search

DReichLab / AdmixTools

Tools test whether admixture occurred and more
183 stars 64 forks source link

qpGraph: free(): invalid next size (fast) #17

Open jrandall opened 7 years ago

jrandall commented 7 years ago

During a run of qpGraph, we got the following error:

...
starting analysis
number of initial random trials: 10792
*** glibc detected *** qpGraph: free(): invalid next size (fast): 0x00000000152d14d0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7da26)[0x2b0949deda26]
qpGraph[0x40a684]
qpGraph[0x404f51]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x2b0949d917ed]
qpGraph[0x4023a9]
======= Memory map: ========
00400000-00462000 r-xp 00000000 00:14 18410012                           /software/hgi/pkglocal/admixtools-5.0/bin/qpGraph
00661000-00662000 rw-p 00061000 00:14 18410012                           /software/hgi/pkglocal/admixtools-5.0/bin/qpGraph
00662000-00665000 rw-p 00000000 00:00 0 
011a0000-35a9f000 rw-p 00000000 00:00 0                                  [heap]
2b0948720000-2b0948742000 r-xp 00000000 08:06 251870234                  /lib/x86_64-linux-gnu/ld-2.15.so
2b0948742000-2b0948744000 rw-p 00000000 00:00 0 
2b0948942000-2b0948943000 r--p 00022000 08:06 251870234                  /lib/x86_64-linux-gnu/ld-2.15.so
2b0948943000-2b0948945000 rw-p 00023000 08:06 251870234                  /lib/x86_64-linux-gnu/ld-2.15.so
2b0948948000-2b0948f35000 r-xp 00000000 00:14 32105401                   /software/hgi/pkglocal/lapack-3.6.1/lib/liblapack.so.3.6.1
2b0948f35000-2b0949135000 ---p 005ed000 00:14 32105401                   /software/hgi/pkglocal/lapack-3.6.1/lib/liblapack.so.3.6.1
2b0949135000-2b0949138000 rw-p 005ed000 00:14 32105401                   /software/hgi/pkglocal/lapack-3.6.1/lib/liblapack.so.3.6.1
2b0949138000-2b0949184000 rw-p 00000000 00:00 0 
2b0949188000-2b09491df000 r-xp 00000000 00:14 32105398                   /software/hgi/pkglocal/lapack-3.6.1/lib/libblas.so.3.6.1
2b09491df000-2b09493de000 ---p 00057000 00:14 32105398                   /software/hgi/pkglocal/lapack-3.6.1/lib/libblas.so.3.6.1
2b09493de000-2b09493df000 rw-p 00056000 00:14 32105398                   /software/hgi/pkglocal/lapack-3.6.1/lib/libblas.so.3.6.1
2b09493e0000-2b09495f8000 r-xp 00000000 00:14 33164881                   /software/hgi/pkglocal/gsl-1.16/lib/libgsl.so.0.17.0
2b09495f8000-2b09497f7000 ---p 00218000 00:14 33164881                   /software/hgi/pkglocal/gsl-1.16/lib/libgsl.so.0.17.0
2b09497f7000-2b09497fa000 r--p 00217000 00:14 33164881                   /software/hgi/pkglocal/gsl-1.16/lib/libgsl.so.0.17.0
2b09497fa000-2b094980a000 rw-p 0021a000 00:14 33164881                   /software/hgi/pkglocal/gsl-1.16/lib/libgsl.so.0.17.0
2b094980a000-2b094980b000 rw-p 00000000 00:00 0 
2b0949810000-2b0949849000 r-xp 00000000 00:14 7763642                    /software/hgi/pkglocal/gsl-1.16/lib/libgslcblas.so.0.0.0
2b0949849000-2b0949a48000 ---p 00039000 00:14 7763642                    /software/hgi/pkglocal/gsl-1.16/lib/libgslcblas.so.0.0.0
2b0949a48000-2b0949a49000 r--p 00038000 00:14 7763642                    /software/hgi/pkglocal/gsl-1.16/lib/libgslcblas.so.0.0.0
2b0949a49000-2b0949a4a000 rw-p 00039000 00:14 7763642                    /software/hgi/pkglocal/gsl-1.16/lib/libgslcblas.so.0.0.0
2b0949a6a000-2b0949a6b000 rw-p 00000000 00:00 0 
2b0949a70000-2b0949b6b000 r-xp 00000000 08:06 251870238                  /lib/x86_64-linux-gnu/libm-2.15.so
2b0949b6b000-2b0949d6a000 ---p 000fb000 08:06 251870238                  /lib/x86_64-linux-gnu/libm-2.15.so
2b0949d6a000-2b0949d6b000 r--p 000fa000 08:06 251870238                  /lib/x86_64-linux-gnu/libm-2.15.so
2b0949d6b000-2b0949d6c000 rw-p 000fb000 08:06 251870238                  /lib/x86_64-linux-gnu/libm-2.15.so
2b0949d70000-2b0949f24000 r-xp 00000000 08:06 251870225                  /lib/x86_64-linux-gnu/libc-2.15.so
2b0949f24000-2b094a123000 ---p 001b4000 08:06 251870225                  /lib/x86_64-linux-gnu/libc-2.15.so
2b094a123000-2b094a127000 r--p 001b3000 08:06 251870225                  /lib/x86_64-linux-gnu/libc-2.15.so
2b094a127000-2b094a129000 rw-p 001b7000 08:06 251870225                  /lib/x86_64-linux-gnu/libc-2.15.so
2b094a129000-2b094a12e000 rw-p 00000000 00:00 0 
2b094a130000-2b094a24b000 r-xp 00000000 00:14 2038973                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libgfortran.so.3.0.0
2b094a24b000-2b094a44a000 ---p 0011b000 00:14 2038973                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libgfortran.so.3.0.0
2b094a44a000-2b094a44c000 rw-p 0011a000 00:14 2038973                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libgfortran.so.3.0.0
2b094a44c000-2b094a44d000 rw-p 00000000 00:00 0 
2b094a450000-2b094a466000 r-xp 00000000 00:14 31989922                   /software/hgi/pkglocal/gcc-4.9.1/lib64/libgcc_s.so.1
2b094a466000-2b094a665000 ---p 00016000 00:14 31989922                   /software/hgi/pkglocal/gcc-4.9.1/lib64/libgcc_s.so.1
2b094a665000-2b094a666000 rw-p 00015000 00:14 31989922                   /software/hgi/pkglocal/gcc-4.9.1/lib64/libgcc_s.so.1
2b094a668000-2b094a6a5000 r-xp 00000000 00:14 2038965                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libquadmath.so.0.0.0
2b094a6a5000-2b094a8a4000 ---p 0003d000 00:14 2038965                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libquadmath.so.0.0.0
2b094a8a4000-2b094a8a5000 rw-p 0003c000 00:14 2038965                    /software/hgi/pkglocal/gcc-4.9.1/lib64/libquadmath.so.0.0.0
2b094a8a5000-2b094b0a8000 rw-p 00000000 00:00 0 
7ffdf588c000-7ffdf58ae000 rw-p 00000000 00:00 0                          [stack]
7ffdf58e0000-7ffdf58e1000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

Using gdb, I've tracked this down to the free (ww2) call at the end of initvmix: https://github.com/DReichLab/AdmixTools/blob/master/src/qpGraph.c#L2183

jrandall commented 7 years ago

I've now also run it through valgrind, and it is reporting some problems with the write to ww2 by the vst function (and the subsequent read by the vvp function).

Valgrind output is below (note that the source line numbers are slightly off because I've added some debug printing to this version of the code). 

==58456== Invalid write of size 8
==58456==    at 0x43C529: vst (vsubs.c:27)
==58456==    by 0x40A56A: initvmix (qpGraph.c:2165) 
==58456==    by 0x404F50: main (qpGraph.c:812)      
==58456==  Address 0x3d525908 is 0 bytes after a block of size 104 alloc'd
==58456==    at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) 
==58456==    by 0x40A0DC: initvmix (qpGraph.c:2104) 
==58456==    by 0x404F50: main (qpGraph.c:812)      
==58456==                                 
==58456== Invalid read of size 8          
==58456==    at 0x43C622: vvp (vsubs.c:43)
==58456==    by 0x40A581: initvmix (qpGraph.c:2166) 
==58456==    by 0x404F50: main (qpGraph.c:812)      
==58456==  Address 0x3d525908 is 0 bytes after a block of size 104 alloc'd
==58456==    at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) 
==58456==    by 0x40A0DC: initvmix (qpGraph.c:2104) 
==58456==    by 0x404F50: main (qpGraph.c:812)      
==58456==                                 
--58456-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting       
--58456-- si_code=80;  Faulting address: 0x0;  sp: 0x402bdae00

In my modified code, qpGraph.c:2166 is: vst(ww2, wwinit, 0.5, nwts) ; and qpGraph.c:2167 is vvp(ww, ww, ww2, nwts) ;

jrandall commented 7 years ago

With our data, nwts = 18 and nvar = 13, so when vst(ww2, wwinit, 0.5, nwts) loops over ww2 to update it, there is a buffer overrun because nwts is greater than the size of the ww2 vector.

bumblenick commented 7 years ago

This is very helpful. Could you make the followng code change:

In initvmix set nvar by nvar = nedge + nwts + nanc*(nanc-1)/2 ;

I think you will see readily where this should go. Your graph is unusual, and I fear inference will be hard. Anyway please see if this fixes the problem and I will update.

Nick

On Thu, Mar 23, 2017 at 8:33 PM, Joshua C. Randall <notifications@github.com

wrote:

I've now also run it through valgrind, and it is reporting some problems with the write to ww2 by the vst function (and the subsequent read by the vvp function).

Valgrind output is below (note that the source line numbers are slightly off because I've added some debug printing to this version of the code).

==58456== Invalid write of size 8 ==58456== at 0x43C529: vst (vsubs.c:27) ==58456== by 0x40A56A: initvmix (qpGraph.c:2165) ==58456== by 0x404F50: main (qpGraph.c:812) ==58456== Address 0x3d525908 is 0 bytes after a block of size 104 alloc'd ==58456== at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==58456== by 0x40A0DC: initvmix (qpGraph.c:2104) ==58456== by 0x404F50: main (qpGraph.c:812) ==58456== ==58456== Invalid read of size 8 ==58456== at 0x43C622: vvp (vsubs.c:43) ==58456== by 0x40A581: initvmix (qpGraph.c:2166) ==58456== by 0x404F50: main (qpGraph.c:812) ==58456== Address 0x3d525908 is 0 bytes after a block of size 104 alloc'd ==58456== at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==58456== by 0x40A0DC: initvmix (qpGraph.c:2104) ==58456== by 0x404F50: main (qpGraph.c:812) ==58456== --58456-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --58456-- si_code=80; Faulting address: 0x0; sp: 0x402bdae00

In my modified code, qpGraph.c:2166 is: vst(ww2, wwinit, 0.5, nwts) ; and qpGraph.c:2167 is vvp(ww, ww, ww2, nwts) ;

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/DReichLab/AdmixTools/issues/17#issuecomment-288900612, or mute the thread https://github.com/notifications/unsubscribe-auth/AQn_h1INXXERA16QAftKwJ_wSnZERnWBks5row9YgaJpZM4MnXwD .

jrandall commented 7 years ago

@bumblenick I am sure that will fix the problem, as it would necessarily make nvar at least as large as nwts, a more explicit version of which is the fix I already tried and can confirm is working (see PR #18).

bumblenick commented 7 years ago

OK; I will install this tomorrow

N

On Thu, Mar 23, 2017 at 9:32 PM, Joshua C. Randall <notifications@github.com

wrote:

@bumblenick https://github.com/bumblenick I am sure that will fix the problem, as it would necessarily make nvar at least as large as nwts, a more explicit version of which is the fix I already tried and can confirm is working (see PR #18 https://github.com/DReichLab/AdmixTools/pull/18).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/DReichLab/AdmixTools/issues/17#issuecomment-288908621, or mute the thread https://github.com/notifications/unsubscribe-auth/AQn_h7g9WbIzyE1lvFzg7qt3g3mV4f4uks5rox0WgaJpZM4MnXwD .