Bug 60238 - Mono assertion hit when using csharp repl
Summary: Mono assertion hit when using csharp repl
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: General (show other bugs)
Version: 5.8 (2017-10)
Hardware: PC Mac OS
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Aleksey Kliger
URL:
Depends on:
Blocks:
 
Reported: 2017-10-17 17:22 UTC by Marius Ungureanu
Modified: 2018-01-05 13:27 UTC (History)
5 users (show)

Tags: bugpool-archive
Is this bug a regression?: ---
Last known good build:


Attachments
Standalone reproduction (1.92 KB, text/plain)
2017-11-13 23:17 UTC, Aleksey Kliger
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Marius Ungureanu 2017-10-17 17:22:13 UTC
Repro step below

csharp> int[,] x = new int[2,2] { { 1, 2 }, { 3, 4 }}
* Assertion: should not be reached at dynamic-image.c:207

Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.Emit.ModuleBuilder.getToken (System.Reflection.Emit.ModuleBuilder,object,bool) [0x0000b] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ModuleBuilder.GetToken (System.Reflection.MemberInfo,bool) [0x00061] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ModuleBuilderTokenGenerator.GetToken (System.Reflection.MemberInfo,bool) [0x00000] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ILGenerator.Emit (System.Reflection.Emit.OpCode,System.Reflection.MethodInfo) [0x0004e] in <4656b2b94f914437bce672312dd9e44b>:0
  at Mono.CSharp.EmitContext.EmitArrayStore (Mono.CSharp.ArrayContainer) [0x0003f] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.EmitDynamicInitializers (Mono.CSharp.EmitContext,bool,Mono.CSharp.StackFieldExpr) [0x000c4] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.EmitToFieldSource (Mono.CSharp.EmitContext) [0x0007b] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.Emit (Mono.CSharp.EmitContext) [0x00012] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.FieldExpr.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x0005e] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.HoistedVariable.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x00007] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.VariableReference.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x0000b] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Assign.Emit (Mono.CSharp.EmitContext,bool) [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Assign.EmitStatement (Mono.CSharp.EmitContext) [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.BlockVariable.DoEmit (Mono.CSharp.EmitContext) [0x00022] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Statement.Emit (Mono.CSharp.EmitContext) [0x0000d] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Block.DoEmit (Mono.CSharp.EmitContext) [0x00010] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ExplicitBlock.Emit (Mono.CSharp.EmitContext) [0x00042] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ParametersBlock.Emit (Mono.CSharp.EmitContext) [0x00030] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ToplevelBlock.Emit (Mono.CSharp.EmitContext) [0x00038] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.MethodData.Emit (Mono.CSharp.TypeDefinition) [0x0008c] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.MethodOrOperator.Emit () [0x001c4] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Method.Emit () [0x00104] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.TypeDefinition.Emit () [0x00205] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ClassOrStruct.Emit () [0x0001d] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Class.Emit () [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.TypeDefinition.EmitContainer () [0x0000c] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.CompileBlock (Mono.CSharp.Class,Mono.CSharp.Undo,Mono.CSharp.Report) [0x00288] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.Compile (string,Mono.CSharp.CompiledMethod&) [0x000cf] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.Evaluate (string,object&,bool&) [0x00006] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharpShell.Evaluate (string) [0x00000] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.ReadEvalPrintLoopWith (Mono.CSharpShell/ReadLiner) [0x00033] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.ReadEvalPrintLoop () [0x00085] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.Run (string[]) [0x00007] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.Driver.Main (string[]) [0x00153] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at (wrapper runtime-invoke) <Module>.runtime_invoke_int_object (object,intptr,intptr,intptr) [0x00054] in <ea66da73acc444d8a30d00ed88b725ed>:0

Native stacktrace:

	0   mono                                0x0000000105192551 mono_handle_native_crash + 257
	1   libsystem_platform.dylib            0x00007fff8b5ceb3a _sigtramp + 26
	2   ???                                 0x0000000115180551 0x0 + 4648863057
	3   libsystem_c.dylib                   0x00007fff8b453420 abort + 129
	4   mono                                0x0000000105369bff mono_log_write_logfile + 351
	5   mono                                0x0000000105381873 monoeg_g_logv + 83
	6   mono                                0x0000000105381a8f monoeg_assertion_message + 143
	7   mono                                0x00000001052f2581 mono_dynamic_image_register_token + 177
	8   mono                                0x00000001052f4756 mono_image_create_token + 2086
	9   ???                                 0x000000010973aef7 0x0 + 4453543671

Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.i7IcrJ'
Executing commands in '/tmp/mono-gdb-commands.i7IcrJ'.
(lldb) process attach --pid 8673
warning: (x86_64) /Library/Frameworks/Mono.framework/Versions/5.8.0/lib/mono/4.5/mscorlib.dll.dylib empty dSYM file detected, dSYM was created with an executable with no debug info.
Process 8673 stopped
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fff8b4ee3ee <+10>: jae    0x7fff8b4ee3f8            ; <+20>
    0x7fff8b4ee3f0 <+12>: movq   %rax, %rdi
    0x7fff8b4ee3f3 <+15>: jmp    0x7fff8b4e6cd4            ; cerror
    0x7fff8b4ee3f8 <+20>: retq
Target 0: (mono) stopped.

Executable module set to "/Library/Frameworks/Mono.framework/Versions/5.8.0/bin/mono".
Architecture set to: x86_64h-apple-macosx.
(lldb) thread list
Process 8673 stopped
* thread #1: tid = 0x548da1, 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0x548da2, 0x00007fff8b4edbf2 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'SGen worker'
  thread #3: tid = 0x548da3, 0x00007fff8b4e6386 libsystem_kernel.dylib`semaphore_wait_trap + 10, name = 'Finalizer'
  thread #4: tid = 0x548da6, 0x00007fff8b4ee44e libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x00000001051925de mono`mono_handle_native_crash(signal=<unavailable>, ctx=<unavailable>, info=<unavailable>) at mini-exceptions.c:2726 [opt]
    frame #2: 0x00007fff8b5ceb3a libsystem_platform.dylib`_sigtramp + 26
    frame #3: 0x00007fff8b4edd43 libsystem_kernel.dylib`__pthread_kill + 11
    frame #4: 0x00007fff8b5db457 libsystem_pthread.dylib`pthread_kill + 90
    frame #5: 0x00007fff8b453420 libsystem_c.dylib`abort + 129
    frame #6: 0x0000000105369bff mono`mono_log_write_logfile(log_domain=<unavailable>, level=<unavailable>, hdr=<unavailable>, message="* Assertion: should not be reached at dynamic-image.c:207\n") at mono-log-common.c:135 [opt]
    frame #7: 0x0000000105381873 mono`monoeg_g_logv(log_domain=0x0000000000000000, log_level=G_LOG_LEVEL_ERROR, format=<unavailable>, args=<unavailable>) at goutput.c:115 [opt]
    frame #8: 0x0000000105381a8f mono`monoeg_assertion_message(format=<unavailable>) at goutput.c:135 [opt]
    frame #9: 0x00000001052f2581 mono`mono_dynamic_image_register_token(assembly=0x00007fe1808f1e00, token=167772162, obj=0x00007fe180803628, how_collide=<unavailable>) at dynamic-image.c:207 [opt]
    frame #10: 0x00000001052f4756 mono`mono_image_create_token(assembly=<unavailable>, obj=<unavailable>, create_open_instance=-2139081168, register_token=1, error=<unavailable>) at sre.c:1241 [opt]
    frame #11: 0x000000010973aef7
  thread #2, name = 'SGen worker'
    frame #0: 0x00007fff8b4edbf2 libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fff8b5d97fa libsystem_pthread.dylib`_pthread_cond_wait + 712
    frame #2: 0x000000010536109e mono`thread_func [inlined] mono_os_cond_wait(mutex=<unavailable>) at mono-os-mutex.h:173 [opt]
    frame #3: 0x000000010536108b mono`thread_func at sgen-thread-pool.c:165 [opt]
    frame #4: 0x000000010536107d mono`thread_func(data=0x0000000000000000) at sgen-thread-pool.c:196 [opt]
    frame #5: 0x00007fff8b5d893b libsystem_pthread.dylib`_pthread_body + 180
    frame #6: 0x00007fff8b5d8887 libsystem_pthread.dylib`_pthread_start + 286
    frame #7: 0x00007fff8b5d808d libsystem_pthread.dylib`thread_start + 13
  thread #3, name = 'Finalizer'
    frame #0: 0x00007fff8b4e6386 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x000000010530d81c mono`finalizer_thread [inlined] mono_os_sem_wait(flags=MONO_SEM_FLAGS_ALERTABLE) at mono-os-semaphore.h:90 [opt]
    frame #2: 0x000000010530d811 mono`finalizer_thread at mono-coop-semaphore.h:43 [opt]
    frame #3: 0x000000010530d805 mono`finalizer_thread(unused=<unavailable>) at gc.c:866 [opt]
    frame #4: 0x00000001052c9bf0 mono`start_wrapper [inlined] start_wrapper_internal at threads.c:993 [opt]
    frame #5: 0x00000001052c9b53 mono`start_wrapper(data=<unavailable>) at threads.c:1053 [opt]
    frame #6: 0x00007fff8b5d893b libsystem_pthread.dylib`_pthread_body + 180
    frame #7: 0x00007fff8b5d8887 libsystem_pthread.dylib`_pthread_start + 286
    frame #8: 0x00007fff8b5d808d libsystem_pthread.dylib`thread_start + 13
  thread #4
    frame #0: 0x00007fff8b4ee44e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fff8b5d848e libsystem_pthread.dylib`_pthread_wqthread + 1023
    frame #2: 0x00007fff8b5d807d libsystem_pthread.dylib`start_wqthread + 13
(lldb) detach

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================
Comment 1 Zoltan Varga 2017-10-27 03:40:51 UTC
With master, I get:

mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
Comment 2 Ludovic Henry 2017-11-08 21:03:28 UTC
When reproducing with Mono 5.8.0.40 (2017-10/ce494e3d152), I get same as https://bugzilla.xamarin.com/show_bug.cgi?id=60238#c1
Comment 3 Aleksey Kliger 2017-11-13 23:17:13 UTC
Created attachment 25681 [details]
Standalone reproduction
Comment 4 Aleksey Kliger 2017-11-13 23:17:52 UTC
I missed the codepath in mono_image_get_array_token() that returns an existing token.
Additionally ModuleBuilder:GetArrayMethod apparently returns fresh MonoArrayMehtod objects every time it's invoked - the upshot is that how_collide in mono_image_create_token for a MonoArrayMethod should be MONO_DYN_IMAGE_TOK_REPLACE.