From owner-freebsd-current@FreeBSD.ORG Fri Sep 5 16:41:19 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C85101065671 for ; Fri, 5 Sep 2008 16:41:19 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp6.versatel.nl (smtp6.versatel.nl [62.58.50.97]) by mx1.freebsd.org (Postfix) with ESMTP id D2EF68FC20 for ; Fri, 5 Sep 2008 16:41:18 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 22009 invoked by uid 0); 5 Sep 2008 16:14:37 -0000 Received: from ip83-113-174-82.adsl2.static.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp6.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 5 Sep 2008 16:14:37 -0000 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id 19E465C1D; Fri, 5 Sep 2008 18:14:37 +0200 (CEST) Message-ID: <48C15AEA.4070704@quis.cx> Date: Fri, 05 Sep 2008 18:14:34 +0200 From: Jille Timmermans User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: FreeBSD Current X-Enigmail-Version: 0.95.7 Content-Type: multipart/mixed; boundary="------------090302050406070102040701" Cc: Ed Schouten Subject: Segmentation fault in malloc_usable_size() (libc) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 16:41:19 -0000 This is a multi-part message in MIME format. --------------090302050406070102040701 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello current, I switched over to current a fews days ago. And I ran into a bug (file attached, log pasted): [quis@blackbox ~/crash]$ cc -o crash-thread crash-thread.c -lpthread [quis@blackbox ~/crash]$ gdb crash-thread GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)... (gdb) run Starting program: /usr/home/quis/crash/crash-thread (no debugging symbols found)...[New LWP 100073] (no debugging symbols found)...(no debugging symbols found)...[New Thread 0x8101140 (LWP 100073)] [New Thread 0x8119140 (LWP 100047)] [Thread 0x8101140 (LWP 100073) exited] [New Thread 0x8101140 (LWP 100073)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x8119140 (LWP 100047)] 0x281028f6 in malloc_usable_size () from /lib/libc.so.7 (gdb) bt #0 0x281028f6 in malloc_usable_size () from /lib/libc.so.7 #1 0x28105ec1 in calloc () from /lib/libc.so.7 #2 0x2809143d in pthread_mutexattr_init () from /lib/libthr.so.3 #3 0x28091740 in pthread_mutex_getyieldloops_np () from /lib/libthr.so.3 #4 0x00000001 in ?? () #5 0x28075978 in ?? () from /libexec/ld-elf.so.1 #6 0x2815bb10 in bsearch () from /lib/libc.so.7 Previous frame inner to this frame (corrupt stack?) I am running world + kernel r182722 (with the packet-mode patch from Ed Schouten). When removing the malloc() from the code, it won't crash. When stepping through, the crash happens when you execute pthread_exit(NULL). Ed told me he saw this (some day) before on livefs. -- Jille Timmermans --------------090302050406070102040701 Content-Type: text/plain; name="crash-thread.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="crash-thread.c" #include #include #include void * server(void *self) { malloc(1); } int main(int argc, char **argv) { pthread_t thr; pthread_create(&thr, NULL, (void *)server, NULL); pthread_exit(NULL); } --------------090302050406070102040701--