[CLR] ASAN MethodData::Release() new-delete-type-mismatch

Based on the [HTTP stress pipeline history](https://dev.azure.com/dnceng-public/public/_build?definitionId=131&_a=summary&repositoryFilter=68&branchFilter=331%2C331%2C331%2C331%2C331%2C331%2C331%2C331), sometime between https://github.com/dotnet/runtime/commit/0b0b4b28bf585bbedf13e4bd35a8fba9e809167b and https://github.com/dotnet/runtime/commit/688beda0d9943935cd8ff4735d488d2658baa3eb, the stress started failing with:
```
=================================================================
2025-08-20T13:42:13.7069972Z server_1  | ==9==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x50c000013b40 in thread T0:
2025-08-20T13:42:13.7088147Z server_1  |   object passed to delete has wrong type:
2025-08-20T13:42:13.7088922Z server_1  |   size of the allocated type:   128 bytes;
2025-08-20T13:42:13.7089895Z server_1  |   size of the deallocated type: 48 bytes.
2025-08-20T13:42:13.7090809Z server_1  |     #0 0x7a3fe0cf25e8 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
2025-08-20T13:42:13.7091323Z server_1  |     #1 0x7a3fddab3509 in MethodTable::MethodData::Release() /repo/src/coreclr/vm/methodtable.cpp:6518
2025-08-20T13:42:13.7091863Z server_1  |     #2 0x7a3fddb99dcf in MethodTable::MethodData::HolderRelease(MethodTable::MethodData*) /repo/src/coreclr/vm/methodtable.h:3123
2025-08-20T13:42:13.7092507Z server_1  |     #3 0x7a3fddb99dcf in FunctionBase<MethodTable::MethodData*, &MethodTable::MethodData::HolderAcquire, &MethodTable::MethodData::HolderRelease>::DoRelease() /repo/src/coreclr/inc/holder.h:699
2025-08-20T13:42:13.7093428Z server_1  |     #4 0x7a3fddb99dcf in BaseHolder<MethodTable::MethodData*, FunctionBase<MethodTable::MethodData*, &MethodTable::MethodData::HolderAcquire, &MethodTable::MethodData::HolderRelease>, 0ul, &(int CompareDefault<MethodTable::MethodData*>(MethodTable::MethodData*, MethodTable::MethodData*))>::Release() /repo/src/coreclr/inc/holder.h:276
2025-08-20T13:42:13.7094580Z server_1  |     #5 0x7a3fddb99dcf in BaseHolder<MethodTable::MethodData*, FunctionBase<MethodTable::MethodData*, &MethodTable::MethodData::HolderAcquire, &MethodTable::MethodData::HolderRelease>, 0ul, &(int CompareDefault<MethodTable::MethodData*>(MethodTable::MethodData*, MethodTable::MethodData*))>::~BaseHolder() /repo/src/coreclr/inc/holder.h:244
2025-08-20T13:42:13.7101095Z server_1  |     #6 0x7a3fddb99dcf in MethodTableBuilder::SetupMethodTable2(Module*) /repo/src/coreclr/vm/methodtablebuilder.cpp:11363
2025-08-20T13:42:13.7103320Z server_1  |     #7 0x7a3fddb918cd in MethodTableBuilder::BuildMethodTableThrowing(LoaderAllocator*, Module*, Module*, unsigned int, BuildingInterfaceInfo_t*, MethodTableBuilder::bmtLayoutInfo const*, MethodTable*, MethodTableBuilder::bmtGenericsInfo const*, SigPointer, unsigned short) /repo/src/coreclr/vm/methodtablebuilder.cpp:1817
2025-08-20T13:42:13.7104298Z server_1  |     #8 0x7a3fddba4476 in ClassLoader::CreateTypeHandleForTypeDefThrowing(Module*, unsigned int, Instantiation, AllocMemTracker*) /repo/src/coreclr/vm/methodtablebuilder.cpp:12777
2025-08-20T13:42:13.7105245Z server_1  |     #9 0x7a3fdda3c339 in ClassLoader::CreateTypeHandleForTypeKey(TypeKey const*, AllocMemTracker*) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7105795Z server_1  |     #10 0x7a3fdda3d63c in ClassLoader::DoIncrementalLoad(TypeKey const*, TypeHandle, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp:2591
2025-08-20T13:42:13.7106374Z server_1  |     #11 0x7a3fdda3d63c in ClassLoader::LoadTypeHandleForTypeKey_Body(TypeKey const*, TypeHandle, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp:3318
2025-08-20T13:42:13.7106984Z server_1  |     #12 0x7a3fdda39650 in ClassLoader::LoadTypeHandleForTypeKey(TypeKey const*, TypeHandle, ClassLoadLevel, InstantiationContext const*) /repo/src/coreclr/vm/clsload.cpp:3049
2025-08-20T13:42:13.7107724Z server_1  |     #13 0x7a3fdda3a36d in ClassLoader::LoadTypeDefThrowing(Module*, unsigned int, ClassLoader::NotFoundAction, ClassLoader::PermitUninstantiatedFlag, unsigned int, ClassLoadLevel, Instantiation*) /repo/src/coreclr/vm/clsload.cpp:1968
2025-08-20T13:42:13.7108598Z server_1  |     #14 0x7a3fdda381fd in ClassLoader::LoadTypeHandleThrowing(NameHandle*, ClassLoadLevel, Module*) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7109208Z server_1  |     #15 0x7a3fdda37eb1 in ClassLoader::LoadTypeByNameThrowing(Assembly*, NameHandle*, ClassLoader::NotFoundAction, ClassLoader::LoadTypesFlag, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7110739Z server_1  |     #16 0x7a3fdda1ebb0 in CoreLibBinder::LookupClassLocal(BinderClassID) /repo/src/coreclr/vm/binder.cpp:74
2025-08-20T13:42:13.7111634Z server_1  |     #17 0x7a3fdda0c788 in CoreLibBinder::GetClass(BinderClassID) /repo/src/coreclr/vm/binder.h:341
2025-08-20T13:42:13.7112540Z server_1  |     #18 0x7a3fdda0c788 in SystemDomain::LoadBaseSystemClasses() /repo/src/coreclr/vm/appdomain.cpp:1005
2025-08-20T13:42:13.7113145Z server_1  |     #19 0x7a3fdda0c47e in SystemDomain::Init() /repo/src/coreclr/vm/appdomain.cpp:887
2025-08-20T13:42:13.7113724Z server_1  |     #20 0x7a3fddce6830 in EEStartupHelper() /repo/src/coreclr/vm/ceemain.cpp:964
2025-08-20T13:42:13.7114443Z server_1  |     #21 0x7a3fddce5f41 in EEStartup()::$_0::operator()(void*) const /repo/src/coreclr/vm/ceemain.cpp:1103
2025-08-20T13:42:13.7115110Z server_1  |     #22 0x7a3fddce5f41 in EEStartup() /repo/src/coreclr/vm/ceemain.cpp:1105
2025-08-20T13:42:13.7115656Z server_1  |     #23 0x7a3fddce5e05 in EnsureEEStarted() /repo/src/coreclr/vm/ceemain.cpp:302
2025-08-20T13:42:13.7116210Z server_1  |     #24 0x7a3fdda4478b in CorHost2::Start() /repo/src/coreclr/vm/corhost.cpp:100
2025-08-20T13:42:13.7116830Z server_1  |     #25 0x7a3fdd8a4755 in coreclr_initialize /repo/src/coreclr/dlls/mscoree/exports.cpp:306
2025-08-20T13:42:13.7120239Z server_1  |     #26 0x7a3fdffc48e0 in coreclr_t::create(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char const*, char const*, coreclr_property_bag_t const&, std::unique_ptr<coreclr_t, std::default_delete<coreclr_t> >&) /repo/src/native/corehost/hostpolicy/coreclr.cpp:72
2025-08-20T13:42:13.7121050Z server_1  |     #27 0x7a3fdffe0924 in (anonymous namespace)::create_coreclr() /repo/src/native/corehost/hostpolicy/hostpolicy.cpp:75
2025-08-20T13:42:13.7121492Z server_1  |     #28 0x7a3fdffe0271 in corehost_main /repo/src/native/corehost/hostpolicy/hostpolicy.cpp:422
2025-08-20T13:42:13.7121970Z server_1  |     #29 0x7a3fe015036f  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x1f36f) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7122540Z server_1  |     #30 0x7a3fe014f0f6  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x1e0f6) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7123173Z server_1  |     #31 0x7a3fe014a137 in hostfxr_main_startupinfo (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x19137) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7123976Z server_1  |     #32 0x601fcd5216e2  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x76e2) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
2025-08-20T13:42:13.7124488Z server_1  |     #33 0x601fcd5219ce  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x79ce) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
2025-08-20T13:42:13.7124977Z server_1  |     #34 0x7a3fe066f1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-20T13:42:13.7125473Z server_1  |     #35 0x7a3fe066f28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-20T13:42:13.7126013Z server_1  |     #36 0x601fcd520904  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x6904) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
2025-08-20T13:42:13.7126563Z server_1  | 
2025-08-20T13:42:13.7126873Z server_1  | 0x50c000013b40 is located 0 bytes inside of 128-byte region [0x50c000013b40,0x50c000013bc0)
2025-08-20T13:42:13.7127199Z server_1  | allocated by thread T0 here:
2025-08-20T13:42:13.7127602Z server_1  |     #0 0x7a3fe0cf1548 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
2025-08-20T13:42:13.7128171Z server_1  |     #1 0x7a3fddabfe4d in MethodTable::MethodDataObject::operator new(unsigned long, MethodTable::MethodDataObject::TargetMethodTable, MethodDataComputeOptions) /repo/src/coreclr/vm/methodtable.h:3358
2025-08-20T13:42:13.7128801Z server_1  |     #2 0x7a3fddabfe4d in MethodTable::GetMethodDataHelper(MethodTable*, MethodTable*, MethodDataComputeOptions) /repo/src/coreclr/vm/methodtable.cpp:7161
2025-08-20T13:42:13.7129318Z server_1  |     #3 0x7a3fddb99ce2 in MethodTableBuilder::SetupMethodTable2(Module*) /repo/src/coreclr/vm/methodtablebuilder.cpp:11185
2025-08-20T13:42:13.7130256Z server_1  |     #4 0x7a3fddb918cd in MethodTableBuilder::BuildMethodTableThrowing(LoaderAllocator*, Module*, Module*, unsigned int, BuildingInterfaceInfo_t*, MethodTableBuilder::bmtLayoutInfo const*, MethodTable*, MethodTableBuilder::bmtGenericsInfo const*, SigPointer, unsigned short) /repo/src/coreclr/vm/methodtablebuilder.cpp:1817
2025-08-20T13:42:13.7131108Z server_1  |     #5 0x7a3fddba4476 in ClassLoader::CreateTypeHandleForTypeDefThrowing(Module*, unsigned int, Instantiation, AllocMemTracker*) /repo/src/coreclr/vm/methodtablebuilder.cpp:12777
2025-08-20T13:42:13.7131663Z server_1  |     #6 0x7a3fdda3c339 in ClassLoader::CreateTypeHandleForTypeKey(TypeKey const*, AllocMemTracker*) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7132144Z server_1  |     #7 0x7a3fdda3d63c in ClassLoader::DoIncrementalLoad(TypeKey const*, TypeHandle, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp:2591
2025-08-20T13:42:13.7132665Z server_1  |     #8 0x7a3fdda3d63c in ClassLoader::LoadTypeHandleForTypeKey_Body(TypeKey const*, TypeHandle, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp:3318
2025-08-20T13:42:13.7133250Z server_1  |     #9 0x7a3fdda39650 in ClassLoader::LoadTypeHandleForTypeKey(TypeKey const*, TypeHandle, ClassLoadLevel, InstantiationContext const*) /repo/src/coreclr/vm/clsload.cpp:3049
2025-08-20T13:42:13.7134166Z server_1  |     #10 0x7a3fdda3a36d in ClassLoader::LoadTypeDefThrowing(Module*, unsigned int, ClassLoader::NotFoundAction, ClassLoader::PermitUninstantiatedFlag, unsigned int, ClassLoadLevel, Instantiation*) /repo/src/coreclr/vm/clsload.cpp:1968
2025-08-20T13:42:13.7134643Z server_1  |     #11 0x7a3fdda381fd in ClassLoader::LoadTypeHandleThrowing(NameHandle*, ClassLoadLevel, Module*) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7134956Z server_1  |     #12 0x7a3fdda37eb1 in ClassLoader::LoadTypeByNameThrowing(Assembly*, NameHandle*, ClassLoader::NotFoundAction, ClassLoader::LoadTypesFlag, ClassLoadLevel) /repo/src/coreclr/vm/clsload.cpp
2025-08-20T13:42:13.7135255Z server_1  |     #13 0x7a3fdda1ebb0 in CoreLibBinder::LookupClassLocal(BinderClassID) /repo/src/coreclr/vm/binder.cpp:74
2025-08-20T13:42:13.7135647Z server_1  |     #14 0x7a3fdda0c788 in CoreLibBinder::GetClass(BinderClassID) /repo/src/coreclr/vm/binder.h:341
2025-08-20T13:42:13.7135883Z server_1  |     #15 0x7a3fdda0c788 in SystemDomain::LoadBaseSystemClasses() /repo/src/coreclr/vm/appdomain.cpp:1005
2025-08-20T13:42:13.7136110Z server_1  |     #16 0x7a3fdda0c47e in SystemDomain::Init() /repo/src/coreclr/vm/appdomain.cpp:887
2025-08-20T13:42:13.7136326Z server_1  |     #17 0x7a3fddce6830 in EEStartupHelper() /repo/src/coreclr/vm/ceemain.cpp:964
2025-08-20T13:42:13.7136547Z server_1  |     #18 0x7a3fddce5f41 in EEStartup()::$_0::operator()(void*) const /repo/src/coreclr/vm/ceemain.cpp:1103
2025-08-20T13:42:13.7136767Z server_1  |     #19 0x7a3fddce5f41 in EEStartup() /repo/src/coreclr/vm/ceemain.cpp:1105
2025-08-20T13:42:13.7136966Z server_1  |     #20 0x7a3fddce5e05 in EnsureEEStarted() /repo/src/coreclr/vm/ceemain.cpp:302
2025-08-20T13:42:13.7137247Z server_1  |     #21 0x7a3fdda4478b in CorHost2::Start() /repo/src/coreclr/vm/corhost.cpp:100
2025-08-20T13:42:13.7137459Z server_1  |     #22 0x7a3fdd8a4755 in coreclr_initialize /repo/src/coreclr/dlls/mscoree/exports.cpp:306
2025-08-20T13:42:13.7137824Z server_1  |     #23 0x7a3fdffc48e0 in coreclr_t::create(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char const*, char const*, coreclr_property_bag_t const&, std::unique_ptr<coreclr_t, std::default_delete<coreclr_t> >&) /repo/src/native/corehost/hostpolicy/coreclr.cpp:72
2025-08-20T13:42:13.7138210Z server_1  |     #24 0x7a3fdffe0924 in (anonymous namespace)::create_coreclr() /repo/src/native/corehost/hostpolicy/hostpolicy.cpp:75
2025-08-20T13:42:13.7138447Z server_1  |     #25 0x7a3fdffe0271 in corehost_main /repo/src/native/corehost/hostpolicy/hostpolicy.cpp:422
2025-08-20T13:42:13.7138702Z server_1  |     #26 0x7a3fe015036f  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x1f36f) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7139004Z server_1  |     #27 0x7a3fe014f0f6  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x1e0f6) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7139314Z server_1  |     #28 0x7a3fe014a137 in hostfxr_main_startupinfo (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/host/fxr/10.0.0/libhostfxr.so+0x19137) (BuildId: 0b4073828012f84aada32157bad0f0d93b447fec)
2025-08-20T13:42:13.7139970Z server_1  |     #29 0x601fcd5216e2  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x76e2) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
2025-08-20T13:42:13.7140496Z server_1  |     #30 0x601fcd5219ce  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x79ce) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
2025-08-20T13:42:13.7140953Z server_1  |     #31 0x7a3fe066f1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-20T13:42:13.7141377Z server_1  |     #32 0x7a3fe066f28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-20T13:42:13.7142557Z server_1  |     #33 0x601fcd520904  (/live-runtime-artifacts/testhost/net10.0-linux-Release-x64/dotnet+0x6904) (BuildId: b554e00e3443598de2d591efa6bf4cec7dfd90af)
```

More details for example in: 
- https://dev.azure.com/dnceng-public/cbb18261-c48f-4abb-8651-8cdcb5474649/_apis/build/builds/1127508/logs/16
- https://dev.azure.com/dnceng-public/cbb18261-c48f-4abb-8651-8cdcb5474649/_apis/build/builds/1131181/logs/16


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[CLR] ASAN MethodData::Release() new-delete-type-mismatch #119099

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[CLR] ASAN MethodData::Release() new-delete-type-mismatch #119099

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions