malloc problems in -current malloc_usable_size()

Jason Evans jasone at freebsd.org
Tue Mar 2 17:17:05 UTC 2010


Mark Atkinson wrote:
> I updated my kernel/world yesterday and thunderbird 3.0.2 started core
> dumping after I completed the upgrade.   It continued to do so on
> previously good operations after a full re-compile.
> 
> I noticed that some jemalloc changes went in and was wondering if anyone
> else was noticing SEGV problems in other apps with malloc_usable_size()
> or ARENA problems in threaded apps?
> 
> (gdb) bt
> #0  0x28eacb14 in malloc_usable_size () from /lib/libc.so.7
> #1  0x28eadbaa in free () from /lib/libc.so.7
> #2  0x2ed9ac22 in gss_release_buffer () from /usr/lib/libgssapi.so.10

This failure (segfault due to accessing an unmapped region of memory) is
more subtle than I would typically expect of a malloc bug.  My approach
to debugging this would be to turn on tracing (see MALLOC_OPTIONS=U
docs) and see if the pointer passed to free() was valid (i.e. returned
by malloc/calloc/realloc, but not yet freed).

Jason



More information about the freebsd-current mailing list