search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
14.8k stars 4.61k forks source link

Native SGen crash after updating from 8004 to 8053 #101905

Closed rolfbjarne closed 3 days ago

rolfbjarne commented 3 months ago

From @pepesos228 on Mon, 06 May 2024 04:32:23 GMT

After updating ios workload from 17.2.8004 to 17.2.8053 we started to get native crashes with concurrent SGen. Our application is relatively big game and we could not reproduce it on some empty project. However with the same appdata we get a 100% repro at almost the same spot of reading a big json object with our custom json reader. We tried to update dotnet from 8.0.100 to 8.0.104 but unfortunately it doesn't help, so it's definately a workload issue somwhere between 8004 and 8053. Downgrading to 8004 helps but at the same time we need a fix from https://github.com/xamarin/xamarin-macios/issues/19417 that only exist at 8053. Also we have a win and android projects (same game) with the same codebase running latest .net8 and no such issues with them.

Steps to Reproduce

Expected Behavior

No crash

Actual Behavior

Native crash examples crash1.txt crash2.txt

Environment

XCode 15.3. Release mode, AOT. Props for release configuration

<PropertyGroup>
    <OutputType>Exe</OutputType>
    <RuntimeIdentifier>ios-arm64</RuntimeIdentifier>
    <SupportedOSPlatformVersion>11.0</SupportedOSPlatformVersion>
    <TargetFramework>net8.0-ios</TargetFramework>
    <MtouchEnableSGenConc>true</MtouchEnableSGenConc>
    <MtouchFloat32>true</MtouchFloat32>
    <BuildIpa>true</BuildIpa>
    <MtouchLink>SdkOnly</MtouchLink>
    <MtouchUseLlvm>true</MtouchUseLlvm>
    <_ExportSymbolsExplicitly>false</_ExportSymbolsExplicitly>
</PropertyGroup>
Version information ``` dotnet --info .NET SDK: Version: 8.0.104 Commit: 034f91fcc0 Workload version: 8.0.100-manifests.1f2e3bea Runtime Environment: OS Name: Mac OS X OS Version: 14.4 OS Platform: Darwin RID: osx-x64 Base Path: /usr/local/share/dotnet/sdk/8.0.104/ .NET workloads installed: Workload version: 8.0.100-manifests.1f2e3bea [macos] Installation Source: SDK 8.0.100 Manifest Version: 14.2.8053/8.0.100 Manifest Path: /usr/local/share/dotnet/sdk-manifests/8.0.100/microsoft.net.sdk.macos/14.2.8053/WorkloadManifest.json Install Type: FileBased [ios] Installation Source: SDK 8.0.100 Manifest Version: 17.2.8053/8.0.100 Manifest Path: /usr/local/share/dotnet/sdk-manifests/8.0.100/microsoft.net.sdk.ios/17.2.8053/WorkloadManifest.json Install Type: FileBased Host: Version: 8.0.4 Architecture: x64 Commit: 2d7eea2529 .NET SDKs installed: 6.0.418 [/usr/local/share/dotnet/sdk] 6.0.421 [/usr/local/share/dotnet/sdk] 7.0.312 [/usr/local/share/dotnet/sdk] 7.0.315 [/usr/local/share/dotnet/sdk] 8.0.101 [/usr/local/share/dotnet/sdk] 8.0.104 [/usr/local/share/dotnet/sdk] .NET runtimes installed: Microsoft.AspNetCore.App 6.0.26 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.29 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 7.0.15 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 7.0.18 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 8.0.1 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 8.0.4 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.NETCore.App 6.0.26 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.29 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Microsoft.NETCore.App 7.0.15 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Microsoft.NETCore.App 7.0.18 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Microsoft.NETCore.App 8.0.1 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Microsoft.NETCore.App 8.0.4 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Other architectures found: None Environment variables: Not set global.json file: Not found Learn more: https://aka.ms/dotnet/info Download .NET: https://aka.ms/dotnet/download ```

Build Logs

Example Project (If Possible)

Copied from original issue xamarin/xamarin-macios#20561

rolfbjarne commented 3 months ago

From @pepesos228 on Mon, 06 May 2024 06:57:04 GMT

Also tried to disable concurrent gc, still same crash but in the main thread now. Here a few:

thread #1, name = 'tid_103', queue = 'com.apple.main-thread', stop reason = signal SIGSEGV
  * frame #0: 0x0000000107d0f080 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:158:10 [opt]
    frame #1: 0x0000000107d0f07c AppName`drain_gray_stack at sgen-scan-object.h:66:3 [opt]
    frame #2: 0x0000000107d0ec04 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:347:3 [opt]
    frame #3: 0x0000000107d0eb90 AppName`drain_gray_stack(queue=0x000000016d8582f0) at sgen-marksweep.c:1287:10 [opt]
    frame #4: 0x0000000107d021f8 AppName`finish_gray_stack [inlined] sgen_drain_gray_stack(ctx=ScanCopyContext @ 0x0000600003e77c40) at sgen-gc.c:578:9 [opt]
    frame #5: 0x0000000107d021e8 AppName`finish_gray_stack(generation=1, ctx=ScanCopyContext @ 0x0000600003e77c60) at sgen-gc.c:1140:2 [opt]
    frame #6: 0x0000000107d02d20 AppName`major_finish_collection(gc_thread_gray_queue=0x000000016d8582f0, reason="Minor allowance", is_overflow=0, old_next_pin_slot=280, forced=0) at sgen-gc.c:2323:2 [opt]
    frame #7: 0x0000000107d01aa0 AppName`major_do_collection(reason="Minor allowance", is_overflow=0, forced=0) at sgen-gc.c:2465:2 [opt]
    frame #8: 0x0000000107cfd7cc AppName`sgen_perform_collection [inlined] sgen_perform_collection_inner(requested_size=<unavailable>, generation_to_collect=<unavailable>, reason=<unavailable>, forced_serial=<unavailable>, stw=<unavailable>) at sgen-gc.c:2665:14 [opt]
    frame #9: 0x0000000107cfd500 AppName`sgen_perform_collection(requested_size=4096, generation_to_collect=1, reason="Minor allowance", forced_serial=0, stw=1) at sgen-gc.c:2762:2 [opt]
    frame #10: 0x0000000107cfd49c AppName`sgen_ensure_free_space(size=4096, generation=<unavailable>) at sgen-gc.c:2616:2 [opt]
    frame #11: 0x0000000107cf38f0 AppName`sgen_alloc_obj_nolock(vtable=0x000000010bbcead8, size=992) at sgen-alloc.c:279:6 [opt]
    frame #12: 0x0000000107ddb888 AppName`mono_gc_alloc_vector(vtable=0x000000010bbcead8, size=992, max_length=120) at sgen-mono.c:1119:20 [opt]
    frame #13: 0x0000000107da2ca0 AppName`mono_array_new_full_checked(array_class=0x000000010bbc98f8, lengths=0x000000016d8585f0, lower_bounds=0x000000016d8585f8, error=0x000000016d858608) at object.c:5943:21 [opt]
    frame #14: 0x0000000107d5aa48 AppName`ves_icall_System_Array_InternalCreate(result=0x000000016d858758, type=0x000000010b8d4de0, rank=1, pLengths=<unavailable>, pLowerBounds=<unavailable>) at icall.c:777:12 [opt]
    frame #15: 0x0000000103f156d8 AppName`wrapper_managed_to_native_System_Array_InternalCreate_System_Array__intptr_int_int__int_ + 152
    frame #16: 0x0000000107724ea4 AppName`corlib_System_Array_InternalCreate_System_RuntimeType_int_int__int_ + 88
    frame #17: 0x0000000107725e6c AppName`corlib_System_Array_CreateInstance_System_Type_int + 132
    frame #18: 0x000000010799b23c AppName`corlib_System_Collections_ArrayList_ToArray_System_Type + 64
    frame #19: 0x0000000104df55a4 AppName`AppName_JsonReader_ReadArray_System_Type at JsonReader.cs:606:21 [opt]
    frame #20: 0x0000000104df4ac4 AppName`AppName_JsonReader_Read_System_Type_bool at JsonReader.cs:313:29 [opt]
 thread #1, name = 'tid_103', queue = 'com.apple.main-thread', stop reason = signal SIGSEGV
  * frame #0: 0x0000000105e1f080 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:158:10 [opt]
    frame #1: 0x0000000105e1f07c AppName`drain_gray_stack at sgen-scan-object.h:66:3 [opt]
    frame #2: 0x0000000105e1ec04 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:347:3 [opt]
    frame #3: 0x0000000105e1eb90 AppName`drain_gray_stack(queue=0x000000016f747fb0) at sgen-marksweep.c:1287:10 [opt]
    frame #4: 0x0000000105e121f8 AppName`finish_gray_stack [inlined] sgen_drain_gray_stack(ctx=ScanCopyContext @ 0x00006000012ec680) at sgen-gc.c:578:9 [opt]
    frame #5: 0x0000000105e121e8 AppName`finish_gray_stack(generation=1, ctx=ScanCopyContext @ 0x00006000012ec6a0) at sgen-gc.c:1140:2 [opt]
    frame #6: 0x0000000105e12d20 AppName`major_finish_collection(gc_thread_gray_queue=0x000000016f747fb0, reason="Minor allowance", is_overflow=0, old_next_pin_slot=315, forced=0) at sgen-gc.c:2323:2 [opt]
    frame #7: 0x0000000105e11aa0 AppName`major_do_collection(reason="Minor allowance", is_overflow=0, forced=0) at sgen-gc.c:2465:2 [opt]
    frame #8: 0x0000000105e0d7cc AppName`sgen_perform_collection [inlined] sgen_perform_collection_inner(requested_size=<unavailable>, generation_to_collect=<unavailable>, reason=<unavailable>, forced_serial=<unavailable>, stw=<unavailable>) at sgen-gc.c:2665:14 [opt]
    frame #9: 0x0000000105e0d500 AppName`sgen_perform_collection(requested_size=4096, generation_to_collect=1, reason="Minor allowance", forced_serial=0, stw=1) at sgen-gc.c:2762:2 [opt]
    frame #10: 0x0000000105e0d49c AppName`sgen_ensure_free_space(size=4096, generation=<unavailable>) at sgen-gc.c:2616:2 [opt]
    frame #11: 0x0000000105e038f0 AppName`sgen_alloc_obj_nolock(vtable=0x0000000109892fc8, size=24) at sgen-alloc.c:279:6 [opt]
    frame #12: 0x0000000105eebaf4 AppName`mono_gc_alloc_string(vtable=0x0000000109892fc8, size=24, len=1) at sgen-mono.c:1208:21 [opt]
    frame #13: 0x0000000105eabf78 AppName`mono_string_new_size_checked(len=1, error=0x000000016f7482a0) at object.c:6349:6 [opt]
    frame #14: 0x0000000105eb3420 AppName`mono_string_new_size_handle(len=<unavailable>, error=<unavailable>) at object.c:6323:9 [opt]
    frame #15: 0x0000000105e7efe8 AppName`ves_icall_System_String_FastAllocateString_raw(a0=1) at icall-def.h:552:1 [opt]
    frame #16: 0x000000010202dca8 AppName`wrapper_managed_to_native_string_FastAllocateString_int + 120
    frame #17: 0x00000001058663fc AppName`corlib_string_InternalSubString_int_int + 64
    frame #18: 0x0000000105866264 AppName`corlib_string_Substring_int_int + 104
    frame #19: 0x0000000102f06624 AppName`AppName_JsonReader_ReadNumber_System_Type at JsonReader.cs:884:17 [opt]
    frame #20: 0x0000000102f04b20 AppName`AppName_JsonReader_Read_System_Type_bool at JsonReader.cs:321:29 [opt]
    frame #21: 0x0000000102f04f10 AppName`AppName_JsonReader_ReadObject_System_Type at JsonReader.cs:465:21 [opt]
rolfbjarne commented 3 months ago

From @rolfbjarne on Mon, 06 May 2024 07:42:17 GMT

Moving to dotnet/runtime, where the GC lives.

@pepesos228 FWIW we're probably going to need a way to reproduce this, but I'll let the runtime team take it from here.

pepesos228 commented 3 months ago

Turns out it was not ios workload, but a hidden microsoft.net.workload.mono.toolchain.current workload. 8.0.2 works fine, but 8.0.3 begin to fail with the following native exception. So my guess is that something here https://github.com/dotnet/runtime/compare/v8.0.2...v8.0.3 has broke either ios AOT or runtime ios 17.2.8004, mono.toolchain 8.0.3/8.0.4 (i tested on both, and both have similar exception with either SIGABRT or SIGSEGV)

* thread #1, name = 'tid_103', queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00000001f876b160 libsystem_kernel.dylib`__pthread_kill + 8
    frame #1: 0x0000000208e881ac libsystem_pthread.dylib`pthread_kill + 268
    frame #2: 0x00000001c2470c8c libsystem_c.dylib`abort + 180
    frame #3: 0x0000000105b607f0 AppName`log_callback(log_domain=<unavailable>, log_level=<unavailable>, message=<unavailable>, fatal=4, user_data=<unavailable>) at runtime.m:1180:3 [opt]
    frame #4: 0x0000000105ce6338 AppName`monoeg_g_logv_nofree [inlined] monoeg_g_logstr(log_domain=0x0000000000000000, log_level=G_LOG_LEVEL_ERROR, msg=<unavailable>) at goutput.c:151:2 [opt]
    frame #5: 0x0000000105ce630c AppName`monoeg_g_logv_nofree(log_domain=0x0000000000000000, log_level=G_LOG_LEVEL_ERROR, format=<unavailable>, args=<unavailable>) at goutput.c:166:2 [opt]
    frame #6: 0x0000000105ce63a8 AppName`monoeg_assertion_message(format=<unavailable>) at goutput.c:207:22 [opt]
    frame #7: 0x0000000105ce63f4 AppName`mono_assertion_message_unreachable(file=<unavailable>, line=<unavailable>) at goutput.c:234:2 [opt]
    frame #8: 0x0000000105d194d8 AppName`major_scan_object_with_evacuation(full_object=0x000000016f84a948, desc=<unavailable>, queue=0x000000016f84a070) at sgen-scan-object.h:93:3 [opt]
    frame #9: 0x0000000105d19a88 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:347:3 [opt]
    frame #10: 0x0000000105d19a74 AppName`drain_gray_stack(queue=0x000000016f84a070) at sgen-marksweep.c:1285:10 [opt]
    frame #11: 0x0000000105d0d140 AppName`finish_gray_stack [inlined] sgen_drain_gray_stack(ctx=ScanCopyContext @ 0x0000600002d505c0) at sgen-gc.c:578:9 [opt]
    frame #12: 0x0000000105d0d130 AppName`finish_gray_stack(generation=1, ctx=ScanCopyContext @ 0x0000600002d505e0) at sgen-gc.c:1140:2 [opt]
    frame #13: 0x0000000105d0dc68 AppName`major_finish_collection(gc_thread_gray_queue=0x000000016f84a070, reason="Minor allowance", is_overflow=0, old_next_pin_slot=272, forced=0) at sgen-gc.c:2323:2 [opt]
    frame #14: 0x0000000105d0c9e8 AppName`major_do_collection(reason="Minor allowance", is_overflow=0, forced=0) at sgen-gc.c:2465:2 [opt]
    frame #15: 0x0000000105d08714 AppName`sgen_perform_collection [inlined] sgen_perform_collection_inner(requested_size=<unavailable>, generation_to_collect=<unavailable>, reason=<unavailable>, forced_serial=<unavailable>, stw=<unavailable>) at sgen-gc.c:2665:14 [opt]
    frame #16: 0x0000000105d08448 AppName`sgen_perform_collection(requested_size=4096, generation_to_collect=1, reason="Minor allowance", forced_serial=0, stw=1) at sgen-gc.c:2762:2 [opt]
    frame #17: 0x0000000105d083e4 AppName`sgen_ensure_free_space(size=4096, generation=<unavailable>) at sgen-gc.c:2616:2 [opt]
    frame #18: 0x0000000105cfe838 AppName`sgen_alloc_obj_nolock(vtable=0x000000010a8939c8, size=48) at sgen-alloc.c:279:6 [opt]
    frame #19: 0x0000000105de6a3c AppName`mono_gc_alloc_string(vtable=0x000000010a8939c8, size=42, len=10) at sgen-mono.c:1208:21 [opt]
    frame #20: 0x0000000105da6ec0 AppName`mono_string_new_size_checked(len=10, error=0x000000016f84a3b0) at object.c:6349:6 [opt]
    frame #21: 0x0000000105dae628 AppName`mono_string_new_checked [inlined] mono_string_new_utf16_checked(text=0x0000000283272920, len=10, error=0x000000016f84a3b0) at object.c:6235:6 [opt]
    frame #22: 0x0000000105dae618 AppName`mono_string_new_checked(text=<unavailable>, error=0x000000016f84a3b0) at object.c:6478:7 [opt]
    frame #23: 0x0000000105d78dd4 AppName`ves_icall_RuntimeType_GetName_raw [inlined] ves_icall_RuntimeType_GetName(type_handle=MonoQCallTypeHandle @ 0x0000600002d51530, res=0x000000016f84a4f8, error=0x000000016f84a3b0) at icall.c:3034:6 [opt]
    frame #24: 0x0000000105d78dc4 AppName`ves_icall_RuntimeType_GetName_raw(a0=<unavailable>, a1=0x000000016f84a4f8) at icall-def.h:509:1 [opt]
    frame #25: 0x0000000101f28588 AppName`wrapper_managed_to_native_System_RuntimeType_GetName_System_Runtime_CompilerServices_QCallTypeHandle_System_Runtime_CompilerServices_ObjectHandleOnStack + 136
    frame #26: 0x0000000105750cdc AppName`corlib_System_RuntimeType_get_Name + 60
    frame #27: 0x0000000105933c34 AppName`corlib_System_Reflection_RuntimeFieldInfo_get_DeclaringType + 76
    frame #28: 0x0000000105934294 AppName`corlib_System_Reflection_RuntimeFieldInfo_CheckGeneric + 44
    frame #29: 0x0000000105933e44 AppName`corlib_System_Reflection_RuntimeFieldInfo_GetValue_object + 128
    frame #30: 0x000000010403a180 AppName`protobuf_net_ProtoBuf_Internal_Serializers_FieldDecorator_Read_ProtoBuf_ProtoReader_State__object at FieldDecorator.cs:35:13 [opt]
    frame #31: 0x000000010404a3e0 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_DeserializeBody_TState_REF_ProtoBuf_ProtoReader_State__TState_REF__ProtoBuf_Internal_Serializers_TypeSerializer_1_StateGetter_1_T_REF_TState_REF_ProtoBuf_Internal_Serializers_TypeSerializer_1_StateSetter_1_T_REF_TState_REF at TypeSerializer.cs:351:29 [opt]
    frame #32: 0x00000001040489e4 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_Read_ProtoBuf_ProtoReader_State__T_REF at TypeSerializer.cs:125:13 [opt]
    frame #33: 0x00000001040b0844 AppName`protobuf_net_Core_ProtoBuf_ProtoReader_State_ReadMessage_TSerializer_REF_T_REF_ProtoBuf_Serializers_SerializerFeatures_T_REF_TSerializer_REF_ at ProtoReader.State.ReadMethods.cs:964:17 [opt]
    frame #34: 0x00000001040ad534 AppName`protobuf_net_Core_ProtoBuf_ProtoReader_State_FillBuffer_TSerializer_REF_T_REF_ProtoBuf_Serializers_SerializerFeatures_TSerializer_REF__T_REF at ProtoReader.State.ReadMethods.cs:0 [opt]
    frame #35: 0x000000010408dc44 AppName`protobuf_net_Core_ProtoBuf_Serializers_RepeatedSerializer_2_TCollection_REF_TItem_REF_ReadRepeated_ProtoBuf_ProtoReader_State__ProtoBuf_Serializers_SerializerFeatures_TCollection_REF_ProtoBuf_Serializers_ISerializer_1_TItem_REF at RepeatedSerializer.cs:281:13 [opt]
    frame #36: 0x000000010403e8dc AppName`protobuf_net_ProtoBuf_Internal_Serializers_RepeatedDecorator_2_TCollection_REF_T_REF_Read_ProtoBuf_ProtoReader_State__object at RepeatedDecorator.cs:57:16 [opt]
    frame #37: 0x000000010403a1a8 AppName`protobuf_net_ProtoBuf_Internal_Serializers_FieldDecorator_Read_ProtoBuf_ProtoReader_State__object at FieldDecorator.cs:35:13 [opt]
    frame #38: 0x000000010404a3e0 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_DeserializeBody_TState_REF_ProtoBuf_ProtoReader_State__TState_REF__ProtoBuf_Internal_Serializers_TypeSerializer_1_StateGetter_1_T_REF_TState_REF_ProtoBuf_Internal_Serializers_TypeSerializer_1_StateSetter_1_T_REF_TState_REF at TypeSerializer.cs:351:29 [opt]
    frame #39: 0x00000001040489e4 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_Read_ProtoBuf_ProtoReader_State__T_REF at TypeSerializer.cs:125:13 [opt]
    frame #40: 0x00000001040b0844 AppName`protobuf_net_Core_ProtoBuf_ProtoReader_State_ReadMessage_TSerializer_REF_T_REF_ProtoBuf_Serializers_SerializerFeatures_T_REF_TSerializer_REF_ at ProtoReader.State.ReadMethods.cs:964:17 [opt]
    frame #41: 0x0000000102730c10 AppName`aot_instances_ProtoBuf_Internal_KeyValuePairSerializer_2_TKey_INT_TValue_REF_Read_ProtoBuf_ProtoReader_State__System_Collections_Generic_KeyValuePair_2_TKey_INT_TValue_REF at KeyValuePairSerializer.cs:0:13 [opt]
    frame #42: 0x00000001020cb088 AppName`wrapper_runtime_invoke_object_runtime_invoke_dynamic_intptr_intptr_intptr_intptr + 296
    frame #43: 0x0000000105df9a28 AppName`mono_jit_runtime_invoke(method=<unavailable>, obj=<unavailable>, params=<unavailable>, exc=<unavailable>, error=0x000000016f84ad88) at mini-runtime.c:3636:3 [opt]
    frame #44: 0x0000000105da5768 AppName`mono_runtime_invoke_checked [inlined] do_runtime_invoke(method=0x0000000281c37e40, obj=0x000000016f84af90, params=0x000000016f84add8, exc=0x0000000000000000, error=0x000000016f84ad88) at object.c:2576:11 [opt]
    frame #45: 0x0000000105da572c AppName`mono_runtime_invoke_checked(method=0x0000000281c37e40, obj=0x000000016f84af90, params=0x000000016f84add8, error=0x000000016f84ad88) at object.c:2792:9 [opt]
    frame #46: 0x0000000105dfd390 AppName`mono_gsharedvt_constrained_call(mp=<unavailable>, cmethod=<unavailable>, klass=<unavailable>, info=<unavailable>, deref_args="", args=0x000000016f84add8) at jit-icalls.c:1498:6 [opt]
    frame #47: 0x00000001020cfa80 AppName`wrapper_managed_to_native_object___icall_wrapper_mono_gsharedvt_constrained_call_intptr_intptr_intptr_intptr_intptr_intptr + 160
    frame #48: 0x00000001019e0dbc AppName`ProtoBuf_ProtoReader_State_ReadMessage_TSerializer_GSHAREDVT_T_GSHAREDVT_ProtoBuf_Serializers_SerializerFeatures_T_GSHAREDVT_TSerializer_GSHAREDVT_(this=6165940224, features=<unavailable>, value=<unavailable>, serializer=<unavailable>) at ProtoReader.State.ReadMethods.cs:964

And another one SIGSEGV with disassembly below

* thread #1, name = 'tid_103', queue = 'com.apple.main-thread', stop reason = signal SIGSEGV
  * frame #0: 0x00000001065f3fc8 AppName`major_scan_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:158:10 [opt]
    frame #1: 0x00000001065f3fbc AppName`major_scan_object_with_evacuation(full_object=0x000000012f499e10, desc=<unavailable>, queue=0x000000016ef6d370) at sgen-scan-object.h:66:3 [opt]
    frame #2: 0x00000001065f6318 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:347:3 [opt]
    frame #3: 0x00000001065f6304 AppName`drain_gray_stack(queue=0x0000000108fd82a8) at sgen-marksweep.c:1285:10 [opt]
    frame #4: 0x00000001065f6318 AppName`drain_gray_stack at sgen-marksweep-drain-gray-stack.h:347:3 [opt]
    frame #5: 0x00000001065f6304 AppName`drain_gray_stack(queue=0x000000016ef6d370) at sgen-marksweep.c:1285:10 [opt]
    frame #6: 0x00000001065e99d0 AppName`finish_gray_stack [inlined] sgen_drain_gray_stack(ctx=ScanCopyContext @ 0x0000600002265690) at sgen-gc.c:578:9 [opt]
    frame #7: 0x00000001065e99c0 AppName`finish_gray_stack(generation=1, ctx=ScanCopyContext @ 0x0000600002265690) at sgen-gc.c:1140:2 [opt]
    frame #8: 0x00000001065ea4f8 AppName`major_finish_collection(gc_thread_gray_queue=0x000000016ef6d370, reason="Minor allowance", is_overflow=0, old_next_pin_slot=283, forced=0) at sgen-gc.c:2323:2 [opt]
    frame #9: 0x00000001065e9278 AppName`major_do_collection(reason="Minor allowance", is_overflow=0, forced=0) at sgen-gc.c:2465:2 [opt]
    frame #10: 0x00000001065e4fa4 AppName`sgen_perform_collection [inlined] sgen_perform_collection_inner(requested_size=<unavailable>, generation_to_collect=<unavailable>, reason=<unavailable>, forced_serial=<unavailable>, stw=<unavailable>) at sgen-gc.c:2665:14 [opt]
    frame #11: 0x00000001065e4cd8 AppName`sgen_perform_collection(requested_size=4096, generation_to_collect=1, reason="Minor allowance", forced_serial=0, stw=1) at sgen-gc.c:2762:2 [opt]
    frame #12: 0x00000001065e4c74 AppName`sgen_ensure_free_space(size=4096, generation=<unavailable>) at sgen-gc.c:2616:2 [opt]
    frame #13: 0x00000001065db0c8 AppName`sgen_alloc_obj_nolock(vtable=0x000000010b0521c8, size=40) at sgen-alloc.c:279:6 [opt]
    frame #14: 0x00000001066c32cc AppName`mono_gc_alloc_string(vtable=0x000000010b0521c8, size=38, len=8) at sgen-mono.c:1208:21 [opt]
    frame #15: 0x0000000106683750 AppName`mono_string_new_size_checked(len=8, error=0x000000016ef6d6b0) at object.c:6349:6 [opt]
    frame #16: 0x000000010668aeb8 AppName`mono_string_new_checked [inlined] mono_string_new_utf16_checked(text=0x0000000280abf0a0, len=8, error=0x000000016ef6d6b0) at object.c:6235:6 [opt]
    frame #17: 0x000000010668aea8 AppName`mono_string_new_checked(text=<unavailable>, error=0x000000016ef6d6b0) at object.c:6478:7 [opt]
    frame #18: 0x0000000106655664 AppName`ves_icall_RuntimeType_GetName_raw [inlined] ves_icall_RuntimeType_GetName(type_handle=MonoQCallTypeHandle @ 0x00006000022785c0, res=0x000000016ef6d7f8, error=0x000000016ef6d6b0) at icall.c:3034:6 [opt]
    frame #19: 0x0000000106655654 AppName`ves_icall_RuntimeType_GetName_raw(a0=<unavailable>, a1=0x000000016ef6d7f8) at icall-def.h:509:1 [opt]
    frame #20: 0x0000000102804588 AppName`wrapper_managed_to_native_System_RuntimeType_GetName_System_Runtime_CompilerServices_QCallTypeHandle_System_Runtime_CompilerServices_ObjectHandleOnStack + 136
    frame #21: 0x000000010602d56c AppName`corlib_System_RuntimeType_get_Name + 60
    frame #22: 0x00000001062104c4 AppName`corlib_System_Reflection_RuntimeFieldInfo_get_DeclaringType + 76
    frame #23: 0x0000000106210b24 AppName`corlib_System_Reflection_RuntimeFieldInfo_CheckGeneric + 44
    frame #24: 0x000000010621090c AppName`corlib_System_Reflection_RuntimeFieldInfo_SetValue_object_object_System_Reflection_BindingFlags_System_Reflection_Binder_System_Globalization_CultureInfo + 184
    frame #25: 0x000000010620bd6c AppName`corlib_System_Reflection_FieldInfo_SetValue_object_object + 84
    frame #26: 0x00000001049161d0 AppName`protobuf_net_ProtoBuf_Internal_Serializers_FieldDecorator_Read_ProtoBuf_ProtoReader_State__object at FieldDecorator.cs:36:35 [opt]
    frame #27: 0x00000001049263f0 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_DeserializeBody_TState_REF_ProtoBuf_ProtoReader_State__TState_REF__ProtoBuf_Internal_Serializers_TypeSerializer_1_StateGetter_1_T_REF_TState_REF_ProtoBuf_Internal_Serializers_TypeSerializer_1_StateSetter_1_T_REF_TState_REF at TypeSerializer.cs:351:29 [opt]
    frame #28: 0x00000001049249f4 AppName`protobuf_net_ProtoBuf_Internal_Serializers_TypeSerializer_1_T_REF_Read_ProtoBuf_ProtoReader_State__T_REF at TypeSerializer.cs:125:13 [opt]
    frame #29: 0x000000010498c854 AppName`protobuf_net_Core_ProtoBuf_ProtoReader_State_ReadMessage_TSerializer_REF_T_REF_ProtoBuf_Serializers_SerializerFeatures_T_REF_TSerializer_REF_ at ProtoReader.State.ReadMethods.cs:964:17 [opt]
    frame #30: 0x0000000102d541f4 AppName`aot_instances_ProtoBuf_Internal_KeyValuePairSerializer_2_TKey_INT_TValue_REF_Read_ProtoBuf_ProtoReader_State__System_Collections_Generic_KeyValuePair_2_TKey_INT_TValue_REF at KeyValuePairSerializer.cs:0:13 [opt]
    frame #31: 0x00000001029a7088 AppName`wrapper_runtime_invoke_object_runtime_invoke_dynamic_intptr_intptr_intptr_intptr + 296
    frame #32: 0x00000001066d62b8 AppName`mono_jit_runtime_invoke(method=<unavailable>, obj=<unavailable>, params=<unavailable>, exc=<unavailable>, error=0x000000016ef6dda8) at mini-runtime.c:3636:3 [opt]
    frame #33: 0x0000000106681ff8 AppName`mono_runtime_invoke_checked [inlined] do_runtime_invoke(method=0x00000002824c0f00, obj=0x000000016ef6dfb0, params=0x000000016ef6ddf8, exc=0x0000000000000000, error=0x000000016ef6dda8) at object.c:2576:11 [opt]
    frame #34: 0x0000000106681fbc AppName`mono_runtime_invoke_checked(method=0x00000002824c0f00, obj=0x000000016ef6dfb0, params=0x000000016ef6ddf8, error=0x000000016ef6dda8) at object.c:2792:9 [opt]
    frame #35: 0x00000001066d9c20 AppName`mono_gsharedvt_constrained_call(mp=<unavailable>, cmethod=<unavailable>, klass=<unavailable>, info=<unavailable>, deref_args="", args=0x000000016ef6ddf8) at jit-icalls.c:1498:6 [opt]
    frame #36: 0x00000001029aba80 AppName`wrapper_managed_to_native_object___icall_wrapper_mono_gsharedvt_constrained_call_intptr_intptr_intptr_intptr_intptr_intptr + 160
    frame #37: 0x00000001022bcdac AppName`ProtoBuf_ProtoReader_State_ReadMessage_TSerializer_GSHAREDVT_T_GSHAREDVT_ProtoBuf_Serializers_SerializerFeatures_T_GSHAREDVT_TSerializer_GSHAREDVT_(this=6156650496, features=<unavailable>, value=<unavailable>, serializer=<unavailable>) at ProtoReader.State.ReadMethods.cs:964
(lldb) disassemble
AppName`major_scan_object_with_evacuation:
    0x1065f3e88 <+0>:    sub    sp, sp, #0xc0
    0x1065f3e8c <+4>:    stp    x28, x27, [sp, #0x60]
    0x1065f3e90 <+8>:    stp    x26, x25, [sp, #0x70]
    0x1065f3e94 <+12>:   stp    x24, x23, [sp, #0x80]
    0x1065f3e98 <+16>:   stp    x22, x21, [sp, #0x90]
    0x1065f3e9c <+20>:   stp    x20, x19, [sp, #0xa0]
    0x1065f3ea0 <+24>:   stp    x29, x30, [sp, #0xb0]
    0x1065f3ea4 <+28>:   add    x29, sp, #0xb0
    0x1065f3ea8 <+32>:   str    x2, [sp, #0x48]
    0x1065f3eac <+36>:   str    x0, [sp, #0x28]
    0x1065f3eb0 <+40>:   and    x8, x1, #0x7
    0x1065f3eb4 <+44>:   sub    x8, x8, #0x1
    0x1065f3eb8 <+48>:   cmp    x8, #0x6
    0x1065f3ebc <+52>:   b.hi   0x1065f5d58               ; <+7888> at sgen-scan-object.h:93:3
    0x1065f3ec0 <+56>:   mov    x21, x1
    0x1065f3ec4 <+60>:   adrp   x9, 2053
    0x1065f3ec8 <+64>:   add    x9, x9, #0x2c0
    0x1065f3ecc <+68>:   adr    x10, #0x10                ; <+84> at sgen-scan-object.h
    0x1065f3ed0 <+72>:   ldrh   w11, [x9, x8, lsl #1]
    0x1065f3ed4 <+76>:   add    x10, x10, x11, lsl #2
    0x1065f3ed8 <+80>:   br     x10
    0x1065f3edc <+84>:   ldr    x8, [sp, #0x28]
    0x1065f3ee0 <+88>:   ldr    x8, [x8]
    0x1065f3ee4 <+92>:   and    x8, x8, #0xfffffffffffffff8
    0x1065f3ee8 <+96>:   ldr    x0, [x8, #0x28]
    0x1065f3eec <+100>:  cbz    x0, 0x1065f3ef8           ; <+112> at sgen-marksweep-drain-gray-stack.h:286:1
    0x1065f3ef0 <+104>:  bl     0x1066c45a8               ; mono_gchandle_get_target_internal at sgen-mono.c:2556:35
    0x1065f3ef4 <+108>:  cbnz   x0, 0x1065f5a14           ; <+7052> at sgen-scan-object.h
    0x1065f3ef8 <+112>:  ldp    x29, x30, [sp, #0xb0]
    0x1065f3efc <+116>:  ldp    x20, x19, [sp, #0xa0]
    0x1065f3f00 <+120>:  ldp    x22, x21, [sp, #0x90]
    0x1065f3f04 <+124>:  ldp    x24, x23, [sp, #0x80]
    0x1065f3f08 <+128>:  ldp    x26, x25, [sp, #0x70]
    0x1065f3f0c <+132>:  ldp    x28, x27, [sp, #0x60]
    0x1065f3f10 <+136>:  add    sp, sp, #0xc0
    0x1065f3f14 <+140>:  ret    
    0x1065f3f18 <+144>:  lsr    x19, x21, #3
    0x1065f3f1c <+148>:  ldr    x8, [sp, #0x28]
    0x1065f3f20 <+152>:  add    x8, x8, #0x10
    0x1065f3f24 <+156>:  adrp   x20, 5585
    0x1065f3f28 <+160>:  add    x20, x20, #0xeb8
    0x1065f3f2c <+164>:  adrp   x24, 5585
    0x1065f3f30 <+168>:  add    x24, x24, #0xee0
    0x1065f3f34 <+172>:  mov    x25, #-0x1
    0x1065f3f38 <+176>:  mov    w28, #0x1
    0x1065f3f3c <+180>:  adrp   x27, 5573
    0x1065f3f40 <+184>:  add    x27, x27, #0x9f4
    0x1065f3f44 <+188>:  b      0x1065f3f5c               ; <+212> at sgen-scan-object.h:66:3
    0x1065f3f48 <+192>:  str    x0, [x21]
    0x1065f3f4c <+196>:  add    x8, x26, #0x1
    0x1065f3f50 <+200>:  lsr    x19, x19, x8
    0x1065f3f54 <+204>:  add    x8, x21, #0x8
    0x1065f3f58 <+208>:  cbz    x19, 0x1065f3edc          ; <+84> at sgen-scan-object.h
    0x1065f3f5c <+212>:  rbit   x9, x19
    0x1065f3f60 <+216>:  clz    x26, x9
    0x1065f3f64 <+220>:  add    x21, x8, x26, lsl #3
    0x1065f3f68 <+224>:  ldr    x22, [x21]
    0x1065f3f6c <+228>:  cbz    x22, 0x1065f3f4c          ; <+196> at sgen-scan-object.h:66:3
    0x1065f3f70 <+232>:  ldr    w8, [x20]
    0x1065f3f74 <+236>:  lsl    x8, x25, x8
    0x1065f3f78 <+240>:  and    x10, x8, x22
    0x1065f3f7c <+244>:  ldr    x9, [x24]
    0x1065f3f80 <+248>:  ldr    x11, [x22]
    0x1065f3f84 <+252>:  cmp    x10, x9
    0x1065f3f88 <+256>:  b.ne   0x1065f3fbc               ; <+308> [inlined] major_copy_or_mark_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:146:33
    0x1065f3f8c <+260>:  tbnz   w11, #0x1, 0x1065f414c    ; <+708> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x1065f3f90 <+264>:  tbz    w11, #0x0, 0x1065f40e0    ; <+600> [inlined] sgen_nursery_is_to_space at sgen-gc.h:561:30
    0x1065f3f94 <+268>:  and    x11, x11, #0xfffffffffffffff8
    0x1065f3f98 <+272>:  cbz    x11, 0x1065f40e0          ; <+600> [inlined] sgen_nursery_is_to_space at sgen-gc.h:561:30
    0x1065f3f9c <+276>:  str    x11, [x21]
    0x1065f3fa0 <+280>:  ldr    w8, [x20]
    0x1065f3fa4 <+284>:  lsl    x8, x25, x8
    0x1065f3fa8 <+288>:  and    x10, x8, x11
    0x1065f3fac <+292>:  ldr    x9, [x24]
    0x1065f3fb0 <+296>:  cmp    x10, x9
    0x1065f3fb4 <+300>:  b.ne   0x1065f3f4c               ; <+196> at sgen-scan-object.h:66:3
    0x1065f3fb8 <+304>:  b      0x1065f414c               ; <+708> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x1065f3fbc <+308>:  and    x0, x11, #0xfffffffffffffff8
    0x1065f3fc0 <+312>:  tbz    w11, #0x0, 0x1065f3fc8    ; <+320> [inlined] major_copy_or_mark_object_with_evacuation + 12 at sgen-marksweep-drain-gray-stack.h:158:10
    0x1065f3fc4 <+316>:  cbnz   x0, 0x1065f3f48           ; <+192> [inlined] major_copy_or_mark_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:148:5
->  0x1065f3fc8 <+320>:  ldr    x23, [x0, #0x8]
    0x1065f3fcc <+324>:  tbz    w23, #0x2, 0x1065f402c    ; <+420> [inlined] major_copy_or_mark_object_with_evacuation + 112 at sgen-marksweep-drain-gray-stack.h:169:12
    0x1065f3fd0 <+328>:  mov    x1, x22
    0x1065f3fd4 <+332>:  bl     0x10660b128               ; sgen_client_par_object_get_size at sgen-client-mono.h:146:25
    0x1065f3fd8 <+336>:  add    x8, x0, #0x7
    0x1065f3fdc <+340>:  and    x8, x8, #0xfffffffffffffff8
    0x1065f3fe0 <+344>:  mov    w9, #0x1f40
    0x1065f3fe4 <+348>:  cmp    x8, x9
    0x1065f3fe8 <+352>:  b.ls   0x1065f402c               ; <+420> [inlined] major_copy_or_mark_object_with_evacuation + 112 at sgen-marksweep-drain-gray-stack.h:169:12
    0x1065f3fec <+356>:  mov    x0, x22
    0x1065f3ff0 <+360>:  bl     0x1065eee7c               ; sgen_los_object_is_pinned at sgen-los.c:885:14
    0x1065f3ff4 <+364>:  cbnz   w0, 0x1065f3f4c           ; <+196> at sgen-scan-object.h:66:3
    0x1065f3ff8 <+368>:  mov    x0, x22
    0x1065f3ffc <+372>:  bl     0x1065ef98c               ; sgen_los_pin_object at sgen-los.c:826:19
    0x1065f4000 <+376>:  ldr    x8, [x22]
    0x1065f4004 <+380>:  and    x8, x8, #0xfffffffffffffff8
    0x1065f4008 <+384>:  ldr    x8, [x8, #0x8]
    0x1065f400c <+388>:  mvn    w9, w8
    0x1065f4010 <+392>:  and    x9, x9, #0x3
    0x1065f4014 <+396>:  mov    w10, #0xc007
    0x1065f4018 <+400>:  and    x8, x8, x10
    0x1065f401c <+404>:  cmp    x9, #0x0
    0x1065f4020 <+408>:  ccmp   x8, #0x5, #0x4, ne
    0x1065f4024 <+412>:  b.eq   0x1065f3f4c               ; <+196> at sgen-scan-object.h:66:3
    0x1065f4028 <+416>:  b      0x1065f40b0               ; <+552> [inlined] major_copy_or_mark_object_with_evacuation + 244 at sgen-marksweep-drain-gray-stack.h
    0x1065f402c <+420>:  ldr    w8, [x27]
    0x1065f4030 <+424>:  neg    w9, w8
    0x1065f4034 <+428>:  mov    x8, x9
    0x1065f4038 <+432>:  sxtw   x8, w8
    0x1065f403c <+436>:  and    x8, x8, x22
    0x1065f4040 <+440>:  ldur   x10, [x27, #0x1c]
    0x1065f4044 <+444>:  ldrh   w11, [x8, #0x2]
    0x1065f4048 <+448>:  ldr    w10, [x10, x11, lsl #2]
    0x1065f404c <+452>:  cbz    w10, 0x1065f405c          ; <+468> [inlined] major_copy_or_mark_object_with_evacuation + 160 at sgen-marksweep-drain-gray-stack.h:192:4
    0x1065f4050 <+456>:  ldrb   w10, [x8, #0xa]
    0x1065f4054 <+460>:  tst    w10, #0xc
    0x1065f4058 <+464>:  b.eq   0x1065f411c               ; <+660> [inlined] major_copy_or_mark_object_with_evacuation + 352 at sgen-marksweep-drain-gray-stack.h:85:9
    0x1065f405c <+468>:  bic    x9, x22, x9
    0x1065f4060 <+472>:  asr    w10, w9, #8
    0x1065f4064 <+476>:  ubfx   x11, x9, #3, #5
    0x1065f4068 <+480>:  add    x8, x8, w10, sxtw #2
pepesos228 commented 3 months ago

Also the disassembly of the same working function might be useful. Host 8.0.4, ios workload 17.2.8053, mono.toolchain workload 8.0.2

(lldb) disassemble --name major_scan_object_with_evacuation
AppName`major_scan_object_with_evacuation:
    0x109c94320 <+0>:    sub    sp, sp, #0xc0
    0x109c94324 <+4>:    stp    x28, x27, [sp, #0x60]
    0x109c94328 <+8>:    stp    x26, x25, [sp, #0x70]
    0x109c9432c <+12>:   stp    x24, x23, [sp, #0x80]
    0x109c94330 <+16>:   stp    x22, x21, [sp, #0x90]
    0x109c94334 <+20>:   stp    x20, x19, [sp, #0xa0]
    0x109c94338 <+24>:   stp    x29, x30, [sp, #0xb0]
    0x109c9433c <+28>:   add    x29, sp, #0xb0
    0x109c94340 <+32>:   str    x2, [sp, #0x48]
    0x109c94344 <+36>:   str    x0, [sp, #0x28]
    0x109c94348 <+40>:   and    x8, x1, #0x7
    0x109c9434c <+44>:   sub    x8, x8, #0x1
    0x109c94350 <+48>:   cmp    x8, #0x6
    0x109c94354 <+52>:   b.hi   0x109c961f0               ; <+7888> at sgen-scan-object.h:93:3
    0x109c94358 <+56>:   mov    x21, x1
    0x109c9435c <+60>:   adrp   x9, 2042
    0x109c94360 <+64>:   add    x9, x9, #0x740
    0x109c94364 <+68>:   adr    x10, #0x10                ; <+84> at sgen-scan-object.h
    0x109c94368 <+72>:   ldrh   w11, [x9, x8, lsl #1]
    0x109c9436c <+76>:   add    x10, x10, x11, lsl #2
    0x109c94370 <+80>:   br     x10
    0x109c94374 <+84>:   ldr    x8, [sp, #0x28]
    0x109c94378 <+88>:   ldr    x8, [x8]
    0x109c9437c <+92>:   and    x8, x8, #0xfffffffffffffff8
    0x109c94380 <+96>:   ldr    x0, [x8, #0x28]
    0x109c94384 <+100>:  cbz    x0, 0x109c94390           ; <+112> at sgen-marksweep-drain-gray-stack.h:286:1
    0x109c94388 <+104>:  bl     0x109d649b4               ; mono_gchandle_get_target_internal at sgen-mono.c:2556:35
    0x109c9438c <+108>:  cbnz   x0, 0x109c95eac           ; <+7052> at sgen-scan-object.h
    0x109c94390 <+112>:  ldp    x29, x30, [sp, #0xb0]
    0x109c94394 <+116>:  ldp    x20, x19, [sp, #0xa0]
    0x109c94398 <+120>:  ldp    x22, x21, [sp, #0x90]
    0x109c9439c <+124>:  ldp    x24, x23, [sp, #0x80]
    0x109c943a0 <+128>:  ldp    x26, x25, [sp, #0x70]
    0x109c943a4 <+132>:  ldp    x28, x27, [sp, #0x60]
    0x109c943a8 <+136>:  add    sp, sp, #0xc0
    0x109c943ac <+140>:  ret    
    0x109c943b0 <+144>:  lsr    x19, x21, #3
    0x109c943b4 <+148>:  ldr    x8, [sp, #0x28]
    0x109c943b8 <+152>:  add    x8, x8, #0x10
    0x109c943bc <+156>:  adrp   x20, 5576
    0x109c943c0 <+160>:  add    x20, x20, #0xf38
    0x109c943c4 <+164>:  adrp   x24, 5576
    0x109c943c8 <+168>:  add    x24, x24, #0xf60
    0x109c943cc <+172>:  mov    x25, #-0x1
    0x109c943d0 <+176>:  mov    w28, #0x1
    0x109c943d4 <+180>:  adrp   x27, 5564
    0x109c943d8 <+184>:  add    x27, x27, #0xa74
    0x109c943dc <+188>:  b      0x109c943f4               ; <+212> at sgen-scan-object.h:66:3
    0x109c943e0 <+192>:  str    x0, [x21]
    0x109c943e4 <+196>:  add    x8, x26, #0x1
    0x109c943e8 <+200>:  lsr    x19, x19, x8
    0x109c943ec <+204>:  add    x8, x21, #0x8
    0x109c943f0 <+208>:  cbz    x19, 0x109c94374          ; <+84> at sgen-scan-object.h
    0x109c943f4 <+212>:  rbit   x9, x19
    0x109c943f8 <+216>:  clz    x26, x9
    0x109c943fc <+220>:  add    x21, x8, x26, lsl #3
    0x109c94400 <+224>:  ldr    x22, [x21]
    0x109c94404 <+228>:  cbz    x22, 0x109c943e4          ; <+196> at sgen-scan-object.h:66:3
    0x109c94408 <+232>:  ldr    w8, [x20]
    0x109c9440c <+236>:  lsl    x8, x25, x8
    0x109c94410 <+240>:  and    x10, x8, x22
    0x109c94414 <+244>:  ldr    x9, [x24]
    0x109c94418 <+248>:  ldr    x11, [x22]
    0x109c9441c <+252>:  cmp    x10, x9
    0x109c94420 <+256>:  b.ne   0x109c94454               ; <+308> [inlined] major_copy_or_mark_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:146:33
    0x109c94424 <+260>:  tbnz   w11, #0x1, 0x109c945e4    ; <+708> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x109c94428 <+264>:  tbz    w11, #0x0, 0x109c94578    ; <+600> [inlined] sgen_nursery_is_to_space at sgen-gc.h:561:30
    0x109c9442c <+268>:  and    x11, x11, #0xfffffffffffffff8
    0x109c94430 <+272>:  cbz    x11, 0x109c94578          ; <+600> [inlined] sgen_nursery_is_to_space at sgen-gc.h:561:30
    0x109c94434 <+276>:  str    x11, [x21]
    0x109c94438 <+280>:  ldr    w8, [x20]
    0x109c9443c <+284>:  lsl    x8, x25, x8
    0x109c94440 <+288>:  and    x10, x8, x11
    0x109c94444 <+292>:  ldr    x9, [x24]
    0x109c94448 <+296>:  cmp    x10, x9
    0x109c9444c <+300>:  b.ne   0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c94450 <+304>:  b      0x109c945e4               ; <+708> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x109c94454 <+308>:  and    x0, x11, #0xfffffffffffffff8
    0x109c94458 <+312>:  tbz    w11, #0x0, 0x109c94460    ; <+320> [inlined] major_copy_or_mark_object_with_evacuation + 12 at sgen-marksweep-drain-gray-stack.h:158:10
    0x109c9445c <+316>:  cbnz   x0, 0x109c943e0           ; <+192> [inlined] major_copy_or_mark_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:148:5
    0x109c94460 <+320>:  ldr    x23, [x0, #0x8]
    0x109c94464 <+324>:  tbz    w23, #0x2, 0x109c944c4    ; <+420> [inlined] major_copy_or_mark_object_with_evacuation + 112 at sgen-marksweep-drain-gray-stack.h:169:12
    0x109c94468 <+328>:  mov    x1, x22
    0x109c9446c <+332>:  bl     0x109cab5c0               ; sgen_client_par_object_get_size at sgen-client-mono.h:146:25
    0x109c94470 <+336>:  add    x8, x0, #0x7
    0x109c94474 <+340>:  and    x8, x8, #0xfffffffffffffff8
    0x109c94478 <+344>:  mov    w9, #0x1f40
    0x109c9447c <+348>:  cmp    x8, x9
    0x109c94480 <+352>:  b.ls   0x109c944c4               ; <+420> [inlined] major_copy_or_mark_object_with_evacuation + 112 at sgen-marksweep-drain-gray-stack.h:169:12
    0x109c94484 <+356>:  mov    x0, x22
    0x109c94488 <+360>:  bl     0x109c8f314               ; sgen_los_object_is_pinned at sgen-los.c:885:14
    0x109c9448c <+364>:  cbnz   w0, 0x109c943e4           ; <+196> at sgen-scan-object.h:66:3
    0x109c94490 <+368>:  mov    x0, x22
    0x109c94494 <+372>:  bl     0x109c8fe24               ; sgen_los_pin_object at sgen-los.c:826:19
    0x109c94498 <+376>:  ldr    x8, [x22]
    0x109c9449c <+380>:  and    x8, x8, #0xfffffffffffffff8
    0x109c944a0 <+384>:  ldr    x8, [x8, #0x8]
    0x109c944a4 <+388>:  mvn    w9, w8
    0x109c944a8 <+392>:  and    x9, x9, #0x3
    0x109c944ac <+396>:  mov    w10, #0xc007
    0x109c944b0 <+400>:  and    x8, x8, x10
    0x109c944b4 <+404>:  cmp    x9, #0x0
    0x109c944b8 <+408>:  ccmp   x8, #0x5, #0x4, ne
    0x109c944bc <+412>:  b.eq   0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c944c0 <+416>:  b      0x109c94548               ; <+552> [inlined] major_copy_or_mark_object_with_evacuation + 244 at sgen-marksweep-drain-gray-stack.h
    0x109c944c4 <+420>:  ldr    w8, [x27]
    0x109c944c8 <+424>:  neg    w9, w8
    0x109c944cc <+428>:  mov    x8, x9
    0x109c944d0 <+432>:  sxtw   x8, w8
    0x109c944d4 <+436>:  and    x8, x8, x22
    0x109c944d8 <+440>:  ldur   x10, [x27, #0x1c]
    0x109c944dc <+444>:  ldrh   w11, [x8, #0x2]
    0x109c944e0 <+448>:  ldr    w10, [x10, x11, lsl #2]
    0x109c944e4 <+452>:  cbz    w10, 0x109c944f4          ; <+468> [inlined] major_copy_or_mark_object_with_evacuation + 160 at sgen-marksweep-drain-gray-stack.h:192:4
    0x109c944e8 <+456>:  ldrb   w10, [x8, #0xa]
    0x109c944ec <+460>:  tst    w10, #0xc
    0x109c944f0 <+464>:  b.eq   0x109c945b4               ; <+660> [inlined] major_copy_or_mark_object_with_evacuation + 352 at sgen-marksweep-drain-gray-stack.h:85:9
    0x109c944f4 <+468>:  bic    x9, x22, x9
    0x109c944f8 <+472>:  asr    w10, w9, #8
    0x109c944fc <+476>:  ubfx   x11, x9, #3, #5
    0x109c94500 <+480>:  add    x8, x8, w10, sxtw #2
    0x109c94504 <+484>:  ldr    w9, [x8, #0x28]!
    0x109c94508 <+488>:  lsl    x10, x28, x11
    0x109c9450c <+492>:  tst    x10, x9
    0x109c94510 <+496>:  b.ne   0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c94514 <+500>:  orr    w9, w9, w10
    0x109c94518 <+504>:  str    w9, [x8]
    0x109c9451c <+508>:  mvn    w8, w23
    0x109c94520 <+512>:  and    x8, x8, #0x3
    0x109c94524 <+516>:  mov    w9, #0xc007
    0x109c94528 <+520>:  and    x9, x23, x9
    0x109c9452c <+524>:  cmp    x8, #0x0
    0x109c94530 <+528>:  ccmp   x9, #0x5, #0x4, ne
    0x109c94534 <+532>:  b.ne   0x109c94548               ; <+552> [inlined] major_copy_or_mark_object_with_evacuation + 244 at sgen-marksweep-drain-gray-stack.h
    0x109c94538 <+536>:  ldr    x8, [x22]
    0x109c9453c <+540>:  and    x8, x8, #0xfffffffffffffff8
    0x109c94540 <+544>:  ldr    x8, [x8, #0x28]
    0x109c94544 <+548>:  cbz    x8, 0x109c943e4           ; <+196> at sgen-scan-object.h:66:3
    0x109c94548 <+552>:  ldr    x0, [sp, #0x48]
    0x109c9454c <+556>:  ldr    x9, [x0, #0x8]
    0x109c94550 <+560>:  cbz    x9, 0x109c94640           ; <+800> [inlined] major_copy_or_mark_object_with_evacuation + 56 at sgen-marksweep-drain-gray-stack.h
    0x109c94554 <+564>:  ldr    x8, [x0]
    0x109c94558 <+568>:  mov    w10, #0x1fd8
    0x109c9455c <+572>:  add    x9, x9, x10
    0x109c94560 <+576>:  cmp    x8, x9
    0x109c94564 <+580>:  b.eq   0x109c94640               ; <+800> [inlined] major_copy_or_mark_object_with_evacuation + 56 at sgen-marksweep-drain-gray-stack.h
    0x109c94568 <+584>:  add    x9, x8, #0x10
    0x109c9456c <+588>:  str    x9, [x0]
    0x109c94570 <+592>:  stp    x22, x23, [x8, #0x10]
    0x109c94574 <+596>:  b      0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c94578 <+600>:  sub    x11, x22, x10
    0x109c9457c <+604>:  asr    x10, x11, #9
    0x109c94580 <+608>:  lsr    x10, x10, #3
    0x109c94584 <+612>:  adrp   x12, 5576
    0x109c94588 <+616>:  nop    
    0x109c9458c <+620>:  ldr    x12, [x12, #0xf70]
    0x109c94590 <+624>:  cmp    x10, x12
    0x109c94594 <+628>:  b.hs   0x109c95f24               ; <+7172> [inlined] sgen_nursery_is_to_space at sgen-gc.h:566:2
    0x109c94598 <+632>:  adrp   x12, 5576
    0x109c9459c <+636>:  nop    
    0x109c945a0 <+640>:  ldr    x12, [x12, #0xf68]
    0x109c945a4 <+644>:  ldrb   w10, [x12, x10]
    0x109c945a8 <+648>:  ubfx   w11, w11, #9, #3
    0x109c945ac <+652>:  lsr    w10, w10, w11
    0x109c945b0 <+656>:  tbnz   w10, #0x0, 0x109c945e4    ; <+708> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x109c945b4 <+660>:  mov    x0, x22
    0x109c945b8 <+664>:  ldr    x1, [sp, #0x48]
    0x109c945bc <+668>:  bl     0x109cad10c               ; copy_object_no_checks at sgen-copy-object.h:67
    0x109c945c0 <+672>:  cmp    x0, x22
    0x109c945c4 <+676>:  b.eq   0x109c94654               ; <+820> [inlined] sgen_ptr_in_nursery at sgen-gc.h:206:9
    0x109c945c8 <+680>:  str    x0, [x21]
    0x109c945cc <+684>:  ldr    w8, [x20]
    0x109c945d0 <+688>:  lsl    x8, x25, x8
    0x109c945d4 <+692>:  and    x10, x8, x0
    0x109c945d8 <+696>:  ldr    x9, [x24]
    0x109c945dc <+700>:  cmp    x10, x9
    0x109c945e0 <+704>:  b.ne   0x109c94608               ; <+744> [inlined] major_copy_or_mark_object_with_evacuation at sgen-marksweep-drain-gray-stack.h:122:11
    0x109c945e4 <+708>:  and    x8, x8, x21
    0x109c945e8 <+712>:  cmp    x8, x9
    0x109c945ec <+716>:  b.eq   0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c945f0 <+720>:  ldr    x1, [x21]
    0x109c945f4 <+724>:  ldrb   w8, [x1]
    0x109c945f8 <+728>:  tbnz   w8, #0x2, 0x109c943e4     ; <+196> at sgen-scan-object.h:66:3
    0x109c945fc <+732>:  mov    x0, x21
    0x109c94600 <+736>:  bl     0x109c849cc               ; sgen_add_to_global_remset at sgen-gc.c:540
    0x109c94604 <+740>:  b      0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c94608 <+744>:  adrp   x8, 5564
    0x109c9460c <+748>:  ldr    w8, [x8, #0xa74]
    0x109c94610 <+752>:  neg    w8, w8
    0x109c94614 <+756>:  sxtw   x8, w8
    0x109c94618 <+760>:  and    x8, x8, x0
    0x109c9461c <+764>:  sub    x9, x0, x8
    0x109c94620 <+768>:  lsr    x10, x9, #3
    0x109c94624 <+772>:  asr    w9, w9, #8
    0x109c94628 <+776>:  add    x8, x8, w9, sxtw #2
    0x109c9462c <+780>:  ldr    w9, [x8, #0x28]
    0x109c94630 <+784>:  lsl    w10, w28, w10
    0x109c94634 <+788>:  orr    w9, w9, w10
    0x109c94638 <+792>:  str    w9, [x8, #0x28]
    0x109c9463c <+796>:  b      0x109c943e4               ; <+196> at sgen-scan-object.h:66:3
    0x109c94640 <+800>:  mov    x1, x22
koviant commented 2 months ago

Hello @rolfbjarne @pepesos228

I am currently migrating a .NET mobile app from .NET 7 to .NET 8 and I think I have a similar issue, at least the stack trace looks similar.

I'd like to test whether or not this issue will be reproducible on the 8004 ios workload version, but I'm not sure how to downgrade it. I guess I need to know the specific rollback file where this version is mentioned, but again, not sure where to look for the mapping between the workload version and the rollback file version.

So, my question is, how exactly can I downgrade the ios workload to the 8004 version?

I'm currently using a .NET 8.0.300. I've also checked with the 8.0.301 and 8.0.302, but I experience the same crash there as well. I guess current workload version associated with those version is the same?

Previously on the .NET 7 we were using ios workload version 16.4.7141 with no such crash.

pepesos228 commented 2 months ago

Hi @koviant, here is how i downgrade Create a file named rollback.json with the following content: { "microsoft.net.sdk.ios": "17.2.8053/8.0.100", "microsoft.net.workload.mono.toolchain.current": "8.0.2/8.0.100" } Run two times the following command: sudo dotnet workload update --from-rollback-file rollback.json It's important to run it exactly 2 times since one time doesn't work for some reasons

rolfbjarne commented 2 months ago

CC @steveisok

steveisok commented 2 months ago

@pepesos228 is there a small sample you can provide that causes the issue? We likely cannot take any meaningful action without a repro.

dotnet-policy-service[bot] commented 1 month ago

This issue has been marked needs-author-action and may be missing some important information.

pepesos228 commented 1 month ago

@steveisok well, we have a few projects running our game framework and only one faces this specific issue. Unfortunately i can't reproduce it outside that project. But as i said before i was able to identify that the cause was between https://github.com/dotnet/runtime/compare/v8.0.2...v8.0.3 changes inside microsoft.net.workload.mono.toolchain.current workload

steveisok commented 1 month ago

Hmm - given https://github.com/dotnet/runtime/pull/97850 is in the range and we discovered that https://github.com/dotnet/runtime/pull/101491 was also needed, I would suggest waiting for the July servicing release (8.0.7) and try again. The latter change apparently took longer than expected to make it into servicing.

vitek-karas commented 1 month ago

@pepesos228 could you please try with 8.0.7 which is now released?

/cc @BrzVlad

dotnet-policy-service[bot] commented 1 month ago

This issue has been marked needs-author-action and may be missing some important information.

dotnet-policy-service[bot] commented 2 weeks ago

This issue has been automatically marked no-recent-activity because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no-recent-activity.

dotnet-policy-service[bot] commented 3 days ago

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.