Bug 20871 - SIGSEGV when using two appdomains
Summary: SIGSEGV when using two appdomains
Status: NEW
Alias: None
Product: Runtime
Classification: Mono
Component: General (show other bugs)
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2014-06-25 08:30 UTC by mholenko
Modified: 2014-06-29 10:15 UTC (History)
3 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Solution required to reproduce the bug. (970.00 KB, application/x-tar)
2014-06-25 08:30 UTC, mholenko
Details

Description mholenko 2014-06-25 08:30:40 UTC
Created attachment 7175 [details]
Solution required to reproduce the bug.

I develop tests for serialization framework. In short, the scenario is to create two appdomains, serialize simple object in one appdomain and deserialize it in the second one. It generally works, but from time to time fails with sigsegv when adding entry to the dictionary. I have never encountered this bug when using single appdomain setup.

Steps to reproduce:

This is not an easy one, as I have big troubles extracting the smallest working test case. I have, however, attached the archive with solution contatining all required dll's and simple project reproducing the issue.

1. Compile the project. 
2. Run it WITHOUT debugging.
3. Wait for a while, as it sometimes takes several iterations to produce exception.

I noticed that running it under debug causes the bug not to reveal itself. I suspect that the root cause of this bug is some race condition, so the observation seems to prove it.


Exception:

What is interesting the assertion bug is not always the same, but the code crashes always in the same line - when adding new entry to the dictionary.

Bad call to mono_mutex_lock result 22
* Assertion at image.c:2306, condition `ret == 0' not met

Stacktrace:

  at <unknown> <0xffffffff>
  at System.Collections.Generic.Dictionary`2.Add (TKey,TValue) [0x0023a] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Collections.Generic/Dictionary.cs:483
  at Antmicro.Migrant.VersionTolerance.TypeStampReader.ReadStamp (System.Type,bool) [0x0042d] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/VersionTolerance/TypeStampReader.cs:120
  at Antmicro.Migrant.ObjectReader.ReadStamp (System.Type) [0x0000e] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/ObjectReader.cs:554
  at Antmicro.Migrant.ObjectReader.ReadType () [0x00073] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/ObjectReader.cs:522
  at Antmicro.Migrant.ObjectReader.ReadObject<T> () [0x00002] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/ObjectReader.cs:114
  at Antmicro.Migrant.Serializer.TryDeserialize<T> (System.IO.Stream,T&) [0x000a1] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/Serializer.cs:184
  at Antmicro.Migrant.Serializer.Deserialize<T> (System.IO.Stream) [0x00005] in /home/houen/antmicro/emulator-fresh/External/Migrant/Migrant/Serializer.cs:135
  at Antmicro.Migrant.Tests.TwoDomainsDriver.DeserializeOnAppDomain (byte[],Antmicro.Migrant.Customization.Settings) [0x0001c] in /home/houen/antmicro/emulator-fresh/External/Migrant/Tests/TwoDomainsDriver.cs:120
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object_object (object,intptr,intptr,intptr) <IL 0x0005c, 0xffffffff>
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Runtime.Remoting.RemotingServices.InternalExecute (System.Reflection.MethodBase,object,object[],object[]&) <IL 0x00010, 0xffffffff>
  at System.Runtime.Remoting.RemotingServices.InternalExecuteMessage (System.MarshalByRefObject,System.Runtime.Remoting.Messaging.IMethodCallMessage) [0x000c2] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting/RemotingServices.cs:151
  at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x0001f] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Messaging/StackBuilderSink.cs:59
  at System.Runtime.Remoting.Messaging.ServerObjectTerminatorSink.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00016] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Messaging/ServerObjectTerminatorSink.cs:53
  at System.Runtime.Remoting.Lifetime.LeaseSink.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00007] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Lifetime/LeaseSink.cs:52
  at System.Runtime.Remoting.ClientActivatedIdentity.SyncObjectProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00041] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting/ServerIdentity.cs:191
  at System.Runtime.Remoting.Messaging.ServerContextTerminatorSink.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00023] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Messaging/ServerContextTerminatorSink.cs:50
  at System.Runtime.Remoting.Contexts.CrossContextChannel.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00041] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Contexts/CrossContextChannel.cs:57
  at System.Runtime.Remoting.Channels.ChannelServices.SyncDispatchMessage (System.Runtime.Remoting.Messaging.IMessage) [0x00015] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Channels/ChannelServices.cs:394
  at System.AppDomain.ProcessMessageInDomain (byte[],System.Runtime.Remoting.Messaging.CADMethodCallMessage,byte[]&,System.Runtime.Remoting.Messaging.CADMethodReturnMessage&) [0x0001f] in /home/houen/Zrodla/mono/mcs/class/corlib/System/AppDomain.cs:1373
  at (wrapper remoting-invoke-with-check) System.AppDomain.ProcessMessageInDomain (byte[],System.Runtime.Remoting.Messaging.CADMethodCallMessage,byte[]&,System.Runtime.Remoting.Messaging.CADMethodReturnMessage&) <IL 0x0003d, 0xffffffff>
  at System.Runtime.Remoting.Channels.CrossAppDomainSink.ProcessMessageInDomain (byte[],System.Runtime.Remoting.Messaging.CADMethodCallMessage) [0x00008] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Runtime.Remoting.Channels/CrossAppDomainChannel.cs:199
  at (wrapper runtime-invoke) <Module>.runtime_invoke_CrossAppDomainSink/ProcessMessageRes_object_object (object,intptr,intptr,intptr) <IL 0x00066, 0xffffffff>
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.MonoMethod.InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&) <0xffffffff>
  at System.AppDomain.InvokeInDomainByID (int,System.Reflection.MethodInfo,object,object[]) <0x000a2>
  at System.Runtime.Remoting.Channels.CrossAppDomainSink.SyncProcessMessage (System.Runtime.Remoting.Messaging.IMessage) <0x00111>
  at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke (System.Runtime.Remoting.Messaging.IMessage) <0x00350>
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke (System.Runtime.Remoting.Proxies.RealProxy,System.Runtime.Remoting.Messaging.IMessage,System.Exception&,object[]&) <0x00438>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_object_object_object_intptr&_intptr& (object,intptr,intptr,intptr) <0xffffffff>
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) object.__icall_wrapper_mono_remoting_wrapper (intptr,intptr) <0xffffffff>
  at (wrapper remoting-invoke) Antmicro.Migrant.Tests.TwoDomainsDriver.DeserializeOnAppDomain (byte[],Antmicro.Migrant.Customization.Settings) <0xffffffff>
  at (wrapper xdomain-invoke) Antmicro.Migrant.Tests.TwoDomainsDriver.DeserializeOnAppDomain (byte[],Antmicro.Migrant.Customization.Settings) <0xffffffff>
  at (wrapper remoting-invoke-with-check) Antmicro.Migrant.Tests.TwoDomainsDriver.DeserializeOnAppDomain (byte[],Antmicro.Migrant.Customization.Settings) <0xffffffff>
  at Antmicro.Migrant.Tests.TwoDomainsDriver.SerializeAndDeserializeOnTwoAppDomains (Antmicro.Migrant.Tests.DynamicClass,Antmicro.Migrant.Tests.DynamicClass,Antmicro.Migrant.Customization.VersionToleranceLevel) <0x0008b>
  at Antmicro.Migrant.Tests.VersionToleranceTests.TestBaseClassNameChanged (Antmicro.Migrant.Customization.VersionToleranceLevel) <0x00077>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___int (object,intptr,intptr,intptr) <0xffffffff>
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.MonoMethod.InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&) <0xffffffff>
  at System.Reflection.MonoMethod.Invoke (object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo) <0x000db>
  at System.Reflection.MethodBase.Invoke (object,object[]) [0x00000] in /home/houen/Zrodla/mono/mcs/class/corlib/System.Reflection/MethodBase.cs:114
  at nunitrunner.NUnitTest.Run (nunitrunner.NUnitFixture) <0x00038>
  at nunitrunner.MainClass.Main (string[]) <0x004f7>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <0xffffffff>

Native stacktrace:

	mono() [0x4b7f68]
	/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8f0) [0x7f137c03f8f0]
	/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37) [0x7f137bcbc407]
	/lib/x86_64-linux-gnu/libc.so.6(abort+0x148) [0x7f137bcbf508]
	mono() [0x63f835]
	mono() [0x63f976]
	mono() [0x54afe0]
	mono() [0x54b1fb]
	mono() [0x52067c]
	mono(mono_class_init+0x260) [0x524ea0]
	mono() [0x5254f8]
	mono() [0x52559e]
	mono() [0x52313e]
	mono() [0x524a9c]
	mono() [0x5293e2]
	mono() [0x4b9af6]
	[0x41768de6]

Debug info from gdb:

warning: File "/usr/bin/mono-sgen-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
	add-auto-load-safe-path /usr/bin/mono-sgen-gdb.py
line to your configuration file "/home/houen/.gdbinit".
To completely disable this security protection add
	set auto-load safe-path /
line to your configuration file "/home/houen/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
	info "(gdb)Auto-loading safe path"
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[New LWP 15714]
[New LWP 15713]
[New LWP 15586]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f137c03f4e9 in __libc_waitpid (pid=pid@entry=15715, stat_loc=stat_loc@entry=0x7fffa8401c8c, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:40
40	../sysdeps/unix/sysv/linux/waitpid.c: Nie ma takiego pliku ani katalogu.
  Id   Target Id         Frame 
  4    Thread 0x7f13794a5700 (LWP 15586) "Finalizer" sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
  3    Thread 0x7f137858e700 (LWP 15713) "Timer-Scheduler" pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
  2    Thread 0x7f13789fe700 (LWP 15714) "Timer-Scheduler" pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
* 1    Thread 0x7f137cb5a780 (LWP 15585) "mono" 0x00007f137c03f4e9 in __libc_waitpid (pid=pid@entry=15715, stat_loc=stat_loc@entry=0x7fffa8401c8c, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:40

Thread 4 (Thread 0x7f13794a5700 (LWP 15586)):
#0  sem_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S:85
#1  0x0000000000636267 in mono_sem_wait (sem=sem@entry=0x98cc00 <finalizer_sem>, alertable=alertable@entry=1) at mono-semaphore.c:101
#2  0x00000000005adfda in finalizer_thread (unused=unused@entry=0x0) at gc.c:1073
#3  0x000000000058f3f1 in start_wrapper_internal (data=<optimized out>) at threads.c:660
#4  start_wrapper (data=<optimized out>) at threads.c:707
#5  0x000000000063acde in inner_start_thread (arg=0x7fffa8405350) at mono-threads-posix.c:94
#6  0x00007f137c0380ca in start_thread (arg=0x7f13794a5700) at pthread_create.c:312
#7  0x00007f137bd6d05d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7f137858e700 (LWP 15713)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x0000000000615c5a in _wapi_handle_timedwait_signal_handle (handle=handle@entry=0x477, timeout=timeout@entry=0x7f137858d8a0, alertable=alertable@entry=1, poll=poll@entry=0) at handles.c:1594
#2  0x0000000000628c82 in WaitForSingleObjectEx (handle=0x477, timeout=timeout@entry=9998, alertable=alertable@entry=1) at wait.c:196
#3  0x000000000058eb1f in mono_wait_uninterrupted (thread=thread@entry=0x7f1379550f30, multiple=multiple@entry=0, numhandles=numhandles@entry=1, handles=handles@entry=0x7f137858d948, waitall=waitall@entry=0, ms=ms@entry=9998, alertable=1) at threads.c:1335
#4  0x00000000005907a6 in ves_icall_System_Threading_WaitHandle_WaitOne_internal (this=<optimized out>, handle=0x477, ms=9998, exitContext=<optimized out>) at threads.c:1468
#5  0x0000000040c8e3e8 in ?? ()
#6  0x00007f1364002260 in ?? ()
#7  0x00007f137b8ca0f0 in ?? ()
#8  0x0000000000000001 in ?? ()
#9  0x00007f137858da10 in ?? ()
#10 0x00007f137858d980 in ?? ()
#11 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f13789fe700 (LWP 15714)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x0000000000615c5a in _wapi_handle_timedwait_signal_handle (handle=handle@entry=0x47a, timeout=timeout@entry=0x7f13789fd8a0, alertable=alertable@entry=1, poll=poll@entry=0) at handles.c:1594
#2  0x0000000000628c82 in WaitForSingleObjectEx (handle=0x47a, timeout=timeout@entry=9998, alertable=alertable@entry=1) at wait.c:196
#3  0x000000000058eb1f in mono_wait_uninterrupted (thread=thread@entry=0x7f1379551090, multiple=multiple@entry=0, numhandles=numhandles@entry=1, handles=handles@entry=0x7f13789fd948, waitall=waitall@entry=0, ms=ms@entry=9998, alertable=1) at threads.c:1335
#4  0x00000000005907a6 in ves_icall_System_Threading_WaitHandle_WaitOne_internal (this=<optimized out>, handle=0x47a, ms=9998, exitContext=<optimized out>) at threads.c:1468
#5  0x00000000416ee3e8 in ?? ()
#6  0x00007f1370001ed0 in ?? ()
#7  0x00007f137b8e0828 in ?? ()
#8  0x0000000000000001 in ?? ()
#9  0x00007f13789fda10 in ?? ()
#10 0x00007f13789fd980 in ?? ()
#11 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f137cb5a780 (LWP 15585)):
#0  0x00007f137c03f4e9 in __libc_waitpid (pid=pid@entry=15715, stat_loc=stat_loc@entry=0x7fffa8401c8c, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:40
#1  0x00000000004b7ff0 in mono_handle_native_sigsegv (signal=<optimized out>, ctx=<optimized out>) at mini-exceptions.c:2305
#2  <signal handler called>
#3  0x00007f137bcbc407 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#4  0x00007f137bcbf508 in __GI_abort () at abort.c:89
#5  0x000000000063f835 in monoeg_g_logv (log_domain=log_domain@entry=0x0, log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x648328 "* Assertion at %s:%d, condition `%s' not met\n", args=args@entry=0x7fffa8402bd8) at goutput.c:177
#6  0x000000000063f976 in monoeg_assertion_message (format=format@entry=0x648328 "* Assertion at %s:%d, condition `%s' not met\n") at goutput.c:197
#7  0x000000000054afe0 in mono_image_lock (image=<optimized out>) at image.c:2306
#8  0x000000000054b1fb in mono_image_property_insert (image=0x41b4aa98, subject=0x162c348, property=0, value=0x16e5c90) at image.c:2345
#9  0x000000000052067c in mono_class_set_failure (klass=klass@entry=0x162c348, ex_type=ex_type@entry=7, ex_data=0x16e5c90) at class.c:9373
#10 0x0000000000524ea0 in mono_class_set_failure (ex_data=<optimized out>, ex_type=<optimized out>, klass=<optimized out>) at class.c:9367
#11 mono_class_init (class=0x162c348) at class.c:5160
#12 0x00000000005254f8 in collect_implemented_interfaces_aux (klass=klass@entry=0x163f1a8, res=res@entry=0x7fffa8402db8, error=error@entry=0x7fffa8402e50) at class.c:2666
#13 0x000000000052559e in mono_class_get_implemented_interfaces (klass=klass@entry=0x163f1a8, error=error@entry=0x7fffa8402e50) at class.c:2683
#14 0x000000000052313e in mono_class_setup_vtable_general (class=class@entry=0x163f1a8, overrides=0x0, onum=0, in_setup=in_setup@entry=0x16e78c0) at class.c:4141
#15 0x0000000000524a9c in mono_class_setup_vtable_full (class=class@entry=0x163f1a8, in_setup=0x16e78c0, in_setup@entry=0x0) at class.c:3675
#16 0x00000000005293e2 in mono_class_setup_vtable (class=0x163f1a8) at class.c:3611
#17 mono_class_get_vtable_entry (class=0x163f1a8, offset=offset@entry=24) at class.c:2277
#18 0x00000000004b9af6 in mono_vcall_trampoline (regs=0x7fffa8403318, code=0x40ce3754 "H\277x\245Ty\023\177", slot=24, tramp=<optimized out>) at mini-trampolines.c:783
#19 0x0000000041768de6 in ?? ()
#20 0x00007f137b93b248 in ?? ()
#21 0x0000000000000000 in ?? ()

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================
Comment 1 Zoltan Varga 2014-06-29 10:15:37 UTC
I can reproduce this on mono master faa73b12907c703464ec52ccd11fc2f9a9dd8bd3.

Note You need to log in before you can comment on or make changes to this bug.