Bug #2034

assertion: z->z_Magic == ZALLOC_SLAB_MAGIC in _slabfree

Added by pavalos about 3 years ago. Updated about 3 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

I'm receiving the following assertion when running vlc and tinyproxy:

assertion: z->z_Magic == ZALLOC_SLAB_MAGIC in _slabfree

My vlc was compiled with gcc 4.1.2, and my world is gcc 4.4. vlc hits
this assertion very early, and only runs for a second or so. Here's the
backtrace:

(gdb) bt
#0 0x2820efbf in kill () at kill.S:2
#1 0x281a1fcc in _raise (sig=6) at /usr/src/lib/libthread_xu/thread/thr_syscalls.c:438
#2 0x2828a88e in abort () at /usr/src/lib/libc/../libc/stdlib/abort.c:63
#3 0x2821ac39 in _mpanic (ctl=0x28290918 "assertion: %s in %s") at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1715
#4 0x2821b875 in _slabfree (ptr=<value optimized out>, flags=<value optimized out>, rbigp=0x0) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1165
#5 0x2821bd7b in free (ptr=0x2abca1bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6 0x2ac85455 in operator delete (ptr=0x0)
at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7 0x2ac19385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abca1bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95
#8 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_destroy (this=0x2abca1bc, __a=...)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:427
#9 0x2ac1ad87 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_dispose (this=0x28346dd4, __res=5)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.h:231
#10 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::reserve (this=0x28346dd4, __res=5)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:489
#11 0x2ac1ae77 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::append (this=0x28346dd4, __n=5, __c=0 L'\000')
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:289
#12 0x2ab3cd30 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::resize (this=0x0, __n=5, __c=0 L'\000')
at /usr/obj/usr/src/world_i386/usr/include/c++/4.1/bits/basic_string.tcc:626
#13 0x2b2ff85c in TagLib::String::String(char const*, TagLib::String::Type) () from /usr/pkg/lib/libtag.so.1
#14 0x2b2ebb3a in __static_initialization_and_destruction_0 () from /usr/pkg/lib/libtag.so.1
#15 0x2b31b300 in __do_global_ctors_aux () from /usr/pkg/lib/libtag.so.1
#16 0x2b2d014a in _init () from /usr/pkg/lib/libtag.so.1
#17 0x2805289f in objlist_call_init (list=<value optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:1498
#18 0x280544bc in dlopen (name=0x283a0600 "/usr/pkg/lib/vlc/plugins/meta_engine/libtaglib_plugin.so", mode=2) at /usr/src/libexec/rtld-elf/rtld.c:1865
#19 0x2813d3d9 in ?? () from /usr/pkg/lib/libvlccore.so.4
#20 0x283a0600 in ?? ()
#21 0x00000002 in ?? ()
#22 0x00000000 in ?? ()
Current language: auto
The current source language is "auto; currently asm".

I can't tell if this is a libstdc++, gcc44, or a nmalloc bug.

When I attempt to compile a new version of vlc from pkgsrc, it fails
hitting the same assertion when running lt-vlc-cache-gen as part of the
build process. This also happens with gcc41. The backtrace looks
similar:

(gdb) bt
#0 0x2820dfbf in kill () at kill.S:2
#1 0x2818cfcc in _raise (sig=6) at /usr/src/lib/libthread_xu/thread/thr_syscalls.c:438
#2 0x2828988e in abort () at /usr/src/lib/libc/../libc/stdlib/abort.c:63
#3 0x28219c39 in _mpanic (ctl=0x2828f918 "assertion: %s in %s") at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1715
#4 0x2821a875 in _slabfree (ptr=<value optimized out>, flags=<value optimized out>, rbigp=0x0) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1165
#5 0x2821ad7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6 0x2ac93455 in operator delete (ptr=0x0)
at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7 0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95
#8 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_destroy (this=0x2abd81bc, __a=...)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:427
#9 0x2ac28d87 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_dispose (this=0x28346d94, __res=5)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.h:231
#10 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::reserve (this=0x28346d94, __res=5)
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:489
#11 0x2ac28e77 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::append (this=0x28346d94, __n=5, __c=0 L'\000')
at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:289
#12 0x2ab4ad30 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::resize (this=0x0, __n=5, __c=0 L'\000')
at /usr/obj/usr/src/world_i386/usr/include/c++/4.1/bits/basic_string.tcc:626
#13 0x2b30285c in TagLib::String::String(char const*, TagLib::String::Type) () from /usr/pkg/lib/libtag.so.1
#14 0x2b2eeb3a in __static_initialization_and_destruction_0 () from /usr/pkg/lib/libtag.so.1
#15 0x2b31e300 in __do_global_ctors_aux () from /usr/pkg/lib/libtag.so.1
#16 0x2b2d314a in _init () from /usr/pkg/lib/libtag.so.1
#17 0x2805189f in objlist_call_init (list=<value optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:1498
#18 0x280534bc in dlopen (name=0x28330600 "/usr/pkg/lib/vlc/plugins/meta_engine/libtaglib_plugin.so", mode=2) at /usr/src/libexec/rtld-elf/rtld.c:1865
#19 0x2813c3d9 in ?? () from /usr/pkg/lib/libvlccore.so.4
#20 0x28330600 in ?? ()
#21 0x00000002 in ?? ()
#22 0x00000000 in ?? ()
Current language: auto
The current source language is "auto; currently asm".

I can't seem to find any core file from tinyproxy, but I do see the
assertion pop up on the pty where i started tinyproxy from.

--Peter

History

#1 Updated by pavalos about 3 years ago

On Thu, Mar 24, 2011 at 10:00:59AM +0100, Magliano Andre' wrote:
> Hi Peter,
>
> it seems to me (if i don't see ghosts) that the problem is at:
>
> #6 0x2ac85455 in operator delete (ptr=0x0)
>
> but if i look in
> /usr/src/contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
> i see:
>
> _GLIBCXX_WEAK_DEFINITION void
> operator delete(void* ptr) throw ()
> {
> if (ptr)
> std::free(ptr);
> }
>
> i.e. checking against NULL pointer is done, so it should'nt happen.
>

I'm not sure what's going on there...

#5 0x2821bd7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6 0x2ac93455 in operator delete (ptr=0x0)
at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7 0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95

Notice that in #7, you have this=0x2abd81bc and in #5 you have
ptr=0x2abd81bc. Not sure how to explain that...

> What happens if you recompile vlc with gcc 4.4?
>

I can't compile vlc any more. It fails during the build. The 2nd
backtrace is when I attempt to build vlc (it tries to run some program
as part of the build that winds up hitting the assertion).

#2 Updated by masterblaster about 3 years ago

Hi Peter,

On 3/24/2011, "Peter Avalos" <> wrote:

>On Thu, Mar 24, 2011 at 10:00:59AM +0100, Magliano Andre' wrote:
>> Hi Peter,
>>
>> it seems to me (if i don't see ghosts) that the problem is at:
>>
>> #6 0x2ac85455 in operator delete (ptr=0x0)
>>
>> but if i look in
>> /usr/src/contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
>> i see:
>>
>> _GLIBCXX_WEAK_DEFINITION void
>> operator delete(void* ptr) throw ()
>> {
>> if (ptr)
>> std::free(ptr);
>> }
>>
>> i.e. checking against NULL pointer is done, so it should'nt happen.
>>
>
>I'm not sure what's going on there...
>
>#5 0x2821bd7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
>#6 0x2ac93455 in operator delete (ptr=0x0)
> at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
>#7 0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95
>
>Notice that in #7, you have this=0x2abd81bc and in #5 you have
>ptr=0x2abd81bc. Not sure how to explain that...

this seems to me procedure call stack corruption, which i experienced
some times in case of

- writing data out of bounds (array index out of range for example)
- binary mismatch (this case?)

>> What happens if you recompile vlc with gcc 4.4?
>>
>
>I can't compile vlc any more. It fails during the build. The 2nd
>backtrace is when I attempt to build vlc (it tries to run some program
>as part of the build that winds up hitting the assertion).

Well, maybe it would be worth fixing vlc compilation with gcc44 if
there's even the suspect of hunting a ghost...

ByE!

Also available in: Atom PDF