Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault in besselj #446

Open
shashi opened this issue Aug 7, 2023 · 2 comments
Open

Segfault in besselj #446

shashi opened this issue Aug 7, 2023 · 2 comments

Comments

@shashi
Copy link

shashi commented Aug 7, 2023
edited
Loading

Hi!

SymbolicUtils fuzzer has been running into this segfault https://github.com/JuliaSymbolics/SymbolicUtils.jl/actions/runs/5789352420/job/15690225727?pr=538#step:7:3085

The fuzzer was trying to run

function foo(a, b, c) SpecialFunctions.besselj(b / NaNMath.acosh(a), acscd(c)) end

The arguments were

0.5111444990544858, 78, -13

or

0.5111444990544858, -13, 78

I could not reproduce this on my machine which is a Mac.

SpecialFunctions version is SpecialFunctions v2.3.0
@0x0f0f0f
Copy link 

julia> versioninfo()
Julia Version 1.10.2
Commit bd47eca2c8a (2024-03-01 10:14 UTC)
Build Info:
  Official https://julialang.org/ release
Platform Info:
  OS: Linux (x86_64-linux-gnu)
  CPU: 8 × 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-15.0.7 (ORCJIT, tigerlake)
Threads: 1 default, 0 interactive, 1 GC (on 8 virtual cores)

julia> using SpecialFunctions, NaNMath

julia> function foo(a, b, c) SpecialFunctions.besselj(b / NaNMath.acosh(a), acscd(c)) end
foo (generic function with 1 method)

julia> x, y, z = 0.5111444990544858, -13, 78
(0.5111444990544858, -13, 78)

julia> foo(x,y,z)

[136577] signal (11.1): Segmentation fault
in expression starting at REPL[5]:1
dgamln_ at /home/sea/.julia/artifacts/abf4b5086b4eb867021118c85b2cc11a15b764a9/lib/libopenspecfun.so (unknown line)
zseri_ at /home/sea/.julia/artifacts/abf4b5086b4eb867021118c85b2cc11a15b764a9/lib/libopenspecfun.so (unknown line)
zbinu_ at /home/sea/.julia/artifacts/abf4b5086b4eb867021118c85b2cc11a15b764a9/lib/libopenspecfun.so (unknown line)
zbesj_ at /home/sea/.julia/artifacts/abf4b5086b4eb867021118c85b2cc11a15b764a9/lib/libopenspecfun.so (unknown line)
_besselj at /home/sea/.julia/packages/SpecialFunctions/QH8rV/src/bessel.jl:248
besselj at /home/sea/.julia/packages/SpecialFunctions/QH8rV/src/bessel.jl:388
besselj at /home/sea/.julia/packages/SpecialFunctions/QH8rV/src/bessel.jl:490
foo at ./REPL[3]:1
unknown function (ip: 0x7fcc7fc8cc97)
_jl_invoke at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:2894 [inlined]
ijl_apply_generic at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:3076
jl_apply at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/julia.h:1982 [inlined]
do_call at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/interpreter.c:126
eval_value at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/interpreter.c:223
eval_stmt_value at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/interpreter.c:174 [inlined]
eval_body at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/interpreter.c:617
jl_interpret_toplevel_thunk at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/interpreter.c:775
jl_toplevel_eval_flex at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/toplevel.c:934
jl_toplevel_eval_flex at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/toplevel.c:877
ijl_toplevel_eval_in at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/toplevel.c:985
eval at ./boot.jl:385 [inlined]
eval_user_input at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:150
repl_backend_loop at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:246
#start_repl_backend#46 at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:231
start_repl_backend at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:228
_jl_invoke at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:2894 [inlined]
ijl_apply_generic at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:3076
#run_repl#59 at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:389
run_repl at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/usr/share/julia/stdlib/v1.10/REPL/src/REPL.jl:375
jfptr_run_repl_91745.1 at /home/sea/.julia/juliaup/julia-1.10.2+0.x64.linux.gnu/lib/julia/sys.so (unknown line)
_jl_invoke at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:2894 [inlined]
ijl_apply_generic at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:3076
#1013 at ./client.jl:432
jfptr_YY.1013_82712.1 at /home/sea/.julia/juliaup/julia-1.10.2+0.x64.linux.gnu/lib/julia/sys.so (unknown line)
_jl_invoke at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:2894 [inlined]
ijl_apply_generic at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:3076
jl_apply at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/julia.h:1982 [inlined]
jl_f__call_latest at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/builtins.c:812
#invokelatest#2 at ./essentials.jl:892 [inlined]
invokelatest at ./essentials.jl:889 [inlined]
run_main_repl at ./client.jl:416
exec_options at ./client.jl:333
_start at ./client.jl:552
jfptr__start_82738.1 at /home/sea/.julia/juliaup/julia-1.10.2+0.x64.linux.gnu/lib/julia/sys.so (unknown line)
_jl_invoke at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:2894 [inlined]
ijl_apply_generic at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/gf.c:3076
jl_apply at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/julia.h:1982 [inlined]
true_main at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/jlapi.c:582
jl_repl_entrypoint at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/src/jlapi.c:731
main at /cache/build/builder-amdci5-1/julialang/julia-release-1-dot-10/cli/loader_exe.c:58
unknown function (ip: 0x7fcc80c2814f)
__libc_start_main at /lib/x86_64-linux-gnu/libc.so.6 (unknown line)
unknown function (ip: 0x4010b8)
Allocations: 1305698 (Pool: 1304453; Big: 1245); GC: 2
Segmentation fault (core dumped)

Able to reproduce on Linux.

@0x0f0f0f 0x0f0f0f mentioned this issue Mar 25, 2024
Merged
@inkydragon
Copy link
Member

inkydragon commented Apr 19, 2024
edited
Loading

With latest commit:

  • OS: Windows (x86_64-w64-mingw32)
  • julia 1.10.2
  • NaNMath v1.0.2
  • SpecialFunctions v2.3.1 (ff76c3a)

test

  • foo(0.5111444990544858, 78, -13) gives DomainError
  • foo(0.5111444990544858, -13, 78) crashed
  • Or just call SpecialFunctions.besselj(NaN, 0.7)
Crash logs 
julia> foo(0.5111444990544858, -13, 78)

Please submit a bug report with steps to reproduce this fault, and any error messages that follow (in their entirety). Thanks.
Exception: EXCEPTION_ACCESS_VIOLATION at 0x6a208136 -- .text at C:\Users\inkyd\.julia\artifacts\3e683ec5ca945a5aca74c49e8cccdf37c19b84a3\bin\libopenspecfun.dll (unknown line) 
in expression starting at REPL[18]:1
.text at C:\Users\inkyd\.julia\artifacts\3e683ec5ca945a5aca74c49e8cccdf37c19b84a3\bin\libopenspecfun.dll (unknown line)
.text at C:\Users\inkyd\.julia\artifacts\3e683ec5ca945a5aca74c49e8cccdf37c19b84a3\bin\libopenspecfun.dll (unknown line)
.text at C:\Users\inkyd\.julia\artifacts\3e683ec5ca945a5aca74c49e8cccdf37c19b84a3\bin\libopenspecfun.dll (unknown line)
.text at C:\Users\inkyd\.julia\artifacts\3e683ec5ca945a5aca74c49e8cccdf37c19b84a3\bin\libopenspecfun.dll (unknown line)
_besselj at C:\Users\inkyd\.julia\packages\SpecialFunctions\e7VzT\src\bessel.jl:248
besselj at C:\Users\inkyd\.julia\packages\SpecialFunctions\e7VzT\src\bessel.jl:388
besselj at C:\Users\inkyd\.julia\packages\SpecialFunctions\e7VzT\src\bessel.jl:490
foo at .\REPL[16]:1
unknown function (ip: 000001ced3ec9a22)
jl_apply at C:/workdir/src\julia.h:1982 [inlined]
do_call at C:/workdir/src\interpreter.c:126
eval_value at C:/workdir/src\interpreter.c:223
eval_stmt_value at C:/workdir/src\interpreter.c:174 [inlined]
eval_body at C:/workdir/src\interpreter.c:635
jl_interpret_toplevel_thunk at C:/workdir/src\interpreter.c:775
jl_toplevel_eval_flex at C:/workdir/src\toplevel.c:934
jl_toplevel_eval_flex at C:/workdir/src\toplevel.c:877
ijl_toplevel_eval at C:/workdir/src\toplevel.c:943 [inlined]
ijl_toplevel_eval_in at C:/workdir/src\toplevel.c:985
eval at .\boot.jl:385 [inlined]
eval_user_input at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:150
repl_backend_loop at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:246
#start_repl_backend#46 at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:231
start_repl_backend at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:228
#run_repl#59 at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:389
run_repl at C:\workdir\usr\share\julia\stdlib\v1.10\REPL\src\REPL.jl:375
jfptr_run_repl_95792.1 at C:\Users\inkyd\.julia\juliaup\julia-1.10.2+0.x64.w64.mingw32\lib\julia\sys.dll (unknown line)
#1013 at .\client.jl:432
jfptr_YY.1013_86568.1 at C:\Users\inkyd\.julia\juliaup\julia-1.10.2+0.x64.w64.mingw32\lib\julia\sys.dll (unknown line)
jl_apply at C:/workdir/src\julia.h:1982 [inlined]
jl_f__call_latest at C:/workdir/src\builtins.c:812
#invokelatest#2 at .\essentials.jl:892 [inlined]
invokelatest at .\essentials.jl:889 [inlined]
run_main_repl at .\client.jl:416
exec_options at .\client.jl:333
_start at .\client.jl:552
jfptr__start_86593.1 at C:\Users\inkyd\.julia\juliaup\julia-1.10.2+0.x64.w64.mingw32\lib\julia\sys.dll (unknown line)
jl_apply at C:/workdir/src\julia.h:1982 [inlined]
true_main at C:/workdir/src\jlapi.c:582
jl_repl_entrypoint at C:/workdir/src\jlapi.c:731
mainCRTStartup at C:/workdir/cli\loader_exe.c:58
BaseThreadInitThunk at C:\WINDOWS\System32\KERNEL32.DLL (unknown line)
RtlUserThreadStart at C:\WINDOWS\SYSTEM32\ntdll.dll (unknown line)
Allocations: 12716744 (Pool: 12708682; Big: 8062); GC: 20

stack in libopenspecfun

[0x0]   libopenspecfun!dgamln_+0x316   0x592d9fc220   0x6a2135f0   
[0x1]   libopenspecfun!zseri_+0x330   0x592d9fc2c0   0x6a20e6c4   
[0x2]   libopenspecfun!zbinu_+0x204   0x592d9fc520   0x6a2115d2   
[0x3]   libopenspecfun!zbesj_+0x482   0x592d9fc640   0x20648600ed1

SpecialFunctions.besselj(NaN, 0.7) will crash.

So we can check if the input parameter is nan just like scipy does.

https://github.com/scipy/scipy/blob/b4f3037e04bd0d312cd671b7d1d5d9ffd8923472/scipy/special/special/bessel.h#L858-L860

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shashi @inkydragon @0x0f0f0f