Bug 16449 - [SGEN] SIGSEGV in Arrays
Summary: [SGEN] SIGSEGV in Arrays
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: GC ()
Version: 3.2.x
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2013-11-26 02:05 UTC by Sergey Zhukov
Modified: 2013-12-04 12:33 UTC (History)
4 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
TestCase (1.16 KB, text/x-csharp)
2013-11-26 02:05 UTC, Sergey Zhukov
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Sergey Zhukov 2013-11-26 02:05:16 UTC
Created attachment 5538 [details]
TestCase

I often get SIGSEGV in xsp4 under heavy load. The crash is always in methods System.Collections.Specialized.NameObjectCollectionBase:BaseGetKey () or ves_icall_System_Array_SetValueImpl(). Also when the program is crashed I noticed that other thread collects garbage. I could not determine the reason of the crash, maybe garbage collector moved improperly arrays or something else, but I had a luck to write a small testcase which reproduces an error. 

When I run it, I get SIGSEGV or NullReferenceException in BaseGetKey in a few minutes. My environment is 32 bit 2 cores proc. Also my proc is not fast enough, if you have powerfull proc you might have to increase maxCols const to 100, 200 or more. Also if you have more cores you can increase min number of working threads from 10 to 20 or more.

Test program is attached. Example of crash output:
 
Stacktrace:


Native stacktrace:

	/usr/bin/mono-sgen() [0x80fdf19]
	/usr/bin/mono-sgen() [0x814af7c]
	/usr/bin/mono-sgen() [0x806597d]
	[0xb778d40c]
	/usr/bin/mono-sgen() [0x817aca0]
	[0xb705a7d0]
	[0xb70800e0]
	[0xb708a508]
	[0xb705a6fc]
	[0xb536b978]
	[0xb536b222]
	[0xb536ab20]
	[0xb536a734]
	[0xb536a178]
	[0xb707e075]
	/usr/bin/mono-sgen() [0x806a65d]
	[(nil)]

Debug info from gdb:

Mono support loaded.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb44eeb40 (LWP 17831)]
[New Thread 0xb40f7b40 (LWP 17829)]
[New Thread 0xb386bb40 (LWP 17817)]
[New Thread 0xb3c3bb40 (LWP 16237)]
[New Thread 0xb3dffb40 (LWP 16029)]
[New Thread 0xb4cffb40 (LWP 16024)]
[New Thread 0xb5338b40 (LWP 16022)]
[New Thread 0xb5a26b40 (LWP 16020)]
[New Thread 0xb5a47b40 (LWP 16019)]
[New Thread 0xb71e6b40 (LWP 16017)]
0xb778d424 in __kernel_vsyscall ()
  Id   Target Id         Frame 
  11   Thread 0xb71e6b40 (LWP 16017) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  10   Thread 0xb5a47b40 (LWP 16019) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  9    Thread 0xb5a26b40 (LWP 16020) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  8    Thread 0xb5338b40 (LWP 16022) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  7    Thread 0xb4cffb40 (LWP 16024) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  6    Thread 0xb3dffb40 (LWP 16029) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  5    Thread 0xb3c3bb40 (LWP 16237) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  4    Thread 0xb386bb40 (LWP 17817) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  3    Thread 0xb40f7b40 (LWP 17829) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
  2    Thread 0xb44eeb40 (LWP 17831) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()
* 1    Thread 0xb756c700 (LWP 16016) "mono-sgen" 0xb778d424 in __kernel_vsyscall ()

Thread 11 (Thread 0xb71e6b40 (LWP 16017)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xb71e5dfc, info=0xb5900468) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xb71e5d7c, context=0xb71e5dfc) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d422 in __kernel_vsyscall ()
#7  0xb7724cc5 in sem_wait@@GLIBC_2.1 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_wait.S:80
#8  0x082792d8 in mono_sem_wait (sem=0x83b6104, alertable=1) at mono-semaphore.c:119
#9  0x081ef073 in finalizer_thread (unused=0x0) at gc.c:1073
#10 0x081d2709 in start_wrapper_internal (data=0x87f9440) at threads.c:609
#11 start_wrapper (data=0x87f9440) at threads.c:654
#12 0x0826cf32 in thread_start_routine (args=0x87c87e4) at wthreads.c:294
#13 0x0827da4e in inner_start_thread (arg=0x87fa498) at mono-threads-posix.c:49
#14 0xb771ed4c in start_thread (arg=0xb71e6b40) at pthread_create.c:308
#15 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 10 (Thread 0xb5a47b40 (LWP 16019)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb765e766 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x081d5161 in tp_epoll_wait (p=0x83b5e40) at ../../mono/metadata/tpool-epoll.c:118
#3  0x081d2709 in start_wrapper_internal (data=0xb4f0cfa8) at threads.c:609
#4  start_wrapper (data=0xb4f0cfa8) at threads.c:654
#5  0x0826cf32 in thread_start_routine (args=0x87c8d34) at wthreads.c:294
#6  0x0827da4e in inner_start_thread (arg=0xb4f0d0d8) at mono-threads-posix.c:49
#7  0xb771ed4c in start_thread (arg=0xb5a47b40) at pthread_create.c:308
#8  0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 9 (Thread 0xb5a26b40 (LWP 16020)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb7724e78 in sem_timedwait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_timedwait.S:111
#2  0x082793bc in mono_sem_timedwait (sem=0x83b5e94, timeout_ms=2000, alertable=1) at mono-semaphore.c:82
#3  0x081d75b8 in async_invoke_thread (data=0x0) at threadpool.c:1565
#4  0x081d2709 in start_wrapper_internal (data=0xb4f03e18) at threads.c:609
#5  start_wrapper (data=0xb4f03e18) at threads.c:654
#6  0x0826cf32 in thread_start_routine (args=0x87c8dbc) at wthreads.c:294
#7  0x0827da4e in inner_start_thread (arg=0xb4f03eb0) at mono-threads-posix.c:49
#8  0xb771ed4c in start_thread (arg=0xb5a26b40) at pthread_create.c:308
#9  0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 8 (Thread 0xb5338b40 (LWP 16022)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xb5337edc, info=0xb4f027d8) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xb5337e5c, context=0xb5337edc) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d424 in __kernel_vsyscall ()
#7  0xb77261f6 in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#8  0x0826bf7e in SleepEx (ms=500, alertable=1) at wthreads.c:842
#9  0x081d47c7 in monitor_thread (unused=0x0) at threadpool.c:779
#10 0x081d2709 in start_wrapper_internal (data=0x8a8d8f0) at threads.c:609
#11 start_wrapper (data=0x8a8d8f0) at threads.c:654
#12 0x0826cf32 in thread_start_routine (args=0x87c8e44) at wthreads.c:294
#13 0x0827da4e in inner_start_thread (arg=0x8a952e8) at mono-threads-posix.c:49
#14 0xb771ed4c in start_thread (arg=0xb5338b40) at pthread_create.c:308
#15 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 7 (Thread 0xb4cffb40 (LWP 16024)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xb4cfedcc, info=0xb4f04078) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xb4cfed4c, context=0xb4cfedcc) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d424 in __kernel_vsyscall ()
#7  0xb764d25b in read () at ../sysdeps/unix/syscall-template.S:82
#8  0xb5372a28 in ?? ()
#9  0xb5372904 in ?? ()
#10 0xb5a56318 in ?? ()
#11 0xb7086c80 in ?? ()
#12 0x0806a65d in mono_jit_runtime_invoke (method="System.Threading.ThreadStart:Invoke ()", obj=0xb6e01ab0, params=0xb4cff2ac, exc=0x0) at mini.c:6593
#13 0x081f7acf in mono_runtime_invoke (method="System.Threading.ThreadStart:Invoke ()", obj=0xb6e01ab0, params=0xb4cff2ac, exc=0x0) at object.c:2827
#14 0x081f8945 in mono_runtime_delegate_invoke (delegate=0xb6e01ab0, params=0xb4cff2ac, exc=0x0) at object.c:3538
#15 0x081d27e0 in start_wrapper_internal (data=0xb4d27860) at threads.c:615
#16 start_wrapper (data=0xb4d27860) at threads.c:654
#17 0x0826cf32 in thread_start_routine (args=0x87c8fdc) at wthreads.c:294
#18 0x0827da4e in inner_start_thread (arg=0xb4d23640) at mono-threads-posix.c:49
#19 0xb771ed4c in start_thread (arg=0xb4cffb40) at pthread_create.c:308
#20 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 6 (Thread 0xb3dffb40 (LWP 16029)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xb3dfeb5c, info=0xb3ec55d0) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xb3dfeadc, context=0xb3dfeb5c) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d424 in __kernel_vsyscall ()
#7  0xb7722d13 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#8  0x0825488b in _wapi_handle_timedwait_signal_handle (handle=0x431, timeout=0xb3dfef38, alertable=1, poll=0) at handles.c:1586
#9  0x0826973d in WaitForSingleObjectEx (handle=0x431, timeout=109999, alertable=1) at wait.c:198
#10 0x081d0501 in mono_wait_uninterrupted (thread=0xb72a9350, multiple=0, numhandles=1, handles=0xb3dfefd4, waitall=0, ms=109999, alertable=1) at threads.c:1497
#11 0x081d1ffb in ves_icall_System_Threading_WaitHandle_WaitOne_internal (this=0xb6c771f8, handle=0x431, ms=109999, exitContext=0) at threads.c:1629
#12 0xb44f99fc in ?? ()
#13 0xb44f9738 in ?? ()
#14 0xb4315bd9 in ?? ()
#15 0xb4315a0c in ?? ()
#16 0xb5a56318 in ?? ()
#17 0xb7086c80 in ?? ()
#18 0x0806a65d in mono_jit_runtime_invoke (method="System.Threading.ThreadStart:Invoke ()", obj=0xb6c77308, params=0xb3dff2ac, exc=0x0) at mini.c:6593
#19 0x081f7acf in mono_runtime_invoke (method="System.Threading.ThreadStart:Invoke ()", obj=0xb6c77308, params=0xb3dff2ac, exc=0x0) at object.c:2827
#20 0x081f8945 in mono_runtime_delegate_invoke (delegate=0xb6c77308, params=0xb3dff2ac, exc=0x0) at object.c:3538
#21 0x081d27e0 in start_wrapper_internal (data=0xb5908c18) at threads.c:615
#22 start_wrapper (data=0xb5908c18) at threads.c:654
#23 0x0826cf32 in thread_start_routine (args=0x87c9f44) at wthreads.c:294
#24 0x0827da4e in inner_start_thread (arg=0xb5908ee8) at mono-threads-posix.c:49
#25 0xb771ed4c in start_thread (arg=0xb3dffb40) at pthread_create.c:308
#26 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 5 (Thread 0xb3c3bb40 (LWP 16237)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb7724e78 in sem_timedwait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_timedwait.S:111
#2  0x082793bc in mono_sem_timedwait (sem=0x83b5e94, timeout_ms=2000, alertable=1) at mono-semaphore.c:82
#3  0x081d75b8 in async_invoke_thread (data=0x0) at threadpool.c:1565
#4  0x081d2709 in start_wrapper_internal (data=0xb4f03660) at threads.c:609
#5  start_wrapper (data=0xb4f03660) at threads.c:654
#6  0x0826cf32 in thread_start_routine (args=0x87c8ecc) at wthreads.c:294
#7  0x0827da4e in inner_start_thread (arg=0xb4f0d328) at mono-threads-posix.c:49
#8  0xb771ed4c in start_thread (arg=0xb3c3bb40) at pthread_create.c:308
#9  0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 4 (Thread 0xb386bb40 (LWP 17817)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xb386a05c, info=0xb4f01918) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xb3869fdc, context=0xb386a05c) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d422 in __kernel_vsyscall ()
#7  0xb77255a2 in __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
#8  0xb7720ead in _L_lock_686 () from /lib/i386-linux-gnu/libpthread.so.0
#9  0xb7720cf3 in __pthread_mutex_lock (mutex=0x83c0240) at pthread_mutex_lock.c:61
#10 0x082386e9 in mono_gc_alloc_vector (vtable=vtable("System.Byte[]"), size=3096, max_length=3075) at sgen-alloc.c:489
#11 0xb72c0003 in ?? ()
#12 0xb707eeec in ?? ()
#13 0xb5a4f74c in ?? ()
#14 0xb5a4f5d0 in ?? ()
#15 0xb5a4f53c in ?? ()
#16 0xb5a4f45c in ?? ()
#17 0xb46155b8 in ?? ()
#18 0xb3fa8b04 in ?? ()
#19 0xb3fa8784 in ?? ()
#20 0xb3fa844c in ?? ()
#21 0xb3fa833c in ?? ()
#22 0xb3fa82a0 in ?? ()
#23 0xb3fa640f in ?? ()
#24 0xb3fa5434 in ?? ()
#25 0xb3fa519c in ?? ()
#26 0xb3fd0914 in ?? ()
#27 0xb3fcfd7b in ?? ()
#28 0xb3fe9859 in ?? ()
#29 0xb4314bae in ?? ()
#30 0xb4324f84 in ?? ()
#31 0xb43249e8 in ?? ()
#32 0xb5370f94 in ?? ()
#33 0xb5370d1c in ?? ()
#34 0xb53708ac in ?? ()
#35 0xb5370364 in ?? ()
#36 0xb536ff88 in ?? ()
#37 0xb536d13c in ?? ()
#38 0xb536cdd8 in ?? ()
#39 0xb536c0bc in ?? ()
#40 0xb707e075 in ?? ()
#41 0x0806a65d in mono_jit_runtime_invoke (method="System.Threading.WaitCallback:Invoke ()", obj=0xb6ff6be0, params=0xb386b25c, exc=0xb386b254) at mini.c:6593
#42 0x081f7acf in mono_runtime_invoke (method="System.Threading.WaitCallback:Invoke ()", obj=0xb6ff6be0, params=0xb386b25c, exc=0xb386b254) at object.c:2827
#43 0x081f8945 in mono_runtime_delegate_invoke (delegate=0xb6ff6be0, params=0xb386b25c, exc=0xb386b254) at object.c:3538
#44 0x081d8125 in mono_async_invoke (ares=0xb6ff6c18, tp=<optimized out>) at threadpool.c:621
#45 async_invoke_thread (data=0xb6ff6c18) at threadpool.c:1517
#46 0x081d2709 in start_wrapper_internal (data=0xb4f03bf8) at threads.c:609
#47 start_wrapper (data=0xb4f03bf8) at threads.c:654
#48 0x0826cf32 in thread_start_routine (args=0x87d0654) at wthreads.c:294
#49 0x0827da4e in inner_start_thread (arg=0xb4f01360) at mono-threads-posix.c:49
#50 0xb771ed4c in start_thread (arg=0xb386bb40) at pthread_create.c:308
#51 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 3 (Thread 0xb40f7b40 (LWP 17829)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb772698b in waitpid () at ../sysdeps/unix/syscall-template.S:82
#2  0x080fe06b in mono_handle_native_sigsegv (signal=11, ctx=0xb72b3d0c) at mini-exceptions.c:2361
#3  0x0814af7c in mono_arch_handle_altstack_exception (sigctx=0xb72b3d0c, fault_addr=0x89160, stack_ovf=0) at exceptions-x86.c:1193
#4  0x0806597d in mono_sigsegv_signal_handler (_dummy=11, info=0xb72b3c8c, context=0xb72b3d0c) at mini.c:6708
#5  <signal handler called>
#6  ves_icall_System_Array_SetValueImpl (this=0xb6c01080, value=0xb6ffb440, pos=1) at icall.c:264
#7  0xb705a7d0 in ?? ()
#8  0xb70800e0 in ?? ()
#9  0xb708a508 in ?? ()
#10 0xb705a6fc in ?? ()
#11 0xb536b978 in ?? ()
#12 0xb536b222 in ?? ()
#13 0xb536ab20 in ?? ()
#14 0xb536a734 in ?? ()
#15 0xb536a178 in ?? ()
#16 0xb707e075 in ?? ()
#17 0x0806a65d in mono_jit_runtime_invoke (method="System.AsyncCallback:Invoke ()", obj=0xb6ff0148, params=0xb40f725c, exc=0xb40f7254) at mini.c:6593
#18 0x081f7acf in mono_runtime_invoke (method="System.AsyncCallback:Invoke ()", obj=0xb6ff0148, params=0xb40f725c, exc=0xb40f7254) at object.c:2827
#19 0x081f8945 in mono_runtime_delegate_invoke (delegate=0xb6ff0148, params=0xb40f725c, exc=0xb40f7254) at object.c:3538
#20 0x081d8125 in mono_async_invoke (ares=0xb6f8cd20, tp=<optimized out>) at threadpool.c:621
#21 async_invoke_thread (data=0xb6f8cd20) at threadpool.c:1517
#22 0x081d2709 in start_wrapper_internal (data=0xb4f03bf8) at threads.c:609
#23 start_wrapper (data=0xb4f03bf8) at threads.c:654
#24 0x0826cf32 in thread_start_routine (args=0x87c88f4) at wthreads.c:294
#25 0x0827da4e in inner_start_thread (arg=0xb4f0d1d0) at mono-threads-posix.c:49
#26 0xb771ed4c in start_thread (arg=0xb40f7b40) at pthread_create.c:308
#27 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xb44eeb40 (LWP 17831)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb7724cc5 in sem_wait@@GLIBC_2.1 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_wait.S:80
#2  0x082792d8 in mono_sem_wait (sem=0x83b6384, alertable=0) at mono-semaphore.c:119
#3  0x08217a5d in sgen_wait_for_suspend_ack (count=7) at sgen-os-posix.c:165
#4  0x08217b91 in sgen_thread_handshake (suspend=1) at sgen-os-posix.c:199
#5  0x082449ac in sgen_stop_world (generation=0) at sgen-stw.c:219
#6  0x082224fa in sgen_perform_collection (requested_size=2064, generation_to_collect=0, reason=0x834bc65 "Nursery full", wait_to_finish=0) at sgen-gc.c:3444
#7  0x08222af4 in sgen_ensure_free_space (size=2064) at sgen-gc.c:3414
#8  0x082382de in mono_gc_alloc_obj_nolock (vtable=vtable("System.Char[]"), size=<optimized out>) at sgen-alloc.c:264
#9  0x082386f4 in mono_gc_alloc_vector (vtable=vtable("System.Char[]"), size=2064, max_length=1024) at sgen-alloc.c:491
#10 0xb72c0003 in ?? ()
#11 0xb707eeec in ?? ()
#12 0xb5a4f704 in ?? ()
#13 0xb5a4f5d0 in ?? ()
#14 0xb5a4f53c in ?? ()
#15 0xb5a4f45c in ?? ()
#16 0xb46155b8 in ?? ()
#17 0xb3fa8b04 in ?? ()
#18 0xb3fa8784 in ?? ()
#19 0xb3fa844c in ?? ()
#20 0xb3fa833c in ?? ()
#21 0xb3fa82a0 in ?? ()
#22 0xb3fa640f in ?? ()
#23 0xb3fa5434 in ?? ()
#24 0xb3fa519c in ?? ()
#25 0xb3fd0914 in ?? ()
#26 0xb3fcfd7b in ?? ()
#27 0xb3fe9859 in ?? ()
#28 0xb4314bae in ?? ()
#29 0xb4324f84 in ?? ()
#30 0xb43249e8 in ?? ()
#31 0xb5370f94 in ?? ()
#32 0xb5370d1c in ?? ()
#33 0xb53708ac in ?? ()
#34 0xb5370364 in ?? ()
#35 0xb536ff88 in ?? ()
#36 0xb536d13c in ?? ()
#37 0xb536cdd8 in ?? ()
#38 0xb536c0bc in ?? ()
#39 0xb707e075 in ?? ()
#40 0x0806a65d in mono_jit_runtime_invoke (method="System.Threading.WaitCallback:Invoke ()", obj=0xb6ff8420, params=0xb44ee25c, exc=0xb44ee254) at mini.c:6593
#41 0x081f7acf in mono_runtime_invoke (method="System.Threading.WaitCallback:Invoke ()", obj=0xb6ff8420, params=0xb44ee25c, exc=0xb44ee254) at object.c:2827
#42 0x081f8945 in mono_runtime_delegate_invoke (delegate=0xb6ff8420, params=0xb44ee25c, exc=0xb44ee254) at object.c:3538
#43 0x081d8125 in mono_async_invoke (ares=0xb6ff8458, tp=<optimized out>) at threadpool.c:621
#44 async_invoke_thread (data=0xb6ff8458) at threadpool.c:1517
#45 0x081d2709 in start_wrapper_internal (data=0xb4f04188) at threads.c:609
#46 start_wrapper (data=0xb4f04188) at threads.c:654
#47 0x0826cf32 in thread_start_routine (args=0x87c897c) at wthreads.c:294
#48 0x0827da4e in inner_start_thread (arg=0xb4f046c0) at mono-threads-posix.c:49
#49 0xb771ed4c in start_thread (arg=0xb44eeb40) at pthread_create.c:308
#50 0xb765dbae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb756c700 (LWP 16016)):
#0  0xb778d424 in __kernel_vsyscall ()
#1  0xb759c622 in do_sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:63
#2  __GI___sigsuspend (set=0x83b63a0) at ../sysdeps/unix/sysv/linux/sigsuspend.c:78
#3  0x082178b6 in suspend_thread (context=0xbfb8d9cc, info=0x87d0be0) at sgen-os-posix.c:113
#4  suspend_handler (sig=30, siginfo=0xbfb8d94c, context=0xbfb8d9cc) at sgen-os-posix.c:131
#5  <signal handler called>
#6  0xb778d422 in __kernel_vsyscall ()
#7  0xb77259db in read () at ../sysdeps/unix/syscall-template.S:82
#8  0x08256218 in read (__nbytes=1024, __buf=0xb6df5018, __fd=0) at /usr/include/i386-linux-gnu/bits/unistd.h:45
#9  console_read (handle=0x0, buffer=0xb6df5018, numbytes=1024, bytesread=0xbfb8dd8c, overlapped=0x0) at io.c:1046
#10 0x08258320 in ReadFile (handle=0x0, buffer=0xb6df5018, numbytes=1024, bytesread=0xbfb8dd8c, overlapped=0x0) at io.c:2182
#11 0x0824dff8 in ves_icall_System_IO_MonoIO_Read (handle=0x0, dest=0xb6df5008, dest_offset=0, count=1024, error=0xbfb8de20) at file-io.c:833
#12 0xb70709b4 in ?? ()
#13 0xb70708f8 in ?? ()
#14 0xb7070340 in ?? ()
#15 0xb7070140 in ?? ()
#16 0xb707004b in ?? ()
#17 0xb70720e0 in ?? ()
#18 0xb5a57573 in ?? ()
#19 0xb5a54eac in ?? ()
#20 0xb5a54dca in ?? ()
#21 0xb5a54d7c in ?? ()
#22 0xb5a68908 in ?? ()
#23 0xb5a66d2c in ?? ()
#24 0xb5a66b64 in ?? ()
#25 0xb702ff4a in ?? ()
#26 0xb702fdc4 in ?? ()
#27 0xb72bcc84 in ?? ()
#28 0xb72baed4 in ?? ()
#29 0xb72bb035 in ?? ()
#30 0x0806a65d in mono_jit_runtime_invoke (method="Mono.WebServer.XSP.Server:Main ()", obj=0x0, params=0xbfb8e75c, exc=0x0) at mini.c:6593
#31 0x081f7acf in mono_runtime_invoke (method="Mono.WebServer.XSP.Server:Main ()", obj=0x0, params=0xbfb8e75c, exc=0x0) at object.c:2827
#32 0x081f9bfd in mono_runtime_exec_main (method="Mono.WebServer.XSP.Server:Main ()", args=0xb6c00798, exc=0x0) at object.c:4054
#33 0x080d0fea in main_thread_handler (user_data=<synthetic pointer>) at driver.c:1065
#34 mono_main (argc=2, argv=0xbfb8e924) at driver.c:2027
#35 0x0805dafc in mono_main_with_options (argv=0xbfb8e924, argc=2) at main.c:91
#36 main (argc=2, argv=0xbfb8e924) at main.c:122

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Aborted (core dumped)
Comment 1 Sergey Zhukov 2013-11-26 02:07:34 UTC
Forgot to add:
Mono Runtime Engine version 3.2.7 (master/1d5cefe Mon Nov 25 22:49:32 NOVT 2013)
Comment 2 Sergey Zhukov 2013-11-26 03:29:02 UTC
ProcessRequest can even be simpler:

public static void ProcessRequest(object state)
{
	string s = "Hello, world!";

	NameValueCollection col = new NameValueCollection ();
	for (int j = 0; j < maxCols; j++) {
		col.Add (j.ToString (), s);
	}
	for (int j = 0; j < maxCols; j++) {
		string h2 = col.GetKey (j);
	}
}
Comment 3 Zoltan Varga 2013-11-27 04:40:58 UTC
This looks like a random sgen crash.
Comment 4 Zoltan Varga 2013-11-27 05:20:53 UTC
Putting a GC.Collect () into AsyncResult:.ctor () makes this happen immediately.
Comment 5 Zoltan Varga 2013-11-27 10:01:50 UTC
Defining DISABLE_CRITICAL_REGION seems to fix this.
Comment 6 Zoltan Varga 2013-11-27 10:24:35 UTC
The code in mono_gc_try_alloc_obj_nolock () seems very suspect, especially the calls to the sgen_nursery () functions.
Comment 7 Mark Probst 2013-12-03 06:35:55 UTC
I can reproduce this.  On it.
Comment 8 Mark Probst 2013-12-04 09:33:23 UTC
Fixed in c9ff997797775a5cfd1a5fef2c4c1bd87145108c.
Comment 9 Sergey Zhukov 2013-12-04 12:33:21 UTC
I checked the fix. It works for me.