0x000063a0e15fc916 fp 0x00007f6ff75fc230 dart::String::FromUTF8+0xd6
  pc 0x000063a0e194e3d0 fp 0x00007f6ff75fc2a0 dart::kernel::TranslationHelper::DartSetterName+0x180
  pc 0x000063a0e1914fe2 fp 0x00007f6ff75fc340 dart::kernel::StreamingFlowGraphBuilder::BuildInstanceSet+0x202
  pc 0x000063a0e1911788 fp 0x00007f6ff75fc380 dart::kernel::StreamingFlowGraphBuilder::BuildStatement+0x58
  pc 0x000063a0e191cfca fp 0x00007f6ff75fc3e0 dart::kernel::StreamingFlowGraphBuilder::BuildBlock+0xda
  pc 0x000063a0e191edc2 fp 0x00007f6ff75fc470 dart::kernel::StreamingFlowGraphBuilder::BuildIfStatement+0x92
  pc 0x000063a0e191cfca fp 0x00007f6ff75fc4d0 dart::kernel::StreamingFlowGraphBuilder::BuildBlock+0xda
  pc 0x000063a0e1912aff fp 0x00007f6ff75fc570 dart::kernel::StreamingFlowGraphBuilder::BuildFunctionBody+0x1ef
  pc 0x000063a0e1913445 fp 0x00007f6ff75fc6f0 dart::kernel::StreamingFlowGraphBuilder::BuildGraphOfFunction+0x2b5
  pc 0x000063a0e19139bd fp 0x00007f6ff75fc790 dart::kernel::StreamingFlowGraphBuilder::BuildGraph+0x18d
  pc 0x000063a0e192fcca fp 0x00007f6ff75fca60 dart::kernel::FlowGraphBuilder::BuildGraph+0xea
  pc 0x000063a0e1884a0e fp 0x00007f6ff75fcf20 dart::CallSiteInliner::TryInliningImpl+0xb8e
  pc 0x000063a0e187fb98 fp 0x00007f6ff75fcfb0 dart::CallSiteInliner::TryInlining+0xe8
  pc 0x000063a0e1889cf0 fp 0x00007f6ff75fd090 dart::CallSiteInliner::InlineStaticCalls+0x570
  pc 0x000063a0e188390f fp 0x00007f6ff75fd1e0 dart::CallSiteInliner::InlineCalls+0x2ef
  pc 0x000063a0e1883454 fp 0x00007f6ff75fd2d0 dart::FlowGraphInliner::Inline+0x1e4
  pc 0x000063a0e18eeffa fp 0x00007f6ff75fd320 dart::CompilerPass_Inlining::DoBody+0x2a
  pc 0x000063a0e18ee84d fp 0x00007f6ff75fd3f0 dart::CompilerPass::Run+0x18d
  pc 0x000063a0e18eebd6 fp 0x00007f6ff75fd410 dart::CompilerPass::RunPipeline+0x76
  pc 0x000063a0e17158f0 fp 0x00007f6ff75fdb30 dart::CompileParsedFunctionHelper::Compile+0x580
  pc 0x000063a0e17164d1 fp 0x00007f6ff75fe430 dart::CompileFunctionHelper+0x471
  pc 0x000063a0e1717109 fp 0x00007f6ff75fe4e0 dart::Compiler::CompileOptimizedFunction+0xc9
  pc 0x000063a0e1717ce1 fp 0x00007f6ff75fec30 dart::BackgroundCompiler::Run+0xf1
  pc 0x000063a0e16f77df fp 0x00007f6ff75fecb0 dart::ThreadPool::WorkerLoop+0x15f
  pc 0x000063a0e16f80cd fp 0x00007f6ff75fed00 dart::ThreadPool::Worker::Main+0x11d
  pc 0x000063a0e16648e6 fp 0x00007f6ff75fee50 dart::ThreadStart+0x106

log

The text was updated successfully, but these errors were encountered:

rmacnak-google · 2025-04-16T21:36:23Z

The null object and some following objects get corrupted when Array::NewUninitialized sees Object::Allocate return null.

#0  dart::Object::Allocate (cls_id=90, size=size@entry=752, space=dart::Heap::kOld, compressed=<optimized out>, ptr_field_start_offset=ptr_field_start_offset@entry=8, ptr_field_end_offset=ptr_field_end_offset@entry=736)
    at out/DebugX64/../../runtime/vm/object.cc:2894
#1  0x00005608d53881f3 in dart::Object::AllocateVariant<dart::Array> (class_id=121785492637440, space=(dart::Heap::kOld | dart::Heap::kCode | unknown: 0x6506f560), elements=90) at ../../runtime/vm/object.h:777
#2  dart::Array::NewUninitialized (class_id=121785492637440, len=90, space=(dart::Heap::kOld | dart::Heap::kCode | unknown: 0x6506f560)) at out/DebugX64/../../runtime/vm/object.cc:25411
#3  0x00005608d5263269 in dart::Array::New (len=90, space=dart::Heap::kOld) at ../../runtime/vm/object.h:11026
#4  dart::CreateStackTrace (zone=0x62f756829af0) at out/DebugX64/../../runtime/vm/exceptions.cc:717
#5  dart::ThrowExceptionHelper (thread=thread@entry=0x5608f065eed0, incoming_exception=..., existing_stacktrace=..., is_rethrow=false, bypass_debugger=<optimized out>) at out/DebugX64/../../runtime/vm/exceptions.cc:807
#6  0x00005608d5262f99 in dart::Exceptions::Throw (thread=thread@entry=0x5608f065eed0, exception=...) at out/DebugX64/../../runtime/vm/exceptions.cc:1009
#7  0x00005608d5264375 in dart::Exceptions::ThrowOOM () at out/DebugX64/../../runtime/vm/exceptions.cc:1117
#8  0x00005608d52f2477 in dart::Object::Allocate (cls_id=1207, size=160, space=dart::Heap::kNew, compressed=<optimized out>, ptr_field_start_offset=8, ptr_field_end_offset=152) at out/DebugX64/../../runtime/vm/object.cc:2897
#9  0x00005608d541c439 in dart::DRT_HelperAllocateObject (thread=0x5608f065eed0, zone=<optimized out>, arguments=..., isolate=<optimized out>) at out/DebugX64/../../runtime/vm/runtime_entry.cc:551
#10 dart::DRT_AllocateObject (arguments=...) at out/DebugX64/../../runtime/vm/runtime_entry.cc:537

TEST=vm/cc/VMIsolateImmutability Bug: #60552 Change-Id: I5a51718996ce735a67c73500c46f0e7cc16f654a Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/422901 Commit-Queue: Ryan Macnak <[email protected]> Reviewed-by: Siva Annamalai <[email protected]>

Array::New[Uninitialized] don't expect to get null from Object::Allocate. Using longjmp seems more robust than adding checks everywhere. TEST=vm/dart/gc/scavenger_abort_test Bug: #60552 Change-Id: I2750427c41751f8306d5c8dc28afaf052b6e9d74 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/422902 Commit-Queue: Ryan Macnak <[email protected]> Reviewed-by: Alexander Aprelev <[email protected]>

rmacnak-google added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. vm-gc Related to the VM's garbage collector labels Apr 16, 2025

rmacnak-google closed this as completed Apr 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Corruption detected by heap verifier #60552

Corruption detected by heap verifier #60552

rmacnak-google commented Apr 16, 2025

rmacnak-google commented Apr 16, 2025

Corruption detected by heap verifier #60552

Corruption detected by heap verifier #60552

Comments

rmacnak-google commented Apr 16, 2025

rmacnak-google commented Apr 16, 2025