Segmentation fault in malloc_usable_size() (libc)

From: Jille Timmermans <jille_at_quis.cx>
Date: Fri, 05 Sep 2008 18:14:34 +0200
Hello current,

I switched over to current a fews days ago.
And I ran into a bug (file attached, log pasted):

[quis_at_blackbox ~/crash]$ cc -o crash-thread crash-thread.c -lpthread
[quis_at_blackbox ~/crash]$ gdb crash-thread
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols
found)...
(gdb) run
Starting program: /usr/home/quis/crash/crash-thread
(no debugging symbols found)...[New LWP 100073]
(no debugging symbols found)...(no debugging symbols found)...[New
Thread 0x8101140 (LWP 100073)]
[New Thread 0x8119140 (LWP 100047)]
[Thread 0x8101140 (LWP 100073) exited]
[New Thread 0x8101140 (LWP 100073)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x8119140 (LWP 100047)]
0x281028f6 in malloc_usable_size () from /lib/libc.so.7
(gdb) bt
#0  0x281028f6 in malloc_usable_size () from /lib/libc.so.7
#1  0x28105ec1 in calloc () from /lib/libc.so.7
#2  0x2809143d in pthread_mutexattr_init () from /lib/libthr.so.3
#3  0x28091740 in pthread_mutex_getyieldloops_np () from /lib/libthr.so.3
#4  0x00000001 in ?? ()
#5  0x28075978 in ?? () from /libexec/ld-elf.so.1
#6  0x2815bb10 in bsearch () from /lib/libc.so.7
Previous frame inner to this frame (corrupt stack?)


I am running world + kernel r182722 (with the packet-mode patch from Ed
Schouten).

When removing the malloc() from the code, it won't crash.
When stepping through, the crash happens when you execute
pthread_exit(NULL).

Ed told me he saw this (some day) before on livefs.


-- Jille Timmermans

#include <stdlib.h>
#include <string.h>
#include <pthread.h>

void *
server(void *self) {
	malloc(1);
}


int
main(int argc, char **argv) {
	pthread_t thr;
	pthread_create(&thr, NULL, (void *)server, NULL);
	pthread_exit(NULL);
}
Received on Fri Sep 05 2008 - 14:41:19 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:34 UTC