Project

General

Profile

Actions

Bug #2034

closed

assertion: z->z_Magic == ZALLOC_SLAB_MAGIC in _slabfree

Added by pavalos over 13 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

I'm receiving the following assertion when running vlc and tinyproxy:

assertion: z->z_Magic == ZALLOC_SLAB_MAGIC in _slabfree

My vlc was compiled with gcc 4.1.2, and my world is gcc 4.4. vlc hits
this assertion very early, and only runs for a second or so. Here's the
backtrace:

(gdb) bt
#0  0x2820efbf in kill () at kill.S:2
#1  0x281a1fcc in _raise (sig=6) at /usr/src/lib/libthread_xu/thread/thr_syscalls.c:438
#2  0x2828a88e in abort () at /usr/src/lib/libc/../libc/stdlib/abort.c:63
#3  0x2821ac39 in _mpanic (ctl=0x28290918 "assertion: %s in %s") at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1715
#4  0x2821b875 in _slabfree (ptr=<value optimized out>, flags=<value optimized out>, rbigp=0x0) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1165
#5  0x2821bd7b in free (ptr=0x2abca1bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6  0x2ac85455 in operator delete (ptr=0x0)
    at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7  0x2ac19385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abca1bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95
#8  std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_destroy (this=0x2abca1bc, __a=...)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:427
#9  0x2ac1ad87 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_dispose (this=0x28346dd4, __res=5)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.h:231
#10 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::reserve (this=0x28346dd4, __res=5)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:489
#11 0x2ac1ae77 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::append (this=0x28346dd4, __n=5, __c=0 L'\000')
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:289
#12 0x2ab3cd30 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::resize (this=0x0, __n=5, __c=0 L'\000')
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.1/bits/basic_string.tcc:626
#13 0x2b2ff85c in TagLib::String::String(char const*, TagLib::String::Type) () from /usr/pkg/lib/libtag.so.1
#14 0x2b2ebb3a in __static_initialization_and_destruction_0 () from /usr/pkg/lib/libtag.so.1
#15 0x2b31b300 in __do_global_ctors_aux () from /usr/pkg/lib/libtag.so.1
#16 0x2b2d014a in _init () from /usr/pkg/lib/libtag.so.1
#17 0x2805289f in objlist_call_init (list=<value optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:1498
#18 0x280544bc in dlopen (name=0x283a0600 "/usr/pkg/lib/vlc/plugins/meta_engine/libtaglib_plugin.so", mode=2) at /usr/src/libexec/rtld-elf/rtld.c:1865
#19 0x2813d3d9 in ?? () from /usr/pkg/lib/libvlccore.so.4
#20 0x283a0600 in ?? ()
#21 0x00000002 in ?? ()
#22 0x00000000 in ?? ()
Current language:  auto
The current source language is "auto; currently asm".

I can't tell if this is a libstdc++, gcc44, or a nmalloc bug.

When I attempt to compile a new version of vlc from pkgsrc, it fails
hitting the same assertion when running lt-vlc-cache-gen as part of the
build process. This also happens with gcc41. The backtrace looks
similar:

(gdb) bt
#0  0x2820dfbf in kill () at kill.S:2
#1  0x2818cfcc in _raise (sig=6) at /usr/src/lib/libthread_xu/thread/thr_syscalls.c:438
#2  0x2828988e in abort () at /usr/src/lib/libc/../libc/stdlib/abort.c:63
#3  0x28219c39 in _mpanic (ctl=0x2828f918 "assertion: %s in %s") at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1715
#4  0x2821a875 in _slabfree (ptr=<value optimized out>, flags=<value optimized out>, rbigp=0x0) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:1165
#5  0x2821ad7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6  0x2ac93455 in operator delete (ptr=0x0)
    at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7  0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95
#8  std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_destroy (this=0x2abd81bc, __a=...)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:427
#9  0x2ac28d87 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::_Rep::_M_dispose (this=0x28346d94, __res=5)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.h:231
#10 std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::reserve (this=0x28346d94, __res=5)
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:489
#11 0x2ac28e77 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::append (this=0x28346d94, __n=5, __c=0 L'\000')
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/bits/basic_string.tcc:289
#12 0x2ab4ad30 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::resize (this=0x0, __n=5, __c=0 L'\000')
    at /usr/obj/usr/src/world_i386/usr/include/c++/4.1/bits/basic_string.tcc:626
#13 0x2b30285c in TagLib::String::String(char const*, TagLib::String::Type) () from /usr/pkg/lib/libtag.so.1
#14 0x2b2eeb3a in __static_initialization_and_destruction_0 () from /usr/pkg/lib/libtag.so.1
#15 0x2b31e300 in __do_global_ctors_aux () from /usr/pkg/lib/libtag.so.1
#16 0x2b2d314a in _init () from /usr/pkg/lib/libtag.so.1
#17 0x2805189f in objlist_call_init (list=<value optimized out>) at /usr/src/libexec/rtld-elf/rtld.c:1498
#18 0x280534bc in dlopen (name=0x28330600 "/usr/pkg/lib/vlc/plugins/meta_engine/libtaglib_plugin.so", mode=2) at /usr/src/libexec/rtld-elf/rtld.c:1865
#19 0x2813c3d9 in ?? () from /usr/pkg/lib/libvlccore.so.4
#20 0x28330600 in ?? ()
#21 0x00000002 in ?? ()
#22 0x00000000 in ?? ()
Current language:  auto
The current source language is "auto; currently asm".

I can't seem to find any core file from tinyproxy, but I do see the
assertion pop up on the pty where i started tinyproxy from.

--Peter

Actions #1

Updated by pavalos over 13 years ago

On Thu, Mar 24, 2011 at 10:00:59AM +0100, Magliano Andre' wrote:

Hi Peter,

it seems to me (if i don't see ghosts) that the problem is at:

#6 0x2ac85455 in operator delete (ptr=0x0)

but if i look in
/usr/src/contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
i see:

_GLIBCXX_WEAK_DEFINITION void
operator delete(void* ptr) throw () {
if (ptr)
std::free(ptr);
}

i.e. checking against NULL pointer is done, so it should'nt happen.

I'm not sure what's going on there...

#5 0x2821bd7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6 0x2ac93455 in operator delete (ptr=0x0)
at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7 0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95

Notice that in #7, you have this=0x2abd81bc and in #5 you have
ptr=0x2abd81bc. Not sure how to explain that...

What happens if you recompile vlc with gcc 4.4?

I can't compile vlc any more. It fails during the build. The 2nd
backtrace is when I attempt to build vlc (it tries to run some program
as part of the build that winds up hitting the assertion).

Actions #2

Updated by masterblaster over 13 years ago

Hi Peter,

On 3/24/2011, "Peter Avalos" <> wrote:

On Thu, Mar 24, 2011 at 10:00:59AM +0100, Magliano Andre' wrote:

Hi Peter,

it seems to me (if i don't see ghosts) that the problem is at:

#6 0x2ac85455 in operator delete (ptr=0x0)

but if i look in
/usr/src/contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
i see:

_GLIBCXX_WEAK_DEFINITION void
operator delete(void* ptr) throw () {
if (ptr)
std::free(ptr);
}

i.e. checking against NULL pointer is done, so it should'nt happen.

I'm not sure what's going on there...

#5 0x2821bd7b in free (ptr=0x2abd81bc) at /usr/src/lib/libc/../libc/stdlib/nmalloc.c:774
#6 0x2ac93455 in operator delete (ptr=0x0)
at /usr/src/gnu/lib/gcc44/libstdc++/../../../usr.bin/cc44/cc_tools/../../../../contrib/gcc-4.4/libstdc++-v3/libsupc++/del_op.cc:44
#7 0x2ac27385 in __gnu_cxx::new_allocator<char>::deallocate (this=0x2abd81bc, __a=...) at /usr/obj/usr/src/world_i386/usr/include/c++/4.4/ext/new_allocator.h:95

Notice that in #7, you have this=0x2abd81bc and in #5 you have
ptr=0x2abd81bc. Not sure how to explain that...

this seems to me procedure call stack corruption, which i experienced
some times in case of

- writing data out of bounds (array index out of range for example)
- binary mismatch (this case?)

What happens if you recompile vlc with gcc 4.4?

I can't compile vlc any more. It fails during the build. The 2nd
backtrace is when I attempt to build vlc (it tries to run some program
as part of the build that winds up hitting the assertion).

Well, maybe it would be worth fixing vlc compilation with gcc44 if
there's even the suspect of hunting a ghost...

ByE!

Actions #3

Updated by tuxillo over 2 years ago

  • Description updated (diff)
  • Assignee deleted (0)
Actions #4

Updated by tuxillo over 2 years ago

  • Status changed from New to Closed
  • Assignee set to tuxillo

We no longer use pkgsrc. Also, invoking vlc or tinyproxy does not trigger this anymore.

Actions

Also available in: Atom PDF