Segmentation fault in malloc_usable_size() (libc)

Jason Evans jasone at
Sat Sep 6 17:24:44 UTC 2008

Jille Timmermans wrote:
> I switched over to current a fews days ago.
> And I ran into a bug (file attached, log pasted):

The stack trace you got is totally bogus, but the problem is real.  This 
crash is due to recent changes in malloc that use TLS for 
thread-specific caching.  The problem is that malloc is being used after 
a thread has effectively exited.

#0  0x00000008007c7b35 in arena_malloc (arena=0x500a98, size=80, 
zero=true) at /usr/src/lib/libc/stdlib/malloc.c:3223
#1  0x00000008007caf4b in calloc (num=1, size=80) at 
#2  0x0000000800649c94 in mutex_init (mutex=0x8009785c0, 
mutex_attr=Variable "mutex_attr" is not available.
) at /usr/src/lib/libthr/thread/thr_mutex.c:144
#3  0x0000000800649f41 in init_static (thread=0x608e40, 
mutex=0x8009785c0) at /usr/src/lib/libthr/thread/thr_mutex.c:188
#4  0x000000080064ab31 in __pthread_mutex_lock (mutex=0x8009785c0) at 
#5  0x000000080081c63c in __cxa_finalize (dso=0x0) at 
#6  0x00000008007ccbe7 in exit (status=0) at 
#7  0x000000080064e5c6 in _pthread_exit (status=Variable "status" is not 
) at /usr/src/lib/libthr/thread/thr_exit.c:109
#8  0x0000000800646219 in thread_start (curthread=0x608e40) at 
#9  0x0000000000000000 in ?? ()

The call to _malloc_thread_cleanup() in _pthread_exit() I added at 
/usr/src/lib/libthr/thread/thr_exit.c:100 is too early in the case that 
_thread_active_threads is decremented to 0 below.  I don't know off the 
top of my head what the best fix is (i.e. where the 
_malloc_thread_cleanup() call is really safe); perhaps David Xu has a 


More information about the freebsd-current mailing list