Skip to content

This fixes Github issue 78206 - a heap corruption problem associated with mark stack overflow #78756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 25, 2022
Merged

This fixes Github issue 78206 - a heap corruption problem associated with mark stack overflow #78756

merged 3 commits into from
Nov 25, 2022

Conversation

@PeterSolMS
Copy link
Contributor

@PeterSolMS PeterSolMS commented Nov 23, 2022
edited by danmoseley
Loading

Fixes #78206

Dumps provided by the customer showed in all cases that the min_overflow_address/max_overflow_address fields had values different from their initial values of MAX_PTR and 0. This implies that a mark stack overflow has occurred, but has not been properly handled.

Looking at the code, we realized that we may still have objects in the mark prefetch queue as we enter process_mark_overflow. These objects may cause another mark stack overflow when they are traced. So we need to drain the mark prefetch queue before we check the min_overflow_address/max_overflow_address fields.

We provided a private build of clrgc.dll with this fix to the customer reporting the issue, and customer has validated that the fix resolves the issue.

@PeterSolMS
This fixes Github issue 78206 - a heap corruption problem associated …
6d45b7f 
…with mark stack overflow.

Dumps provided by the customer showed in all cases that the min_overflow_address/max_overflow_address fields had values different from their initial values of MAX_PTR and 0. This implies that a mark stack overflow has occurred, but has not been properly handled.

Looking at the code, we realized that we may still have objects in the mark prefetch queue as we enter process_mark_overflow. These objects may cause another mark stack overflow when they are traced. So we need to drain the mark prefetch queue before we check the min_overflow_address/max_overflow_address fields.

We provided a private build of clrgc.dll to the customer reporting the issue, and customer has validated that the fix resolves the issue.
@ghost ghost added the area-GC-coreclr label Nov 23, 2022
@ghost ghost assigned PeterSolMS Nov 23, 2022
@ghost
Copy link

ghost commented Nov 23, 2022

Tagging subscribers to this area: @dotnet/gc
See info in area-owners.md if you want to be subscribed.

Issue Details

Dumps provided by the customer showed in all cases that the min_overflow_address/max_overflow_address fields had values different from their initial values of MAX_PTR and 0. This implies that a mark stack overflow has occurred, but has not been properly handled.

Looking at the code, we realized that we may still have objects in the mark prefetch queue as we enter process_mark_overflow. These objects may cause another mark stack overflow when they are traced. So we need to drain the mark prefetch queue before we check the min_overflow_address/max_overflow_address fields.

We provided a private build of clrgc.dll with this fix to the customer reporting the issue, and customer has validated that the fix resolves the issue.

Author: PeterSolMS
Assignees: PeterSolMS
Labels:

area-GC-coreclr
Milestone: -

mangod9
mangod9 reviewed Nov 23, 2022
View reviewed changes
Copy link
Member

@mangod9 mangod9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this. Assume we will port this to 7?

@Maoni0
Copy link
Member

Maoni0 commented Nov 24, 2022

oops, I forgot to mention that this means we should not have the drain_mark_queue call after scan_dependent_handles because we are guaranteed to call process_mark_overflow which will guarantee to run drain_mark_queue.

@PeterSolMS
Copy link
Contributor Author

PeterSolMS commented Nov 24, 2022

Right, we have the invariant that the mark queue is empty after calling process_mark_overflow, and because of the logic inside both flavors of scan_dependent_handles, also after calling scan_dependent_handles. Thus the calls to drain_mark_queue right after calls to scan_dependent_handles can be eliminated, as well as one call to drain_mark_queue inside the WKS flavor of scan_dependent_handles.

@PeterSolMS
Adressed code review feedback - replaced calls to drain_mark_queue wh…
d864716 
…ere the mark queue should be empty with asserts.
@PeterSolMS
Make code slightly more explicit by using exisiting method mark_queue…
7387059 
…_t::verify_empty instead of an assert testing the result from mark_queue_t::get_next_marked().
@andrewb3010 andrewb3010 mentioned this pull request Nov 24, 2022
Closed
@PeterSolMS PeterSolMS merged commit 4832236 into dotnet:main Nov 25, 2022
@mangod9
Copy link
Member

mangod9 commented Nov 25, 2022

/backport to release/7.0

@github-actions
Copy link
Contributor

github-actions bot commented Nov 25, 2022

Started backporting to release/7.0: https://github.com/dotnet/runtime/actions/runs/3549509468

@github-actions github-actions bot mentioned this pull request Nov 25, 2022
Merged
@EgorBo EgorBo mentioned this pull request Nov 28, 2022
Open
@ghost ghost locked as resolved and limited conversation to collaborators Dec 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mangod9 mangod9 mangod9 approved these changes

@cshung cshung Awaiting requested review from cshung

@Maoni0 Maoni0 Awaiting requested review from Maoni0

@mrsharm mrsharm Awaiting requested review from mrsharm

Assignees

@PeterSolMS PeterSolMS

Labels

area-GC-coreclr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fatal error. Internal CLR error. (0x80131506) in .Net 7

3 participants

@PeterSolMS @Maoni0 @mangod9