[Mono-bugs] [Bug 78434][Nor] New - free memory read race during GC_thread_deregister

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed May 17 19:24:39 EDT 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by matt at use.net.

http://bugzilla.ximian.com/show_bug.cgi?id=78434

--- shadow/78434	2006-05-17 19:24:39.000000000 -0400
+++ shadow/78434.tmp.8256	2006-05-17 19:24:39.000000000 -0400
@@ -0,0 +1,45 @@
+Bug#: 78434
+Product: Mono: Runtime
+Version: 1.1
+OS: GNU/Linux [Other]
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: GC
+AssignedTo: lupus at ximian.com                            
+ReportedBy: matt at use.net               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: free memory read race during GC_thread_deregister
+
+Steps to reproduce the problem:
+1. using valgrind latest SVN on mono latest SVN, I observe the following:
+
+==26534== Invalid read of size 1
+==26534==    at 0x4CDB41: GC_thread_deregister_foreign (pthread_support.c:238)
+==26534==    by 0x50D201A: __pthread_destroy_specifics (specific.c:198)
+==26534==    by 0x50CE4CD: __pthread_do_exit (join.c:44)
+==26534==    by 0x50CE5FB: pthread_exit (join.c:29)
+==26534==    by 0x4B877E: thread_exit (threads.c:160)
+==26534==    by 0x4B88BE: thread_start_routine (threads.c:220)
+==26534==    by 0x4CD496: GC_start_routine (pthread_support.c:1341)
+==26534==    by 0x50CEBB8: pthread_start_thread (manager.c:310)
+==26534==  Address 0x8567CE0 is 40 bytes inside a block of size 1,624 free'd
+==26534==    at 0x4A1904A: free (vg_replace_malloc.c:222)
+==26534==    by 0x4CDAEC: GC_thread_exit_proc (pthread_support.c:1167)
+==26534==    by 0x50CDD31: __pthread_perform_cleanup (cancel.c:223)
+==26534==    by 0x50CE4C8: __pthread_do_exit (join.c:43)
+==26534==    by 0x50CE5FB: pthread_exit (join.c:29)
+==26534==    by 0x4B877E: thread_exit (threads.c:160)
+==26534==    by 0x4B88BE: thread_start_routine (threads.c:220)
+==26534==    by 0x4CD496: GC_start_routine (pthread_support.c:1341)
+==26534==    by 0x50CEBB8: pthread_start_thread (manager.c:310)
+
+when using the following commandline:
+~/bin/valgrind --freelist-vol=50000000 --leak-check=full --smc-check=all
+--suppressions=/home/matt/src/mono/mono/data/mono.supp --error-limit=no
+mono ~/imeem/imeem.exe

More information about the mono-bugs mailing list