Segmentation fault in malloc_usable_size() (libc)
Jason Evans
jasone at FreeBSD.org
Sat Sep 6 17:24:44 UTC 2008
Jille Timmermans wrote:
> I switched over to current a fews days ago.
> And I ran into a bug (file attached, log pasted):
The stack trace you got is totally bogus, but the problem is real. This
crash is due to recent changes in malloc that use TLS for
thread-specific caching. The problem is that malloc is being used after
a thread has effectively exited.
#0 0x00000008007c7b35 in arena_malloc (arena=0x500a98, size=80,
zero=true) at /usr/src/lib/libc/stdlib/malloc.c:3223
#1 0x00000008007caf4b in calloc (num=1, size=80) at
/usr/src/lib/libc/stdlib/malloc.c:3395
#2 0x0000000800649c94 in mutex_init (mutex=0x8009785c0,
mutex_attr=Variable "mutex_attr" is not available.
) at /usr/src/lib/libthr/thread/thr_mutex.c:144
#3 0x0000000800649f41 in init_static (thread=0x608e40,
mutex=0x8009785c0) at /usr/src/lib/libthr/thread/thr_mutex.c:188
#4 0x000000080064ab31 in __pthread_mutex_lock (mutex=0x8009785c0) at
/usr/src/lib/libthr/thread/thr_mutex.c:445
#5 0x000000080081c63c in __cxa_finalize (dso=0x0) at
/usr/src/lib/libc/stdlib/atexit.c:161
#6 0x00000008007ccbe7 in exit (status=0) at
/usr/src/lib/libc/stdlib/exit.c:67
#7 0x000000080064e5c6 in _pthread_exit (status=Variable "status" is not
available.
) at /usr/src/lib/libthr/thread/thr_exit.c:109
#8 0x0000000800646219 in thread_start (curthread=0x608e40) at
/usr/src/lib/libthr/thread/thr_create.c:288
#9 0x0000000000000000 in ?? ()
The call to _malloc_thread_cleanup() in _pthread_exit() I added at
/usr/src/lib/libthr/thread/thr_exit.c:100 is too early in the case that
_thread_active_threads is decremented to 0 below. I don't know off the
top of my head what the best fix is (i.e. where the
_malloc_thread_cleanup() call is really safe); perhaps David Xu has a
suggestion.
Thanks,
Jason
More information about the freebsd-current
mailing list