Bug 21161 - Crash in MD startup
Summary: Crash in MD startup
Status: REOPENED
Alias: None
Product: Runtime
Classification: Mono
Component: General (show other bugs)
Version: unspecified
Hardware: PC Mac OS
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2014-07-07 17:28 UTC by Rodrigo Kumpera
Modified: 2014-07-21 18:29 UTC (History)
5 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Rodrigo Kumpera 2014-07-07 17:28:54 UTC
Free is asserting in jit_info_table_free:


https://gist.github.com/alanmcgovern/3ba15374ec3b95f0ad5f

Interesting threads:


Thread 1:
0   libsystem_kernel.dylib        	0x97996802 __psynch_mutexwait + 10
1   libsystem_pthread.dylib       	0x91879945 _pthread_mutex_lock + 404
2   libsystem_pthread.dylib       	0x918797ac pthread_mutex_lock + 16
3   mono-sgen                     	0x00021f70 mono_jit_free_method + 48 (mini.c:6351)
4   mono-sgen                     	0x001f3ab7 mono_runtime_free_method + 39 (object.c:636)
5   mono-sgen                     	0x00186236 mono_delegate_free_ftnptr + 278 (marshal.c:560)
6   mono-sgen                     	0x001e4347 mono_gc_run_finalize + 407 (gc.c:179)
7   mono-sgen                     	0x00219999 mono_gc_invoke_finalizers + 329 (sgen-gc.c:3586)
8   mono-sgen                     	0x001e512b finalizer_thread + 507 (gc.c:1104)
9   mono-sgen                     	0x001bcc35 start_wrapper + 549 (threads.c:660)
10  mono-sgen                     	0x0027b21d inner_start_thread + 253 (mono-threads-posix.c:94)
11  libsystem_pthread.dylib       	0x918765fb _pthread_body + 144
12  libsystem_pthread.dylib       	0x91876485 _pthread_start + 130
13  libsystem_pthread.dylib       	0x9187bcf2 thread_start + 34


Thread 28 Crashed:
0   libsystem_kernel.dylib        	0x97996952 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x91877167 pthread_kill + 101
2   libsystem_c.dylib             	0x91c4c29c abort + 155
3   mono-sgen                     	0x000ca18f mono_handle_native_sigsegv + 687
4   mono-sgen                     	0x00122bdd sigabrt_signal_handler + 109 (mini-posix.c:205)
5   libsystem_platform.dylib      	0x9345ddeb _sigtramp + 43
6   ???                           	0xffffffff 0 + 4294967295
7   libsystem_c.dylib             	0x91c4c29c abort + 155
8   libsystem_malloc.dylib        	0x96406dab free + 419
9   mono-sgen                     	0x001dfdcf jit_info_table_free + 223 (domain.c:257)
10  mono-sgen                     	0x00277b01 try_free_delayed_free_item + 193 (hazard-pointer.c:294)
11  mono-sgen                     	0x00277b47 mono_thread_hazardous_try_free_some + 23 (hazard-pointer.c:340)
12  mono-sgen                     	0x0023f23e mono_gc_alloc_obj + 270 (sgen-alloc.c:490)
13  mono-sgen                     	0x001ea904 mono_object_new_alloc_specific + 52 (object.c:4380)
14  mono-sgen                     	0x0015a800 ves_icall_System_Runtime_Activation_ActivationServices_AllocateUninitializedClassInstance + 192 (icall.c:6859)
15  ???                           	0x03f34f1c 0 + 66277148
Comment 1 Rodrigo Kumpera 2014-07-07 17:30:29 UTC
Alan, can you explain the scenario of the crash and what a way to try to repro it?

Mark, can you take a look at this one?
Comment 2 Alan McGovern 2014-07-07 17:31:31 UTC
I had just compiled a fresh monodevelop+md-addins and hit 'make run' to launch it. I do this dozens of times a day and this is the first time I've seen this crash. I'd expect it's rarer than 1 in 100.
Comment 3 Rodrigo Kumpera 2014-07-07 17:34:23 UTC
Is the crashing process been debugged with sdb?
Comment 4 Mark Probst 2014-07-07 18:53:55 UTC
This is probably not what's causing the crash, but it still looks like a bug:

There is a separate JIT info table for AOT (mono_root_domain->aot_modules), which is tied to mono_appdomains_lock(), but jit_info_table_free() always locks the domain's lock.  Am I missing something here, Zoltan?
Comment 5 Zoltan Varga 2014-07-07 19:02:15 UTC
appdomains_lock () is only used in mono_jit_info_add_aot_module (). I guess it can be replaced by locking the root domain, but its harmless, that table is only freed when the root domain is freed at shutdown.
Comment 6 Mark Probst 2014-07-07 19:05:48 UTC
No, JIT info tables are freed during routine operation, when they overflow in jit_info_table_add().
Comment 7 Zoltan Varga 2014-07-07 20:14:01 UTC
Ok, fixed that.
Comment 8 Rodrigo Kumpera 2014-07-21 18:04:30 UTC
Marked as fix as per Zoltan's comment.
Comment 9 Zoltan Varga 2014-07-21 18:29:53 UTC
Only comment #4 was fixed, the bug was not.

Note You need to log in before you can comment on or make changes to this bug.