Bug 14128 - Crash during appdomain unload
Summary: Crash during appdomain unload
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: GC ()
Version: unspecified
Hardware: PC Mac OS
: --- normal
Target Milestone: ---
Assignee: Rodrigo Kumpera
URL:
Depends on:
Blocks:
 
Reported: 2013-08-20 22:59 UTC by Alan McGovern
Modified: 2013-09-10 16:38 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Alan McGovern 2013-08-20 22:59:00 UTC
I managed to trigger this issue by executing mdtool in a tight loop for about 15-20 minutes. The command I ran was this:

$ while true; do (MONODEVELOP_DEV_CONFIG=temp-config MONODEVELOP_DEV_ADDINS=temp-addins "Xamarin Studio.app"/Contents/MacOS/mdtool setup reg-build); done

Error:

Native stacktrace:


Debug info from gdb:

Attaching to process 17326.
Reading symbols for shared libraries . done
Reading symbols for shared libraries ............................................................................................................................................................ done
0x977068e2 in __psynch_cvwait ()
  6                                 0x9770709a in __wait4 ()
  5                                 0x9770691a in __psynch_mutexwait ()
  4                                 0x9770691a in __psynch_mutexwait ()
  3 "com.apple.libdispatch-manager" 0x977079ae in kevent ()
  2                                 0x9770480a in semaphore_wait_trap ()
* 1 "com.apple.main-thread"         0x977068e2 in __psynch_cvwait ()

Thread 6 (process 17326):
#0  0x9770709a in __wait4 ()
#1  0x93f5199a in waitpid$UNIX2003 ()
#2  0x010a7922 in mono_handle_native_sigsegv (signal=11, ctx=0x3633fe0) at mini-exceptions.c:2344
#3  0x010f7245 in mono_arch_handle_altstack_exception (sigctx=0x3633fe0, fault_addr=0x4, stack_ovf=0) at exceptions-x86.c:1135
#4  0x01003c61 in mono_sigsegv_signal_handler (_dummy=10, info=0x3633fa0, context=0x3633fe0) at mini.c:6556
#5  <signal handler called>
#6  sgen_safe_object_get_size (obj=0x1803d28) at sgen-gc.h:732
#7  0x011f8917 in mono_gc_clear_domain (domain=0x1676440) at sgen-gc.c:764
#8  0x011b9882 in mono_domain_free (domain=0x1676440, force=0) at domain.c:1927
#9  0x011b40fe in unload_thread_main (arg=0x167da30) at appdomain.c:2328
#10 0x0123a13a in thread_start_routine (args=0xa15b38) at wthreads.c:294
#11 0x0124ab01 in inner_start_thread (arg=0x16b0210) at mono-threads-posix.c:49
#12 0x93ec5d37 in _pthread_start ()
#13 0x93eb054e in thread_start ()

Thread 5 (process 17326):
#0  0x9770691a in __psynch_mutexwait ()
#1  0x93ecb91b in pthread_mutex_lock ()
#2  0x01212740 in mono_gc_alloc_pinned_obj (vtable=0x9dad30, size=2957165000) at sgen-alloc.c:566
#3  0x011c85fa in mono_string_get_pinned [inlined] () at :5360
#4  0x011c85fa in mono_ldstr_metadata_sig (domain=0xb042c1f8, sig=0x9770691a "s\016?") at object.c:5497
#5  0x01055002 in mono_method_to_ir (cfg=0x49cec00, method=0xa915e4, start_bblock=0xb042c848, end_bblock=0xb042c848, return_var=0x0, dont_inline=0xb042c848, inline_args=0x0, inline_offset=0, is_virtual_call=0) at method-to-ir.c:8975
#6  0x0100af78 in mini_method_compile (method=0xa915e4, opts=110193151, domain=0x154340, run_cctors=1, compile_aot=0, parts=0) at mini.c:5040
#7  0x0100ca8a in mono_jit_compile_method_with_opt (method=0xb042ca08, opt=2957167112, ex=0xb042ca2c) at mini.c:5785
#8  0x0100d4c9 in mono_jit_compile_method (method=0xa915e4) at mini.c:6077
#9  0x010ac952 in common_call_trampoline ()
#10 0x010aa3fa in mono_vcall_trampoline (regs=0xb042cb18, code=0x63019eb "??\020??U???\b??\f?u\b?m", slot=4, tramp=0x0) at mini-trampolines.c:767
#11 0x0005cc74 in ?? ()
#12 0x062e9a10 in ?? ()
#13 0x062e4a8c in ?? ()
#14 0x062e1f54 in ?? ()
#15 0x062e12cc in ?? ()
#16 0x000eccc5 in ?? ()
#17 0x0100d805 in mono_jit_runtime_invoke (method=0xd0b64c, obj=0x186ef88, params=0xb042ceec, exc=0xb042cef4) at mini.c:6438
#18 0x011c4a2e in mono_runtime_invoke (method=0xd0b64c, obj=0x186ef88, params=0xb042ceec, exc=0xb042cef4) at object.c:2827
#19 0x011c4b9c in mono_runtime_delegate_invoke (delegate=0x186ef88, params=0xb042ceec, exc=0xb042cef4) at object.c:3538
#20 0x0119c361 in mono_async_invoke [inlined] () at :619
#21 0x0119c361 in async_invoke_thread (data=0x186f418) at threadpool.c:1476
#22 0x01195116 in start_wrapper_internal [inlined] () at :608
#23 0x01195116 in start_wrapper (data=0x50646d0) at threads.c:653
#24 0x0123a13a in thread_start_routine (args=0xa11024) at wthreads.c:294
#25 0x0124ab01 in inner_start_thread (arg=0x5064350) at mono-threads-posix.c:49
#26 0x93ec5d37 in _pthread_start ()
#27 0x93eb054e in thread_start ()

Thread 4 (process 17326):
#0  0x9770691a in __psynch_mutexwait ()
#1  0x93ecb91b in pthread_mutex_lock ()
#2  0x012126d5 in mono_gc_alloc_mature (vtable=0x9db120) at sgen-alloc.c:592
#3  0x01198ce2 in create_thread_object [inlined] () at :488
#4  0x01198ce2 in mono_thread_create_internal (domain=0x154340, func=0x119baf0, arg=0x1337540, threadpool_thread=1, no_detach=0, stack_size=2956111512) at threads.c:733
#5  0x011999ce in threadpool_start_thread () at atomic.h:85
#6  0x01199cd4 in monitor_thread (unused=0x0) at threadpool.c:811
#7  0x01195116 in start_wrapper_internal [inlined] () at :608
#8  0x01195116 in start_wrapper (data=0x5064880) at threads.c:653
#9  0x0123a13a in thread_start_routine (args=0xa10fa8) at wthreads.c:294
#10 0x0124ab01 in inner_start_thread (arg=0x50646d0) at mono-threads-posix.c:49
#11 0x93ec5d37 in _pthread_start ()
#12 0x93eb054e in thread_start ()

Thread 3 (process 17326):
#0  0x977079ae in kevent ()
#1  0x98f24c71 in _dispatch_mgr_invoke ()
#2  0x98f247a9 in _dispatch_mgr_thread ()

Thread 2 (process 17326):
#0  0x9770480a in semaphore_wait_trap ()
#1  0x01245c9e in mono_sem_wait (sem=Cannot access memory at address 0x0
) at mono-semaphore.c:118
#2  0x011be38a in finalizer_thread (unused=0x0) at gc.c:1073
#3  0x01195116 in start_wrapper_internal [inlined] () at :608
#4  0x01195116 in start_wrapper (data=0x16b200) at threads.c:653
#5  0x0123a13a in thread_start_routine (args=0xa10db8) at wthreads.c:294
#6  0x0124ab01 in inner_start_thread (arg=0x16b4c0) at mono-threads-posix.c:49
#7  0x93ec5d37 in _pthread_start ()
#8  0x93eb054e in thread_start ()

Thread 1 (process 17326):
#0  0x977068e2 in __psynch_cvwait ()
#1  0x93ecaa00 in _pthread_cond_wait ()
#2  0x93f52099 in pthread_cond_wait$UNIX2003 ()
#3  0x01223e1c in _wapi_handle_timedwait_signal_handle (handle=0x8a7, timeout=0x0, alertable=1, poll=0) at handles.c:1588
#4  0x01223e68 in _wapi_handle_wait_signal_handle (handle=0x8a7, alertable=1) at handles.c:1533
#5  0x01237191 in WaitForSingleObjectEx (handle=0x104, timeout=4294967295, alertable=1) at wait.c:196
#6  0x011b66fd in mono_domain_try_unload (domain=0x1676440, exc=0xbffff08c) at appdomain.c:2454
#7  0x011b6916 in mono_domain_unload [inlined] () at :2355
#8  0x011b6916 in ves_icall_System_AppDomain_InternalUnload (domain_id=2) at appdomain.c:1989
#9  0x06504554 in ?? ()
#10 0x065041f0 in ?? ()
#11 0x06504170 in ?? ()
#12 0x0634131c in ?? ()
#13 0x06340a72 in ?? ()
#14 0x0630f3b8 in ?? ()
#15 0x0630b504 in ?? ()
#16 0x0630b2c0 in ?? ()
#17 0x0630b04c in ?? ()
#18 0x0630ada9 in ?? ()
#19 0x0630a524 in ?? ()
#20 0x06307cd4 in ?? ()
#21 0x000ed084 in ?? ()
#22 0x000ed332 in ?? ()
#23 0x0100d805 in mono_jit_runtime_invoke (method=0x29cce1c, obj=0x0, params=0xbffff5c8, exc=0x0) at mini.c:6438
#24 0x011c4a2e in mono_runtime_invoke (method=0x29cce1c, obj=0x0, params=0xbffff5c8, exc=0x0) at object.c:2827
#25 0x011c8fa4 in mono_runtime_exec_main (method=0x29cce1c, args=0x1800798, exc=0x0) at object.c:4054
#26 0x011c9315 in mono_runtime_run_main (method=0x29cce1c, argc=0, argv=0x152c48, exc=0x0) at object.c:3678
#27 0x01078285 in mono_jit_exec (domain=0x154340, assembly=0x1642ce0, argc=3, argv=0x152c48) at driver.c:955
#28 0x0107a7bf in mono_main (argc=5, argv=0x152c40) at driver.c:1014
#29 0x00003817 in main ()

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Abort trap: 6
Comment 1 Rodrigo Kumpera 2013-08-26 17:32:22 UTC
I can't repro with 3.2.2 after running for over an hour.

What versions of mono and XS are you using?
Comment 2 Rodrigo Kumpera 2013-09-10 16:38:31 UTC
Zoltan fixed a bug that looks just like this.