crashing with failed assertion in malloc

fhs commented 8 years ago

Conky is crashing with the following error:

conky: malloc.c:2395: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.

This is conky 1.10.1 and glibc 2.23 in Archlinux. See below for gdb backtrace, valgrind output, and my conky.conf file. I can't reproduce the crash with the default Archlinux config.

$ gdb /usr/bin/conky 
GNU gdb (GDB) 7.11
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/conky...done.
(gdb) run
Starting program: /usr/bin/conky 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
conky: desktop window (1400003) is subwindow of root window (d7)
conky: window type - normal
conky: drawing to created window (0x4400001)
conky: drawing to double buffer
[New Thread 0x7ffff143e700 (LWP 30223)]
[New Thread 0x7ffff0c3d700 (LWP 30224)]
[New Thread 0x7fffebfff700 (LWP 30225)]
[New Thread 0x7fffeb7fe700 (LWP 30226)]
[New Thread 0x7fffeaffd700 (LWP 30227)]
[New Thread 0x7fffea7fc700 (LWP 30228)]
[New Thread 0x7fffe9ffb700 (LWP 30229)]
[New Thread 0x7fffe97fa700 (LWP 30230)]
conky: malloc.c:2395: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.

Thread 1 "conky" received signal SIGABRT, Aborted.
0x00007ffff553b2a8 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff553b2a8 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff553c72a in abort () from /usr/lib/libc.so.6
#2  0x00007ffff557c738 in __malloc_assert () from /usr/lib/libc.so.6
#3  0x00007ffff557e446 in sysmalloc () from /usr/lib/libc.so.6
#4  0x00007ffff557f496 in _int_malloc () from /usr/lib/libc.so.6
#5  0x00007ffff5580924 in malloc () from /usr/lib/libc.so.6
#6  0x0000000000437cec in spaced_print (buf=0x7560c3 "", size=16285, format=0x4b18d7 "%.1f", width=8)
    at /build/conky/src/conky-1.10.1/src/conky.cc:685
#7  0x0000000000438123 in generate_text_internal (p=0x7560c3 "", 
    p@entry=0x756060 "CPU (53 °C): \001\061%\n\001\nRAM (15.4GiB): \001\063\066%\n\001\nNetwork Up (enp0s25): \001\060.8KiB\n\001\nNetwork Down (enp0s25): \001", p_max_size=16285, root=...)
    at /build/conky/src/conky-1.10.1/src/conky.cc:858
#8  0x00000000004383bf in generate_text () at /build/conky/src/conky-1.10.1/src/conky.cc:927
#9  update_text () at /build/conky/src/conky-1.10.1/src/conky.cc:2025
#10 0x0000000000439299 in main_loop () at /build/conky/src/conky-1.10.1/src/conky.cc:2107
#11 0x0000000000429871 in main (argc=1, argv=0x7fffffffd678)
    at /build/conky/src/conky-1.10.1/src/conky.cc:3154
(gdb) bt full
#0  0x00007ffff553b2a8 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x00007ffff553c72a in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x00007ffff557c738 in __malloc_assert () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x00007ffff557e446 in sysmalloc () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x00007ffff557f496 in _int_malloc () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x00007ffff5580924 in malloc () from /usr/lib/libc.so.6
No symbol table info available.
#6  0x0000000000437cec in spaced_print (buf=0x7560c3 "", size=16285, format=0x4b18d7 "%.1f", width=8)
    at /build/conky/src/conky-1.10.1/src/conky.cc:685
        len = 0
        argp = {{gp_offset = 7672944, fp_offset = 0, overflow_arg_area = 0x7560a9, 
            reg_save_area = 0x3fb7}}
        tempbuf = <optimized out>
#7  0x0000000000438123 in generate_text_internal (p=0x7560c3 "", 
    p@entry=0x756060 "CPU (53 °C): \001\061%\n\001\nRAM (15.4GiB): \001\063\066%\n\001\nNetwork Up (enp0s25): \001\060.8KiB\n\001\nNetwork Down (enp0s25): \001", p_max_size=16285, root=...)
    at /build/conky/src/conky-1.10.1/src/conky.cc:858
        obj = 0x7517b0
        a = <optimized out>
#8  0x00000000004383bf in generate_text () at /build/conky/src/conky-1.10.1/src/conky.cc:927
        i = <optimized out>
        k = <optimized out>
        mw = <optimized out>
        tbs = <optimized out>
        ui = <optimized out>
        p = 0x756060 "CPU (53 °C): \001\061%\n\001\nRAM (15.4GiB): \001\063\066%\n\001\nNetwork Up (enp0s25): \001\060.8KiB\n\001\nNetwork Down (enp0s25): \001"
        j = <optimized out>
---Type <return> to continue, or q <return> to quit---
#9  update_text () at /build/conky/src/conky-1.10.1/src/conky.cc:2025
No locals.
#10 0x0000000000439299 in main_loop () at /build/conky/src/conky-1.10.1/src/conky.cc:2107
        fdsr = {fds_bits = {0 <repeats 16 times>}}
        tv = {tv_sec = 0, tv_usec = 0}
        s = <optimized out>
        terminate = 0
        t = <optimized out>
        inotify_config_wd = 1
        inotify_buff = '\000' <repeats 16 times>, "p$C\000\000\000\000\000\000\000\000\024\000\000\000\000\200μ\367\377\177", '\000' <repeats 178 times>...
#11 0x0000000000429871 in main (argc=1, argv=0x7fffffffd678)
    at /build/conky/src/conky-1.10.1/src/conky.cc:3154
No locals.
(gdb)

$ valgrind /usr/bin/conky 
==30264== Memcheck, a memory error detector
==30264== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==30264== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==30264== Command: /usr/bin/conky
==30264== 
conky: desktop window (1400003) is subwindow of root window (d7)
conky: window type - normal
conky: drawing to created window (0x4400001)
conky: drawing to double buffer
==30264== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30264==    at 0x744632D: ??? (in /usr/lib/libc-2.23.so)
==30264==    by 0x7711DA8: ??? (in /usr/lib/libxcb.so.1.1.0)
==30264==    by 0x771219C: ??? (in /usr/lib/libxcb.so.1.1.0)
==30264==    by 0x7712224: xcb_writev (in /usr/lib/libxcb.so.1.1.0)
==30264==    by 0x550A18D: _XSend (in /usr/lib/libX11.so.6.3.0)
==30264==    by 0x550A681: _XReply (in /usr/lib/libX11.so.6.3.0)
==30264==    by 0x54EF2FE: XAllocColor (in /usr/lib/libX11.so.6.3.0)
==30264==    by 0x42E3DB: get_x11_color(char const*) (colours.cc:186)
==30264==    by 0x497D84: convert (x11.h:200)
==30264==    by 0x497D84: conky::simple_config_setting<unsigned long, priv::colour_traits>::do_convert(lua::state&, int) (setting.hh:283)
==30264==    by 0x494284: getter (setting.hh:259)
==30264==    by 0x494284: get (setting.hh:223)
==30264==    by 0x494284: (anonymous namespace)::do_set_background(unsigned long, int) (x11.cc:532)
==30264==    by 0x4967F5: set_transparent_background(unsigned long) (x11.cc:563)
==30264==    by 0x4394A2: main_loop() (conky.cc:2135)
==30264==  Address 0xb6ac6e9 is 57 bytes inside a block of size 16,384 alloc'd
==30264==    at 0x4C2C947: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30264==    by 0x54FA4E1: XOpenDisplay (in /usr/lib/libX11.so.6.3.0)
==30264==    by 0x496402: init_X11 (x11.cc:411)
==30264==    by 0x496402: priv::out_to_x_setting::lua_setter(lua::state&, bool) (x11.cc:89)
==30264==    by 0x46AC9F: process_setting (setting.cc:137)
==30264==    by 0x46AC9F: conky::set_config_settings(lua::state&) (setting.cc:218)
==30264==    by 0x4373EB: initialisation(int, char**) (conky.cc:2985)
==30264==    by 0x429861: main (conky.cc:3150)
==30264== 
==30264== Invalid write of size 8
==30264==    at 0x4C3117F: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30264==    by 0x458B48: new_graph(text_object*, char*, int, double) (specials.cc:470)
==30264==    by 0x43825C: generate_text_internal(char*, int, text_object) (conky.cc:871)
==30264==    by 0x4383BE: generate_text (conky.cc:927)
==30264==    by 0x4383BE: update_text() (conky.cc:2025)
==30264==    by 0x439298: main_loop() (conky.cc:2107)
==30264==    by 0x429870: main (conky.cc:3154)
==30264==  Address 0xf532d50 is 14,720 bytes inside an unallocated block of size 2,784,272 in arena "client"
==30264== 
==30264== Conditional jump or move depends on uninitialised value(s)
==30264==    at 0x430B97: round_to_int(float) (common.cc:322)
==30264==    by 0x4359BC: draw_each_line_inner(char*, int, int) (conky.cc:1633)
==30264==    by 0x4366EF: draw_line (conky.cc:1852)
==30264==    by 0x4366EF: for_each_line (conky.cc:642)
==30264==    by 0x4366EF: draw_text() (conky.cc:1909)
==30264==    by 0x436A36: draw_stuff() (conky.cc:1970)
==30264==    by 0x439090: main_loop() (conky.cc:2395)
==30264==    by 0x429870: main (conky.cc:3154)
==30264== 
^Cconky: received SIGINT or SIGTERM to terminate. bye!
==30264== 
==30264== HEAP SUMMARY:
==30264==     in use at exit: 315,643 bytes in 2,953 blocks
==30264==   total heap usage: 29,719 allocs, 26,766 frees, 10,172,171 bytes allocated
==30264== 
==30264== LEAK SUMMARY:
==30264==    definitely lost: 63,144 bytes in 4 blocks
==30264==    indirectly lost: 4,979 bytes in 148 blocks
==30264==      possibly lost: 0 bytes in 0 blocks
==30264==    still reachable: 247,520 bytes in 2,801 blocks
==30264==         suppressed: 0 bytes in 0 blocks
==30264== Rerun with --leak-check=full to see details of leaked memory
==30264== 
==30264== For counts of detected and suppressed errors, rerun with: -v
==30264== Use --track-origins=yes to see where uninitialised values come from
==30264== ERROR SUMMARY: 24718 errors from 3 contexts (suppressed: 0 from 0)

~/.config/conky/conky.conf:

conky.config = {
    alignment = 'top_right',
    background = false,
    border_width = 1,
    cpu_avg_samples = 2,
    default_color = 'black',
    -- color from stats: eaffff, 8888cc, 9eeeee
    default_outline_color = '#8888cc',
    default_shade_color = '#8888cc',
    default_graph_height= 64,
    own_window_colour = '#eaffff',
    draw_borders = true,
    draw_graph_borders = true,
    draw_outline = false,
    draw_shades = false,
    use_xft = true,
    font = 'DejaVu Sans Mono:size=10',
    -- gap_x = 990,
    -- gap_y = 100,
    minimum_height = 5,
    minimum_width = 5,
    net_avg_samples = 2,
    no_buffers = true,
    out_to_console = false,
    out_to_stderr = false,
    extra_newline = false,
    own_window = true,
    own_window_class = 'Conky',
    own_window_type = 'normal',
    own_window_transparent = false,
    own_window_hints = 'undecorated,sticky,skip_pager,skip_taskbar,below',
    double_buffer = true,
    stippled_borders = 0,
    update_interval = 2.0,
    uppercase = false,
    use_spacer = 'none',
    show_graph_scale = true,
    show_graph_range = false,

    template0 = [[${fs_free \1} free ${fs_bar 6 \1}]],
    template1 = [[${top name \1} ${top pid \1} ${top cpu \1} ${top mem \1}]],
    template2 = [[${if_existing /proc/net/route \1}Network Up (\1): ${alignr}${upspeedf \1}KiB\n${upspeedgraph \1 64,0}\nNetwork Down (\1): ${alignr}${downspeedf \1}KiB\n${downspeedgraph \1 64,0}${endif}]]
}

conky.text = [[
CPU ($acpitemp °C): ${alignr}${cpu cpu0}%
${cpugraph cpu0 64}
RAM ($memmax): ${alignr}$memperc%
${memgraph}
${if_up bridge0}${template2 bridge0} ${endif}${if_up enp0s25}${template2 enp0s25} ${endif}${if_up wlp3s0}${template2 wlp3s0} ${endif}
Disk IO: ${alignr}${diskio}
${diskiograph}
File systems:
 /       ${template0 /}
 /home   ${template0 /home}
 /tmp    ${template0 /tmp}
$hr
Processes running: ${alignr}$running_processes/$processes
Name               PID
${top name 1} ${top pid 1} (cpu ${top cpu 1})
${top_mem name 1} ${top_mem pid 1} (mem ${top_mem mem 1})
${top_io name 1} ${top_io pid 1} (io  ${top_io io_perc 1})
$hr
IPv4: ${addrs enp0s25}
IPv6: ${exec ip -6 addr show dev enp0s25|sed -rn 's/^ +inet6 ([^ ]+) scope global.*/\1/p'}
]]

mxmlnkn commented 8 years ago

My first action would be to find the position of that assert and then split it apart into 6 single asserts instead of this long one where no-one knows which of the logically compounded statements is the real issue, also I find it bad style to mix && and || without parentheses. After replacing enp0s25 with eth0 to make the script work for me (and even before), I can't reproduce your problem on debian with libc 2.21 nor 2.23, meaning it would be hard for me to debug this. Try reducing your conkyrc to a minimal-non-working example by bisection it and testing if the error still appears.

fhs commented 8 years ago

I tried to minimize my conky config, but I couldn't reduce it in a way which points to a single part of the config. It seems like a memory corruption of some kind. I doubt this is a glibc bug. Does the valgrind output make any sense?

plikhari commented 8 years ago

OK tested your conf with current Latest commit 06f87b9 and it is working just fine. I have commented last 2 lines IPv4 and IPv6. conky 1.10.2_pre compiled Fri Apr 22 19:22:58 IST 2016 for Linux 4.5.1-1-ARCH x86_64

fhs commented 8 years ago

I couldn't reproduce the crash with latest revision (06f87b9), so I did a git bisect. It points to commit adae1f62934311b371701ac6228b3c87f1698e0b that fixed the crash.

plikhari commented 8 years ago

Fantastic So perhaps you can close this issue :)

fhs commented 8 years ago

Hoping for a new release soon :)

brndnmtthws / conky

crashing with failed assertion in malloc #241