Open
Description
Description
We caught the following crash in our CI:
#0 __syscall_cp_asm () at src/thread/aarch64/syscall_cp.s:28
#1 0x0000ffffbd5d77ac in __syscall_cp_c (nr=260, u=<optimized out>, v=<optimized out>, w=<optimized out>, x=<optimized out>, y=<optimized out>, z=<optimized out>) at src/thread/pthread_cancel.c:33
#2 0x0000ffffbd5c2424 in waitpid (pid=<optimized out>, status=<optimized out>, options=<optimized out>) at src/process/waitpid.c:6
#3 0x0000ffffbd078b40 in PROCCreateCrashDump (argv=..., errorMessageBuffer=0x0, errorMessageBuffer@entry=0xffbf1b847870 "", cbErrorMessageBuffer=0, cbErrorMessageBuffer@entry=461666416, serialize=<optimized out>) at /__w/1/s/src/coreclr/pal/src/thread/process.cpp:2308
#4 0x0000ffffbd079e4c in PROCCreateCrashDumpIfEnabled (signal=<optimized out>, siginfo=<optimized out>, serialize=false) at /__w/1/s/src/coreclr/pal/src/thread/process.cpp:2524
#5 0x0000ffffbd04e358 in invoke_previous_action (action=0xffffbd159d48 <g_previous_sigsegv>, code=code@entry=11, siginfo=siginfo@entry=0xffbf1b847da0, context=context@entry=0xffbf1b847e20, signalRestarts=<optimized out>) at /__w/1/s/src/coreclr/pal/src/exception/signal.cpp:427
#6 0x0000ffffbd04d804 in sigsegv_handler (code=11, siginfo=0xffbf1b847da0, context=0xffbf1b847e20) at /__w/1/s/src/coreclr/pal/src/exception/signal.cpp:677
#7 <signal handler called>
#8 0x0000ffffbd5d4df8 in strcmp (l=0x0, r=0xffffbcb1baf4 "ArgIterator_Init") at src/string/strcmp.c:5
#9 0x0000ffffbcded04c in minipal_resolve_dllimport (tableLength=294, name=0x0, resolutionTable=<optimized out>) at /__w/1/s/src/native/minipal/entrypoints.h:25
#10 QCallResolveDllImport (name=0x0) at /__w/1/s/src/coreclr/vm/qcallentrypoints.cpp:452
#11 0x0000ffffbcd79280 in (anonymous namespace)::NDirectLink (pMD=pMD@entry=0xffffb5b90858) at /__w/1/s/src/coreclr/vm/dllimport.cpp:5518
#12 0x0000ffffbcd794cc in NDirectImportWorker (pMD=0xffffb5b90858) at /__w/1/s/src/coreclr/vm/dllimport.cpp:5913
#13 0x0000ffffbceea024 in NDirectImportThunk () at /__w/1/s/src/coreclr/vm/arm64/asmhelpers.S:142
#14 0x0000ffffb4dd52cc in ?? ()
#15 0xb5763ec00000ffbf in ?? ()
Managed callstack:
OS Thread Id: 0x36f6 (12)
Child SP IP Call Site
0000FFBF1B02F2A8 0000ffffbd5d6c8c [InlinedCallFrame: 0000ffbf1b02f2a8]
0000FFBF1B02F2A8 0000ffffb4dd52a4 [InlinedCallFrame: 0000ffbf1b02f2a8]
0000FFBF1B02F250 0000ffffb4dd52a4 System.Runtime.EH.DispatchEx(System.Runtime.StackFrameIterator ByRef, ExInfo ByRef) [/_/src/coreclr/nativeaot/Runtime.Base/src/System/Runtime/ExceptionHandling.cs @ 761]
0000FFBF1B02F3B0 0000ffffb4dd4c28 System.Runtime.EH.RhThrowEx(System.Object, ExInfo ByRef) [/_/src/coreclr/nativeaot/Runtime.Base/src/System/Runtime/ExceptionHandling.cs @ 645]
0000FFBF1B030D80 0000ffffbceeaa40 [HelperMethodFrame: 0000ffbf1b030d80]
0000FFBF1B030ED0 0000ffffb4cac7dc System.ThrowHelper.ThrowObjectDisposedException(System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/ThrowHelper.cs @ 452]
0000FFBF1B030EF0 0000ffffb4c9319c System.ObjectDisposedException.ThrowIf(Boolean, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/ObjectDisposedException.cs @ 61]
0000FFBF1B030F00 0000ffffb7bda650 System.Net.Sockets.Socket.AcceptAsync(System.Net.Sockets.SocketAsyncEventArgs, System.Threading.CancellationToken) [/_/src/libraries/System.Net.Sockets/src/System/Net/Sockets/Socket.cs @ 2678]
0000FFBF1B030F40 0000ffffb7f9d174 System.Net.HttpEndPointListener.Accept(System.Net.Sockets.SocketAsyncEventArgs) [/_/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpEndPointListener.cs @ 89]
0000FFBF1B030F70 0000ffffb4d71660 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ExecutionContext.cs @ 179]
0000FFBF1B030FC0 0000ffffb7be90ec System.Net.Sockets.SocketAsyncEventArgs.AcceptCompletionCallback(IntPtr, System.Memory`1, System.Net.Sockets.SocketError) [/_/src/libraries/System.Net.Sockets/src/System/Net/Sockets/SocketAsyncEventArgs.Unix.cs @ 30]
0000FFBF1B031000 0000ffffb4d80224 System.Threading.ThreadPoolWorkQueue.Dispatch() [/_/src/libraries/System.Private.CoreLib/src/System/Threading/ThreadPoolWorkQueue.cs @ 1120]
0000FFBF1B031080 0000ffffb4d8c3b4 System.Threading.PortableThreadPool+WorkerThread.WorkerThreadStart() [/_/src/libraries/System.Private.CoreLib/src/System/Threading/PortableThreadPool.WorkerThread.cs @ 128]
0000FFBF1B0312F8 0000ffffbceeaa40 [DebuggerU2MCatchHandlerFrame: 0000ffbf1b0312f8]
We can see that NDirectLink is called with pMD=0xffffb5b90858, but in QCallResolveDllImport the name is empty, leading to the segfault.
I checked in the memory dump and the MethodDesc looks fine:
0:012> !dumpmd 0xffffb5b90858
Method Name: System.Runtime.ExceptionServices.InternalCalls.<RhpSfiNext>g____PInvoke|1_0(System.Runtime.StackFrameIterator*, UInt32*, Boolean*, Boolean*)
Class: 0000ffffb5b90958
MethodTable: 0000ffffb5b90958
mdToken: 0000000006007308
Module: 0000ffffb4a94000
IsJitted: no
Current CodeAddr: ffffffffffffffff
Version History:
ILCodeVersion: 0000000000000000
ReJIT ID: 0
IL Addr: 0000000000000000
CodeAddr: 0000000000000000 (Optimized)
NativeCodeVersion: 0000000000000000
m_pszEntrypointName is populated at the time of the crash:
0:012> dt libcoreclr!NDirectMethodDesc 0xffffb5b90858
+0x000 m_wFlags3AndTokenRemainder : 0x308
+0x002 m_chunkIndex : 0x3c '<'
+0x003 m_bFlags4 : 0 ''
+0x004 m_wSlotNumber : 0xe
+0x006 m_wFlags : 0x18a
+0x008 m_codeData : (null)
+0x010 ndirect : NDirectMethodDesc::temp1
0:012> dx -r1 (*((libcoreclr!NDirectMethodDesc::temp1 *)0xffffb5b90868))
(*((libcoreclr!NDirectMethodDesc::temp1 *)0xffffb5b90868)) [Type: NDirectMethodDesc::temp1]
[+0x000] m_pszEntrypointName : 0xffbf1df41cd1 : "SfiNext" [Type: PTR_CUTF8]
[+0x008] m_pszLibName : 0x0 [Type: PTR_CUTF8]
[+0x008] m_dwECallID : 0x0 [Type: DWORD]
[+0x010] m_pNDirectTarget : 0xffffbce42b84 [Type: LPVOID]
[+0x018] m_pImportThunkGlue : 0xffffb5b102e8 [Type: PTR_NDirectImportThunkGlue]
[+0x020] m_DefaultDllImportSearchPathsAttributeValue : 0x0 [Type: ULONG]
[+0x024] m_wFlags : 0x9140 [Type: WORD]
It sounds like some kind of race condition during the initialization of NDirectMethodDesc but I'm not sure how that's possible.
We can transfer the coredump if it helps.
Reproduction Steps
Not sure. The only sure thing is that the crash happened when throwing a managed exception.
Expected behavior
No crash.
Actual behavior
Segfault
Regression?
No response
Known Workarounds
No response
Configuration
.NET 9.0.1
Alpine, ARM64
Other information
- At the time of the crash, another thread is jitting method:
Thread 19 (LWP 14076):
#0 LinearScan::RegisterSelection::try_REG_ORDER (this=0xffbf18d31498) at /__w/1/s/src/coreclr/jit/lsra.cpp:13017
#1 LinearScan::RegisterSelection::selectMinimal (this=0xffbf18d31498, currentInterval=0xffbf18b65f88, refPosition=0xffbf18b65fe8) at /__w/1/s/src/coreclr/jit/lsra.cpp:14005
#2 LinearScan::allocateRegMinimal (this=0xffbf18d2f648, currentInterval=0xffbf18b65f88, refPosition=0xffbf18b65fe8) at /__w/1/s/src/coreclr/jit/lsra.cpp:3022
#3 LinearScan::allocateRegistersMinimal (this=0xffbf18d2f648) at /__w/1/s/src/coreclr/jit/lsra.cpp:5437
#4 LinearScan::doLinearScan (this=0xffbf18d2f648) at /__w/1/s/src/coreclr/jit/lsra.cpp:1497
#5 0x0000ffbf1ca47a6c in Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4::operator()() const (this=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:5320
#6 ActionPhase<Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4>::DoPhase() (this=<optimized out>) at /__w/1/s/src/coreclr/jit/phase.h:69
#7 0x0000ffbf1ca7633c in Phase::Run (this=0xffbf19767070) at /__w/1/s/src/coreclr/jit/phase.cpp:61
#8 DoPhase<Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4>(Compiler*, Phases, Compiler::compCompile(void**, unsigned int*, JitFlags*)::$_4) (_compiler=0xffbf18bbce88, _phase=PHASE_LINEAR_SCAN, _action=...) at /__w/1/s/src/coreclr/jit/phase.h:83
#9 Compiler::compCompile (this=0xffbf18bbce88, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130) at /__w/1/s/src/coreclr/jit/compiler.cpp:5322
#10 Compiler::compCompileHelper (this=0xffbf18bbce88, classPtr=<optimized out>, methodInfo=<optimized out>, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130, compHnd=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:7396
#11 Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::$_0::operator()(Compiler::compCompile(CORINFO_MODULE_STRUCT_*, void**, unsigned int*, JitFlags*)::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:6533
#12 Compiler::compCompile (this=0xffbf18bbce88, classPtr=<optimized out>, methodCodePtr=0xffbf19768108, methodCodeSize=0xffbf1976827c, compileFlags=0xffbf19768130) at /__w/1/s/src/coreclr/jit/compiler.cpp:6552
#13 jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::{lambda(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*)#1}::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8036
#14 jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::$_0::operator()(jitNativeCode(CORINFO_METHOD_STRUCT_*, CORINFO_MODULE_STRUCT_*, ICorJitInfo*, CORINFO_METHOD_INFO*, void**, unsigned int*, JitFlags*, void*)::__JITParam*) const (this=<optimized out>, __JITpParam=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8060
#15 jitNativeCode (methodHnd=0xffffb86520b0, classPtr=0xffffb6063fa8, compHnd=<optimized out>, methodInfo=<optimized out>, methodCodePtr=<optimized out>, methodCodeSize=<optimized out>, compileFlags=<optimized out>, inlineInfoPtr=<optimized out>) at /__w/1/s/src/coreclr/jit/compiler.cpp:8062
#16 0x0000ffbf1ca73bf4 in CILJit::compileMethod (this=<optimized out>, compHnd=0xffbf19768460, methodInfo=0xffbf197682c0, flags=<optimized out>, entryAddress=0xffbf19768280, nativeSizeOfCode=0xffbf18d30dd8) at /__w/1/s/src/coreclr/jit/ee_il_dll.cpp:291
#17 0x0000ffffbccbec94 in invokeCompileMethodHelper (jitMgr=0xffffb472cdb0, comp=0xffbf19768460, info=0xffbf197682c0, jitFlags=..., nativeEntry=<optimized out>, nativeSizeOfCode=<optimized out>) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12464
#18 0x0000ffffbccbee34 in invokeCompileMethod (jitMgr=0x1, jitMgr@entry=0xffffb472cdb0, comp=0xffbf18d2f648, comp@entry=0xffbf19768460, info=0x0, info@entry=0xffbf197682c0, jitFlags=..., nativeEntry=0xffbf18b67448, nativeEntry@entry=0xffbf19768280, nativeSizeOfCode=0xffbf18d30dd8, nativeSizeOfCode@entry=0xffbf1976827c) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12527
#19 0x0000ffffbccbf7f0 in UnsafeJitFunction (config=config@entry=0xffbf19768a40, ILHeader=ILHeader@entry=0xffbf19768798, pJitFlags=pJitFlags@entry=0xffbf19768680, pSizeOfCode=pSizeOfCode@entry=0xffbf197687d4) at /__w/1/s/src/coreclr/vm/jitinterface.cpp:12971
#20 0x0000ffffbccf7730 in MethodDesc::JitCompileCodeLocked (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40, pilHeader=pilHeader@entry=0xffbf19768798, pEntry=pEntry@entry=0xffbf18ff5000, pSizeOfCode=pSizeOfCode@entry=0xffbf197687d4) at /__w/1/s/src/coreclr/vm/prestub.cpp:937
#21 0x0000ffffbccf711c in MethodDesc::JitCompileCodeLockedEventWrapper (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40, pEntry=pEntry@entry=0xffbf18ff5000) at /__w/1/s/src/coreclr/vm/prestub.cpp:818
#22 0x0000ffffbccf67c4 in MethodDesc::JitCompileCode (this=this@entry=0xffffb86520b0, pConfig=pConfig@entry=0xffbf19768a40) at /__w/1/s/src/coreclr/vm/prestub.cpp:705
#23 0x0000ffffbccf6320 in MethodDesc::PrepareILBasedCode (this=0xffffb86520b0, pConfig=0xffbf19768a40) at /__w/1/s/src/coreclr/vm/prestub.cpp:431
#24 0x0000ffffbcc6d3c4 in CodeVersionManager::PublishVersionableCodeIfNecessary (this=0xffffb47249b4, pMethodDesc=0xffffb86520b0, callerGCMode=CallerGCMode::Coop, doBackpatchRef=0xffbf19768b30, doFullBackpatchRef=<optimized out>) at /__w/1/s/src/coreclr/vm/codeversion.cpp:1747
#25 0x0000ffffbccfac58 in MethodDesc::DoPrestub (this=this@entry=0xffffb86520b0, pDispatchingMT=pDispatchingMT@entry=0x0, callerGCMode=callerGCMode@entry=CallerGCMode::Coop) at /__w/1/s/src/coreclr/vm/prestub.cpp:2869
#26 0x0000ffffbccfa798 in PreStubWorker (pTransitionBlock=<optimized out>, pMD=0xffffb86520b0) at /__w/1/s/src/coreclr/vm/prestub.cpp:2698
#27 0x0000ffffbceea0a4 in ThePreStub () at /__w/1/s/src/coreclr/vm/arm64/asmhelpers.S:165
#28 0x0000ffffb83e7c7c in ?? ()
#29 0x0000ffbfb5d66940 in ?? ()
#30 0x0000ffffb6244300 in ?? ()
- The application runs with a profiler. The profiler is not supposed to touch any of the methods involved in the crash, however it does rewrite parts of the p/invoke map (I'm mentioning this since it seems like the name is populated from
pInternalImport->GetPinvokeMap).
Metadata
Metadata
Assignees
Type
Projects
Status
No status