Bug 56684 - (mono-2.0-sgen.dll) in mono.exe: 0xC0000005: Access violation reading location 0x04FA3D9A.
Summary: (mono-2.0-sgen.dll) in mono.exe: 0xC0000005: Access violation reading locatio...
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: General (show other bugs)
Version: unspecified
Hardware: PC Windows
: --- normal
Target Milestone: ---
Assignee: Rodrigo Kumpera
URL:
Depends on:
Blocks:
 
Reported: 2017-05-19 20:11 UTC by Kirill Osenkov
Modified: 2017-06-09 18:51 UTC (History)
7 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Kirill Osenkov 2017-05-19 20:11:43 UTC
I was running VSMEF unit-tests on Windows and at the very end of the test run sgen crashes with access violation (nullref?):

Unhandled exception at 0x101C6DCA (mono-2.0-sgen.dll) in mono.exe: 0xC0000005: Access violation reading location 0x04FA3D9A.

Dump is at:
https://www.dropbox.com/s/5h039rvndharx50/monoAccessViolationSgen.dmp?dl=0
Comment 1 Kirill Osenkov 2017-05-19 20:15:22 UTC
Revision: 5ebfdf8821fc7bc21b133666596ddc3232811f17
Comment 2 Kirill Osenkov 2017-05-19 20:44:13 UTC
SHA seems to be 8a3993fbcc3b48b3b966a7544124b476a9d2f1d5
Comment 3 Kirill Osenkov 2017-05-19 20:47:41 UTC
.pdb file at:
https://www.dropbox.com/s/qfa0k1ztpiaa88c/mono-2.0-sgen.pdb?dl=0

Full stack:

>	mono-2.0-sgen.dll!do_mono_metadata_type_equal Line 5144	C
 	mono-2.0-sgen.dll!mono_metadata_type_equal Line 5202	C
 	mono-2.0-sgen.dll!mono_g_hash_table_find_slot Line 126	C
 	[Inline Frame] mono-2.0-sgen.dll!mono_g_hash_table_lookup_extended Line 295	C
 	mono-2.0-sgen.dll!mono_g_hash_table_lookup Line 279	C
 	mono-2.0-sgen.dll!mono_type_get_object_checked Line 494	C
 	mono-2.0-sgen.dll!mono_class_create_runtime_vtable Line 2087	C
 	mono-2.0-sgen.dll!mono_class_vtable_full Line 1783	C
 	mono-2.0-sgen.dll!mono_class_vtable Line 1750	C
 	mono-2.0-sgen.dll!mono_method_to_ir Line 10315	C
 	mono-2.0-sgen.dll!mini_method_compile Line 3466	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_inner Line 4191	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_with_opt Line 1886	C
 	[Inline Frame] mono-2.0-sgen.dll!mono_jit_compile_method Line 1930	C
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2431	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	mono-2.0-sgen.dll!mono_runtime_class_init_full Line 471	C
 	mono-2.0-sgen.dll!mono_generic_class_init Line 1457	C
 	03b96789	Unknown
 	[Frames below may be incorrect and/or missing]	
 	0eb6d4b0	Unknown
 	0eb6d23c	Unknown
 	04aee5b5	Unknown
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2546	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	mono-2.0-sgen.dll!mono_runtime_class_init_full Line 471	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_inner Line 4362	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_with_opt Line 1886	C
 	mono-2.0-sgen.dll!mono_jit_compile_method Line 1930	C
 	mono-2.0-sgen.dll!common_call_trampoline Line 704	C
 	mono-2.0-sgen.dll!mono_magic_trampoline Line 834	C
 	001e0188	Unknown
 	0b5c32a0	Unknown
 	04aee5b5	Unknown
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2546	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	mono-2.0-sgen.dll!mono_runtime_class_init_full Line 471	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_inner Line 4362	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_with_opt Line 1886	C
 	mono-2.0-sgen.dll!mono_jit_compile_method Line 1930	C
 	mono-2.0-sgen.dll!common_call_trampoline Line 704	C
 	mono-2.0-sgen.dll!mono_magic_trampoline Line 834	C
 	001e0188	Unknown
 	0b93ada0	Unknown
 	0eb6bb78	Unknown
 	04aee5b5	Unknown
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2546	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	mono-2.0-sgen.dll!mono_runtime_class_init_full Line 471	C
 	mono-2.0-sgen.dll!mono_generic_class_init Line 1457	C
 	03b96789	Unknown
 	0eb63d58	Unknown
 	0eb63cd4	Unknown
 	0eb63c98	Unknown
 	0eb63bc4	Unknown
 	04aee5b5	Unknown
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2546	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	mono-2.0-sgen.dll!mono_runtime_class_init_full Line 471	C
 	mono-2.0-sgen.dll!mono_method_to_ir Line 11035	C
 	mono-2.0-sgen.dll!mini_method_compile Line 3466	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_inner Line 4191	C
 	mono-2.0-sgen.dll!mono_jit_compile_method_with_opt Line 1886	C
 	mono-2.0-sgen.dll!mono_jit_compile_method Line 1930	C
 	mono-2.0-sgen.dll!common_call_trampoline Line 704	C
 	mono-2.0-sgen.dll!mono_magic_trampoline Line 834	C
 	001e0188	Unknown
 	0b595408	Unknown
 	0eb62c2c	Unknown
 	0eb62ae8	Unknown
 	0eb6248c	Unknown
 	0e81e87c	Unknown
 	0e81e75c	Unknown
 	0e81e70d	Unknown
 	0e81e6b1	Unknown
 	051b6f32	Unknown
 	051b4204	Unknown
 	03b94c5c	Unknown
 	03b94f5c	Unknown
 	mono-2.0-sgen.dll!mono_jit_runtime_invoke Line 2546	C
 	mono-2.0-sgen.dll!do_runtime_invoke Line 2829	C
 	[Inline Frame] mono-2.0-sgen.dll!mono_runtime_invoke_checked Line 2983	C
 	mono-2.0-sgen.dll!do_exec_main_checked Line 4623	C
 	[Inline Frame] mono-2.0-sgen.dll!mono_runtime_exec_main_checked Line 4724	C
 	mono-2.0-sgen.dll!mono_runtime_run_main_checked Line 4182	C
 	mono-2.0-sgen.dll!mono_jit_exec Line 1032	C
 	mono-2.0-sgen.dll!main_thread_handler Line 1101	C
 	mono-2.0-sgen.dll!mono_main Line 2201	C
 	[Inline Frame] mono.exe!mono_main_with_options Line 46	C
 	mono.exe!main Line 329	C
 	[Inline Frame] mono.exe!invoke_main Line 64	C++
 	mono.exe!__scrt_common_main_seh Line 253	C++
 	kernel32.dll!BaseThreadInitThunk Line 64	C
 	ntdll.dll!__RtlUserThreadStart Line 997	C
 	ntdll.dll!_RtlUserThreadStart Line 914	C

Attached the binary and .pdb
Comment 4 Kirill Osenkov 2017-05-19 22:46:01 UTC
I can reproduce at will on Windows, about 50% time.

1. On Windows, install this Mono: https://jenkins.mono-project.com/view/Releases/job/v/150/Azure/processDownloadRequest/150/resources/bin/Release/MonoForWindows-x86.msi

2. Download and unzip xUnit to C:\xunit: https://www.nuget.org/packages/xunit.runner.console/2.1.0

3. git clone https://github.com/Microsoft/vs-mef

4. C:\vs-mef\init.cmd

5. msbuild C:\vs-mef\src\Microsoft.VisualStudio.Composition.sln

6. cd C:\vs-mef\bin\Debug\Tests\net451

7. C:\xunit\tools\xunit.console.x86.exe Microsoft.VisualStudio.Composition.Tests.dll -noshadow -html C:\vs-mef\vsmef.html -method "Microsoft.VisualStudio.Composition.Tests.AssembliesLazyLoadedTests.ComposableAssembliesLazyLoadedByLazyImport"

I'm working on the repro steps for Mac, but should be very similar.
Comment 5 Kirill Osenkov 2017-05-19 22:56:24 UTC
Hmm, also seeing this now:

Assertion: should not be reached at d:\j\workspace\v\repos\mono\mono\sgen\sgen-scan-object.h:91

Stack:

 	ucrtbase.dll!abort Line 77	C++
 	mono-2.0-sgen.dll!mono_log_write_logfile Line 136	C
 	mono-2.0-sgen.dll!structured_log_adapter Line 432	C
 	mono-2.0-sgen.dll!monoeg_g_logv Line 116	C
 	mono-2.0-sgen.dll!monoeg_assertion_message Line 135	C
 	mono-2.0-sgen.dll!major_scan_object_no_evacuation Line 91	C
 	mono-2.0-sgen.dll!drain_gray_stack_no_evacuation Line 345	C
 	[Inline Frame] mono-2.0-sgen.dll!sgen_drain_gray_stack Line 515	C
 	mono-2.0-sgen.dll!finish_gray_stack Line 1065	C
 	mono-2.0-sgen.dll!major_finish_collection Line 2033	C
 	mono-2.0-sgen.dll!major_do_collection Line 2160	C
 	mono-2.0-sgen.dll!sgen_perform_collection Line 2356	C
 	mono-2.0-sgen.dll!sgen_gc_collect Line 2866	C
 	mono-2.0-sgen.dll!unload_thread_main Line 2569	C
>	mono-2.0-sgen.dll!start_wrapper_internal Line 830	C
 	mono-2.0-sgen.dll!start_wrapper Line 893	C

Dump:
https://www.dropbox.com/s/eoghwv7zd1pnmp2/monoSgenUnreachableAssert.dmp?dl=0

Same mono and .pdb file.
Comment 6 Kirill Osenkov 2017-05-19 23:58:41 UTC
Never mind, the sgen-scan-object.h is a separate issue: 
https://bugzilla.xamarin.com/show_bug.cgi?id=56694
Comment 8 Rodrigo Kumpera 2017-05-23 05:58:28 UTC
This doesn't look like a GC issue.

CC'ing Ludovic and Andi so this get assigned to someone.
Comment 9 Ludovic Henry 2017-05-23 16:57:16 UTC
@vlad, you already started looking at it. If it turns out it's not a GC bug, please reassigned to proper person.
Comment 10 Vlad Brezae 2017-05-24 21:50:28 UTC
I started looking into this bug as being potentially caused by the mono_g_hashtable changes in 5.2 but I can't find any direct correlation.

The issue seems to be that in the type_hash for a domain we have a type (MONO_TYPE_CLASS) that references a klass (always an IMessageSink) from an image (always xunit.abstractions.dll) that has been already unloaded. Help from a metadata experienced person would be welcome.

I reproduced the issue on OSX, 100% hit ratio. Weird that if I disable aot it no longer reproduces.
Comment 11 Rodrigo Kumpera 2017-05-24 23:55:52 UTC
Le Fu,

I guess that's on me then :cry:
Comment 12 Rodrigo Kumpera 2017-06-08 21:21:11 UTC
https://github.com/mono/mono/pull/4998
Comment 13 Rodrigo Kumpera 2017-06-09 18:51:19 UTC
Merged.

Backporting to 2017-06 (mono 5.4, possibly dev 15.4)
https://github.com/mono/mono/pull/5007