Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Local GC] AV in handle table when promoting overlapped data object #9410

Closed
swgillespie opened this issue Dec 8, 2017 · 0 comments · Fixed by dotnet/coreclr#15433
Closed

[Local GC] AV in handle table when promoting overlapped data object #9410

swgillespie opened this issue Dec 8, 2017 · 0 comments · Fixed by dotnet/coreclr#15433
Assignees
@swgillespie
Labels
area-GC-coreclr bug
Milestone
2.1.0

Comments

@swgillespie
Copy link
Contributor

Seen in a modified sample ASP.NET Core application:

00 0000009b`496ff420 00007ffe`8177417f coreclr!SVR::GCHeap::Promote+0x40 [e:\a\_work\1803\s\src\gc\gc.cpp @ 33809] 
01 0000009b`496ff4a0 00007ffe`814576ab coreclr!AsyncPinObject+0x2f [e:\a\_work\1803\s\src\gc\objecthandle.cpp @ 289] 
02 0000009b`496ff4d0 00007ffe`8153f704 coreclr!ScanConsecutiveHandlesWithoutUserData+0x6b [e:\a\_work\1803\s\src\gc\handletablescan.cpp @ 444] 
03 0000009b`496ff500 00007ffe`8153f3b2 coreclr!BlockScanBlocksWithoutUserData+0x44 [e:\a\_work\1803\s\src\gc\handletablescan.cpp @ 559] 
04 0000009b`496ff530 00007ffe`8153f2c5 coreclr!SegmentScanByTypeChain+0x8e [e:\a\_work\1803\s\src\gc\handletablescan.cpp @ 1600] 
05 0000009b`496ff570 00007ffe`8153f150 coreclr!TableScanHandles+0x95 [e:\a\_work\1803\s\src\gc\handletablescan.cpp @ 1723] 
06 0000009b`496ff620 00007ffe`8153ee6f coreclr!HndScanHandlesForGC+0x12c [e:\a\_work\1803\s\src\gc\handletable.cpp @ 906] 
07 0000009b`496ff6e0 00007ffe`8153eaf9 coreclr!Ref_TracePinningRoots+0x143 [e:\a\_work\1803\s\src\gc\objecthandle.cpp @ 1081] 
08 0000009b`496ff760 00007ffe`8175f1ba coreclr!GCScan::GcScanHandles+0x45 [e:\a\_work\1803\s\src\gc\gcscan.cpp @ 170] 
09 0000009b`496ff7a0 00007ffe`81758db6 coreclr!SVR::gc_heap::mark_phase+0x3b6 [e:\a\_work\1803\s\src\gc\gc.cpp @ 19648] 
0a 0000009b`496ff840 00007ffe`81758ca5 coreclr!SVR::gc_heap::gc1+0xe2 [e:\a\_work\1803\s\src\gc\gc.cpp @ 15406] 
0b 0000009b`496ff8a0 00007ffe`8175971f coreclr!SVR::gc_heap::garbage_collect+0x715 [e:\a\_work\1803\s\src\gc\gc.cpp @ 16990] 
0c 0000009b`496ff910 00007ffe`81759921 coreclr!SVR::gc_heap::gc_thread_function+0xdb [e:\a\_work\1803\s\src\gc\gc.cpp @ 5403] 
0d 0000009b`496ff940 00007ffe`81579bd1 coreclr!SVR::gc_heap::gc_thread_stub+0xa1 [e:\a\_work\1803\s\src\gc\gc.cpp @ 24928] 
0e (Inline Function) --------`-------- coreclr!`anonymous-namespace'::CreateNonSuspendableThread::__l2::<lambda_bace80ff87d706a3467ec0bab13d8043>::operator()+0x3f [e:\a\_work\1803\s\src\vm\gcenv.ee.cpp @ 1276] 
0f 0000009b`496ffe80 00007ffe`d5191fe4 coreclr!<lambda_bace80ff87d706a3467ec0bab13d8043>::<lambda_invoker_cdecl>+0x51 [e:\a\_work\1803\s\src\vm\gcenv.ee.cpp @ 1278] 
10 0000009b`496ffeb0 00007ffe`d789ef91 KERNEL32!BaseThreadInitThunk+0x14 [base\win32\client\thread.c @ 64] 
11 0000009b`496ffee0 00000000`00000000 ntdll!RtlUserThreadStart+0x21 [minkernel\ntdll\rtlstrt.c @ 997]

The object in question is System.Threading.OverlappedData:

0:010> ?? *ppObject
class Object * 0x000001f1`a33e65a8
   +0x000 m_pMethTab       : 0x00007ffe`7ba13f89 MethodTable
0:010> !do  0x000001f1`a33e65a8
Name:        System.Threading.OverlappedData
MethodTable: 00007ffe7ba13f88
EEClass:     00007ffe7b1654b8
Size:        112(0x70) bytes
File:        E:\public\Dumps\12-07-2017\dotnet-runtime-latest-win-x64\shared\Microsoft.NETCore.App\2.1.0-preview1-26007-05\System.Private.CoreLib.dll
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
00007ffe7b9cd220  40008d8        8  System.IAsyncResult  0 instance 0000000000000000 m_asyncResult
00007ffe7b9cfd48  40008d9       10 ...ompletionCallback  0 instance 000001f1a33e6688 m_iocb
00007ffe7ba20168  40008da       18 ...ompletionCallback  0 instance 000001f1a33e70e0 m_iocbHelper
00007ffe7ba13f28  40008db       20 ...eading.Overlapped  0 instance 000001f1a33e6880 m_overlapped
00007ffe7ba067d0  40008dc       28        System.Object  0 instance 0000000000000000 m_userObject
00007ffe7ba1bee8  40008dd       30        System.IntPtr  1 instance      1ef218a19f0 m_pinSelf
00007ffe7ba1bee8  40008de       38        System.IntPtr  1 instance                0 m_userObjectInternal
00007ffe7ba08760  40008df       40         System.Int32  1 instance                1 m_AppDomainId
00007ffe7ba06280  40008e0       44          System.Byte  1 instance                0 m_isArray
00007ffe7ba06280  40008e1       45          System.Byte  1 instance                0 m_toBeCleaned
00007ffe7b9cfab0  40008e2       48 ....NativeOverlapped  1 instance 000001f1a33e65f0 m_nativeOverlapped

Only repros with Server GC. Almost certainly a regression caused by dotnet/coreclr#14982. I'm looking into it now.

cc @Maoni0 @sergiy-k @jkotas
@swgillespie swgillespie self-assigned this Dec 8, 2017
@msftgits msftgits transferred this issue from dotnet/coreclr Jan 31, 2020
@msftgits msftgits added this to the 2.1.0 milestone Jan 31, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@swgillespie swgillespie

Labels
area-GC-coreclr bug
Projects
None yet
Milestone
2.1.0
Development

Successfully merging a pull request may close this issue.

Fix a bad cast in AsyncPinObject swgillespie/coreclr
2 participants
@swgillespie @msftgits