Bug 14339 - SGEN: Assertion: should not be reached at sgen-scan-object.h:111
Summary: SGEN: Assertion: should not be reached at sgen-scan-object.h:111
Alias: None
Product: Runtime
Classification: Mono
Component: GC (show other bugs)
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
Depends on:
Reported: 2013-08-29 23:29 UTC by Bassam
Modified: 2017-11-28 13:26 UTC (History)
5 users (show)

See Also:
Is this bug a regression?: ---
Last known good build:

Crash log (12.48 KB, application/octet-stream)
2013-08-29 23:29 UTC, Bassam
test case (1.48 MB, application/x-gzip)
2013-08-29 23:31 UTC, Bassam

Description Bassam 2013-08-29 23:29:50 UTC
Created attachment 4759 [details]
Crash log

With the latest in mono/master SGEN asserts fairly consistently when running an NUnit test application with multiple application domain.

tart xvf sgenbug.tar.gz
cd sgenbug
for i in `seq 20`; do mono-sgen nunit/nunit-console.exe -process=single -domain=single -labels test.dll test2.dll; done

Test case attached.

* Assertion: should not be reached at sgen-scan-object.h:111
see sgenbug.log (attached) for a full log

Clean shutdown
Comment 1 Bassam 2013-08-29 23:31:23 UTC
Created attachment 4760 [details]
test case
Comment 2 Zoltan Varga 2013-09-05 09:28:09 UTC
The crash seems to happen when a GC happens while a domain is freed.

In the second backtrace, 'start_root' is &domain->setup. domain->setup seems to point to a dead object.

#0  0x91c6191a in __psynch_mutexwait ()
#1  0x94e0819b in pthread_mutex_lock ()
#2  0x002e19f6 in mono_gc_deregister_root (addr=0x5c52000 "?") at sgen-gc.c:3933
#3  0x0030fb37 in mono_gc_free_fixed (addr=0x5c52000) at sgen-alloc.c:637
#4  0x002944b2 in mono_domain_free (domain=0x22951b0, force=0) at domain.c:2002
#5  0x0028e3e7 in unload_thread_main (arg=0x22c91d0) at appdomain.c:2338

#5  0x002eb434 in major_scan_object (start=0x67088a8 "\030?p\006", queue=0x456048) at sgen-major-scan-object.h:111
#6  0x002da60d in sgen_drain_gray_stack (max_objs=-1, ctx={scan_func = 0x2ea730 <major_scan_object>, copy_func = 0x2ea680 <major_copy_or_mark_object_canonical>, queue = 0x456048}) at sgen-gc.c:1192
#7  0x002db515 in precisely_scan_objects_from (start_root=0x22951e8, end_root=0x2295374, n_start=0x0, n_end=0xffffffff <Address 0xffffffff out of bounds>, desc=511, ctx={scan_func = 0x2ea730 <major_scan_object>, copy_func = 0x2ea680 <major_copy_or_mark_object_canonical>, queue = 0x456048}) at sgen-gc.c:1599
#8  0x002dc7cc in scan_from_registered_roots (addr_start=0x0, addr_end=0xffffffff <Address 0xffffffff out of bounds>, root_type=0, ctx={scan_func = 0x2ea730 <major_scan_object>, copy_func = 0x2ea680 <major_copy_or_mark_object_canonical>, queue = 0x456048}) at sgen-gc.c:2036
#9  0x002dd55d in job_scan_from_registered_roots (worker_data=0x0, job_data_untyped=0x5ec7c0) at sgen-gc.c:2325
#15 0x002e3dbc in mono_gc_collect (generation=1) at sgen-gc.c:4609
#16 0x00296698 in mono_domain_finalize (domain=0x229a680, timeout=4294967295) at gc.c:353
Comment 3 Zoltan Varga 2013-09-05 10:21:59 UTC
Fixed in master. Thanks for the testcase.
Comment 4 Zoltan Varga 2013-09-05 11:25:44 UTC
*** Bug 13813 has been marked as a duplicate of this bug. ***
Comment 5 mkvonarx 2017-11-28 13:26:56 UTC
We still have that issue with the latest Mono and NUnint 3.8.1.
Also see NUnit ticket https://github.com/nunit/nunit/issues/2522
(and probably also https://github.com/nunit/nunit/issues/2523)

Note You need to log in before you can comment on or make changes to this bug.