Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assert failure: SyncTableEntry::GetSyncTableEntry()[sbIndex].m_Object == obj #74741

Closed
AntonLapounov opened this issue Aug 29, 2022 · 5 comments
Closed

Assert failure: SyncTableEntry::GetSyncTableEntry()[sbIndex].m_Object == obj #74741

AntonLapounov opened this issue Aug 29, 2022 · 5 comments
Assignees
@PeterSolMS
Labels
area-GC-coreclr
Milestone
7.0.0

Comments

@AntonLapounov
Copy link
Member

The failure has been observed on x64 and ARM64 while using server GC:

Assert failure: SyncTableEntry::GetSyncTableEntry()[sbIndex].m_Object == obj

The sync table entry with index sbIndex is in the free list pointed by m_FreeSyncTableList near its beginning.

Call stack examples:

04 coreclr!DbgAssertDialog
05 coreclr!ObjHeader::Validate
06 coreclr!Object::ValidateInner
07 coreclr!Object::Validate
08 coreclr!SVR::GCHeap::IsPromoted
09 coreclr!CheckPromoted
0a coreclr!ScanConsecutiveHandlesWithoutUserData
0b coreclr!BlockScanBlocksWithoutUserData
0c coreclr!SegmentScanByTypeMap
0d coreclr!TableScanHandles
0e coreclr!HndScanHandlesForGC
0f coreclr!Ref_CheckReachable
10 coreclr!GCScan::GcWeakPtrScan
11 coreclr!SVR::gc_heap::mark_phase

04 coreclr!DbgAssertDialog
05 coreclr!ObjHeader::Validate
06 coreclr!Object::ValidateInner
07 coreclr!Object::Validate
08 coreclr!SVR::GCHeap::IsPromoted
09 coreclr!ClearDependentHandle
0a coreclr!ScanConsecutiveHandlesWithUserData
0b coreclr!BlockScanBlocksWithUserData
0c coreclr!SegmentScanByTypeChain
0d coreclr!TableScanHandles
0e coreclr!HndScanHandlesForGC
0f coreclr!Ref_ScanDependentHandlesForClearing
10 coreclr!GCScan::GcWeakPtrScan
11 coreclr!SVR::gc_heap::mark_phase
@AntonLapounov AntonLapounov added this to the 7.0.0 milestone Aug 29, 2022
@ghost
Copy link

ghost commented Aug 29, 2022

Tagging subscribers to this area: @dotnet/gc
See info in area-owners.md if you want to be subscribed.

Issue Details

The failure has been observed on x64 and ARM64 while using server GC:

Assert failure: SyncTableEntry::GetSyncTableEntry()[sbIndex].m_Object == obj

The sync table entry with index sbIndex is in the free list pointed by m_FreeSyncTableList near its beginning.

Call stack examples:

04 coreclr!DbgAssertDialog
05 coreclr!ObjHeader::Validate
06 coreclr!Object::ValidateInner
07 coreclr!Object::Validate
08 coreclr!SVR::GCHeap::IsPromoted
09 coreclr!CheckPromoted
0a coreclr!ScanConsecutiveHandlesWithoutUserData
0b coreclr!BlockScanBlocksWithoutUserData
0c coreclr!SegmentScanByTypeMap
0d coreclr!TableScanHandles
0e coreclr!HndScanHandlesForGC
0f coreclr!Ref_CheckReachable
10 coreclr!GCScan::GcWeakPtrScan
11 coreclr!SVR::gc_heap::mark_phase

04 coreclr!DbgAssertDialog
05 coreclr!ObjHeader::Validate
06 coreclr!Object::ValidateInner
07 coreclr!Object::Validate
08 coreclr!SVR::GCHeap::IsPromoted
09 coreclr!ClearDependentHandle
0a coreclr!ScanConsecutiveHandlesWithUserData
0b coreclr!BlockScanBlocksWithUserData
0c coreclr!SegmentScanByTypeChain
0d coreclr!TableScanHandles
0e coreclr!HndScanHandlesForGC
0f coreclr!Ref_ScanDependentHandlesForClearing
10 coreclr!GCScan::GcWeakPtrScan
11 coreclr!SVR::gc_heap::mark_phase
Author: AntonLapounov
Assignees: -
Labels:

area-GC-coreclr
Milestone: 7.0.0

@AntonLapounov
Copy link
Member Author

@PeterSolMS I suspect this may be caused by #41600, which made it possible for one thread to start scanning for deleted entries in the SyncBlockCache while another thread is still performing GCScan::GcWeakPtrScan.

@PeterSolMS
Copy link
Contributor

@AntonLapounov I think you are right - I'm thinking about the proper way to fix this...

@PeterSolMS PeterSolMS self-assigned this Aug 30, 2022
PeterSolMS added a commit that referenced this issue Aug 31, 2022
@PeterSolMS
Fix issue #74741 - assert failure during weak pointer scanning. (#74810)
9ac6c6d 
The problem here is that during GCScan::GcWeakPtrScan, we call GCHeap::IsPromoted so we can zero out object pointers to objects that weren't marked. At the same time, one thread may do the same for the sync block table. When the first kind of threads validate the object, they also validate the sync block entry that may have already been zeroed - this causes an assert failure. I don't think there is any bad effect apart from the assert failure though.

The fix is to simply call Object::Validate with a bVerifySyncBlock of FALSE if the object hasn't been marked.
@PeterSolMS
Copy link
Contributor

This should be fixed by PR #74810. Thanks @AntonLapounov for the thorough diagnosis!

@AntonLapounov
Copy link
Member Author

Thank you for fixing this!

carlossanlop pushed a commit that referenced this issue Sep 2, 2022
@github-actions @PeterSolMS
[release/7.0] Fix issue #74741 - assert failure during weak pointer s…
8b6997f 
…canning. (#74894)

* The problem here is that during GCScan::GcWeakPtrScan, we call GCHeap::IsPromoted so we can zero out object pointers to objects that weren't marked. At the same time, one thread may do the same for the sync block table. When the first kind of threads validate the object, they also validate the sync block entry that may have already been zeroed - this causes an assert failure. I don't think there is any bad effect apart from the assert failure though.

The fix is to simply call Object::Validate with a bVerifySyncBlock of FALSE if the object hasn't been marked.

* Overlooked the fact that there is yet another declaration of CObjectHeader::Validate with just one parameter that is used in Native AOT and the standalone GC.

Fix is simply to declare, but ignore the extra parameters.

Co-authored-by: Peter Sollich <[email protected]>
@ghost ghost locked as resolved and limited conversation to collaborators Oct 1, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@PeterSolMS PeterSolMS

Labels
area-GC-coreclr
Projects
None yet
Milestone
7.0.0
Development

No branches or pull requests
2 participants
@PeterSolMS @AntonLapounov