Date: Sat, 06 Sep 2008 09:59:23 -0700 From: Jason Evans <jasone@FreeBSD.org> To: Jille Timmermans <jille@quis.cx> Cc: FreeBSD Current <current@freebsd.org>, David Xu <davidxu@freebsd.org> Subject: Re: Segmentation fault in malloc_usable_size() (libc) Message-ID: <48C2B6EB.5000608@FreeBSD.org> In-Reply-To: <48C15AEA.4070704@quis.cx> References: <48C15AEA.4070704@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Jille Timmermans wrote: > I switched over to current a fews days ago. > And I ran into a bug (file attached, log pasted): The stack trace you got is totally bogus, but the problem is real. This crash is due to recent changes in malloc that use TLS for thread-specific caching. The problem is that malloc is being used after a thread has effectively exited. #0 0x00000008007c7b35 in arena_malloc (arena=0x500a98, size=80, zero=true) at /usr/src/lib/libc/stdlib/malloc.c:3223 #1 0x00000008007caf4b in calloc (num=1, size=80) at /usr/src/lib/libc/stdlib/malloc.c:3395 #2 0x0000000800649c94 in mutex_init (mutex=0x8009785c0, mutex_attr=Variable "mutex_attr" is not available. ) at /usr/src/lib/libthr/thread/thr_mutex.c:144 #3 0x0000000800649f41 in init_static (thread=0x608e40, mutex=0x8009785c0) at /usr/src/lib/libthr/thread/thr_mutex.c:188 #4 0x000000080064ab31 in __pthread_mutex_lock (mutex=0x8009785c0) at /usr/src/lib/libthr/thread/thr_mutex.c:445 #5 0x000000080081c63c in __cxa_finalize (dso=0x0) at /usr/src/lib/libc/stdlib/atexit.c:161 #6 0x00000008007ccbe7 in exit (status=0) at /usr/src/lib/libc/stdlib/exit.c:67 #7 0x000000080064e5c6 in _pthread_exit (status=Variable "status" is not available. ) at /usr/src/lib/libthr/thread/thr_exit.c:109 #8 0x0000000800646219 in thread_start (curthread=0x608e40) at /usr/src/lib/libthr/thread/thr_create.c:288 #9 0x0000000000000000 in ?? () The call to _malloc_thread_cleanup() in _pthread_exit() I added at /usr/src/lib/libthr/thread/thr_exit.c:100 is too early in the case that _thread_active_threads is decremented to 0 below. I don't know off the top of my head what the best fix is (i.e. where the _malloc_thread_cleanup() call is really safe); perhaps David Xu has a suggestion. Thanks, Jason
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C2B6EB.5000608>