From owner-freebsd-current@FreeBSD.ORG Mon Sep 22 16:24:40 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D34461065739 for ; Mon, 22 Sep 2008 16:24:40 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp1.versatel.nl (smtp1.versatel.nl [62.58.50.88]) by mx1.freebsd.org (Postfix) with ESMTP id 8A0F38FC17 for ; Mon, 22 Sep 2008 16:24:38 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 3180 invoked by uid 0); 22 Sep 2008 16:24:35 -0000 Received: from ip83-113-174-82.adsl2.static.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp1.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 22 Sep 2008 16:24:35 -0000 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id CDADF5C1D for ; Mon, 22 Sep 2008 18:24:34 +0200 (CEST) Message-ID: <48D7C6BF.8030702@quis.cx> Date: Mon, 22 Sep 2008 18:24:31 +0200 From: Jille Timmermans User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: freebsd-current@freebsd.org X-Enigmail-Version: 0.95.7 Content-Type: multipart/mixed; boundary="------------000709080900010503030109" Subject: assertion failed in libc/stdlib/malloc.c X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 16:24:41 -0000 This is a multi-part message in MIME format. --------------000709080900010503030109 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, I ran into an assertion failure in malloc.c; I'm running HEAD of 20 sept (i386). Assertion failed: (arena->magic == ARENA_MAGIC), function arena_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 3837. Here is (my stripped down) program (crash.c), a file it reads data from (doolhof), and output from: compiling, running and gdb on the .core (typescript (not really a typescript (anymore))). If mailman eats the attachments I will reply with urls. -- Jille --------------000709080900010503030109 Content-Type: text/plain; name="doolhof" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="doolhof" 0 0 0 0 0 1 0 0 0 18 --------------000709080900010503030109 Content-Type: text/plain; name="kernel.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="kernel.c" #include #include #define MAP_WIDTH 1 #define MAP_HEIGHT 1 typedef enum { LEEG, BAL, MUUR } hokje; hokje map[MAP_HEIGHT][MAP_WIDTH]; int main(int argc, char **argv) { int kx, ky, kd, bx, by, hmuren, vmuren; FILE *fh = fopen("doolhof", "r"); fscanf(fh, "%d %d %d %d %d %d %d\n", &kx, &ky, &kd, &bx, &by, &hmuren, &vmuren); while(hmuren--) { int mx, my, md; fscanf(fh, "%d %d %d\n", &mx, &my, &md); while(md--) { map[my][mx] = MUUR; mx++; } } fclose(fh); return 0; } --------------000709080900010503030109 Content-Type: text/plain; name="typescript" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="typescript" $ gcc -nodefaultlibs -o crash crash.c /usr/obj/usr/src/lib/libc/libc.so.7 $ LD_LIBRARY_PATH=/usr/obj/usr/src/lib/libc ./crash Assertion failed: (arena->magic == ARENA_MAGIC), function arena_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 3837. Abort trap (core dumped) $ gdb crash crash.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)... Core was generated by `crash'. Program terminated with signal 6, Aborted. Reading symbols from /usr/obj/usr/src/lib/libc/libc.so.7...done. Loaded symbols for /usr/obj/usr/src/lib/libc/libc.so.7 Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x281687d7 in kill () at kill.S:2 2 RSYSCALL(kill) (gdb) bt #0 0x281687d7 in kill () at kill.S:2 #1 0x28168736 in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:46 #2 0x2816735a in abort () at /usr/src/lib/libc/stdlib/abort.c:65 #3 0x2814d676 in __assert (func=0x6
, file=0x5
, line=0, failedexpr=0x28170169 "arena->magic == ARENA_MAGIC") at /usr/src/lib/libc/gen/assert.c:54 #4 0x280ef7e5 in idalloc (ptr=0x8101000) at /usr/src/lib/libc/stdlib/malloc.c:3837 #5 0x280f00b7 in free (ptr=0x8101000) at /usr/src/lib/libc/stdlib/malloc.c:5447 #6 0x2815249e in fclose (fp=0x28192060) at /usr/src/lib/libc/stdio/fclose.c:61 #7 0x08048558 in main () Current language: auto; currently asm (gdb) frame 7 #7 0x08048558 in main () (gdb) list 61 free((char *)fp->_bf._base); 62 if (HASUB(fp)) 63 FREEUB(fp); 64 if (HASLB(fp)) 65 FREELB(fp); 66 fp->_file = -1; 67 fp->_r = fp->_w = 0; /* Mess up if reaccessed. */ 68 fp->_flags = 0; /* Release this FILE for reuse. */ 69 FUNLOCKFILE(fp); 70 return (r); (gdb) frame 6 #6 0x2815249e in fclose (fp=0x28192060) at /usr/src/lib/libc/stdio/fclose.c:61 61 free((char *)fp->_bf._base); Current language: auto; currently c (gdb) list 56 FLOCKFILE(fp); 57 r = fp->_flags & __SWR ? __sflush(fp) : 0; 58 if (fp->_close != NULL && (*fp->_close)(fp->_cookie) < 0) 59 r = EOF; 60 if (fp->_flags & __SMBF) 61 free((char *)fp->_bf._base); 62 if (HASUB(fp)) 63 FREEUB(fp); 64 if (HASLB(fp)) 65 FREELB(fp); (gdb) frame 5 #5 0x280f00b7 in free (ptr=0x8101000) at /usr/src/lib/libc/stdlib/malloc.c:5447 5447 idalloc(ptr); (gdb) list 5442 5443 UTRACE(ptr, 0, 0); 5444 if (ptr != NULL) { 5445 assert(malloc_initialized); 5446 5447 idalloc(ptr); 5448 } 5449 } 5450 5451 /* (gdb) frame 4 #4 0x280ef7e5 in idalloc (ptr=0x8101000) at /usr/src/lib/libc/stdlib/malloc.c:3837 3837 assert(arena->magic == ARENA_MAGIC); (gdb) list 3832 { 3833 size_t pageind; 3834 arena_chunk_map_t *mapelm; 3835 3836 assert(arena != NULL); 3837 assert(arena->magic == ARENA_MAGIC); 3838 assert(chunk->arena == arena); 3839 assert(ptr != NULL); 3840 assert(CHUNK_ADDR2BASE(ptr) != ptr); 3841 (gdb) --------------000709080900010503030109--