Bug 56824 - Runtime crash with VSMEF
Summary: Runtime crash with VSMEF
Status: VERIFIED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: Reflection (show other bugs)
Version: master
Hardware: PC Windows
: High major
Target Milestone: 15.3
Assignee: Kirill Osenkov
URL:
Depends on:
Blocks:
 
Reported: 2017-05-25 01:23 UTC by Kirill Osenkov
Modified: 2017-07-14 10:40 UTC (History)
4 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
All stacks (28.61 KB, text/plain)
2017-05-25 01:23 UTC, Kirill Osenkov
Details

Description Kirill Osenkov 2017-05-25 01:23:23 UTC
Created attachment 22438 [details]
All stacks

See for example
https://wrench.internalx.com/Wrench/WebServices/Download.aspx?workfile_id=18966601

Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.RuntimeType.GetMethodsByName_native (System.RuntimeType,intptr,System.Reflection.BindingFlags,bool) [0x0002a] in <400071ddcfe64ed8a3531490bb763536>:0
  at System.RuntimeType.GetMethodsByName (string,System.Reflection.BindingFlags,bool,System.RuntimeType) [0x00011] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/corlib/ReferenceSources/RuntimeType.cs:481
  at System.RuntimeType.GetMethodCandidates (string,System.Reflection.BindingFlags,System.Reflection.CallingConventions,System.Type[],bool) [0x00010] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/rttype.cs:2825
  at System.RuntimeType.GetMethods (System.Reflection.BindingFlags) [0x00000] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/rttype.cs:3078
  at Microsoft.VisualStudio.Composition.AttributedPartDiscoveryV1.CreatePart (System.Type,bool) [0x0005b] in <1ff596d7134f4c739ec70909207dc9a8>:0
  at Microsoft.VisualStudio.Composition.PartDiscovery/CombinedPartDiscovery.CreatePart (System.Type,bool) [0x00022] in <1ff596d7134f4c739ec70909207dc9a8>:0
  at Microsoft.VisualStudio.Composition.PartDiscovery/<>c__DisplayClass26_0.<CreateDiscoveryBlockChain>b__0 (System.Type) [0x0000d] in <1ff596d7134f4c739ec70909207dc9a8>:0
  at System.Threading.Tasks.Dataflow.TransformBlock`2<TInput_REF, TOutput_REF>.ProcessMessage (System.Func`2<TInput_REF, TOutput_REF>,System.Collections.Generic.KeyValuePair`2<TInput_REF, long>) [0x00012] in <42514ea4025149879945592ba7a031c8>:0
  at System.Threading.Tasks.Dataflow.TransformBlock`2/<>c__DisplayClass9_0<TInput_REF, TOutput_REF>.<.ctor>b__3 (System.Collections.Generic.KeyValuePair`2<TInput_REF, long>) [0x0000d] in <42514ea4025149879945592ba7a031c8>:0
  at System.Threading.Tasks.Dataflow.Internal.TargetCore`1<TInput_REF>.ProcessMessagesLoopCore () [0x0010c] in <42514ea4025149879945592ba7a031c8>:0
  at System.Threading.Tasks.Dataflow.Internal.TargetCore`1/<>c<TInput_REF>.<ProcessAsyncIfNecessary_Slow>b__34_0 (object) [0x00006] in <42514ea4025149879945592ba7a031c8>:0
  at System.Threading.Tasks.Task.InnerInvoke () [0x00025] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2885
  at System.Threading.Tasks.Task.Execute () [0x00010] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2502
  at System.Threading.Tasks.Task.ExecutionContextCallback (object) [0x00006] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2865
  at System.Threading.ExecutionContext.RunInternal (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool) [0x00071] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/executioncontext.cs:957
  at System.Threading.ExecutionContext.Run (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool) [0x00000] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/executioncontext.cs:904
  at System.Threading.Tasks.Task.ExecuteWithThreadLocal (System.Threading.Tasks.Task&) [0x00050] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2827
  at System.Threading.Tasks.Task.ExecuteEntry (bool) [0x00058] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2760
  at System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem () [0x00000] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/Tasks/Task.cs:2707
  at System.Threading.ThreadPoolWorkQueue.Dispatch () [0x00074] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/threadpool.cs:856
  at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback () [0x00000] in /private/tmp/source-mono-2017-04/bockbuild-2017-04/profiles/mono-mac-xamarin/build-root/mono-x64/mcs/class/referencesource/mscorlib/system/threading/threadpool.cs:1211
  at (wrapper runtime-invoke) <Module>.runtime_invoke_bool (object,intptr,intptr,intptr) [0x0001f] in <400071ddcfe64ed8a3531490bb763536>:0
Comment 1 Kirill Osenkov 2017-05-25 20:11:11 UTC
Moving to Mono Runtime as it's likely related to runtime. VSMEF calls a lot of RuntimeType.GetMethods() on many threads simultaneously.

Could this be a race condition?

Native stacktrace:

	0   libmonosgen-2.0.dylib               0x0000000106ebaba6 mono_handle_native_crash + 278
	1   libmonosgen-2.0.dylib               0x0000000106f208f6 altstack_handle_and_restore + 70
	2   libmonosgen-2.0.dylib               0x0000000106f4eb69 mono_class_get_virtual_methods + 153
	3   libmonosgen-2.0.dylib               0x0000000106f4d329 mono_class_setup_vtable_general + 2889
	4   libmonosgen-2.0.dylib               0x0000000106f4c77e mono_class_setup_vtable_full + 398
	5   libmonosgen-2.0.dylib               0x0000000106f4ca3f mono_class_setup_vtable_general + 607
	6   libmonosgen-2.0.dylib               0x0000000106f4c77e mono_class_setup_vtable_full + 398
	7   libmonosgen-2.0.dylib               0x0000000106f6a519 mono_class_get_methods_by_name + 201
	8   ???                                 0x0000000109fce389 0x0 + 4462535561
Comment 2 Kirill Osenkov 2017-05-26 00:32:40 UTC
OK I have isolated a repro. While I'm packaging it up, here's a full dump and symbols (for Windows):

\\mlangfs1\public\kirillo\MonoDevelop\Bugzilla56824

You can use Visual Studio or WinDbg to open the dump.
Comment 3 Kirill Osenkov 2017-05-26 00:54:32 UTC
OK the repro is in:
https://www.dropbox.com/s/5ur80xhbkwot97j/MEFHost.zip?dl=0
or 
\\mlangfs1\public\kirillo\MonoDevelop\Bugzilla56824\MEFHost.zip if you're on corpnet.

Just unpack and run mono mefhost.exe (at least on Windows this crashes 50% of the time)
Comment 4 Kirill Osenkov 2017-05-26 01:03:27 UTC
And the source for the repro tool is at:
https://github.com/KirillOsenkov/MefHost
in case you need it.

The way it works is that you initially run it to collect all the .dlls involved in the composition (by uncommenting the AssemblyLoad event handler) and it will copy all dll it loads into its own entrypoint folder. You have to run it initially from C:\monodevelop\main\build so that it can find all the .dlls. After it has copied all the .dlls locally you can just run it the second time and this time it will pick up all .dlls from its own folder. This is how I've created the .zip file above.
Comment 5 Zoltan Varga 2017-05-26 01:56:18 UTC
https://github.com/mono/mono/pull/4933

Thanks for the testcase.
Comment 6 Zoltan Varga 2017-05-31 17:40:03 UTC
Fixed in master/2017-04.
Comment 7 Alok Kulkarni 2017-07-13 07:52:36 UTC
Hi @Kirill Osenkov, will you please help me out to verify this issue by providing specific steps?
Comment 8 Kirill Osenkov 2017-07-13 18:53:31 UTC
I've already verified, this is OK to close. Thanks.
Comment 9 Alok Kulkarni 2017-07-14 10:40:53 UTC
Thanks, referring to above comment marking this issue as Verified fixed.

Note You need to log in before you can comment on or make changes to this bug.