Bug 57824 - Idle IDE crashing with "incorrect checksum for freed object"
Summary: Idle IDE crashing with "incorrect checksum for freed object"
Status: RESOLVED NORESPONSE
Alias: None
Product: Runtime
Classification: Mono
Component: General ()
Version: 5.0 (2017-02)
Hardware: PC Mac OS
: --- normal
Target Milestone: Future Cycle (TBD)
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-06-28 09:41 UTC by patryk.romanczuk
Modified: 2017-08-17 17:31 UTC (History)
5 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Crash stack trace (178.70 KB, text/plain)
2017-06-28 09:41 UTC, patryk.romanczuk
Details
IDE log (126.72 KB, text/plain)
2017-06-29 06:54 UTC, patryk.romanczuk
Details
IDE details (2.30 KB, text/rtf)
2017-06-29 06:54 UTC, patryk.romanczuk
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED NORESPONSE

Description patryk.romanczuk 2017-06-28 09:41:53 UTC
Created attachment 23166 [details]
Crash stack trace

Hello,

I'd like to report that quite often when i leave my Visual Studio For Mac without any attention (I'm not using my mac at this moment either) it happens to crash.

Example crash stackTrace below, full report in attachment:

Process:               VisualStudio [8311]
Path:                  /Applications/Visual Studio.app/Contents/MacOS/VisualStudio
Identifier:            com.microsoft.visual-studio
Version:               7.0.0.3146 (7.0.0.3146)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           VisualStudio [8311]
User ID:               509

Date/Time:             2017-06-28 11:30:41.500 +0200
OS Version:            Mac OS X 10.12.4 (16E195)
Report Version:        12
Anonymous UUID:        3D125E72-71BF-08A0-C5FE-2FC8923FEB36

Sleep/Wake UUID:       FFC553FA-9119-4F84-93E7-1B97544D92A6

Time Awake Since Boot: 110000 seconds
Time Since Wake:       9600 seconds

System Integrity Protection: enabled

Crashed Thread:        50  Threadpool worker

Exception Type:        EXC_BAD_ACCESS (SIGABRT)
Exception Codes:       EXC_I386_GPFLT
Exception Note:        EXC_CORPSE_NOTIFY

External Modification Warnings:
Debugger attached to process.

Application Specific Information:
abort() called
*** error for object 0x7fc172ee4a88: incorrect checksum for freed object - object was probably modified after being freed.
 
BUG IN CLIENT OF LIBPLATFORM: Trying to recursively lock an os_unfair_lock

Thread 0:: GUI Thread  Dispatch queue: com.apple.main-thread
0   libsystem_platform.dylib      	0x00007fffba180ae4 _os_unfair_lock_recursive_abort + 23
1   libsystem_platform.dylib      	0x00007fffba180405 _os_unfair_lock_lock_slow + 181
2   libsystem_malloc.dylib        	0x00007fffba0f0395 szone_malloc_should_clear + 179
3   libsystem_malloc.dylib        	0x00007fffba0f0282 malloc_zone_malloc + 107
4   libsystem_malloc.dylib        	0x00007fffba0ef200 malloc + 24
5   libmonosgen-2.0.dylib         	0x0000000106ca39e8 monoeg_malloc + 24 (gmem.c:103)
6   libmonosgen-2.0.dylib         	0x0000000106ca8084 monoeg_g_string_new + 20 (gstring.c:60)
7   libmonosgen-2.0.dylib         	0x0000000106b5a3e8 mono_method_get_name_full + 88 (debug-helpers.c:819)
8   libmonosgen-2.0.dylib         	0x0000000106bbd271 mono_debug_print_stack_frame + 33 (mono-debug.c:934)
9   libmonosgen-2.0.dylib         	0x0000000106ab878a print_stack_frame_to_stderr + 58 (mini-exceptions.c:2406)
10  libmonosgen-2.0.dylib         	0x0000000106ab5e5c mono_walk_stack_full + 892 (mini-exceptions.c:1090)
11  libmonosgen-2.0.dylib         	0x0000000106ab60a6 mono_walk_stack + 166 (mini-exceptions.c:983)
12  libmonosgen-2.0.dylib         	0x0000000106ab8591 mono_handle_native_crash + 225 (mini-exceptions.c:2517)
13  libsystem_platform.dylib      	0x00007fffba17db3a _sigtramp + 26
14  ???                           	0x00007fc172ff20c8 0 + 140468834738376
15  libsystem_c.dylib             	0x00007fffba002420 abort + 129
16  libsystem_malloc.dylib        	0x00007fffba0fcf5d szone_error + 626
17  libsystem_malloc.dylib        	0x00007fffba0f1bec tiny_malloc_from_free_list + 1148
18  libsystem_malloc.dylib        	0x00007fffba0f0472 szone_malloc_should_clear + 400
19  libsystem_malloc.dylib        	0x00007fffba0f0282 malloc_zone_malloc + 107
20  com.apple.CoreFoundation      	0x00007fffa482491c CFRunArrayCreate + 76
21  com.apple.CoreFoundation      	0x00007fffa482483c CFAttributedStringCreate + 92
22  pango-basic-coretext.so       	0x00000001210b0238 run_iterator_create + 376 (basic-coretext.c:275)
23  pango-basic-coretext.so       	0x00000001210afeb8 create_core_text_glyph_list + 56 (basic-coretext.c:378)
24  pango-basic-coretext.so       	0x00000001210af8b8 basic_engine_shape + 136 (basic-coretext.c:448)
25  libpango-1.0.0.dylib          	0x000000010b8758c1 _pango_engine_shape_shape + 113 (pango-engine.c:104)
26  libpango-1.0.0.dylib          	0x000000010b89234d pango_shape_full + 349 (shape.c:111)
27  libpango-1.0.0.dylib          	0x000000010b8869cb shape_run + 235 (pango-layout.c:3244)
28  libpango-1.0.0.dylib          	0x000000010b884dc4 process_item + 116 (pango-layout.c:3353)
29  libpango-1.0.0.dylib          	0x000000010b8846ca process_line + 538 (pango-layout.c:3651)
30  libpango-1.0.0.dylib          	0x000000010b87bd24 pango_layout_check_lines + 1444 (pango-layout.c:3974)
31  libpango-1.0.0.dylib          	0x000000010b880a39 pango_layout_get_extents_internal + 105 (pango-layout.c:2536)
32  libpango-1.0.0.dylib          	0x000000010b8809c6 pango_layout_get_extents + 102 (pango-layout.c:2730)
33  libpango-1.0.0.dylib          	0x000000010b881202 pango_layout_get_pixel_extents + 210 (pango-layout.c:2755)
34  libgtk-quartz-2.0.0.dylib     	0x000000010bb1f309 get_size + 633 (gtkcellrenderertext.c:1544)
35  libgtk-quartz-2.0.0.dylib     	0x000000010bb1e1b7 gtk_cell_renderer_text_get_size + 103 (gtkcellrenderertext.c:1609)
36  libgtk-quartz-2.0.0.dylib     	0x000000010bb119f3 gtk_cell_renderer_get_size + 451 (gtkcellrenderer.c:529)
37  libgtk-quartz-2.0.0.dylib     	0x000000010bdd6e81 gtk_tree_view_column_cell_get_size + 497 (gtktreeviewcolumn.c:2654)
38  libgtk-quartz-2.0.0.dylib     	0x000000010bdb6b16 validate_row + 1414 (gtktreeview.c:5788)
39  libgtk-quartz-2.0.0.dylib     	0x000000010bdbd410 validate_visible_area + 2576 (gtktreeview.c:5994)
40  libgtk-quartz-2.0.0.dylib     	0x000000010bda5577 do_presize_handler + 119 (gtktreeview.c:6432)
41  libgtk-quartz-2.0.0.dylib     	0x000000010bdbe255 presize_handler_callback + 21 (gtktreeview.c:6453)
42  libgdk-quartz-2.0.0.dylib     	0x000000010c0f8846 gdk_threads_dispatch + 102 (gdk.c:512)
43  libglib-2.0.0.dylib           	0x000000010b95a244 g_main_context_dispatch + 287
44  libglib-2.0.0.dylib           	0x000000010b95a580 g_main_context_iterate + 440
45  libglib-2.0.0.dylib           	0x000000010b95a7d6 g_main_loop_run + 207
46  libgtk-quartz-2.0.0.dylib     	0x000000010bc14a92 gtk_main + 258 (gtkmain.c:1257)
47  ???                           	0x000000012723f95a 0 + 4951636314
48  ???                           	0x00000001059e7587 0 + 4389238151
49  ???                           	0x00000001059e71a7 0 + 4389237159
50  libmonosgen-2.0.dylib         	0x0000000106a10f65 mono_jit_runtime_invoke + 2261 (mini-runtime.c:2533)
51  libmonosgen-2.0.dylib         	0x0000000106c0c478 do_runtime_invoke + 88 (object.c:2860)
52  libmonosgen-2.0.dylib         	0x0000000106c0f950 do_exec_main_checked + 144 (object.c:4680)
53  libmonosgen-2.0.dylib         	0x0000000106a7f97e mono_jit_exec + 302 (driver.g.c:1037)
54  libmonosgen-2.0.dylib         	0x0000000106a81d35 mono_main + 8085 (driver.g.c:2216)
55  com.microsoft.visual-studio   	0x00000001058f2ea2 main + 3042
56  libdyld.dylib                 	0x00007fffb9f6e235 start + 1
Comment 1 Matt Ward 2017-06-28 12:31:36 UTC
Would you be able to attach the IDE logs? (Help - Open Log directory) Also the information from the About dialog - Show Details. Thanks.
Comment 2 patryk.romanczuk 2017-06-29 06:54:39 UTC
Created attachment 23193 [details]
IDE log
Comment 3 patryk.romanczuk 2017-06-29 06:54:57 UTC
Created attachment 23194 [details]
IDE details
Comment 4 patryk.romanczuk 2017-06-29 06:55:24 UTC
Added to attachments, I hope it will help you.
Comment 5 patryk.romanczuk 2017-07-04 11:08:04 UTC
Info provided
Comment 6 David Karlaš 2017-07-05 17:58:01 UTC
Since this are native crashes with "incorrect checksum for freed object" I'm reassigning to runtime.
Comment 7 Ludovic Henry 2017-07-05 19:06:48 UTC
I can see 2 different native crashes on the stacktraces provided.

The first one (which is the one reported in https://bugzilla.xamarin.com/show_bug.cgi?id=57824#c0) is a crash in libsystem_malloc.dylib which I am afraid isn't related to Mono at all. The only mono code that is involved here is invoking gtk_main.

The second one reported in the "IDE log" attachment (https://bugzilla.xamarin.com/attachment.cgi?id=23193) is a SIGSEGV in libz.1.dylib, which is called from libMonoPosixHelper.dylib. This might indeed be a bug in System.IO.Compression.DeflateStream, but without a repro, it's going to be hard to track down.

Also, from your logs, it seems like these 2 crashes do not happen at the same time (11:20 vs 11:30), so do you observe them in 1 instance, or is it 2 instances of 2 different crashes?

Thank you,
Ludovic
Comment 8 Ludovic Henry 2017-08-17 17:31:51 UTC
Please reopen whenever you provide a reproduction case so we can have a look. Thank you.