Bug 14768 - Random crash allocating a string
Summary: Random crash allocating a string
Alias: None
Product: iOS
Classification: Xamarin
Component: General ()
Version: 6.4.0
Hardware: PC Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Mark Probst
Depends on:
Reported: 2013-09-15 15:40 UTC by Dan Abramov
Modified: 2016-05-24 20:09 UTC (History)
2 users (show)

Is this bug a regression?: ---
Last known good build:

Log 1 (36.37 KB, application/octet-stream)
2013-09-16 09:11 UTC, Dan Abramov
Log 2 (36.82 KB, application/octet-stream)
2013-09-16 09:11 UTC, Dan Abramov
Log 3 (37.82 KB, application/octet-stream)
2013-09-16 09:12 UTC, Dan Abramov

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Dan Abramov 2013-09-15 15:40:19 UTC
Hi, here's what I just got from HockeyApp crash report.  
It seems to crash creating a string.

I was able to reproduce this three times, but no more.
The binary was built with LLVM enabled.

Thread 4 Crashed:
0   libsystem_kernel.dylib              0x39680350 ___pthread_kill + 8
1   libsystem_c.dylib                   0x39633973 _abort + 95
2   FuzzBizz                             0x00c56fef monoeg_assertion_message + 59
3   FuzzBizz                             0x00c30d15 mono_lock_free_alloc (lock-free-alloc.c:349)
4   FuzzBizz                             0x00c95f03 sgen_alloc_internal (sgen-internal.c:162)
5   FuzzBizz                             0x00c9c05b alloc_obj (sgen-marksweep.c:564)
6   FuzzBizz                             0x00c9912d major_alloc_object (sgen-marksweep.c:758)
7   FuzzBizz                             0x00bceb2f copy_object_no_checks (sgen-simple-nursery.c:35)
8   FuzzBizz                             0x00bcdb91 simple_nursery_serial_scan_object (sgen-minor-copy-object.h:207)
9   FuzzBizz                             0x00c8aca9 sgen_drain_gray_stack (sgen-gc.c:1188)
10  FuzzBizz                             0x00c8bf0b collect_nursery (sgen-gc.c:2614)
11  FuzzBizz                             0x00c8c61b sgen_perform_collection (sgen-gc.c:3445)
12  FuzzBizz                             0x00c8c9e3 sgen_ensure_free_space (sgen-gc.c:3394)
13  FuzzBizz                             0x00c7c2f1 mono_gc_alloc_obj_nolock (sgen-alloc.c:289)
14  FuzzBizz                             0x00c7b94b mono_gc_alloc_string (sgen-alloc.c:563)
15  FuzzBizz                             0x00c502a7 mono_string_new_size (object.c:4977)
16  FuzzBizz                             0x00be0dad ves_icall_System_String_InternalAllocateStr (string-icalls.c:40)
17  FuzzBizz                             0x003bbd38 wrapper_managed_to_native_string_InternalAllocateStr_int + 92
18  FuzzBizz                             0x003019e7 mscorlib__string_CreateString_char___int_int + 47
19  FuzzBizz                             0x002fe0c9 mscorlib__wrapper_managed_to_managed_string__ctor_char___int_int + 9
20  FuzzBizz                             0x0074c0d1 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_Utilities_StringBuffer_ToString + 17
21  FuzzBizz                             0x0073b777 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_JsonTextReader_ParseString_char + 67
22  FuzzBizz                             0x0073c255 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_JsonTextReader_ParseValue_char + 205
23  FuzzBizz                             0x0073bcc9 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_JsonTextReader_ReadInternal + 217
24  FuzzBizz                             0x0073bbed Newtonsoft_Json_MonoTouch__Newtonsoft_Json_JsonTextReader_Read + 13
25  FuzzBizz                             0x0077868c Newtonsoft_Json_Linq_JContainer_ReadContentFrom_Newtonsoft_Json_JsonReader_0 (<unknown>:1)
26  FuzzBizz                             0x00740035 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_Linq_JContainer_ReadTokenFrom_Newtonsoft_Json_JsonReader + 45
27  FuzzBizz                             0x00740a09 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_Linq_JObject_Load_Newtonsoft_Json_JsonReader + 129
28  FuzzBizz                             0x007432b9 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_Linq_JToken_ReadFrom_Newtonsoft_Json_JsonReader + 57
29  FuzzBizz                             0x0074340d p_566_plt_Newtonsoft_Json_Linq_JToken_Load_Newtonsoft_Json_JsonReader_llvm + 9
30  FuzzBizz                             0x00743403 Newtonsoft_Json_MonoTouch__Newtonsoft_Json_Linq_JToken_Parse_string + 55
31  FuzzBizz                             0x004887d0 FuzzBizz_Data_ApiClient_Deserialize_T_RestSharp_IRestResponse (<unknown>:1)
32  FuzzBizz                             0x0048cc8c FuzzBizz_Data_ApiClient__Executec__AnonStorey1_1__m__5_RestSharp_IRestResponse_RestSharp_RestRequestAsyncHandle_0 (<unknown>:1)
33  FuzzBizz                             0x004bc465 p_673_plt_RestSharp_RestClient_ProcessResponse_RestSharp_IRestRequest_RestSharp_HttpResponse_RestSharp_RestRequestAsyncHandle_System_Action_2_RestSharp_IRestResponse_RestSharp_RestRequestAsyncHandle_llvm + 21
34  FuzzBizz                             0x004c5e67 RestSharp_MonoTouch__RestSharp_RestClient__ExecuteAsyncc__AnonStorey8__m__12_RestSharp_HttpResponse + 27
35  FuzzBizz                             0x004bbb8b p_672_plt_RestSharp_Http_ExecuteCallback_RestSharp_HttpResponse_System_Action_1_RestSharp_HttpResponse_llvm + 15
36  FuzzBizz                             0x004c5e45 RestSharp_MonoTouch__RestSharp_Http__ResponseCallbackc__AnonStorey7__m__5_System_Net_HttpWebResponse + 25
37  FuzzBizz                             0x004d7334 RestSharp_Http_GetRawResponseAsync_System_IAsyncResult_System_Action_1_System_Net_HttpWebResponse_0 (<unknown>:1)
38  FuzzBizz                             0x004d7558 RestSharp_Http_ResponseCallback_System_IAsyncResult_System_Action_1_RestSharp_HttpResponse_0 (<unknown>:1)
39  FuzzBizz                             0x004c5def RestSharp_MonoTouch__RestSharp_Http__GetStyleMethodInternalAsyncc__AnonStorey4__m__1_System_IAsyncResult + 15
40  FuzzBizz                             0x00527051 System__System_Net_WebAsyncResult_CB_object + 13
41  FuzzBizz                             0x0041df18 wrapper_runtime_invoke_object_runtime_invoke_dynamic_intptr_intptr_intptr_intptr_0 + 200
42  FuzzBizz                             0x00c46813 mono_jit_runtime_invoke (mini.c:6457)
43  FuzzBizz                             0x00c4dd6b mono_runtime_invoke (object.c:2827)
44  FuzzBizz                             0x00c4df09 mono_runtime_delegate_invoke (object.c:3538)
45  FuzzBizz                             0x00be3653 async_invoke_thread (threadpool.c:622)
46  FuzzBizz                             0x00bfbf89 start_wrapper (threads.c:608)
47  FuzzBizz                             0x00c2a995 thread_start_routine (wthreads.c:294)
48  FuzzBizz                             0x00c422af inner_start_thread (mono-threads-posix.c:49)
49  libsystem_c.dylib                   0x395d9311 _pthread_start + 309

My info:

=== Xamarin Studio ===

Version 4.0.12 (build 3)
Installation UUID: a12ea7ee-6056-4ee5-80fb-b38d90b05195
	Mono 3.2.0 ((no/7c7fcc7)
	GTK 2.24.20
	GTK# (
	Package version: 302000000

=== Apple Developer Tools ===

Xcode 4.6.3 (2068)
Build 4H1503

=== Xamarin.iOS ===

Version: (Business Edition)
Hash: 1336a36
Build date: 2013-10-09 11:14:45-0400

=== Xamarin.Android ===

Not Installed

=== Xamarin.Mac ===

Xamarin.Mac: Not Installed

=== Build Information ===

Release ID: 400120003
Git revision: 593d7acb1cb78ceeeb482d5133cf1fe514467e39
Build date: 2013-08-07 20:30:53+0000
Xamarin addins: 25a0858b281923e666b09259ad4746b774e0a873

=== Operating System ===

Mac OS X 10.9.0
Darwin dan 13.0.0 Darwin Kernel Version 13.0.0
    Thu Aug 29 21:26:29 PDT 2013
    root:xnu-2422.1.68~1/RELEASE_X86_64 x86_64
Comment 1 Sebastien Pouliot 2013-09-16 08:05:40 UTC
If it comes from HockeyApp then I assume it's not something you're able to reproduce locally ? and if it came from a customer are you sure it was built with the above versions ?

Do you got a more complete crash reports ? e.g. 

* what the other threads were doing ?
* type of device (limited memory) ?
Comment 2 Dan Abramov 2013-09-16 09:11:42 UTC
Created attachment 4896 [details]
Log 1
Comment 3 Dan Abramov 2013-09-16 09:11:57 UTC
Created attachment 4897 [details]
Log 2
Comment 4 Dan Abramov 2013-09-16 09:12:11 UTC
Created attachment 4898 [details]
Log 3
Comment 5 Dan Abramov 2013-09-16 09:12:53 UTC

My friend reproduced it on his iPad, so I saw the report on HockeyApp first. He then reproduced it twice before me, but we couldn't reproduce it anymore later.

I attached the most detailed crash info I have at the moment, is this enough?
My managed exception logger (that catches exceptions at `UIApplication` level) didn't log anything.

As you can see, this happened on iPad 2, *perhaps* there was low memory (forcing GC) but I'm not sure.
Comment 6 Sebastien Pouliot 2013-09-16 09:50:55 UTC
It could be a situation where not much (but not quite low) memory was available and then a (very) large string was allocated.

That's the assert (lock-free-alloc.c:349) but I don't know if this match my assumption -> Rodrigo

	if (old_anchor.data.state == STATE_EMPTY)
		g_assert (new_anchor.data.state == STATE_EMPTY);
Comment 8 Rodrigo Kumpera 2013-09-16 11:20:35 UTC
Sebastien, this is a known problem in sgen Mark's actively working on, so I'm reassigning this one to him.

Dan, can you provide us with some way to reproduce your crash?
Comment 9 Dan Abramov 2013-09-16 12:39:44 UTC
Rodrigo, I'll try again with the same iPad later this evening or tomorrow morning.
Comment 10 Mark Probst 2013-09-17 14:03:42 UTC
Does this crash require that newrefcount is turned on?
Comment 11 Dan Abramov 2013-09-17 14:52:44 UTC
Rodrigo, no luck reproducing this yet (somewhat luckily for us because this is the build we sent to App Store), even with low memory.

How do I check if newrefcount was on?
Comment 12 Sebastien Pouliot 2016-05-24 20:09:07 UTC
We have not received the requested information. If you are still experiencing this issue please provide all the requested information and re-open the bug report. Thanks!