Ubuntu
mono package

*** glibc detected *** mono: double free or corruption (fasttop): 0x09fcc5e0 ***

Bug #574017 reported by Alex Gaynor
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mono (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: mono

I get the following (rather large dump) when running Roger Alsing's GenArt (http://code.google.com/p/alsing/downloads/list) program under Mono, latest Ubuntu (10.04), all packages up to date. The crash appears non-deterministic, and seems to happen at a random time after starting the evolution. What follows is the complete dump:

*** glibc detected *** mono: double free or corruption (fasttop): 0x09fcc5e0 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb7584591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb7585de8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7588ecd]
/usr/lib/libcairo.so.2(cairo_font_face_destroy+0x71)[0xb6472a21]
/usr/lib/libcairo.so.2(+0x16b10)[0xb6476b10]
/usr/lib/libcairo.so.2(cairo_destroy+0x7e)[0xb6470a4e]
/usr/lib/libgdiplus.so.0(GdipDeleteGraphics+0x96)[0xb64f1e96]
[0xb56bfcc5]
[0xb56bfc33]
[0xb3dbda47]
[0xb3dbc677]
[0xb70c5011]
mono(mono_runtime_delegate_invoke+0x34)[0x8110ef4]
mono[0x815285b]
mono[0x81c3062]
mono[0x81e1925]
/lib/tls/i686/cmov/libpthread.so.0(+0x596e)[0xb769e96e]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb75e6a0e]
======= Memory map: ========
00010000-00792000 rwxp 00000000 00:00 0
08048000-0828e000 r-xp 00000000 08:05 1767952 /usr/bin/mono
0828e000-0828f000 r-xp 00245000 08:05 1767952 /usr/bin/mono
0828f000-08290000 rwxp 00246000 08:05 1767952 /usr/bin/mono
08290000-082af000 rwxp 00000000 00:00 0
099ca000-0a16b000 rwxp 00000000 00:00 0 [heap]
b3db4000-b3dd8000 rwxp 00000000 00:00 0
b3dd8000-b3df1000 r-xs 00000000 08:05 1856182 /usr/share/mime/mime.cache
b3df1000-b3df4000 r-xp 00000000 08:05 1136500 /lib/libgpg-error.so.0.4.0
b3df4000-b3df5000 r-xp 00002000 08:05 1136500 /lib/libgpg-error.so.0.4.0
b3df5000-b3df6000 rwxp 00003000 08:05 1136500 /lib/libgpg-error.so.0.4.0
b3df6000-b3e05000 r-xp 00000000 08:05 1766942 /usr/lib/libtasn1.so.3.1.7
b3e05000-b3e06000 r-xp 0000e000 08:05 1766942 /usr/lib/libtasn1.so.3.1.7
b3e06000-b3e07000 rwxp 0000f000 08:05 1766942 /usr/lib/libtasn1.so.3.1.7
b3e07000-b3eca000 r-xp 00000000 08:05 1766304 /usr/lib/libasound.so.2.0.0
b3eca000-b3ece000 r-xp 000c2000 08:05 1766304 /usr/lib/libasound.so.2.0.0
b3ece000-b3ecf000 rwxp 000c6000 08:05 1766304 /usr/lib/libasound.so.2.0.0
b3ecf000-b3f3f000 r-xp 00000000 08:05 1138303 /lib/libgcrypt.so.11.5.2
b3f3f000-b3f40000 r-xp 00070000 08:05 1138303 /lib/libgcrypt.so.11.5.2
b3f40000-b3f42000 rwxp 00071000 08:05 1138303 /lib/libgcrypt.so.11.5.2
b3f42000-b3f50000 r-xp 00000000 08:05 1766334 /usr/lib/libavahi-client.so.3.2.5
b3f50000-b3f51000 ---p 0000e000 08:05 1766334 /usr/lib/libavahi-client.so.3.2.5
b3f51000-b3f52000 r-xp 0000e000 08:05 1766334 /usr/lib/libavahi-client.so.3.2.5
b3f52000-b3f53000 rwxp 0000f000 08:05 1766334 /usr/lib/libavahi-client.so.3.2.5
b3f53000-b3f5d000 r-xp 00000000 08:05 1768251 /usr/lib/libavahi-common.so.3.5.1
b3f5d000-b3f5e000 r-xp 00009000 08:05 1768251 /usr/lib/libavahi-common.so.3.5.1
b3f5e000-b3f5f000 rwxp 0000a000 08:05 1768251 /usr/lib/libavahi-common.so.3.5.1
b3f5f000-b3ff5000 r-xp 00000000 08:05 1769672 /usr/lib/libgnutls.so.26.14.12
b3ff5000-b3ff9000 r-xp 00095000 08:05 1769672 /usr/lib/libgnutls.so.26.14.12
b3ff9000-b3ffa000 rwxp 00099000 08:05 1769672 /usr/lib/libgnutls.so.26.14.12
b3ffa000-b4016000 r-xp 00000000 08:05 1768692 /usr/lib/libdbus-glib-1.so.2.1.0
b4016000-b4017000 r-xp 0001b000 08:05 1768692 /usr/lib/libdbus-glib-1.so.2.1.0
b4017000-b4018000 rwxp 0001c000 08:05 1768692 /usr/lib/libdbus-glib-1.so.2.1.0
b4018000-b403a000 r-xp 00000000 08:05 1767205 /usr/lib/libaudiofile.so.0.0.2
b403a000-b403b000 r-xp 00021000 08:05 1767205 /usr/lib/libaudiofile.so.0.0.2
b403b000-b403d000 rwxp 00022000 08:05 1767205 /usr/lib/libaudiofile.so.0.0.2
b403d000-b4046000 r-xp 00000000 08:05 1769095 /usr/lib/libesd.so.0.2.39
b4046000-b4047000 r-xp 00008000 08:05 1769095 /usr/lib/libesd.so.0.2.39
b4047000-b4048000 rwxp 00009000 08:05 1769095 /usr/lib/libesd.so.0.2.39
b4048000-b4051000 r-xp 00000000 08:05 1136471 /lib/libpopt.so.0.0.0
b4051000-b4052000 r-xp 00008000 08:05 1136471 /lib/libpopt.so.0.0.0
b4052000-b4053000 rwxp 00009000 08:05 1136471 /lib/libpopt.so.0.0.0
b4053000-b4068000 r-xp 00000000 08:05 1769426 /usr/lib/libICE.so.6.3.0
b4068000-b4069000 r-xp 00014000 08:05 1769426 /usr/lib/libICE.so.6.3.0
b4069000-b406a000 rwxp 00015000 08:05 1769426 /usr/lib/libICE.so.6.3.0
b406a000-b406c000 rwxp 00000000 00:00 0
b406c000-b4087000 r-xp 00000000 08:05 1770870 /usr/lib/libgnome-keyring.so.0.1.1
b4087000-b4088000 r-xp 0001a000 08:05 1770870 /usr/lib/libgnome-keyring.so.0.1.1
b4088000-b4089000 rwxp 0001b000 08:05 1770870 /usr/lib/libgnome-keyring.so.0.1.1
b4089000-b40b8000 r-xp 00000000 08:05 1766043 /usr/lib/libgconf-2.so.4.1.5
b40b8000-b40b9000 r-xp 0002e000 08:05 1766043 /usr/lib/libgconf-2.so.4.1.5
b40b9000-b40bb000 rwxp 0002f000 08:05 1766043 /usr/lib/libgconf-2.so.4.1.5
b40bb000-b4114000 r-xp 00000000 08:05 1768057 /usr/lib/libgnomevfs-2.so.0.2400.2
b4114000-b4116000 r-xp 00058000 08:05 1768057 /usr/lib/libgnomevfs-2.so.0.2400.2
b4116000-b4118000 rwxp 0005a000 08:05 1768057 /usr/lib/libgnomevfs-2.so.0.2400.2
b4118000-b412d000 r-xp 00000000 08:05 1768129 /usr/lib/libart_lgpl_2.so.2.3.20
b412d000-b412e000 r-xp 00014000 08:05 1768129 /usr/lib/libart_lgpl_2.so.2.3.20
b412e000-b412f000 rwxp 00015000 08:05 1768129 /usr/lib/libart_lgpl_2.so.2.3.20
b412f000-b4143000 r-xp 00000000 08:05 1768590 /usr/lib/libgnome-2.so.0.3000.0
b4143000-b4144000 r-xp 00013000 08:05 1768590 /usr/lib/libgnome-2.so.0.3000.0
b4144000-b4145000 rwxp 00014000 08:05 1768590 /usr/lib/libgnome-2.so.0.3000.0
b4145000-b4174000 r-xp 00000000 08:05 1768755 /usr/lib/libgnomecanvas-2.so.0.3000.1
b4174000-b4175000 r-xp 0002e000 08:05 1768755 /usr/lib/libgnomecanvas-2.so.0.3000.1
b4175000-b4176000 rwxp 0002f000 08:05 1768755 /usr/lib/libgnomecanvas-2.so.0.3000.1
b4176000-b41d0000 r-xp 00000000 08:05 1768878 /usr/lib/libbonoboui-2.so.0.0.0
b41d0000-b41d1000 r-xp 00059000 08:05 1768878 /usr/lib/libbonoboui-2.so.0.0.0
b41d1000-b41d3000 rwxp 0005a000 08:05 1768878 /usr/lib/libbonoboui-2.so.0.0.0
b41d3000-b4259000 r-xp 00000000 08:05 1767290 /usr/lib/libgnomeui-2.so.0.2400.3
b4259000-b425b000 r-xp 00085000 08:05 1767290 /usr/lib/libgnomeui-2.so.0.2400.3
b425b000-b425d000 rwxp 00087000 08:05 1767290 /usr/lib/libgnomeui-2.so.0.2400.3
b4263000-b4283000 rwxp 00000000 00:00 0
b4283000-b42a0000 r-xp 00000000 08:05 1136787 /lib/libgcc_s.so.1
b42a0000-b42a1000 r-xp 0001c000 08:05 1136787 /lib/libgcc_s.so.1
b42a1000-b42a2000 rwxp 0001d000 08:05 1136787 /lib/libgcc_s.so.1
b42a3000-b42a6000 r-xp 00000000 08:05 1136676 /lib/libuuid.so.1.3.0
b42a6000-b42a7000 r-xp 00002000 08:05 1136676 /lib/libuuid.so.1.3.0
b42a7000-b42a8000 rwxp 00003000 08:05 1136676 /lib/libuuid.so.1.3.0
b42a8000-b42b8000 rwxp 00000000 00:00 0
b42b8000-b42c1000 ---p 00000000 00:00 0
b42c1000-b43d9000 rwxp 00000000 00:00 0
b43d9000-b43e9000 r-xp 00000000 08:05 1140724 /lib/libbz2.so.1.0.4
b43e9000-b43ea000 r-xp 0000f000 08:05 1140724 /lib/libbz2.so.1.0.4
b43ea000-b43eb000 rwxp 00010000 08:05 1140724 /lib/libbz2.so.1.0.4
b43eb000-b450f000 r-xp 00000000 08:05 1766140 /usr/lib/libxml2.so.2.7.6
b450f000-b4513000 r-xp 00123000 08:05 1766140 /usr/lib/libxml2.so.2.7.6
b4513000-b4514000 rwxp 00127000 08:05 1766140 /usr/lib/libxml2.so.2.7.6
b4514000-b4515000 rwxp 00000000 00:00 0 Stacktrace:

  at (wrapper managed-to-native) System.Drawing.GDIPlus.GdipDeleteGraphics (intptr) <0x00004>
  at (wrapper managed-to-native) System.Drawing.GDIPlus.GdipDeleteGraphics (intptr) <0xffffffff>
  at System.Drawing.Graphics.Dispose () <0x00082>
  at GenArt.Classes.FitnessCalculator.GetDrawingFitness (GenArt.AST.DnaDrawing,System.Drawing.Color[2]) <0x002ae>
  at GenArt.MainForm.StartEvolution () <0x0018e>
  at (wrapper runtime-invoke) object.runtime_invoke_void__this__ (object,intptr,intptr,intptr) <0xffffffff>

Native stacktrace:

 mono() [0x80ca6e4]
 [0xb77a8410]
 /lib/tls/i686/cmov/libc.so.6(abort+0x182) [0xb7546a82]
 /lib/tls/i686/cmov/libc.so.6(+0x6149d) [0xb757a49d]
 /lib/tls/i686/cmov/libc.so.6(+0x6b591) [0xb7584591]
 /lib/tls/i686/cmov/libc.so.6(+0x6cde8) [0xb7585de8]
 /lib/tls/i686/cmov/libc.so.6(cfree+0x6d) [0xb7588ecd]
 /usr/lib/libcairo.so.2(cairo_font_face_destroy+0x71) [0xb6472a21]
 /usr/lib/libcairo.so.2(+0x16b10) [0xb6476b10]
 /usr/lib/libcairo.so.2(cairo_destroy+0x7e) [0xb6470a4e]
 /usr/lib/libgdiplus.so.0(GdipDeleteGraphics+0x96) [0xb64f1e96]
 [0xb56bfcc5]
 [0xb56bfc33]
 [0xb3dbda47]
 [0xb3dbc677]
 [0xb70c5011]
 mono(mono_runtime_delegate_invoke+0x34) [0x8110ef4]
 mono() [0x815285b]
 mono() [0x81c3062]
 mono() [0x81e1925]
 /lib/tls/i686/cmov/libpthread.so.0(+0x596e) [0xb769e96e]
 /lib/tls/i686/cmov/libc.so.6(clone+0x5e) [0xb75e6a0e]

Debug info from gdb:

[Thread debugging using libthread_db enabled]
[New Thread 0xb43b8b70 (LWP 11957)]
[New Thread 0xb6cc3b70 (LWP 11948)]
[New Thread 0xb7794b70 (LWP 11947)]
0xb77a8422 in __kernel_vsyscall ()
  4 Thread 0xb7794b70 (LWP 11947) 0xb77a8422 in __kernel_vsyscall ()
  3 Thread 0xb6cc3b70 (LWP 11948) 0xb77a8422 in __kernel_vsyscall ()
  2 Thread 0xb43b8b70 (LWP 11957) 0xb77a8422 in __kernel_vsyscall ()
* 1 Thread 0xb74e66f0 (LWP 11946) 0xb77a8422 in __kernel_vsyscall ()

Thread 4 (Thread 0xb7794b70 (LWP 11947)):
#0 0xb77a8422 in __kernel_vsyscall ()
#1 0xb76a6736 in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#2 0x081a6af8 in ?? ()
#3 0xb769e96e in start_thread (arg=0xb7794b70) at pthread_create.c:300
#4 0xb75e6a0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 3 (Thread 0xb6cc3b70 (LWP 11948)):
#0 0xb77a8422 in __kernel_vsyscall ()
#1 0xb76a5245 in sem_wait@@GLIBC_2.1 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_wait.S:80
#2 0x0812e199 in ?? ()
#3 0x081527ea in ?? ()
#4 0x081c3062 in ?? ()
#5 0x081e1925 in ?? ()
#6 0xb769e96e in start_thread (arg=0xb6cc3b70) at pthread_create.c:300
#7 0xb75e6a0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xb43b8b70 (LWP 11957)):
#0 0xb77a8422 in __kernel_vsyscall ()
#1 0xb76a5f5b in read () at ../sysdeps/unix/syscall-template.S:82
#2 0x080ca87e in ?? ()
#3 <signal handler called>
#4 0xb77a8422 in __kernel_vsyscall ()
#5 0xb7543651 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6 0xb7546a82 in *__GI_abort () at abort.c:92
#7 0xb757a49d in __libc_message (do_abort=2, fmt=0xb764ef58 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#8 0xb7584591 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x9fcc5e0) at malloc.c:6264
#9 0xb7585de8 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4792
#10 0xb7588ecd in *__GI___libc_free (mem=0x9fcc5e0) at malloc.c:3738
#11 0xb6472a21 in cairo_font_face_destroy () from /usr/lib/libcairo.so.2
#12 0xb6476b10 in ?? () from /usr/lib/libcairo.so.2
#13 0xb6470a4e in cairo_destroy () from /usr/lib/libcairo.so.2
#14 0xb64f1e96 in GdipDeleteGraphics () from /usr/lib/libgdiplus.so.0
#15 0xb56bfcc5 in ?? ()
#16 0xb56bfc33 in ?? ()
#17 0xb3dbda47 in ?? ()
#18 0xb3dbc677 in ?? ()
#19 0xb70c5011 in ?? ()
#20 0x08110ef4 in mono_runtime_delegate_invoke ()
#21 0x0815285b in ?? ()
#22 0x081c3062 in ?? ()
#23 0x081e1925 in ?? ()
#24 0xb769e96e in start_thread (arg=0xb43b8b70) at pthread_create.c:300
#25 0xb75e6a0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb74e66f0 (LWP 11946)):
#0 0xb77a8422 in __kernel_vsyscall ()
#1 0xb75d8b86 in *__GI___poll (fds=0xb766eff4, nfds=2, timeout=15) at ../sysdeps/unix/sysv/linux/poll.c:87
#2 0xb55bb109 in ?? ()
#3 0xb55b9436 in ?? ()
#4 0xb55db53f in ?? ()
#5 0xb55d845b in ?? ()
#6 0xb55d8122 in ?? ()
#7 0xb568184e in ?? ()
#8 0xb5680d1b in ?? ()
#9 0xb56809cc in ?? ()
#10 0xb70b82c7 in ?? ()
#11 0xb70b81fb in ?? ()
#12 0x08113b1e in mono_runtime_exec_main ()
#13 0x0811429a in mono_runtime_run_main ()
#14 0x080b3524 in mono_main ()
#15 0x0805ad25 in ?? ()
#16 0xb752fbd6 in __libc_start_main (main=0x805ad00, argc=2, ubp_av=0xbfedaa94, init=0x81e6be0, fini=0x81e6bd0, rtld_fini=0xb77b70c0 <_dl_fini>,
    stack_end=0xbfedaa8c) at libc-start.c:226
#17 0x0805ac61 in ?? ()

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================

Aborted

Launchpad Janitor (janitor)
Changed in mono (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.