Search Issue Tracker

Fixed

Fixed in 2021.3.28f1, 2022.3.2f1, 2023.1.0b19, 2023.2.0a16

Votes

1

Found in

2021.3.23f1

2022.2.17f1

2023.1.0b14

2023.2.0a12

Issue ID

UUM-34344

Regression

Yes

Crash on mono_traverse_objects when entering and exiting Play Mode

--

-

Reproduction steps:
1. Open the attached “repro-project“
2. Enter and exit Play Mode
3. Observe the crash

Reproducible with: 2021.2.1f1, 2021.3.23f1, 2022.2.17f1, 2023.1.0b14, 2023.2.0a12
Not reproducible with: 2020.3.47f1, 2021.2.0f1

Reproduced on: Windows 10 Pro

First few lines of the stack trace:
{{0x00007FFE8CA33F59 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\unity-liveness.c:263] mono_add_process_object}}
{{0x00007FFE8CA34AB1 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\unity-liveness.c:486] mono_traverse_objects}}
{{0x00007FFE8CA35AF1 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\unity-liveness.c:688] mono_unity_liveness_calculation_from_statics }}
{{0x00007FFE163C75DC (Unity) GarbageCollectSharedAssets }}
{{0x00007FFE1642DAB6 (Unity) UnloadUnusedAssetsOperation::IntegrateMainThread }}

{{0x00007FFE61912FEA (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\mini\mini-trampolines.c:1061] mono_delegate_trampoline }}
{{0x00000233E940DC56 (Mono JIT Code) UnityEngine.Application:CallLogCallback (string,string,UnityEngine.LogType,bool) }}
{{0x00000233E940DEBA (Mono JIT Code) (wrapper runtime-invoke) <Module>:runtime_invoke_void_object_object_int_byte (object,intptr,intptr,intptr) }}
{{0x00007FFE61820394 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\mini\mini-runtime.c:3445] mono_jit_runtime_invoke }}
{{0x00007FFE6175EB44 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\object.c:3066] do_runtime_invoke }}

  1. Resolution Note (fix version 2023.2.0a16):

    Memory corruption was caused by JsonUtility creating an array as a target for the deserialized result. JsonUtility only supports deserializing to an object and not an array, and will now throw an ArgumentException if an array is passed as a return type.

Comments (2)

  1. Dream1994001

    Jun 12, 2023 13:34

    2021.3.23f1 by the way

  2. Dream1994001

    Jun 12, 2023 13:32

    We may meet the same issue on il2cpp running on iOS device, here are the crash log:

    0 libsystem_kernel.dylib 0x206a67ac4 semaphore_wait_trap + 8
    1 libdispatch.dylib 0x1d1802578 _dispatch_sema4_wait + 28
    2 libdispatch.dylib 0x1d1802c2c _dispatch_semaphore_wait_slow + 132
    3 UnityFramework 0x12264d18c il2cpp_baselib::Baselib_SystemSemaphore_Acquire(il2cpp_baselib::Baselib_SystemSemaphore_Handle) + 28
    4 UnityFramework 0x12261540c il2cpp::vm::GlobalMetadata::GetTypeInfoFromTypeDefinitionIndex(int) + 1056
    5 UnityFramework 0x12262680c il2cpp::vm::Type::IsStruct(Il2CppType const*) + 44
    6 UnityFramework 0x122610b10 il2cpp::vm::LivenessState::FieldCanContainReferences(FieldInfo*) + 24
    7 UnityFramework 0x122610ce8 il2cpp::vm::Liveness::FromStatics(void*) + 168
    8 UnityFramework 0x12193a3a8 GarbageCollectSharedAssets(bool, bool) + 1668
    9 UnityFramework 0x12194aa80 UnloadUnusedAssetsOperation::IntegrateMainThread() + 28
    10 UnityFramework 0x121949c70 PreloadManager::UpdatePreloadingSingleStep(PreloadManager::UpdatePreloadingFlags, int) + 224
    11 UnityFramework 0x12194a3b8 PreloadManager::WaitForAllAsyncOperationsToComplete() + 124
    12 UnityFramework 0x12195529c RuntimeSceneManager::LoadScene(core::basic_string<char, core::StringStorageDefault<char> > const&, core::basic_string<char, core::StringStorageDefault<char> > const&, core::basic_string<char, core::StringStorageDefault<char> > const&, UnityGUID const&, int, InternalLoadSceneParameters const&) + 72
    13 UnityFramework 0x12193bd84 PlayerStartFirstScene(bool) + 492
    14 UnityFramework 0x122070d40 UnityLoadApplication + 44
    15 UnityFramework 0x11fda7260 -[UnityAppController startUnity:] + 92
    16 Foundation 0x1c4832d58 __NSFireDelayedPerform + 372
    17 CoreFoundation 0x1ca44a66c __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32
    18 CoreFoundation 0x1ca406ce8 __CFRunLoopDoTimer + 940
    19 CoreFoundation 0x1ca3aa958 __CFRunLoopDoTimers + 288
    20 CoreFoundation 0x1ca3f82dc __CFRunLoopRun + 1896
    21 CoreFoundation 0x1ca3fd1e4 CFRunLoopRunSpecific + 612
    22 GraphicsServices 0x20321d368 GSEventRunModal + 164
    23 UIKitCore 0x1cc8acd88 -[UIApplication _run] + 888
    24 UIKitCore 0x1cc8ac9ec UIApplicationMain + 340
    25 UnityFramework 0x11fdac568 -[UnityFramework runUIApplicationMainWithArgc:argv:] + 92
    26 SoulKnight 0x104d1bc00 main + 60
    27 dyld 0x1e8721948 start + 2504

Add comment

Log in to post comment