[Mono-bugs] [Bug 80787][Maj] New - crash during make check: glibc detects an invalid free

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Sat Feb 10 15:47:58 EST 2007


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by matt at use.net.

http://bugzilla.ximian.com/show_bug.cgi?id=80787

--- shadow/80787	2007-02-10 15:47:58.000000000 -0500
+++ shadow/80787.tmp.29736	2007-02-10 15:47:58.000000000 -0500
@@ -0,0 +1,392 @@
+Bug#: 80787
+Product: Mono: Runtime
+Version: 1.2
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Major
+Component: JIT
+AssignedTo: lupus at ximian.com                            
+ReportedBy: matt at use.net               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: crash during make check: glibc detects an invalid free
+
+Steps to reproduce the problem:
+1. get latest svn for mono and mcs
+2. make install && make check
+
+Actual Results:
+crash.
+        MONO_REGISTRY_PATH="/home/matt/.mono/registry" 
+MONO_PATH="../../class/lib/net_2_0::
+$MONO_PATH" /home/matt/src/mono/runtime/mono-wrapper --debug  ../../class/lib/net_2_0/nunit-console.exe   /exclude:NotWorking,ValueAdd,CAS,InetAccess,PKITS /output:TestResult-net_2_0.log /xml:TestResult-net_2_0.xml  
+System_test_net_2_0.dll || ok=false; \
+        (echo ''; cat TestResult-net_2_0.log) | sed '1,/^Tests run: /d' ; 
+$ok
+NUnit version 2.2.0
+Copyright (C) 2002-2003 James W. Newkirk, Michael C. Two, Alexei A. 
+Vorontsov, Charlie Poole.
+Copyright (C) 2000-2003 Philip Craig.
+All Rights Reserved.
+
+OS Version: Unix 2.6.17.10    Mono Version: 2.0.50727.42
+
+Excluded categories: NotWorking,ValueAdd,CAS,InetAccess,PKITS


 .......................................................................N...........................................................................................................................*** 
+glibc detected *** /home/matt/src/mono/mono/mini/mono: free(): invalid 
+pointer: 0x00007fff ***
+======= Backtrace: =========
+/lib/tls/i686/cmov/libc.so.6[0x401748bd]
+/lib/tls/i686/cmov/libc.so.6(__libc_free+0x84)[0x40174a44]
+/usr/lib/libz.so.1(zcfree+0x1d)[0x41c57cbd]
+/usr/lib/libz.so.1(inflateEnd+0x41)[0x41c57f81]
+/home/matt/src/mono/support/.libs/libMonoPosixHelper.so(free_z_stream+0x48)
+[0x41c397f8]
+[0x41c1b43b]
+[0x41c1b3c3]
+[0x41c1b315]
+[0x41c1b2d6]
+[0x41c1a74f]
+[0x413b3583]
+/home/matt/src/mono/mono/mini/mono(mono_runtime_invoke_array+0x19b)
+[0x809586b]
+/home/matt/src/mono/mono/mini/mono[0x809b87b]
+[0x4139c02d]
+[0x417b8b02]
+[0x413fea1b]
+[0x417b89df]
+[0x417b8d73]
+[0x417b8713]
+[0x417b8430]
+[0x417b7f35]
+[0x417b7e22]
+[0x417b440c]
+[0x417b3187]
+[0x417b440c]
+[0x417b3187]
+[0x417b440c]
+[0x417b3187]
+[0x417b440c]
+[0x417b3187]
+[0x417b440c]
+[0x417b3187]
+[0x417b440c]
+[0x417b3187]
+[0x417b2f72]
+[0x414a5900]
+[0x414a52a8]
+[0x414a4dbc]
+[0x414a4d76]
+[0x414a386f]
+[0x41482b03]
+[0x4148cb0c]
+[0x410edbde]
+[0x40b3630b]
+[0x40b36086]
+/home/matt/src/mono/mono/mini/mono(mono_runtime_exec_main+0x9f)
+[0x809431f]
+/home/matt/src/mono/mono/mini/mono(mono_runtime_run_main+0x1b9)
+[0x80945c9]
+/home/matt/src/mono/mono/mini/mono(mono_main+0xe9e)[0x80590be]
+/home/matt/src/mono/mono/mini/mono[0x8057d12]
+/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0x401238cc]
+/home/matt/src/mono/mono/mini/mono[0x8057c61]
+======= Memory map: ========
+00001000-016a2000 rwxp 00001000 00:00 0
+08048000-081f8000 r-xp 00000000 03:02 
+1457273    /home/matt/src/mono/mono/mini/mono
+081f8000-081fa000 rwxp 001af000 03:02 
+1457273    /home/matt/src/mono/mono/mini/mono
+081fa000-0907f000 rwxp 081fa000 00:00 0          [heap]
+40000000-40019000 r-xp 00000000 03:02 3254163    /lib/ld-2.4.so
+40019000-4001b000 rwxp 00018000 03:02 3254163    /lib/ld-2.4.so
+4001b000-4001d000 rwxp 4001b000 00:00 0
+4001d000-4001e000 r-xp 00000000 03:02 
+2880628    /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
+4001e000-40025000 r-xs 00000000 03:02 
+2158619    /usr/lib/gconv/gconv-modules.cache
+40025000-40026000 r-xp 00000000 03:02 
+2880626    /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
+40026000-40027000 r-xp 00000000 03:02 
+2880625    /usr/lib/locale/en_US.utf8/LC_TELEPHONE
+40027000-40028000 r-xp 00000000 03:02 
+2880623    /usr/lib/locale/en_US.utf8/LC_ADDRESS
+40028000-40029000 r-xp 00000000 03:02 
+2880622    /usr/lib/locale/en_US.utf8/LC_NAME
+40029000-4002a000 r-xp 00000000 03:02 
+2718516    /usr/lib/locale/en_US.utf8/LC_PAPER
+4002a000-4002b000 r-xp 00000000 03:02 
+2717656    /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
+4002b000-4002c000 r-xp 00000000 03:02 
+2880621    /usr/lib/locale/en_US.utf8/LC_MONETARY
+4002c000-4002d000 r-xp 00000000 03:02 
+2880619    /usr/lib/locale/en_US.utf8/LC_TIME
+4002d000-4002e000 r-xp 00000000 03:02 
+2704404    /usr/lib/locale/en_US.utf8/LC_NUMERIC
+4002e000-40030000 r-xp 00000000 03:02 
+1489456    /home/matt/src/mcs/class/lib/net_2_0/nunit-console.exe.mdb
+40030000-40037000 r-xp 00000000 03:02 
+3288976    /lib/tls/i686/cmov/librt-2.4.so
+40037000-40039000 rwxp 00006000 03:02 
+3288976    /lib/tls/i686/cmov/librt-2.4.so
+40039000-4003d000 r-xp 00000000 03:02 
+2143400    /usr/lib/libgthread-2.0.so.0.1200.4
+4003d000-4003e000 rwxp 00003000 03:02 
+2143400    /usr/lib/libgthread-2.0.so.0.1200.4
+4003e000-400cf000 r-xp 00000000 03:02 
+2143116    /usr/lib/libglib-2.0.so.0.1200.4
+400cf000-400d0000 rwxp 00091000 03:02 
+2143116    /usr/lib/libglib-2.0.so.0.1200.4
+400d0000-400d2000 r-xp 00000000 03:02 
+3287830    /lib/tls/i686/cmov/libdl-2.4.so
+400d2000-400d4000 rwxp 00001000 03:02 
+3287830    /lib/tls/i686/cmov/libdl-2.4.so
+400d4000-400d5000 rwxp 400d4000 00:00 0
+400d5000-400e4000 r-xp 00000000 03:02 
+3288972    /lib/tls/i686/cmov/libpthread-2.4.so
+400e4000-400e6000 rwxp 0000f000 03:02 
+3288972    /lib/tls/i686/cmov/libpthread-2.4.so
+400e6000-400e8000 rwxp 400e6000 00:00 0
+400e8000-4010c000 r-xp 00000000 03:02 
+3287833    /lib/tls/i686/cmov/libm-2.4.so
+4010c000-4010e000 rwxp 00023000 03:02 
+3287833    /lib/tls/i686/cmov/libm-2.4.so
+4010e000-4023b000 r-xp 00000000 03:02 
+3287815    /lib/tls/i686/cmov/libc-2.4.so
+4023b000-4023d000 r-xp 0012c000 03:02 
+3287815    /lib/tls/i686/cmov/libc-2.4.so
+4023d000-4023f000 rwxp 0012e000 03:02 
+3287815    /lib/tls/i686/cmov/libc-2.4.so
+4023f000-40243000 rwxp 4023f000 00:00 0
+40243000-4031a000 r-xp 00000000 03:02 
+2704406    /usr/lib/locale/en_US.utf8/LC_COLLATE
+4031a000-4034d000 r-xp 00000000 03:02 
+2704403    /usr/lib/locale/en_US.utf8/LC_CTYPE
+4034d000-4036d000 rwxp 4034d000 00:00 0
+4036d000-405c2000 r-xp 00000000 03:02 
+1684268    /home/matt/src/mcs/class/lib/net_2_0/mscorlib.dll
+405c2000-405c3000 ---p 405c2000 00:00 0
+405c3000-405c6000 rwxp 405c3000 00:00 0
+405c6000-405ca000 r-xp 00000000 03:02 
+1489455    /home/matt/src/mcs/class/lib/net_2_0/nunit-console.exe
+405ca000-405d2000 r-xp 00000000 03:02 
+1618858    /home/matt/src/mcs/class/lib/net_2_0/I18N.dll
+405d2000-405d5000 r-xp 00000000 03:02 
+1618859    /home/matt/src/mcs/class/lib/net_2_0/I18N.dll.mdb
+405d5000-405dc000 r-xp 00000000 03:02 
+3288960    /lib/tls/i686/cmov/libnss_compat-2.4.so
+405dc000-405de000 rwxp 00006000 03:02 
+3288960    /lib/tls/i686/cmov/libnss_compat-2.4.so
+405de000-405f0000 r-xp 00000000 03:02 
+3288884    /lib/tls/i686/cmov/libnsl-2.4.so
+405f0000-405f2000 rwxp 00011000 03:02 
+3288884    /lib/tls/i686/cmov/libnsl-2.4.so
+405f2000-405f4000 rwxp 405f2000 00:00 0
+405f4000-405fc000 r-xp 00000000 03:02 
+3288966    /lib/tls/i686/cmov/libnss_nis-2.4.so
+405fc000-405fe000 rwxp 00007000 03:02 
+3288966    /lib/tls/i686/cmov/libnss_nis-2.4.so
+405fe000-40607000 r-xp 00000000 03:02 
+3288964    /lib/tls/i686/cmov/libnss_files-2.4.so
+40607000-40609000 rwxp 00008000 03:02 
+3288964    /lib/tls/i686/cmov/libnss_files-2.4.so
+40609000-40676000 rwxp 40609000 00:00 0
+40676000-407af000 rwxs 00000000 03:02 
+1439164    /home/matt/src/mono/runtime/.wapi/shared_data-pretention-Linux-i686-312-11-0
+407af000-40b34000 rwxs 00000000 03:02 
+1439275    /home/matt/src/mono/runtime/.wapi/shared_fileshare-pretention-Linux-i686-36-11-0
+40b34000-40b44000 rwxp 40b34000 00:00 0
+40b44000-40b45000 ---p 40b44000 00:00 0
+40b45000-40c45000 rwxp 40b45000 00:00 0
+40c45000-40e54000 r-xp 00000000 03:02 
+1684281    /home/matt/src/mcs/class/lib/net_2_0/mscorlib.dll.mdb
+40e54000-40e60000 r-xp 00000000 03:02 
+1769489    /home/matt/src/mcs/class/lib/net_2_0/nunit.core.dll
+40e60000-40e6c000 r-xp 00000000 03:02 
+1769492    /home/matt/src/mcs/class/lib/net_2_0/nunit.core.dll.mdb
+40e6c000-40e7b000 r-xp 00000000 03:02 
+1769499    /home/matt/src/mcs/class/lib/net_2_0/nunit.util.dll
+40e7b000-40e88000 r-xp 00000000 03:02 
+1769501    /home/matt/src/mcs/class/lib/net_2_0/nunit.util.dll.mdb
+40e88000-40fb9000 r-xp 00000000 03:02 
+1618856    /home/matt/src/mcs/class/lib/net_2_0/System.Xml.dll
+40fb9000-410dd000 r-xp 00000000 03:02 
+1619060    /home/matt/src/mcs/class/lib/net_2_0/System.Xml.dll.mdb
+410dd000-410fd000 rwxp 410dd000 00:00 0
+410fd000-4124d000 r-xp 00000000 03:02 
+1520862    /home/matt/src/mcs/class/lib/net_2_0/System.dll
+4124d000-4137c000 r-xp 00000000 03:02 
+1520936    /home/matt/src/mcs/class/lib/net_2_0/System.dll.mdb
+4137c000-4140c000 rwxp 4137c000 00:00 0
+4140c000-41428000 r-xp 00000000 03:02 
+1537142    /home/matt/src/mcs/class/lib/net_2_0/System.Configuration.dll
+41428000-41448000 r-xp 00000000 03:02 
+1537143    /home/matt/src/mcs/class/lib/net_2_0/System.Configuration.dll.mdb
+41448000-41458000 rwxp 41448000 00:00 0
+41458000-41468000 r-xp 00000000 03:02 
+1619062    /home/matt/src/mcs/class/lib/net_2_0/I18N.West.dll
+41468000-41476000 r-xp 00000000 03:02 
+1619076    /home/matt/src/mcs/class/lib/net_2_0/I18N.West.dll.mdb
+41476000-414a6000 rwxp 41476000 00:00 0
+414a6000-4160c000 r-xp 00000000 03:02 
+1521008    /home/matt/src/mcs/class/System/System_test_net_2_0.dll
+4160c000-41713000 r-xp 00000000 03:02 
+1521511    /home/matt/src/mcs/class/System/System_test_net_2_0.dll.mdb
+41713000-41718000 r-xp 00000000 03:02 
+1769427    /home/matt/src/mcs/class/lib/net_2_0/nunit.framework.dll
+41718000-4171d000 r-xp 00000000 03:02 
+1769474    /home/matt/src/mcs/class/lib/net_2_0/nunit.framework.dll.mdb
+4171d000-41763000 r-xp 00000000 03:02 
+1520866    /home/matt/src/mcs/class/lib/net_2_0/Mono.Security.dll
+41763000-417af000 r-xp 00000000 03:02 
+1520906    /home/matt/src/mcs/class/lib/net_2_0/Mono.Security.dll.mdb
+417af000-4185f000 rwxp 417af000 00:00 0
+4185f000-41860000 ---p 4185f000 00:00 0
+41860000-41970000 rwxp 41860000 00:00 0
+41970000-41971000 r-xp 00000000 03:02 
+33259      /tmp/tmp40c44661.tmp/6299aff8.dll (deleted)
+41971000-41972000 ---p 41971000 00:00 0
+41972000-41a72000 rwxp 41972000 00:00 0
+41a72000-41a73000 r-xp 00000000 03:02 
+3123241    /tmp/tmp78e21988.tmp/68088a04.dll (deleted)
+41a73000-41a83000 rwxp 41a73000 00:00 0
+41a85000-41a8f000 r-xp 00000000 03:02 3254173    /lib/libgcc_s.so.1
+41a8f000-41a90000 rwxp 00009000 03:02 3254173    /lib/libgcc_s.so.1
+41a90000-41af0000 rwxp 41a90000 00:00 0
+41af0000-41b5b000 r-xp 00000000 03:02 
+1768293    /home/matt/src/mcs/class/lib/net_2_0/System.Drawing.dll
+41b5b000-41bb7000 r-xp 00000000 03:02 
+1768296    /home/matt/src/mcs/class/lib/net_2_0/System.Drawing.dll.mdb
+41bb7000-41c27000 rwxp 41bb7000 00:00 0
+41c27000-41c3a000 r-xp 00000000 03:02 
+1488216    /home/matt/src/mono/support/.libs/libMonoPosixHelper.so
+41c3a000-41c3b000 rwxp 00012000 03:02 
+1488216    /home/matt/src/mono/support/.libs/libMonoPosixHelper.so
+41c4e000-41c61000 r-xp 00000000 03:02 2143988    /usr/lib/libz.so.1.2.3
+41c61000-41c62000 rwxp 00012000 03:02 2143988    /usr/lib/libz.so.1.2.3
+bf95b000-bf970000 rwxp bf95b000 00:00 0          [stack]
+ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]
+Stacktrace:
+
+  at (wrapper managed-to-native) 
+System.IO.Compression.DeflateStream.free_z_stream (intptr) <0x00004>
+  at (wrapper managed-to-native) 
+System.IO.Compression.DeflateStream.free_z_stream (intptr) <0xffffffff>
+                                                  
+
+How often does this happen? 
+every time, as of 2/8/2007.
+
+
+Extra Information:
+valgrind output:
+Excluded categories: NotWorking,ValueAdd,CAS,InetAccess,PKITS
+==19141==
+==19141== Conditional jump or move depends on uninitialised value(s)
+==19141==    at 0x8137CEC: mono_method_to_ir (mini.c:4588)
+==19141==    by 0x814DEA4: inline_method (mini.c:3434)
+==19141==    by 0x813F7AC: mono_method_to_ir (mini.c:4799)
+==19141==    by 0x814BCB5: mini_method_compile (mini.c:10356)
+==19141==    by 0x814D670: mono_jit_compile_method (mini.c:10730)
+==19141==    by 0x8078C49: mono_magic_trampoline (mini-trampolines.c:27)
+==19141==    by 0x444F031: ???
+==19141==    by 0x5E3282A: ???
+==19141==    by 0x5E32605: ???
+==19141==    by 0x5E324AA: ???
+==19141==    by 0x5D302AC: ???
+==19141==    by 0x5D2FF15: ???
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B38AC8: ???
+==19141==    by 0x6B37BCC: ???
+==19141==    by 0x6B377F8: ???
+==19141==    by 0x6B37177: ???
+==19141==    by 0x6B36F2A: ???
+==19141==    by 0x6B36E49: ???
+==19141==    by 0x6B3B53F: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B3BF0F: ???
+==19141==    by 0x6B47712: ???
+==19141==    by 0x6B476D7: ???
+==19141==    by 0x6B36E49: ???
+==19141==    by 0x6B4766F: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==    by 0x6074A1A: ???
+==19141==    by 0x6B39A1E: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B4A585: ???
+==19141==    by 0x6B4A4F6: ???
+==19141==    by 0x6B4A4BF: ???
+==19141==    by 0x6B36E49: ???
+==19141==    by 0x6B4AACF: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==    by 0x6074A1A: ???
+==19141==    by 0x6B39A1E: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B4A585: ???
+==19141==    by 0x6B4DF66: ???
+==19141==    by 0x6B4A783: ???
+==19141==    by 0x6B4A4F6: ???
+==19141==    by 0x6B4A4BF: ???
+==19141==    by 0x6B36E49: ???
+==19141==    by 0x6B4D0CD: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B4A585: ???
+==19141==    by 0x6B4DFD2: ???
+==19141==    by 0x6B4A783: ???
+==19141==    by 0x6B4A4F6: ???
+==19141==    by 0x6B4A4BF: ???
+==19141==    by 0x6B36E49: ???
+==19141==    by 0x6B4D299: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
+==19141==
+==19141== Invalid read of size 4
+==19141==    at 0x6B4864A: ???
+==19141==    by 0x6B510A6: ???
+==19141==    by 0x6B5100C: ???
+==19141==    by 0x6B511A8: ???
+==19141==    by 0x6B51177: ???
+==19141==    by 0x5D29582: ???
+==19141==    by 0x809586A: mono_runtime_invoke_array (object.c:2592)
+==19141==    by 0x809B87A: ves_icall_InternalInvoke (icall.c:2708)
+==19141==    by 0x5D1202C: ???
+==19141==    by 0x6B39B41: ???
+==19141==    by 0x6074A1A: ???
+==19141==    by 0x6B39A1E: ???
+==19141==  Address 0x0 is not stack'd, malloc'd or (recently) free'd


More information about the mono-bugs mailing list