search

evilsong / gperftools

Automatically exported from code.google.com/p/gperftools
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

tcmalloc crash at CheckCachedSizeClass #519

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
#3  0x0000000000dc00a8 in google::FlushLogFilesUnsafe (min_severity=0) at 
thirdparty/glog-0.3.2/src/logging.cc:1511
#4  0x0000000000dc618c in google::(anonymous namespace)::FailureSignalHandler 
(signal_number=11, signal_info=0x63712270, 
    ucontext=0x63712140) at thirdparty/glog-0.3.2/src/signalhandler.cc:324
#5  <signal handler called>
#6  0x00000000009d1bd4 in CheckCachedSizeClass (ptr=0x7fbdf92f28a0) at 
thirdparty/google-perftools-1.7/src/tcmalloc.cc:946
#7  0x00000000009d1c0e in CheckedMallocResult (result=0x7fbdf92f28a0) at 
thirdparty/google-perftools-1.7/src/tcmalloc.cc:950
#8  0x00000000009d225b in (anonymous namespace)::do_malloc (size=96) at 
thirdparty/google-perftools-1.7/src/tcmalloc.cc:1084
#9  0x00000000009d2ea6 in (anonymous namespace)::cpp_alloc (size=96, 
nothrow=false)
    at thirdparty/google-perftools-1.7/src/tcmalloc.cc:1360
#10 0x00000000009d5ff7 in MallocBlock::Allocate (size=48, type=-21308287)
    at thirdparty/google-perftools-1.7/src/debugallocation.cc:537
#11 0x00000000009d3942 in DebugAllocate (size=48, type=-21308287) at 
thirdparty/google-perftools-1.7/src/debugallocation.cc:970
#12 0x00000000009d6b26 in cpp_debug_alloc (size=48, new_type=-21308287, 
nothrow=false)
    at thirdparty/google-perftools-1.7/src/debugallocation.cc:1203
#13 0x0000000000e3d0e7 in operator new (size=48) at 
thirdparty/google-perftools-1.7/src/debugallocation.cc:1250
#14 0x000000000095a001 in 
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<torca::master::Job const* 
const, unsigned int> > >::allocate (this=0x7fbe1b61d020, __n=1)
    at /usr/local/lib/gcc/x86_64-unknown-linux-gnu/4.5.1/../../../../include/c++/4.5.1/ext/new_allocator.h:89
#15 0x0000000000959be0 in std::_Rb_tree<torca::master::Job const*, 
std::pair<torca::master::Job const* const, unsigned int>, 
std::_Select1st<std::pair<torca::master::Job const* const, unsigned int> >, 
torca::master::JobCompare, std::allocator<std::pair<torca::master::Job const* 
const, unsigned int> > >::_M_get_node (this=0x7fbe1b61d020)
    at /usr/local/lib/gcc/x86_64-unknown-linux-gnu/4.5.1/../../../../include/c++/4.5.1/bits/stl_tree.h:359
#16 0x00000000009590ef in std::_Rb_tree<torca::master::Job const*, 
std::pair<torca::master::Job const* const, unsigned int>, 
std::_Select1st<std::pair<torca::master::Job const* const, unsigned int> >, 
torca::master::JobCompare, std::allocator<std::pair<torca::master::Job const* 
const, unsigned int> > >::_M_create_node (this=0x7fbe1b61d020, __x=...)

What steps will reproduce the problem?
I don't know how to reproduce it, it happened just once.

What is the expected output? What do you see instead?
My program crash at
return reinterpret_cast<Leaf*>(root_->ptrs[i1]->ptrs[i2])->values[i3];
values[i3] = 0xFFFFFFFFDEADBEAF。

What version of the product are you using? On what operating system?
I use google-perftools-1.7 on SUSE.

Please provide any additional information below.

Original issue reported on code.google.com by tyrio...@gmail.com on 10 Apr 2013 at 6:17

GoogleCodeExporter commented 9 years ago 
Can you reproduce with a newer release (2.0) or even with trunk version?

Original comment by zatr...@gmail.com on 16 Apr 2013 at 1:25

GoogleCodeExporter commented 9 years ago 
I recompile my progress with perftool 2.0, and it crash like this:
thirdparty/gperftools-2.0/src/addressmap-inl.h:299
#0  0x00000000009de4b2 in AddressMap<int>::FindMutable
(this=0x7f55c35de000, key=0x7f55b0c5f100)
    at thirdparty/gperftools-2.0/src/addressmap-inl.h:299
#1  0x00000000009ddbcf in AddressMap<int>::Find (this=0x7f55c35de000,
key=0x7f55b0c5f100)
    at thirdparty/gperftools-2.0/src/addressmap-inl.h:290
#2  0x00000000009dc1b2 in MallocBlock::CheckLocked (this=0x7f55b0c5f0e0,
type=-21308287)
    at thirdparty/gperftools-2.0/src/debugallocation.cc:416
#3  0x00000000009dc0a0 in MallocBlock::CheckAndClear (this=0x7f55b0c5f0e0,
type=-21308287)
    at thirdparty/gperftools-2.0/src/debugallocation.cc:400
#4  0x00000000009dc7d1 in MallocBlock::Deallocate (this=0x7f55b0c5f0e0,
type=-21308287)
    at thirdparty/gperftools-2.0/src/debugallocation.cc:556
#5  0x00000000009d9f3f in DebugDeallocate (ptr=0x7f55b0c5f100,
type=-21308287)
    at thirdparty/gperftools-2.0/src/debugallocation.cc:997
#6  0x0000000000e43d4c in tc_delete (p=0x7f55b0c5f100) at
thirdparty/gperftools-2.0/src/debugallocation.cc:1231
#7  0x0000000000e1a4f9 in _M_dispose (this=<value optimized out>,
__in_chrg=<value optimized out>)
    at
/opt/gccpacket/3rd_lib/gcc-4.5.1/x86_64-unknown-linux-gnu/libstdc++-v3/include/b
its/basic_string.h:237

(gdb) p e
$1 = (AddressMap<int>::Entry *) 0xcdcdcdcdcdcdcdde

How can I do to fix it?

Original comment by tyrio...@gmail.com on 7 May 2013 at 3:29

GoogleCodeExporter commented 9 years ago 
Most likely your program is overwriting some control structures of tcmalloc.

Can you please try with asan or valgrind and without tcmalloc ?

Original comment by alkondratenko on 6 Jul 2013 at 11:35