[Mono-bugs] [Bug 616029] New: Cleaning up domain with async socket crashes mono
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Jun 21 13:40:22 EDT 2010
http://bugzilla.novell.com/show_bug.cgi?id=616029
http://bugzilla.novell.com/show_bug.cgi?id=616029#c0
Summary: Cleaning up domain with async socket crashes mono
Classification: Mono
Product: Mono: Runtime
Version: 2.6.x
Platform: x86
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: io-layer
AssignedTo: lupus at novell.com
ReportedBy: lucas.meijer at gmail.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US)
AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4
When unloading a domain that has a async socket running in it, the runtime
crashes. The stacktrace is different each time, which I guess means that the
domain unloading code is unloading stuff as the async socket thread is using
it.
Reprocase, run the attached native program:
#include <glib.h>
#include <mono/jit/jit.h>
#include <mono/metadata/assembly.h>
#include <mono/metadata/debug-helpers.h>
#include <mono/metadata/mono-gc.h>
#include <mono/metadata/class.h>
int main()
{
//init mono
MonoDomain* domain = mono_jit_init_version ("Unity Root Domain",
"v2.0.50727");
//create and set child domain
MonoDomain* child = mono_domain_create_appdomain("Unity Child Domain",
NULL);
mono_domain_set(child,0);
//load assembly and call entrypoint
MonoAssembly* ass = mono_domain_assembly_open (mono_domain_get (),
"lucas.exe");
MonoImage* img = mono_assembly_get_image(ass);
printf("image %d\n",img);
MonoMethodDesc* desc = mono_method_desc_new("MonoEmbed:Main",1);
MonoMethod* m = mono_method_desc_search_in_image(desc,img);
printf("method %d\n",m);
MonoObject* exc;
MonoObject* newinst = mono_object_new(mono_domain_get(),
mono_method_get_class(m));
MonoObject* ret = mono_runtime_invoke(m,newinst,0,&exc);
printf ("Exception: %d\n",exc);
if (exc)
{
MonoException* exc2 = (MonoException*) exc;
printf ("exc msg:
%s\n",mono_class_get_name(mono_object_get_class(exc)));
}
printf ("ret: %d\n",ret);
//switch back to root domain
mono_domain_set(domain,0);
//clean up child domain THIS WILL CRASH
mono_domain_unload(child);
while(1){}
printf ("We should never get here");
return 0;
}
Against the following managed assembly:
using System;
using System.Runtime.CompilerServices;
using System.Net;
using System.Net.Sockets;
class MonoEmbed {
static void Main() {
Console.WriteLine ("Haai");
string ip_destination = "80.250.239.190";
Socket socket = null;
IPHostEntry host = Dns.Resolve( "google.com" );
foreach (IPAddress address in host.AddressList)
{
IPEndPoint serv = new IPEndPoint(address, 80);
socket = new Socket(serv.AddressFamily,
SocketType.Stream, 0);
try
{
socket.Connect(serv);
}
catch (SocketException)
{
socket.Close();
socket = null;
continue;
}
}
if (socket != null)
{
//byte[] packet_header = new byte[sizeof( int )];
byte[] packet_header = new byte[64];
//AsyncCallback acbOnHeaderReceived = new
AsyncCallback(OnHeaderReceived);
IAsyncResult async_recv =
socket.BeginReceive(packet_header, 0, packet_header.Length, SocketFlags.None,
null, null);
socket.Close();
}
}
}
Reproducible: Always
Steps to Reproduce:
run the program
Actual Results:
sample stacktrace. differs per run:
0 0x91208212 in calloc ()
#1 0x001c2c2e in g_malloc0 (x=32) at glib.h:115
#2 0x001c359e in mono_basic_block_split (method=0x180cd9c, error=0xb0315fc0)
at mono-basic-block.c:532
#3 0x00038839 in mono_method_to_ir (cfg=0x800600, method=0x180cd9c,
start_bblock=0x82081c, end_bblock=0x8208b4, return_var=0x0,
dont_inline=0x5379a0, inline_args=0x0, inline_offset=0, is_virtual_call=0) at
method-to-ir.c:5802
#4 0x0000a32e in mini_method_compile (method=0x180cd9c, opts=64055807,
domain=0x499cc0, run_cctors=1, compile_aot=0, parts=0) at mini.c:3464
#5 0x0000c40b in mono_jit_compile_method_inner (method=0x180cd9c,
target_domain=0x499cc0, opt=64055807, jit_ex=0xb03169b8) at mini.c:4223
#6 0x0000cf9b in mono_jit_compile_method_with_opt (method=0x180cd9c,
opt=64055807, ex=0xb03169b8) at mini.c:4430
#7 0x0000d145 in mono_jit_compile_method (method=0x180cd9c) at mini.c:4455
#8 0x001cca6a in mono_compile_method (method=0x180cd9c) at object.c:554
#9 0x000c16f7 in mono_magic_trampoline (regs=0xb0316b28, code=0x7b957c
"??\020?EЃ?\fhXl?\002?I?????\020?MЃ?\bQ?E?P?\001", arg=0xfffffffe, tramp=0x0)
at mini-trampolines.c:477
#10 0x00463066 in ?? ()
#11 0x007b94ff in ?? ()
#12 0x0075ab91 in ?? ()
#13 0x0000dbca in mono_jit_runtime_invoke (method=0x280218c, obj=0x74b930,
params=0xb0316cc0, exc=0xb0316dec) at mini.c:4789
#14 0x001d14b1 in mono_runtime_invoke (method=0x280218c, obj=0x74b930,
params=0xb0316cc0, exc=0xb0316dec) at object.c:2613
#15 0x001d3904 in mono_runtime_invoke_array (method=0x280218c, obj=0x74b930,
params=0x789640, exc=0xb0316dec) at object.c:3803
#16 0x001d6759 in mono_message_invoke (target=0x74b930, msg=0x76da40,
exc=0xb0316dec, out_args=0xb0316de8) at object.c:5432
#17 0x002076e3 in mono_async_invoke (ares=0x74b8f8) at threadpool.c:1016
#18 0x002060cf in async_invoke_io_thread (data=0x782d90) at threadpool.c:326
#19 0x0020abba in start_wrapper (data=0x537540) at threads.c:666
#20 0x0024d194 in thread_start_routine (args=0x1800624) at wthreads.c:286
#21 0x0027d4d1 in GC_start_routine (arg=0x749f00) at pthread_support.c:1390
#22 0x9122fa19 in _pthread_start ()
#23 0x9122f89e in thread_start ()
Expected Results:
no crash
I hope the formatting doesn't suck too much
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list