[runtime-async] Runtime crash on Windows when throwing exceptions

[jakobbotsch]

Unsure if this issue is specific to runtime-async and DOTNET_JitThrowOnAssertionFailure=1 or not. This also might be a duplicate of #115667, so let's wait until that is fixed with more investigation. (repros even with #115798)

EDIT: See a much simpler repro in the comment below

Old repro

Reproduction steps for win-x64:

1. Apply the following patch to build the VM with runtime-async enabled:

diff --git a/src/coreclr/clrdefinitions.cmake b/src/coreclr/clrdefinitions.cmake
index efb6ab0738a..94156a10188 100644
--- a/src/coreclr/clrdefinitions.cmake
+++ b/src/coreclr/clrdefinitions.cmake
@@ -161,7 +161,7 @@ if(FEATURE_OBJCMARSHAL)
   add_compile_definitions(FEATURE_OBJCMARSHAL)
 endif()
 
-# add_compile_definitions(FEATURE_RUNTIME_ASYNC)
+add_compile_definitions(FEATURE_RUNTIME_ASYNC)
 
 add_compile_definitions($<$<NOT:$<BOOL:$<TARGET_PROPERTY:DAC_COMPONENT>>>:FEATURE_PROFAPI_ATTACH_DETACH>)
 

2. Build the runtime in debug/checked
3. Clone Fuzzlyn from https://github.com/jakobbotsch/Fuzzlyn
4. Build Fuzzlyn you cloned with dotnet build Fuzzlyn/Fuzzlyn.csproj -c Release (requires .NET 8 SDK)
5. Save input.json from here to a file: https://gist.github.com/jakobbotsch/702c58aa79477b70c7db0f1bce1d9117
6. Set DOTNET_TieredCompilation=0, DOTNET_JitThrowOnAssertionFailure=1
7. Run <path to core_root>/corerun <path to Fuzzlyn>/Fuzzlyn/bin/Release/net8.0/Fuzzlyn.ExecutionServer.dll <path to input.json>

Result:

Assert failure(PID 13420 [0x0000346c], Thread: 40684 [0x9eec]): Consistency check failed: AV in clr at this callstack:
------
CORECLR! MethodTable::GetDebugClassName + 0x13 (0x00007ff9`16be3f43)
CORECLR! EHEnumNext + 0x5A5 (0x00007ff9`17402165)
SYSTEM.PRIVATE.CORELIB! <no symbol> + 0x0 (0x00007ff8`4641e5cb)
SYSTEM.PRIVATE.CORELIB! <no symbol> + 0x0 (0x00007ff8`4641e1a4)
SYSTEM.PRIVATE.CORELIB! <no symbol> + 0x0 (0x00007ff8`4641dd59)
CORECLR! CallDescrWorkerInternal + 0x83 (0x00007ff9`1750f603)
CORECLR! CallDescrWorkerWithHandler + 0x130 (0x00007ff9`16fed700)
CORECLR! DispatchCallSimple + 0x26C (0x00007ff9`16fee69c)
CORECLR! DispatchManagedException + 0x388 (0x00007ff9`173f8b88)
CORECLR! ProcessCLRException + 0x3EA (0x00007ff9`17402e3a)
NTDLL! chkstk + 0x19F (0x00007ff9`f567293f)
NTDLL! RtlUnwindEx + 0x339 (0x00007ff9`f5600939)
NTDLL! RtlUnwind + 0xCD (0x00007ff9`f5621f3d)
CORECLR! ClrUnwindEx + 0x58 (0x00007ff9`173f7ef8)
CORECLR! ProcessCLRException + 0x27D (0x00007ff9`17402ccd)
NTDLL! chkstk + 0x11F (0x00007ff9`f56728bf)
NTDLL! RtlRaiseException + 0x484 (0x00007ff9`f5622554)
NTDLL! RtlRaiseException + 0x1D7 (0x00007ff9`f56222a7)
KERNELBASE! RaiseException + 0x69 (0x00007ff9`f2deaf29)
-----
.AV on tid=0x9eec (40684), cxr=0000009AA74EB2C0, exr=0000009AA74EB7B0

FAILED: false

CORECLR! CHECK::Trigger + 0x20F (0x00007ff9`1691f66f)
CORECLR! CLRVectoredExceptionHandlerPhase3 + 0x384 (0x00007ff9`16cfa754)
CORECLR! CLRVectoredExceptionHandlerPhase2 + 0xA6 (0x00007ff9`16cfa0a6)
CORECLR! CLRVectoredExceptionHandler + 0x3A9 (0x00007ff9`16cf9fd9)
CORECLR! CLRVectoredExceptionHandlerShim + 0x248 (0x00007ff9`16cfaaf8)
NTDLL! RtlDeleteAce + 0x3CC (0x00007ff9`f5649b4c)
NTDLL! RtlRaiseException + 0x2A6 (0x00007ff9`f5622376)
NTDLL! KiUserExceptionDispatcher + 0x2E (0x00007ff9`f56713ce)
CORECLR! MethodTable::GetDebugClassName + 0x13 (0x00007ff9`16be3f43)
CORECLR! EHEnumNext + 0x5A5 (0x00007ff9`17402165)
    File: C:\dev\dotnet\runtime3\src\coreclr\vm\excep.cpp:6745
    Image: C:\dev\dotnet\runtime3\artifacts\tests\coreclr\windows.x64.Debug\Tests\Core_Root\corerun.exe

Stacktrace from windbg:

 # Child-SP          RetAddr               Call Site
00 0000007e`cfaeba80 00007ff8`411b2165     coreclr!MethodTable::GetDebugClassName+0x13 [C:\dev\dotnet\runtime3\src\coreclr\vm\methodtable.h @ 3085] 
01 0000007e`cfaeba90 00007ff8`3f48e5cb     coreclr!EHEnumNext+0x5a5 [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 3451] 
02 0000007e`cfaebd70 00007ff8`3f48e1a4     System_Private_CoreLib!System.Runtime.EH.FindFirstPassHandler+0xbb
03 0000007e`cfaebec0 00007ff8`3f48dd59     System_Private_CoreLib!System.Runtime.EH.DispatchEx+0x194
04 0000007e`cfaec000 00007ff8`412bf603     System_Private_CoreLib!System.Runtime.EH.RhThrowEx+0x49
05 0000007e`cfaec030 00007ff8`40d9d700     coreclr!CallDescrWorkerInternal+0x83 [C:\dev\dotnet\runtime3\src\coreclr\vm\amd64\CallDescrWorkerAMD64.asm @ 74] 
06 0000007e`cfaec070 00007ff8`40d9e69c     coreclr!CallDescrWorkerWithHandler+0x130 [C:\dev\dotnet\runtime3\src\coreclr\vm\callhelpers.cpp @ 59] 
07 0000007e`cfaec0d0 00007ff8`411a8b88     coreclr!DispatchCallSimple+0x26c [C:\dev\dotnet\runtime3\src\coreclr\vm\callhelpers.cpp @ 236] 
08 0000007e`cfaec260 00007ff8`411b2e3a     coreclr!DispatchManagedException+0x388 [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 1624] 
09 0000007e`cfaed860 00007ff9`f567293f     coreclr!ProcessCLRException+0x3ea [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 627] 
0a 0000007e`cfaedb10 00007ff9`f5600939     ntdll!RtlpExecuteHandlerForUnwind+0xf
0b 0000007e`cfaedb40 00007ff9`f5621f3d     ntdll!RtlUnwindEx+0x339
0c 0000007e`cfaee2e0 00007ff8`411a7ef8     ntdll!RtlUnwind+0xcd
0d 0000007e`cfaee8d0 00007ff8`411b2ccd     coreclr!ClrUnwindEx+0x58 [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 1660] 
0e 0000007e`cfaee950 00007ff9`f56728bf     coreclr!ProcessCLRException+0x27d [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 607] 
0f 0000007e`cfaeec00 00007ff9`f5622554     ntdll!RtlpExecuteHandlerForException+0xf
10 0000007e`cfaeec30 00007ff9`f56713ce     ntdll!RtlDispatchException+0x244
11 0000007e`cfaef3c0 00007ff9`f2deaf29     ntdll!KiUserExceptionDispatch+0x2e
12 0000007e`cfaefae0 00007ff8`413218b3     KERNELBASE!RaiseException+0x69
13 0000007e`cfaefbc0 00007ff8`41320895     coreclr!__RethrowException+0x33 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\frame.cpp @ 1380] 
14 0000007e`cfaefbf0 00007ff9`f5671c26     coreclr!__FrameHandler4::CxxCallCatchBlock+0x275 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\frame.cpp @ 1484] 
15 0000007e`cfaefcc0 00007ff8`40c7f5dd     ntdll!RcConsolidateFrames+0x6
16 0000007e`cfafe590 00007ff8`412c0fd5     coreclr!PreStubWorker+0x4cd [C:\dev\dotnet\runtime3\src\coreclr\vm\prestub.cpp @ 1964] 
17 0000007e`cfafeac0 00007ff7`e296050f     coreclr!ThePreStub+0x55 [C:\dev\dotnet\runtime3\src\coreclr\vm\amd64\ThePreStubAMD64.asm @ 20] 
18 0000007e`cfafeb70 00007ff7`e29604a0     FuzzlynProgram1254!Program.M1()+0x2f
19 0000007e`cfafebd0 00007ff7`e225e1cd     FuzzlynProgram1254!Program.Main+0x10
1a 0000007e`cfafec00 00007ff7`e225de51     Fuzzlyn_ExecutionServer!Fuzzlyn.ExecutionServer.Program.<RunPairAsync>g__RunAndGetResultAsync|1_0+0x1ed [C:\dev\Fuzzlyn\Fuzzlyn.ExecutionServer\Program.cs @ 155] 
1b 0000007e`cfafec70 00007ff7`e22321bc     Fuzzlyn_ExecutionServer!Fuzzlyn.ExecutionServer.Program.RunPairAsync+0x51 [C:\dev\Fuzzlyn\Fuzzlyn.ExecutionServer\Program.cs @ 98] 
1c 0000007e`cfafecf0 000001ea`e982b180     Fuzzlyn_ExecutionServer!Fuzzlyn.ExecutionServer.Program.<>c__DisplayClass0_0.<Main>b__0+0x37c [C:\dev\Fuzzlyn\Fuzzlyn.ExecutionServer\Program.cs @ 55] 

[dotnet-policy-service]

Tagging subscribers to this area: @mangod9
See info in area-owners.md if you want to be subscribed.

[jakobbotsch]

#115798 does not fix this issue, so seems more investigation is required.

cc @VSadov @janvorli could you help investigate this?

[jakobbotsch]

Here is a much simpler repro that does not require anything except building the runtime and test with runtime-async enabled.

using System.Threading.Tasks;
using System.Runtime.CompilerServices;

public class Program
{
    static string s_null;
    public static void Main()
    {
        M0().GetAwaiter().GetResult();
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    public static async Task M0()
    {
        await M1();
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    public async static Task M1()
    {
        await M2();
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    public async static Task<int> M2()
    {
        return s_null.Length;
    }
}

[VSadov]

#115798 does not fix this issue, so seems more investigation is required.

Does it fix the original issue or fix nothing at all?

[VSadov]

Also wonder, since it is in GetDebugClassName - does it fail with release runtime?

00 0000007e`cfaeba80 00007ff8`411b2165     coreclr!MethodTable::GetDebugClassName+0x13 [C:\dev\dotnet\runtime3\src\coreclr\vm\methodtable.h @ 3085] 
01 0000007e`cfaeba90 00007ff8`3f48e5cb     coreclr!EHEnumNext+0x5a5 [C:\dev\dotnet\runtime3\src\coreclr\vm\exceptionhandling.cpp @ 3451] 

[VSadov]

Hmm. The simple repro does not repro for me.

With checked runtime and DOTNET_JitThrowOnAssertionFailure=1 DOTNET_TieredCompilation=0

(also with #115798 fix, but not sure if that is related as this is in EH)

Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
   at Program.M2() in C:\Users\vs\source\repos\ConsoleApp64\Program.cs:line 27
   at Program.M1() in C:\Users\vs\source\repos\ConsoleApp64\Program.cs:line 21
   at Program.M0() in C:\Users\vs\source\repos\ConsoleApp64\Program.cs:line 15
   at Program.Main() in C:\Users\vs\source\repos\ConsoleApp64\Program.cs:line 9