Bug 41130 - Segmentation Fault on calling Type.GetField() for generic dynamic types
Summary: Segmentation Fault on calling Type.GetField() for generic dynamic types
Status: ASSIGNED
Alias: None
Product: Runtime
Classification: Mono
Component: Reflection (show other bugs)
Version: 4.4.0 (C7)
Hardware: PC All
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Zoltan Varga
URL:
Depends on:
Blocks:
 
Reported: 2016-05-17 12:56 UTC by Eirik Tsarpalis
Modified: 2016-09-14 22:02 UTC (History)
2 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Reproducing F# console app (1.29 KB, text/plain)
2016-05-17 12:56 UTC, Eirik Tsarpalis
Details

Description Eirik Tsarpalis 2016-05-17 12:56:08 UTC
Created attachment 16018 [details]
Reproducing F# console app

I attach a reproducing piece of code in F#. It basically generates a couple of dynamic types and attempts to look them up using reflection. Running 'fsharpc repro.fs && mono repro.exe' results in the following error:

Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.RuntimeType.GetFields_internal (System.RuntimeType,string,System.Reflection.BindingFlags,System.Type) <0x00012>
  at System.RuntimeType.GetField (string,System.Reflection.BindingFlags) <0x00067>
  at System.Type.GetField (string) <0x0002f>
  at <StartupCode$repro>.$Repro.main@ () <0x00547>
  at (wrapper runtime-invoke) object.runtime_invoke_void (object,intptr,intptr,intptr) <0x00090>

Native stacktrace:


Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.XzxEaT'
Executing commands in '/tmp/mono-gdb-commands.XzxEaT'.
(lldb) process attach --pid 7963
warning: (i386) /Library/Frameworks/Mono.framework/Versions/4.4.0/lib/mono/4.5/mscorlib.dll.dylib empty dSYM file detected, dSYM was created with an executable with no debug info.
Process 7963 stopped
* thread #1: tid = 0x2a0e4, 0x9d4dccee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_50b', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x9d4dccee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x9d4dccee <+10>: jae    0x9d4dccfe                ; <+26>
    0x9d4dccf0 <+12>: calll  0x9d4dccf5                ; <+17>
    0x9d4dccf5 <+17>: popl   %edx
    0x9d4dccf6 <+18>: movl   0x6e6432f(%edx), %edx

Executable module set to "/usr/local/bin/mono".
Architecture set to: i386-apple-macosx.
(lldb) thread list
Process 7963 stopped
* thread #1: tid = 0x2a0e4, 0x9d4dccee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_50b', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0x2a0e5, 0x9d4dc3ea libsystem_kernel.dylib`__psynch_cvwait + 10
  thread #3: tid = 0x2a0e6, 0x9d4d54d6 libsystem_kernel.dylib`semaphore_wait_trap + 10, name = 'tid_1303'
  thread #4: tid = 0x2a0e7, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #5: tid = 0x2a0e8, 0x9d4dd7fa libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
  thread #6: tid = 0x2a0ea, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #7: tid = 0x2a0eb, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
* thread #1: tid = 0x2a0e4, 0x9d4dccee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_50b', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x9d4dccee libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x9cfff7dc libsystem_c.dylib`waitpid$UNIX2003 + 48
    frame #2: 0x0014550d mono`mono_handle_native_sigsegv(signal=11, ctx=0x00727fe0, info=0x00727fa0) + 541 at mini-exceptions.c:2348 [opt]
    frame #3: 0x00195582 mono`mono_arch_handle_altstack_exception(sigctx=<unavailable>, siginfo=<unavailable>, fault_addr=<unavailable>, stack_ovf=0) + 162 at exceptions-x86.c:1107 [opt]
    frame #4: 0x00087e03 mono`mono_sigsegv_signal_handler(_dummy=<unavailable>, _info=<unavailable>, context=<unavailable>) + 467 at mini-runtime.c:2888 [opt]
    frame #5: 0x91e0c79b libsystem_platform.dylib`_sigtramp + 43
    frame #6: 0x001a2e93 mono`mono_class_from_mono_type(type=0x00000000) + 19 at class.c:6561 [opt]
    frame #7: 0x0027b640 mono`mono_type_get_object(domain=0x7ae2ec60, type=0x00000000) + 32 at reflection.c:6690 [opt]
    frame #8: 0x0027c1d2 mono`mono_field_get_object(domain=<unavailable>, klass=<unavailable>, field=0x7b2e4f50) + 322 at reflection.c:6907 [opt]
    frame #9: 0x001d2ee2 mono`ves_icall_Type_GetFields_internal(type=0x00719260, name=<unavailable>, bflags=<unavailable>, reftype=<unavailable>) + 610 at icall.c:3350 [opt]
    frame #10: 0x0068da10
    frame #11: 0x0189dc18 mscorlib.dll.dylib`System_RuntimeType_GetField_string_System_Reflection_BindingFlags + 104
    frame #12: 0x0198b980 mscorlib.dll.dylib`System_Type_GetField_string + 48
    frame #13: 0x0068a4c8
    frame #14: 0x0068a741
    frame #15: 0x0008b637 mono`mono_jit_runtime_invoke(method=<unavailable>, obj=<unavailable>, params=<unavailable>, exc=<unavailable>) + 951 at mini-runtime.c:2578 [opt]
    frame #16: 0x00263c46 mono`mono_runtime_invoke(method=0x7b20aec0, obj=<unavailable>, params=<unavailable>, exc=<unavailable>) + 150 at object.c:2897 [opt]
    frame #17: 0x00269c01 mono`mono_runtime_exec_main(method=0x7b20aec0, args=<unavailable>, exc=0x00000000) + 401 at object.c:4223 [opt]
    frame #18: 0x002699b8 mono`mono_runtime_run_main(method=0x7b20aec0, argc=<unavailable>, argv=<unavailable>, exc=<unavailable>) + 632 at object.c:3837 [opt]
    frame #19: 0x00109985 mono`mono_jit_exec(domain=<unavailable>, assembly=<unavailable>, argc=<unavailable>, argv=<unavailable>) + 213 at driver.g.c:1031 [opt]
    frame #20: 0x0010be4c mono`mono_main [inlined] main_thread_handler + 8396 at driver.g.c:1091 [opt]
    frame #21: 0x0010be14 mono`mono_main(argc=<unavailable>, argv=<unavailable>) + 8340 at driver.g.c:2162 [opt]
    frame #22: 0x0007c8ea mono`main [inlined] mono_main_with_options(argc=2, argc=2, argc=2, argv=0xbff86c08, argv=0xbff86c08, argv=0xbff86c08) + 74 at main.c:20 [opt]
    frame #23: 0x0007c8c9 mono`main(argc=2, argv=0xbff86c08) + 41 at main.c:53 [opt]
    frame #24: 0x0007c895 mono`start + 53

  thread #2: tid = 0x2a0e5, 0x9d4dc3ea libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #0: 0x9d4dc3ea libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x92448538 libsystem_pthread.dylib`_pthread_cond_wait + 757
    frame #2: 0x9244a276 libsystem_pthread.dylib`pthread_cond_wait$UNIX2003 + 71
    frame #3: 0x002c53ab mono`thread_func [inlined] mono_os_cond_wait(mutex=0xb00810b0) + 18 at mono-os-mutex.h:105 [opt]
    frame #4: 0x002c5399 mono`thread_func(thread_data=0x00000000) + 457 at sgen-thread-pool.c:118 [opt]
    frame #5: 0x92447780 libsystem_pthread.dylib`_pthread_body + 138
    frame #6: 0x924476f6 libsystem_pthread.dylib`_pthread_start + 155
    frame #7: 0x92444f7a libsystem_pthread.dylib`thread_start + 34

  thread #3: tid = 0x2a0e6, 0x9d4d54d6 libsystem_kernel.dylib`semaphore_wait_trap + 10, name = 'tid_1303'
    frame #0: 0x9d4d54d6 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x0026152e mono`finalizer_thread [inlined] mono_os_sem_wait(flags=MONO_SEM_FLAGS_ALERTABLE) + 14 at mono-os-semaphore.h:72 [opt]
    frame #2: 0x00261520 mono`finalizer_thread [inlined] mono_coop_sem_wait(flags=MONO_SEM_FLAGS_ALERTABLE) + 10 at mono-coop-semaphore.h:40 [opt]
    frame #3: 0x00261516 mono`finalizer_thread(unused=0x00000000) + 118 at gc.c:711 [opt]
    frame #4: 0x0023a989 mono`start_wrapper [inlined] start_wrapper_internal + 540 at threads.c:717 [opt]
    frame #5: 0x0023a76d mono`start_wrapper(data=<unavailable>) + 29 at threads.c:764 [opt]
    frame #6: 0x002f4a7d mono`inner_start_thread(arg=<unavailable>) + 349 at mono-threads-posix.c:92 [opt]
    frame #7: 0x92447780 libsystem_pthread.dylib`_pthread_body + 138
    frame #8: 0x924476f6 libsystem_pthread.dylib`_pthread_start + 155
    frame #9: 0x92444f7a libsystem_pthread.dylib`thread_start + 34

  thread #4: tid = 0x2a0e7, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x9244734b libsystem_pthread.dylib`_pthread_wqthread + 1289
    frame #2: 0x92444f56 libsystem_pthread.dylib`start_wqthread + 34

  thread #5: tid = 0x2a0e8, 0x9d4dd7fa libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
    frame #0: 0x9d4dd7fa libsystem_kernel.dylib`kevent_qos + 10
    frame #1: 0x9ce237ea libdispatch.dylib`_dispatch_mgr_invoke + 234
    frame #2: 0x9ce233be libdispatch.dylib`_dispatch_mgr_thread + 52

  thread #6: tid = 0x2a0ea, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x9244734b libsystem_pthread.dylib`_pthread_wqthread + 1289
    frame #2: 0x92444f56 libsystem_pthread.dylib`start_wqthread + 34

  thread #7: tid = 0x2a0eb, 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x9d4dcd5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x9244734b libsystem_pthread.dylib`_pthread_wqthread + 1289
    frame #2: 0x92444f56 libsystem_pthread.dylib`start_wqthread + 34
(lldb) detach

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Process 7963 detached
(lldb) quit
zsh: abort      mono repro.exe
Comment 1 Rodrigo Kumpera 2016-09-14 19:01:05 UTC
Hey Zoltan,

This is a nice SRE test case. It can be converted to C# as it doesn't depend on fsharpi.

Note You need to log in before you can comment on or make changes to this bug.