[Mono-bugs] [Bug 47576][Wis] New - intermittant crashing on SMP system

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Sun, 1 Feb 2004 20:04:32 -0500 (EST)


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by miguel@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=47576

--- shadow/47576	2004-02-01 20:04:32.000000000 -0500
+++ shadow/47576.tmp.13565	2004-02-01 20:04:32.000000000 -0500
@@ -0,0 +1,277 @@
+Bug#: 47576
+Product: Mono/Runtime
+Version: unspecified
+OS: GNU/Linux [Other]
+OS Details: Debian Sarge
+Status: NEEDINFO   
+Resolution: 
+Severity: Unknown
+Priority: Wishlist
+Component: misc
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: mass@akuma.org               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: intermittant crashing on SMP system
+
+Description of Problem:
+
+There are intermittant failures with mono on my SMP system, which usually 
+can be found while re-compiling the mcs module. This is reproducable on 
+0.25 and HEAD, although the failure is random. The behavior seen is 
+usually one of:
+1. assertion failure
+2. implement me notice
+3. invalid opcode: IL_019 pop
+4. silent crash
+5. hang (I assume it is a thread crashing)
+
+Steps to reproduce the problem:
+1. install mono (I used a 0.25 package and a daily snapshot)
+2. re-compile mcs
+
+Actual Results:
+
+Here are two failures and some relevant information from GDB.
+
+MONO_PATH="../../../class/lib:$MONO_PATH" 
+mono  ../../../mcs/mcs.exe /r:corlib.dll /r:I18N.dll   -
+g /noconfig  /target:library /out:../../../class/lib/I18N.Rare.dll 
+@I18N.Rare.dll.sources
+WROTE SYMFILE: 37 sources, 148 methods, 152 types, 29246 line numbers, 74 
+locals, 111 namespaces, 12667 bytes of string data
+OffsetTable [383281 - 52:380565 - 37:382393:888 - 148:380617:1776 - 152]
+Compilation succeeded
+
+** ERROR **: file mini.c: line 626 (mono_find_final_block): assertion 
+failed: (handler)
+aborting...
+make[3]: *** [../../../class/lib/I18N.Rare.dll] Aborted (core dumped)
+
+(gdb) bt
+#0  0xffffe410 in ?? ()
+#1  0x4025f8cb in abort () from /lib/libc.so.6
+#2  0x401a51ee in g_logv () from /usr/lib/libglib-2.0.so.0
+#3  0x401a5213 in g_log () from /usr/lib/libglib-2.0.so.0
+#4  0x4002f34e in mono_find_final_block (cfg=0x413e94a8, ip=0x403c841d 
+<Address 0x403c841d out of bounds>,
+    target=0x403c8429 <Address 0x403c8429 out of bounds>, type=2) at 
+mini.c:626
+#5  0x400485ce in mono_method_to_ir (cfg=0x413e94a8, method=0x8105e28, 
+start_bblock=0x413d84fc, end_bblock=0x413d8594,
+    locals_offset=1, return_var=0x0, dont_inline=0x98c3744, 
+inline_args=0x0, inline_offset=0, is_virtual_call=0)
+    at mini.c:4526
+#6  0x400535ac in mini_method_compile (method=0x8105e28, opts=18827, 
+domain=0x8082f80, parts=0) at mini.c:6728
+#7  0x40054154 in mono_jit_compile_method (method=0x8105e28) at 
+mini.c:7018
+#8  0x4009defe in mono_compile_method (method=0x8105e28) at object.c:177
+#9  0x4002e1d7 in mono_ldftn (method=0x8105e28) at jit-icalls.c:21
+#10 0x09feac42 in ?? ()
+#11 0x40054291 in mono_jit_runtime_invoke (method=0x8105e28, 
+obj=0x808cf40, params=0x0, exc=0x40aa5a28) at mini.c:7059
+#12 0x4009eebd in mono_runtime_invoke (method=0x8105e28, obj=0x808cf40, 
+params=0x0, exc=0x40aa5a28) at object.c:690
+#13 0x400ae6fd in run_finalize (obj=0x808cf40, data=0x0) at gc.c:72
+#14 0x4014e011 in GC_invoke_finalizers () at finalize.c:789
+#15 0x400af086 in finalizer_thread (unused=0x0) at gc.c:485
+#16 0x400f6cd0 in timed_thread_start_routine (args=0x80b4758) at timed-
+thread.c:115
+#17 0x401505ee in GC_start_routine (arg=0x40aa5ad8) at 
+linux_threads.c:1663
+#18 0x4021924c in start_thread () from /lib/libpthread.so.0
+
+print *cfg
+$3 = {method = 0x8105e28, mempool = 0x413d8430, varinfo = 0x41400ee0, 
+vars = 0x41400ef8, ret = 0x0, bb_entry = 0x413d84fc,
+  bb_exit = 0x413d8594, bb_init = 0x413d8874, bblocks = 0x0, bb_hash = 
+0x413def58, state_pool = 0x0, cbb = 0x0,
+  prev_ins = 0x0, patch_info = 0x0, num_bblocks = 7, locals_start = 1, 
+num_varinfo = 2, varinfo_count = 4,
+  stack_offset = 0, rs = 0x0, spill_info = 0x0, spill_count = 0, exvar = 
+0x0, domainvar = 0x0, spvar = 0x413d862c,
+  ldstr_list = 0x0, domain = 0x8082f80, native_code = 0x0, code_size = 0, 
+code_len = 0, prolog_end = 0, epilog_begin = 0,
+  used_int_regs = 0, opt = 18827, prof_options = 0, flags = 0, comp_done 
+= 0, verbose_level = 0, stack_usage = 0,
+  param_area = 0, frame_reg = 0, sig_cookie = 0, disable_aot = 0, 
+disable_ssa = 0, debug_info = 0x0, intvars = 0x413d8444,
+  coverage_info = 0x0}
+
+(gdb) print *cfg.method
+$4 = {flags = 196, iflags = 0, token = 100673411, klass = 0x805cdb8, 
+signature = 0x8105d68, addr = 0x0, info = 0x8106f20,
+  remoting_tramp = 0x0, slot = 3, name = 0x40740a49 <Address 0x40740a49 
+out of bounds>, inline_info = 0, uses_this = 0,
+  wrapper_type = MONO_WRAPPER_NONE, string_ctor = 0, save_lmf = 0, 
+inline_count = 0}
+
+(gdb) print *clause
+$7 = {flags = 2, try_offset = 0, try_len = 17, handler_offset = 17, 
+handler_len = 7, token_or_filter = 0}
+
+(gdb) print *header
+$12 = {code_size = 25, code = 0x403c8411 <Address 0x403c8411 out of 
+bounds>, max_stack = 6, num_clauses = 1,
+  init_locals = 1, num_locals = 0, clauses = 0x8105e80, locals = 
+0x8105e7c}
+
+-----------------------------------------
+
+make[2]: Entering directory `/home/mass/src/mono/mcs/class/Microsoft.Vsa'
+touch ../../build/deps/Microsoft.Vsa.dll.stamp
+MONO_PATH="../../class/lib:$MONO_PATH" mono  ../../mcs/mcs.exe    -
+g /noconfig /r:System.dll /target:library /out:../../class/lib/Microsoft.V
+sa.dll @Microsoft.Vsa.dll.sources
+WROTE SYMFILE: 12 sources, 0 methods, 0 types, 0 line numbers, 0 locals, 
+36 namespaces, 1541 bytes of string data
+OffsetTable [2605 - 52:2265 - 12:2317:288 - 0:2317:0 - 0]
+Compilation succeeded
+
+** ERROR **: Invalid IL code at IL0019 in 04 
+System.IO.StreamWriter:Finalize (object,intptr,intptr): IL_0019: pop
+
+
+aborting...
+make[2]: *** [../../class/lib/Microsoft.Vsa.dll] Aborted (core dumped)
+
+(gdb) bt
+#0  0xffffe410 in ?? ()
+#1  0x4025f8cb in abort () from /lib/libc.so.6
+#2  0x401a51ee in g_logv () from /usr/lib/libglib-2.0.so.0
+#3  0x401a5213 in g_log () from /usr/lib/libglib-2.0.so.0
+#4  0x4004f8f2 in mono_method_to_ir (cfg=0x8107408, method=0x83d2bf0, 
+start_bblock=0x84174b4, end_bblock=0x841754c,
+    locals_offset=3, return_var=0x0, dont_inline=0x84532bc, 
+inline_args=0x0, inline_offset=0, is_virtual_call=0)
+    at mini.c:5185
+#5  0x400535ac in mini_method_compile (method=0x83d2bf0, opts=18827, 
+domain=0x8082f80, parts=0) at mini.c:6728
+#6  0x40054154 in mono_jit_compile_method (method=0x83d2bf0) at 
+mini.c:7018
+#7  0x4005427a in mono_jit_runtime_invoke (method=0x830a1b0, 
+obj=0x85ce0e0, params=0x0, exc=0xbffff670) at mini.c:7058
+#8  0x4009eebd in mono_runtime_invoke (method=0x830a1b0, obj=0x85ce0e0, 
+params=0x0, exc=0xbffff670) at object.c:690
+#9  0x400ae6fd in run_finalize (obj=0x85ce0e0, data=0x0) at gc.c:72
+#10 0x400ae8bb in finalize_fields (class=0x818f690, data=0x8656d60 "", 
+instance=0, todo=0x83d2d70) at gc.c:140
+#11 0x400ae934 in finalize_static_data (class=0x818f690, 
+vtable=0x841523c, todo=0x83d2d70) at gc.c:175
+#12 0x400f8abe in mono_g_hash_table_foreach (hash_table=0x807ff60, 
+func=0x400ae8fd <finalize_static_data>,
+    user_data=0x83d2d70) at mono-hash.c:573
+#13 0x400ae97b in mono_domain_finalize (domain=0x8082f80) at gc.c:191
+#14 0x40055268 in mini_cleanup (domain=0x8082f80) at mini.c:7377
+#15 0x40075d7a in mono_main (argc=8, argv=0xbffff894) at driver.c:667
+#16 0x08048e6e in main (argc=8, argv=0xbffff894) at main.c:6
+(gdb) frame 4
+
+(gdb) print *method
+$2 = {flags = 0, iflags = 0, token = 0, klass = 0x818f690, signature = 
+0x830e270, addr = 0x0, info = 0x0,
+  remoting_tramp = 0x0, slot = 0, name = 0x83d3a48 "Finalize", 
+inline_info = 1, uses_this = 0,
+  wrapper_type = MONO_WRAPPER_RUNTIME_INVOKE, string_ctor = 0, save_lmf = 
+0, inline_count = -1}
+
+(gdb) print *method.klass
+$3 = {image = 0x8053488, enum_basetype = 0x0, element_class = 0x818f690, 
+cast_class = 0x818f690, rank = 0, inited = 1,
+  init_pending = 0, size_inited = 1, valuetype = 0, enumtype = 0, 
+blittable = 0, unicode = 0, wastypebuilder = 0,
+  min_align = 4, packing_size = 0, ghcimpl = 0, has_finalize = 1, 
+marshalbyref = 1, contextbound = 0, delegate = 0,
+  gc_descr_inited = 1, dummy = 0, parent = 0x8118bd8, nested_in = 0x0, 
+nested_classes = 0x0, type_token = 33554882,
+  name = 0x4074dcb9 <Address 0x4074dcb9 out of bounds>, name_space = 
+0x4074cc30 <Address 0x4074cc30 out of bounds>,
+  interface_count = 0, interface_id = 0, max_interface_id = 10, 
+interface_offsets = 0x830a3e8, interfaces = 0x0,
+  idepth = 4, supertypes = 0x818f770, instance_size = 48, class_size = 
+16, vtable_size = 79, flags = 8193, field = {
+    first = 965, last = 978, count = 13}, method = {first = 5503, last = 
+5524, count = 21}, property = {first = 761,
+    last = 764, count = 3}, event = {first = 0, last = 0, count = 0}, 
+marshal_info = 0x0, fields = 0x83097a8,
+  properties = 0x830a3b0, events = 0x0, methods = 0x83099c8, this_arg = 
+{data = {klass = 0x818f690, type = 0x818f690,
+      array = 0x818f690, method = 0x818f690, type_param = 135853712, 
+generic_inst = 0x818f690}, attrs = 0, type = 18,
+    num_mods = 0, byref = 1, pinned = 0, modifiers = 0x818f738}, 
+byval_arg = {data = {klass = 0x818f690, type = 0x818f690,
+      array = 0x818f690, method = 0x818f690, type_param = 135853712, 
+generic_inst = 0x818f690}, attrs = 0, type = 18,
+    num_mods = 0, byref = 0, pinned = 0, modifiers = 0x818f740}, 
+generic_inst = 0x0, gen_params = 0x0, num_gen_params = 0,
+  reflection_info = 0x0, gc_descr = 0x7e200001, gc_bitmap = 1150, 
+ptr_to_str = 0x0, str_to_ptr = 0x0,
+  cached_vtable = 0x841523c, vtable = 0x830a460}
+
+(gdb) call print_method_from_ip(0x81072d9)
+You can't do that without a process to debug.
+
+(gdb) print *cfg
+$7 = {method = 0x83d2bf0, mempool = 0x84171c0, varinfo = 0x83d2c28, vars 
+= 0x83d2c60, ret = 0x84172d4,
+  bb_entry = 0x84174b4, bb_exit = 0x841754c, bb_init = 0x0, bblocks = 
+0x0, bb_hash = 0x830e290, state_pool = 0x0,
+  cbb = 0x0, prev_ins = 0x0, patch_info = 0x0, num_bblocks = 10, 
+locals_start = 3, num_varinfo = 9, varinfo_count = 12,
+  stack_offset = 0, rs = 0x0, spill_info = 0x0, spill_count = 0, exvar = 
+0x8417794, domainvar = 0x0, spvar = 0x84175e4,
+  ldstr_list = 0x0, domain = 0x8082f80, native_code = 0x0, code_size = 0, 
+code_len = 0, prolog_end = 0, epilog_begin = 0,
+  used_int_regs = 0, opt = 18827, prof_options = 0, flags = 0, comp_done 
+= 0, verbose_level = 0, stack_usage = 0,
+  param_area = 0, frame_reg = 0, sig_cookie = 0, disable_aot = 0, 
+disable_ssa = 0, debug_info = 0x0, intvars = 0x84171d4,
+  coverage_info = 0x0}
+
+(gdb) print *start_bblock
+$11 = {last_ins = 0x0, cil_code = 0x0, cil_length = 0, native_offset = 0, 
+max_offset = 0, dfn = 0, block_num = 0,
+  flags = 0, out_count = 1, in_count = 0, in_bb = 0x0, out_bb = 
+0x8417954, next_bb = 0x84178bc, code = 0x0,
+  dominators = 0x0, dfrontier = 0x0, idom = 0x0, dominated = 0x0, 
+df_parent = 0x0, ancestor = 0x0, child = 0x0,
+  label = 0x0, bucket = 0x0, size = 0, sdom = 0, idomn = 0, loop_blocks = 
+0x0, nesting = 0 '\0', gen_set = 0x0,
+  kill_set = 0x0, live_in_set = 0x0, live_out_set = 0x0, out_scount = 0, 
+in_scount = 0, out_stack = 0x0, in_stack = 0x0,
+  real_offset = 0, region = 0, max_ireg = 0, max_freg = 0}
+
+(gdb) print *end_bblock
+$13 = {last_ins = 0x0, cil_code = 0x0, cil_length = 0, native_offset = 0, 
+max_offset = 0, dfn = 0, block_num = 1,
+  flags = 0, out_count = 0, in_count = 0, in_bb = 0x0, out_bb = 0x0, 
+next_bb = 0x0, code = 0x0, dominators = 0x0,
+  dfrontier = 0x0, idom = 0x0, dominated = 0x0, df_parent = 0x0, ancestor 
+= 0x0, child = 0x0, label = 0x0, bucket = 0x0,
+  size = 0, sdom = 0, idomn = 0, loop_blocks = 0x0, nesting = 0 '\0', 
+gen_set = 0x0, kill_set = 0x0, live_in_set = 0x0,
+  live_out_set = 0x0, out_scount = 0, in_scount = 0, out_stack = 0x0, 
+in_stack = 0x0, real_offset = 0, region = 0,
+  max_ireg = 0, max_freg = 0}
+
+(gdb) print *dont_inline
+$14 = {data = 0x83d2bf0, next = 0x0, prev = 0x0}
+
+How often does this happen? 
+
+Usually it takes about three tries to compile all of the classes.
+
+------- Additional Comments From mass@akuma.org  2003-09-30 02:09 -------
+A quick update : this issue is now much harder to trigger. It now
+happens around every other recompile of MCS, judged by doing a 'make
+clean all' around ten times.
+
+There is new failure behavior now, however - sometimes the mono
+process appears stop and to grow without bounds (although I kill the
+process around 400 MB)
+
+------- Additional Comments From miguel@ximian.com  2004-02-01 20:04 -------
+Can you still reproduce?