Bug 57850 - Mono assertion when ResolveEventHandler returns a reflection-only assembly
Summary: Mono assertion when ResolveEventHandler returns a reflection-only assembly
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: Reflection (show other bugs)
Version: 5.0 (2017-02)
Hardware: PC Mac OS
: --- normal
Target Milestone: 15.3
Assignee: Aleksey Kliger
URL:
Depends on:
Blocks:
 
Reported: 2017-06-28 22:46 UTC by Aleksey Kliger
Modified: 2017-06-30 20:15 UTC (History)
1 user (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
reproduction example (1.69 KB, text/plain)
2017-06-28 22:46 UTC, Aleksey Kliger
Details

Description Aleksey Kliger 2017-06-28 22:46:54 UTC
Created attachment 23186 [details]
reproduction example

A ResolveEventHandler can be installed that can return reflection-only assemblies which crash mono.

See attached example.

Reproduction steps:
  mcs MockMe.cs
  mono MockMe.exe

Expected Output:
  An exception is thrown when we try to use the assembly returned by the resolve event handler.

Actual Output:
  $ mono ../MockMe.exe 
handling load of powpow
got assembly MockMock, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
* Assertion at marshal.c:3002, condition `klass' not met

Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.MonoCMethod.InternalInvoke (System.Reflection.MonoCMethod,object,object[],System.Exception&) [0x0000c] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.Reflection.MonoCMethod.InternalInvoke (object,object[]) [0x00002] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.RuntimeType.CreateInstanceMono (bool) [0x000a8] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.RuntimeType.CreateInstanceSlow (bool,bool,bool,System.Threading.StackCrawlMark&) [0x00009] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.RuntimeType.CreateInstanceDefaultCtor (bool,bool,bool,System.Threading.StackCrawlMark&) [0x00027] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.Activator.CreateInstance (System.Type,bool) [0x00020] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at System.Activator.CreateInstance (System.Type) [0x00000] in <2ffe54eb3b79405792636f3ca93458bd>:0
  at MockMe.Main (string[]) [0x00044] in <09feea7b12c04bb3b9836e6c31863e91>:0
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) [0x0004e] in <09feea7b12c04bb3b9836e6c31863e91>:0

Native stacktrace:

	0   mono                                0x000000010d4c4e31 mono_handle_native_crash + 257
	1   libsystem_platform.dylib            0x00007fffa934cb3a _sigtramp + 26
	2   ???                                 0x000000011a0d0551 0x0 + 4732028241
	3   libsystem_c.dylib                   0x00007fffa91d1420 abort + 129
	4   mono                                0x000000010d6a65c1 mono_log_write_logfile + 353
	5   mono                                0x000000010d6bda30 monoeg_assertion_message + 192
	6   mono                                0x000000010d599c1e get_wrapper_target_class + 142
	7   mono                                0x000000010d59bc86 mono_marshal_get_runtime_invoke + 886
	8   mono                                0x000000010d41d483 mono_jit_runtime_invoke + 579
	9   mono                                0x000000010d622358 do_runtime_invoke + 88
	10  mono                                0x000000010d626385 mono_runtime_try_invoke_array + 2405
	11  mono                                0x000000010d5800cd ves_icall_InternalInvoke + 653
	12  ???                                 0x000000010da0b231 0x0 + 4523602481
	13  mscorlib.dll.dylib                  0x000000010f494cc3 System_RuntimeType_CreateInstanceMono_bool + 275
	14  mono                                0x000000010d41db05 mono_jit_runtime_invoke + 2245
	15  mono                                0x000000010d622358 do_runtime_invoke + 88
	16  mono                                0x000000010d62593c do_exec_main_checked + 140
	17  mono                                0x000000010d489a7e mono_jit_exec + 302
	18  mono                                0x000000010d48bfba mono_main + 8474
	19  mono                                0x000000010d40e3ca main + 1690
	20  mono                                0x000000010d40dd24 start + 52

Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.8iHb5b'
Executing commands in '/tmp/mono-gdb-commands.8iHb5b'.
(lldb) process attach --pid 90906
Process 90906 stopped
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fffa926c3ee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fffa926c3ee <+10>: jae    0x7fffa926c3f8            ; <+20>
    0x7fffa926c3f0 <+12>: movq   %rax, %rdi
    0x7fffa926c3f3 <+15>: jmp    0x7fffa9264cd4            ; cerror
    0x7fffa926c3f8 <+20>: retq   

Executable module set to "/Library/Frameworks/Mono.framework/Versions/Current/Commands/mono".
Architecture set to: x86_64h-apple-macosx.
(lldb) thread list
Process 90906 stopped
* thread #1: tid = 0xc1c9c, 0x00007fffa926c3ee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0xc1c9d, 0x00007fffa926bbf2 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'SGen worker'
  thread #3: tid = 0xc1c9e, 0x00007fffa926bbf2 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'SGen worker'
  thread #4: tid = 0xc1c9f, 0x00007fffa9264386 libsystem_kernel.dylib`semaphore_wait_trap + 10, name = 'Finalizer'
  thread #5: tid = 0xc1ca0, 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #6: tid = 0xc1ca1, 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #7: tid = 0xc1ca2, 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x00007fffa926c3ee libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x000000010d4c4ebd mono`mono_handle_native_crash + 397
    frame #2: 0x00007fffa934cb3a libsystem_platform.dylib`_sigtramp + 26
    frame #3: 0x00007fffa926bd43 libsystem_kernel.dylib`__pthread_kill + 11
    frame #4: 0x00007fffa9359457 libsystem_pthread.dylib`pthread_kill + 90
    frame #5: 0x00007fffa91d1420 libsystem_c.dylib`abort + 129
    frame #6: 0x000000010d6a65c1 mono`mono_log_write_logfile + 353
    frame #7: 0x000000010d6bda30 mono`monoeg_assertion_message + 192
    frame #8: 0x000000010d599c1e mono`get_wrapper_target_class + 142
    frame #9: 0x000000010d59bc86 mono`mono_marshal_get_runtime_invoke + 886
    frame #10: 0x000000010d41d483 mono`mono_jit_runtime_invoke + 579
    frame #11: 0x000000010d622358 mono`do_runtime_invoke + 88
    frame #12: 0x000000010d626385 mono`mono_runtime_try_invoke_array + 2405
    frame #13: 0x000000010d5800cd mono`ves_icall_InternalInvoke + 653
    frame #14: 0x000000010da0b231
    frame #15: 0x000000010f494cc3 mscorlib.dll.dylib`System_RuntimeType_CreateInstanceMono_bool + 275
    frame #16: 0x000000010f494b9c mscorlib.dll.dylib`System_RuntimeType_CreateInstanceSlow_bool_bool_bool_System_Threading_StackCrawlMark_ + 60
    frame #17: 0x000000010f49467d mscorlib.dll.dylib`System_RuntimeType_CreateInstanceDefaultCtor_bool_bool_bool_System_Threading_StackCrawlMark_ + 93
    frame #18: 0x000000010f443b6f mscorlib.dll.dylib`System_Activator_CreateInstance_System_Type_bool + 159
    frame #19: 0x000000010f44399f mscorlib.dll.dylib`System_Activator_CreateInstance_System_Type + 15
    frame #20: 0x000000010da08095
    frame #21: 0x000000010d41db05 mono`mono_jit_runtime_invoke + 2245
    frame #22: 0x000000010d622358 mono`do_runtime_invoke + 88
    frame #23: 0x000000010d62593c mono`do_exec_main_checked + 140
    frame #24: 0x000000010d489a7e mono`mono_jit_exec + 302
    frame #25: 0x000000010d48bfba mono`mono_main + 8474
    frame #26: 0x000000010d40e3ca mono`main + 1690
    frame #27: 0x000000010d40dd24 mono`start + 52

  thread #2, name = 'SGen worker'
    frame #0: 0x00007fffa926bbf2 libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fffa93577fa libsystem_pthread.dylib`_pthread_cond_wait + 712
    frame #2: 0x000000010d69da08 mono`thread_func + 264
    frame #3: 0x00007fffa935693b libsystem_pthread.dylib`_pthread_body + 180
    frame #4: 0x00007fffa9356887 libsystem_pthread.dylib`_pthread_start + 286
    frame #5: 0x00007fffa935608d libsystem_pthread.dylib`thread_start + 13

  thread #3, name = 'SGen worker'
    frame #0: 0x00007fffa926bbf2 libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fffa93577fa libsystem_pthread.dylib`_pthread_cond_wait + 712
    frame #2: 0x000000010d69d976 mono`thread_func + 118
    frame #3: 0x00007fffa935693b libsystem_pthread.dylib`_pthread_body + 180
    frame #4: 0x00007fffa9356887 libsystem_pthread.dylib`_pthread_start + 286
    frame #5: 0x00007fffa935608d libsystem_pthread.dylib`thread_start + 13

  thread #4, name = 'Finalizer'
    frame #0: 0x00007fffa9264386 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x000000010d61a299 mono`finalizer_thread + 217
    frame #2: 0x000000010d5ed41b mono`start_wrapper + 715
    frame #3: 0x00007fffa935693b libsystem_pthread.dylib`_pthread_body + 180
    frame #4: 0x00007fffa9356887 libsystem_pthread.dylib`_pthread_start + 286
    frame #5: 0x00007fffa935608d libsystem_pthread.dylib`thread_start + 13

  thread #5
    frame #0: 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fffa9356621 libsystem_pthread.dylib`_pthread_wqthread + 1426
    frame #2: 0x00007fffa935607d libsystem_pthread.dylib`start_wqthread + 13

  thread #6
    frame #0: 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fffa9356621 libsystem_pthread.dylib`_pthread_wqthread + 1426
    frame #2: 0x00007fffa935607d libsystem_pthread.dylib`start_wqthread + 13

  thread #7
    frame #0: 0x00007fffa926c44e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fffa935648e libsystem_pthread.dylib`_pthread_wqthread + 1023
    frame #2: 0x00007fffa935607d libsystem_pthread.dylib`start_wqthread + 13
(lldb) detach

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Process 90906 detached
(lldb) quit
Abort trap: 6
Comment 1 Aleksey Kliger 2017-06-28 22:57:01 UTC
.NET Framework throws this:

System.IO.FileLoadException occurred
  HResult=0x80131621
  Message=AssemblyResolveEvent handlers cannot return Assemblies loaded for reflection only.
  Source=mscorlib
  StackTrace:
   at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
   at System.AppDomain.Load(AssemblyName assemblyRef)
   at MockMe.Main(String[] args) in C:\Users\Aleksey\Documents\Visual Studio 2017\Projects\MockMe\MockMe\MockMe.cs:line 16

Note You need to log in before you can comment on or make changes to this bug.