Closed GoogleCodeExporter closed 9 years ago
I thought I knew what was going wrong here -- the recursive call to do_malloc
-- but I don't. It looks like we expect such a recursive call and make pains
to handle it ok (from thread_cache.cc:
// We call pthread_setspecific() outside the lock because it may
// call malloc() recursively. We check for the recursive call using
// the "in_setspecific_" flag so that we can avoid calling
// pthread_setspecific() if we are already inside pthread_setspecific().
).
So I'd like to understand more about what memory access is failing, and why.
Can you compile libtcmalloc with CXXFLAGS="-g -O0", and then run chromium in
gdb? What line is it crashing on?
Original comment by csilv...@gmail.com
on 17 Jan 2012 at 7:08
It works when it is compiled with debugging and -O0.. ugh. lol
Original comment by brea...@gmail.com
on 18 Jan 2012 at 12:36
Ugh, posted with my other email... Im the originator of the original post..
Original comment by brea...@gmail.com
on 18 Jan 2012 at 12:37
Hmm, I wonder if it's a clang bug. Does it work when compiled with -O1? Can
you re-check explicitly with -O2?
Original comment by csilv...@gmail.com
on 18 Jan 2012 at 12:41
Yes, it works with -O1, but crashes with -O2 -g
(gdb) r
Starting program: /usr/local/bin/chrome
(no debugging symbols found)...[New LWP 102318]
[New Thread 3880000 (LWP 102318/chrome)]
Xlib: extension "RANDR" missing on display "localhost:10.0".
[New Thread 396fc00 (LWP 101201/chrome)]
Program received signal SIGBUS, Bus error.
[Switching to Thread 396fc00 (LWP 101201/chrome)]
0x0000000803b5389c in do_malloc (size=4096) at thread_cache.h:371
371 return threadlocal_heap_;
Current language: auto; currently c++
(gdb) bt
#0 0x0000000803b5389c in do_malloc (size=4096) at thread_cache.h:371
#1 0x0000000803b53ce8 in cpp_alloc (size=4096, nothrow=true) at
tcmalloc.cc:1287
#2 0x0000000803b6744c in tc_calloc (n=Variable "n" is not available.
) at tcmalloc.cc:946
#3 0x0000000809897582 in pthread_setspecific () from /lib/libthr.so.3
#4 0x0000000803b5b9eb in tcmalloc::ThreadCache::CreateCacheIfNecessary () at
thread_cache.cc:377
#5 0x0000000803b538c4 in do_malloc (size=4096) at thread_cache.h:384
#6 0x0000000803b53ce8 in cpp_alloc (size=4096, nothrow=true) at
tcmalloc.cc:1287
#7 0x0000000803b6744c in tc_calloc (n=Variable "n" is not available.
) at tcmalloc.cc:946
#8 0x0000000809897582 in pthread_setspecific () from /lib/libthr.so.3
#9 0x0000000000b992a3 in ?? ()
#10 0x0000000000699dd3 in ?? ()
#11 0x0000000000b98aa7 in ?? ()
#12 0x00000008098946e3 in pthread_create () from /lib/libthr.so.3
#13 0x0000000000000000 in ?? ()
Error accessing memory address 0x7fffffbfe000: Bad address.
Original comment by brea...@gmail.com
on 18 Jan 2012 at 3:38
Hmm, I wonder if this is a compiler bug, then. It's hard to tell -- could be
anything. It's hard to debug programs compiled with -O2, sadly. What happens
if you put a breakpoint at or near 371 and single-step from there? Where is
the crashing happen? You may need to disassemble the code, or do other extreme
measures to figure out what's actually crashing.
Original comment by csilv...@gmail.com
on 18 Jan 2012 at 11:18
I think that's a little above my ability, so I guess we're just stuck
here at the moment.
Chuck
Original comment by ch...@thesouthernlibertarian.com
on 18 Jan 2012 at 11:50
OK, try this: run under -O2 -g, and when it crashes with SIGBUS in gdb, type
'disassemble', and post the output. Maybe that will tell us something.
Original comment by csilv...@gmail.com
on 26 Jan 2012 at 1:10
(gdb) r
Starting program: /usr/local/bin/chrome
(no debugging symbols found)...[New LWP 108673]
[New Thread 3882000 (LWP 108673/chrome)]
Xlib: extension "RANDR" missing on display "localhost:10.0".
[New Thread 3971c00 (LWP 108316/chrome)]
Program received signal SIGBUS, Bus error.
[Switching to Thread 3971c00 (LWP 108316/chrome)]
0x0000000803b5489c in do_malloc (size=4096) at thread_cache.h:371
371 thread_cache.h: No such file or directory.
in thread_cache.h
Current language: auto; currently c++
(gdb) disassemble
Dump of assembler code for function do_malloc:
0x0000000803b54860 <do_malloc+0>: push %rbp
0x0000000803b54861 <do_malloc+1>: mov %rsp,%rbp
0x0000000803b54864 <do_malloc+4>: push %r15
0x0000000803b54866 <do_malloc+6>: push %r14
0x0000000803b54868 <do_malloc+8>: push %r12
0x0000000803b5486a <do_malloc+10>: push %rbx
0x0000000803b5486b <do_malloc+11>: sub $0x500,%rsp
0x0000000803b54872 <do_malloc+18>: mov %rdi,%r14
0x0000000803b54875 <do_malloc+21>: mov 0x21c03c(%rip),%rax
# 0x803d708b8 <.got+720>
0x0000000803b5487c <do_malloc+28>: testb $0x1,(%rax)
0x0000000803b5487f <do_malloc+31>: jne 0x803b54888 <do_malloc+40>
0x0000000803b54881 <do_malloc+33>: callq 0x803b5386c
<_ZN8tcmalloc11ThreadCache10InitModuleEv@plt>
0x0000000803b54886 <do_malloc+38>: jmp 0x803b548bf <do_malloc+95>
0x0000000803b54888 <do_malloc+40>: mov 0x21bef9(%rip),%rax
# 0x803d70788 <.got+416>
0x0000000803b5488f <do_malloc+47>: testb $0x1,(%rax)
0x0000000803b54892 <do_malloc+50>: je 0x803b548a9 <do_malloc+73>
0x0000000803b54894 <do_malloc+52>: lea 0x21bf24(%rip),%rdi
# 0x803d707c0 <.got+472>
0x0000000803b5489c <do_malloc+60>: callq 0x803b53afc
<__tls_get_addr@plt>
0x0000000803b548a4 <do_malloc+68>: mov (%rax),%rbx
0x0000000803b548a7 <do_malloc+71>: jmp 0x803b548ba <do_malloc+90>
0x0000000803b548a9 <do_malloc+73>: mov 0x21bf58(%rip),%rax
# 0x803d70808 <.got+544>
0x0000000803b548b0 <do_malloc+80>: mov (%rax),%edi
0x0000000803b548b2 <do_malloc+82>: callq 0x803b539ec
<_Z29perftools_pthread_getspecifici@plt>
0x0000000803b548b7 <do_malloc+87>: mov %rax,%rbx
0x0000000803b548ba <do_malloc+90>: test %rbx,%rbx
0x0000000803b548bd <do_malloc+93>: jne 0x803b548c7 <do_malloc+103>
0x0000000803b548bf <do_malloc+95>: callq 0x803b536bc
<_ZN8tcmalloc11ThreadCache22CreateCacheIfNecessaryEv@plt>
0x0000000803b548c4 <do_malloc+100>: mov %rax,%rbx
0x0000000803b548c7 <do_malloc+103>: cmp $0x40000,%r14
0x0000000803b548ce <do_malloc+110>: ja 0x803b54981 <do_malloc+289>
0x0000000803b548d4 <do_malloc+116>: mov $0x3c7f,%ecx
0x0000000803b548d9 <do_malloc+121>: cmp $0x400,%r14d
0x0000000803b548e0 <do_malloc+128>: mov $0x7,%eax
0x0000000803b548e5 <do_malloc+133>: cmovg %ecx,%eax
0x0000000803b548e8 <do_malloc+136>: setg %cl
0x0000000803b548eb <do_malloc+139>: add %r14d,%eax
---Type <return> to continue, or q <return> to quit---
0x0000000803b548ee <do_malloc+142>: shl $0x2,%cl
0x0000000803b548f1 <do_malloc+145>: movzbl %cl,%ecx
0x0000000803b548f4 <do_malloc+148>: or $0x3,%ecx
0x0000000803b548f7 <do_malloc+151>: mov 0x21bcf2(%rip),%rdx
# 0x803d705f0 <.got+8>
0x0000000803b548fe <do_malloc+158>: mov 0x21bff3(%rip),%rsi
# 0x803d708f8 <.got+784>
0x0000000803b54905 <do_malloc+165>: sar %cl,%eax
0x0000000803b54907 <do_malloc+167>: cmpq $0x0,(%rsi)
0x0000000803b5490b <do_malloc+171>: movslq %eax,%rax
0x0000000803b5490e <do_malloc+174>: movzbl 0x158(%rdx,%rax,1),%esi
0x0000000803b54916 <do_malloc+182>: mov 0x9d8(%rdx,%rsi,8),%r14
0x0000000803b5491e <do_malloc+190>: jle 0x803b54937 <do_malloc+215>
0x0000000803b54920 <do_malloc+192>: mov 0x20(%rbx),%rax
0x0000000803b54924 <do_malloc+196>: lea 0x20(%rbx),%r15
0x0000000803b54928 <do_malloc+200>: cmp %r14,%rax
0x0000000803b5492b <do_malloc+203>: jb 0x803b54c39 <do_malloc+985>
0x0000000803b54931 <do_malloc+209>: sub %r14,%rax
0x0000000803b54934 <do_malloc+212>: mov %rax,(%r15)
0x0000000803b54937 <do_malloc+215>: lea (%rsi,%rsi,2),%rax
0x0000000803b5493b <do_malloc+219>: cmpq $0x0,0x30(%rbx,%rax,8)
0x0000000803b54941 <do_malloc+225>: jne 0x803b54953 <do_malloc+243>
0x0000000803b54943 <do_malloc+227>: mov %rbx,%rdi
0x0000000803b54946 <do_malloc+230>: mov %r14,%rdx
0x0000000803b54949 <do_malloc+233>: callq 0x803b5390c
<_ZN8tcmalloc11ThreadCache21FetchFromCentralCacheEmm@plt>
0x0000000803b5494e <do_malloc+238>: jmpq 0x803b54c4c <do_malloc+1004>
0x0000000803b54953 <do_malloc+243>: sub %r14,0x10(%rbx)
0x0000000803b54957 <do_malloc+247>: mov 0x38(%rbx,%rax,8),%ecx
0x0000000803b5495b <do_malloc+251>: dec %ecx
0x0000000803b5495d <do_malloc+253>: mov %ecx,0x38(%rbx,%rax,8)
0x0000000803b54961 <do_malloc+257>: cmp 0x3c(%rbx,%rax,8),%ecx
0x0000000803b54965 <do_malloc+261>: jae 0x803b5496e <do_malloc+270>
0x0000000803b54967 <do_malloc+263>: lea 0x3c(%rbx,%rax,8),%rdx
0x0000000803b5496c <do_malloc+268>: mov %ecx,(%rdx)
0x0000000803b5496e <do_malloc+270>: lea 0x30(%rbx,%rax,8),%rax
0x0000000803b54973 <do_malloc+275>: mov (%rax),%r15
0x0000000803b54976 <do_malloc+278>: mov (%r15),%rcx
0x0000000803b54979 <do_malloc+281>: mov %rcx,(%rax)
0x0000000803b5497c <do_malloc+284>: jmpq 0x803b54c4f <do_malloc+1007>
---Type <return> to continue, or q <return> to quit---
0x0000000803b54981 <do_malloc+289>: mov %r14,%r12
0x0000000803b54984 <do_malloc+292>: shr $0xd,%r12
0x0000000803b54988 <do_malloc+296>: and $0x1fff,%r14
0x0000000803b5498f <do_malloc+303>: cmp $0x1,%r14
0x0000000803b54993 <do_malloc+307>: sbb $0xffffffffffffffff,%r12
0x0000000803b54997 <do_malloc+311>: mov %r12,%r14
0x0000000803b5499a <do_malloc+314>: shl $0xd,%r14
0x0000000803b5499e <do_malloc+318>: mov 0x21bf53(%rip),%rax
# 0x803d708f8 <.got+784>
0x0000000803b549a5 <do_malloc+325>: cmpq $0x0,(%rax)
0x0000000803b549a9 <do_malloc+329>: jle 0x803b549c2 <do_malloc+354>
0x0000000803b549ab <do_malloc+331>: mov 0x20(%rbx),%rax
0x0000000803b549af <do_malloc+335>: add $0x20,%rbx
0x0000000803b549b3 <do_malloc+339>: cmp %r14,%rax
0x0000000803b549b6 <do_malloc+342>: jb 0x803b54a82 <do_malloc+546>
0x0000000803b549bc <do_malloc+348>: sub %r14,%rax
0x0000000803b549bf <do_malloc+351>: mov %rax,(%rbx)
0x0000000803b549c2 <do_malloc+354>: mov $0x1,%ecx
0x0000000803b549c7 <do_malloc+359>: mov 0x21bf02(%rip),%rdx
# 0x803d708d0 <.got+744>
0x0000000803b549ce <do_malloc+366>: xor %eax,%eax
0x0000000803b549d0 <do_malloc+368>: lock cmpxchg %ecx,(%rdx)
0x0000000803b549d4 <do_malloc+372>: mov 0x21bd05(%rip),%rcx
# 0x803d706e0 <.got+248>
0x0000000803b549db <do_malloc+379>: testb $0x1,(%rcx)
0x0000000803b549de <do_malloc+382>: je 0x803b549e3 <do_malloc+387>
0x0000000803b549e0 <do_malloc+384>: lfence
0x0000000803b549e3 <do_malloc+387>: test %eax,%eax
0x0000000803b549e5 <do_malloc+389>: je 0x803b549f3 <do_malloc+403>
0x0000000803b549e7 <do_malloc+391>: mov 0x21bee2(%rip),%rdi
# 0x803d708d0 <.got+744>
0x0000000803b549ee <do_malloc+398>: callq 0x803b5419c
<_ZN8SpinLock8SlowLockEv@plt>
0x0000000803b549f3 <do_malloc+403>: mov 0x21be16(%rip),%rdi
# 0x803d70810 <.got+552>
0x0000000803b549fa <do_malloc+410>: mov %r12,%rsi
0x0000000803b549fd <do_malloc+413>: callq 0x803b53b6c
<_ZN8tcmalloc8PageHeap3NewEm@plt>
0x0000000803b54a02 <do_malloc+418>: xor %r15d,%r15d
0x0000000803b54a05 <do_malloc+421>: test %rax,%rax
0x0000000803b54a08 <do_malloc+424>: je 0x803b54a2a <do_malloc+458>
0x0000000803b54a0a <do_malloc+426>: mov (%rax),%rdx
0x0000000803b54a0d <do_malloc+429>: mov %rdx,%rcx
0x0000000803b54a10 <do_malloc+432>: shl $0x7,%rcx
---Type <return> to continue, or q <return> to quit---
0x0000000803b54a14 <do_malloc+436>: movzwl %dx,%edx
0x0000000803b54a17 <do_malloc+439>: mov 0x21bdf2(%rip),%rsi
# 0x803d70810 <.got+552>
0x0000000803b54a1e <do_malloc+446>: mov %rcx,0x10(%rsi,%rdx,8)
0x0000000803b54a23 <do_malloc+451>: mov (%rax),%r15
0x0000000803b54a26 <do_malloc+454>: shl $0xd,%r15
0x0000000803b54a2a <do_malloc+458>: mov 0x21c927(%rip),%rax
# 0x803d71358 <_ZN12_GLOBAL__N_1L21large_alloc_thresholdE>
0x0000000803b54a31 <do_malloc+465>: xor %bl,%bl
0x0000000803b54a33 <do_malloc+467>: test %rax,%rax
0x0000000803b54a36 <do_malloc+470>: jle 0x803b54a73 <do_malloc+531>
0x0000000803b54a38 <do_malloc+472>: mov %rax,%rcx
0x0000000803b54a3b <do_malloc+475>: sar $0xd,%rcx
0x0000000803b54a3f <do_malloc+479>: cmp %r12,%rcx
0x0000000803b54a42 <do_malloc+482>: ja 0x803b54a73 <do_malloc+531>
0x0000000803b54a44 <do_malloc+484>: mov %rax,%rcx
0x0000000803b54a47 <do_malloc+487>: sar $0x3f,%rcx
0x0000000803b54a4b <do_malloc+491>: shr $0x3d,%rcx
0x0000000803b54a4f <do_malloc+495>: add %rax,%rcx
0x0000000803b54a52 <do_malloc+498>: sar $0x3,%rcx
0x0000000803b54a56 <do_malloc+502>: add %rax,%rcx
0x0000000803b54a59 <do_malloc+505>: mov $0x1,%bl
0x0000000803b54a5b <do_malloc+507>: mov $0x200000000,%rax
0x0000000803b54a65 <do_malloc+517>: cmp %rax,%rcx
0x0000000803b54a68 <do_malloc+520>: cmovge %rax,%rcx
0x0000000803b54a6c <do_malloc+524>: mov %rcx,0x21c8e5(%rip)
# 0x803d71358 <_ZN12_GLOBAL__N_1L21large_alloc_thresholdE>
0x0000000803b54a73 <do_malloc+531>: mov 0x21be56(%rip),%rax
# 0x803d708d0 <.got+744>
0x0000000803b54a7a <do_malloc+538>: movslq (%rax),%rsi
0x0000000803b54a7d <do_malloc+541>: jmpq 0x803b54b1c <do_malloc+700>
0x0000000803b54a82 <do_malloc+546>: mov %rbx,%rdi
0x0000000803b54a85 <do_malloc+549>: callq 0x803b5385c
<_ZN8tcmalloc7Sampler21PickNextSamplingPointEv@plt>
0x0000000803b54a8a <do_malloc+554>: mov %rax,(%rbx)
0x0000000803b54a8d <do_malloc+557>: mov %r14,%rdi
0x0000000803b54a90 <do_malloc+560>: callq 0x803b55b40
<DoSampledAllocation>
0x0000000803b54a95 <do_malloc+565>: mov %rax,%r15
0x0000000803b54a98 <do_malloc+568>: mov $0x1,%ecx
0x0000000803b54a9d <do_malloc+573>: mov 0x21be2c(%rip),%rdx
# 0x803d708d0 <.got+744>
0x0000000803b54aa4 <do_malloc+580>: xor %eax,%eax
0x0000000803b54aa6 <do_malloc+582>: lock cmpxchg %ecx,(%rdx)
---Type <return> to continue, or q <return> to quit---
0x0000000803b54aaa <do_malloc+586>: mov 0x21bc2f(%rip),%rcx
# 0x803d706e0 <.got+248>
0x0000000803b54ab1 <do_malloc+593>: testb $0x1,(%rcx)
0x0000000803b54ab4 <do_malloc+596>: je 0x803b54ab9 <do_malloc+601>
0x0000000803b54ab6 <do_malloc+598>: lfence
0x0000000803b54ab9 <do_malloc+601>: test %eax,%eax
0x0000000803b54abb <do_malloc+603>: je 0x803b54ac9 <do_malloc+617>
0x0000000803b54abd <do_malloc+605>: mov 0x21be0c(%rip),%rdi
# 0x803d708d0 <.got+744>
0x0000000803b54ac4 <do_malloc+612>: callq 0x803b5419c
<_ZN8SpinLock8SlowLockEv@plt>
0x0000000803b54ac9 <do_malloc+617>: mov 0x21c888(%rip),%rax
# 0x803d71358 <_ZN12_GLOBAL__N_1L21large_alloc_thresholdE>
0x0000000803b54ad0 <do_malloc+624>: xor %bl,%bl
0x0000000803b54ad2 <do_malloc+626>: test %rax,%rax
0x0000000803b54ad5 <do_malloc+629>: jle 0x803b54b12 <do_malloc+690>
0x0000000803b54ad7 <do_malloc+631>: mov %rax,%rcx
0x0000000803b54ada <do_malloc+634>: sar $0xd,%rcx
0x0000000803b54ade <do_malloc+638>: cmp %r12,%rcx
0x0000000803b54ae1 <do_malloc+641>: ja 0x803b54b12 <do_malloc+690>
0x0000000803b54ae3 <do_malloc+643>: mov %rax,%rcx
0x0000000803b54ae6 <do_malloc+646>: sar $0x3f,%rcx
0x0000000803b54aea <do_malloc+650>: shr $0x3d,%rcx
0x0000000803b54aee <do_malloc+654>: add %rax,%rcx
0x0000000803b54af1 <do_malloc+657>: sar $0x3,%rcx
0x0000000803b54af5 <do_malloc+661>: add %rax,%rcx
0x0000000803b54af8 <do_malloc+664>: mov $0x1,%bl
0x0000000803b54afa <do_malloc+666>: mov $0x200000000,%rax
0x0000000803b54b04 <do_malloc+676>: cmp %rax,%rcx
0x0000000803b54b07 <do_malloc+679>: cmovge %rax,%rcx
0x0000000803b54b0b <do_malloc+683>: mov %rcx,0x21c846(%rip)
# 0x803d71358 <_ZN12_GLOBAL__N_1L21large_alloc_thresholdE>
0x0000000803b54b12 <do_malloc+690>: mov 0x21bdb7(%rip),%rax
# 0x803d708d0 <.got+744>
0x0000000803b54b19 <do_malloc+697>: movslq (%rax),%rsi
0x0000000803b54b1c <do_malloc+700>: movl $0x0,(%rax)
0x0000000803b54b22 <do_malloc+706>: cmp $0x1,%rsi
0x0000000803b54b26 <do_malloc+710>: je 0x803b54b34 <do_malloc+724>
0x0000000803b54b28 <do_malloc+712>: mov 0x21bda1(%rip),%rdi
# 0x803d708d0 <.got+744>
0x0000000803b54b2f <do_malloc+719>: callq 0x803b5435c
<_ZN8SpinLock10SlowUnlockEm@plt>
0x0000000803b54b34 <do_malloc+724>: test %bl,%bl
0x0000000803b54b36 <do_malloc+726>: je 0x803b54c4f <do_malloc+1007>
0x0000000803b54b3c <do_malloc+732>: lea -0x118(%rbp),%rdi
---Type <return> to continue, or q <return> to quit---
0x0000000803b54b43 <do_malloc+739>: mov $0x1f,%esi
0x0000000803b54b48 <do_malloc+744>: mov $0x1,%edx
0x0000000803b54b4d <do_malloc+749>: callq 0x803b5398c
<_Z13GetStackTracePPvii@plt>
0x0000000803b54b52 <do_malloc+754>: movslq %eax,%rax
0x0000000803b54b55 <do_malloc+757>: mov %rax,-0x120(%rbp)
0x0000000803b54b5c <do_malloc+764>: lea -0x510(%rbp),%rax
0x0000000803b54b63 <do_malloc+771>: mov %rax,-0x520(%rbp)
0x0000000803b54b6a <do_malloc+778>: movl $0x3e8,-0x518(%rbp)
0x0000000803b54b74 <do_malloc+788>: movb $0x0,-0x510(%rbp)
0x0000000803b54b7b <do_malloc+795>: lea -0x520(%rbp),%rdi
0x0000000803b54b82 <do_malloc+802>: lea 0x14565(%rip),%rsi
# 0x803b690ee <.rodata+1966>
0x0000000803b54b89 <do_malloc+809>: mov %r14,%rdx
0x0000000803b54b8c <do_malloc+812>: mov %r15,%rcx
0x0000000803b54b8f <do_malloc+815>: xor %al,%al
0x0000000803b54b91 <do_malloc+817>: callq 0x803b53b0c
<_ZN16TCMalloc_Printer6printfEPKcz@plt>
0x0000000803b54b96 <do_malloc+822>: cmpq $0x0,-0x120(%rbp)
0x0000000803b54b9e <do_malloc+830>: je 0x803b54bd1 <do_malloc+881>
0x0000000803b54ba0 <do_malloc+832>: xor %ebx,%ebx
0x0000000803b54ba2 <do_malloc+834>: lea -0x520(%rbp),%r14
0x0000000803b54ba9 <do_malloc+841>: lea 0x14edb(%rip),%r12
# 0x803b69a8b <_ZTS19DefaultSysAllocator+1531>
0x0000000803b54bb0 <do_malloc+848>: mov -0x118(%rbp,%rbx,8),%rdx
0x0000000803b54bb8 <do_malloc+856>: mov %r14,%rdi
0x0000000803b54bbb <do_malloc+859>: mov %r12,%rsi
0x0000000803b54bbe <do_malloc+862>: xor %al,%al
0x0000000803b54bc0 <do_malloc+864>: callq 0x803b53b0c
<_ZN16TCMalloc_Printer6printfEPKcz@plt>
0x0000000803b54bc5 <do_malloc+869>: inc %rbx
0x0000000803b54bc8 <do_malloc+872>: cmp -0x120(%rbp),%rbx
0x0000000803b54bcf <do_malloc+879>: jb 0x803b54bb0 <do_malloc+848>
0x0000000803b54bd1 <do_malloc+881>: lea -0x520(%rbp),%rdi
0x0000000803b54bd8 <do_malloc+888>: lea 0x15c8e(%rip),%rsi
# 0x803b6a86d <_ZL14kProfileHeader+521>
0x0000000803b54bdf <do_malloc+895>: xor %al,%al
0x0000000803b54be1 <do_malloc+897>: callq 0x803b53b0c
<_ZN16TCMalloc_Printer6printfEPKcz@plt>
0x0000000803b54be6 <do_malloc+902>: lea -0x510(%rbp),%rbx
0x0000000803b54bed <do_malloc+909>: mov %rbx,%rdi
0x0000000803b54bf0 <do_malloc+912>: callq 0x803b53b2c <strlen@plt>
0x0000000803b54bf5 <do_malloc+917>: mov $0x2,%edi
0x0000000803b54bfa <do_malloc+922>: mov %rbx,%rsi
---Type <return> to continue, or q <return> to quit---
0x0000000803b54bfd <do_malloc+925>: mov %rax,%rdx
0x0000000803b54c00 <do_malloc+928>: callq 0x803b5426c <write@plt>
0x0000000803b54c05 <do_malloc+933>: jmp 0x803b54c4f <do_malloc+1007>
0x0000000803b54c07 <do_malloc+935>: mov %rax,%rbx
0x0000000803b54c0a <do_malloc+938>: mov 0x21bcbf(%rip),%rax
# 0x803d708d0 <.got+744>
0x0000000803b54c11 <do_malloc+945>: movslq (%rax),%rsi
0x0000000803b54c14 <do_malloc+948>: movl $0x0,(%rax)
0x0000000803b54c1a <do_malloc+954>: cmp $0x1,%rsi
0x0000000803b54c1e <do_malloc+958>: je 0x803b54c2c <do_malloc+972>
0x0000000803b54c20 <do_malloc+960>: mov 0x21bca9(%rip),%rdi
# 0x803d708d0 <.got+744>
0x0000000803b54c27 <do_malloc+967>: callq 0x803b5435c
<_ZN8SpinLock10SlowUnlockEm@plt>
0x0000000803b54c2c <do_malloc+972>: mov %rbx,%rdi
0x0000000803b54c2f <do_malloc+975>: callq 0x803b542cc
<_Unwind_Resume@plt>
0x0000000803b54c34 <do_malloc+980>: callq 0x803b53cbc
<_ZSt9terminatev@plt>
0x0000000803b54c39 <do_malloc+985>: mov %r15,%rdi
0x0000000803b54c3c <do_malloc+988>: callq 0x803b5385c
<_ZN8tcmalloc7Sampler21PickNextSamplingPointEv@plt>
0x0000000803b54c41 <do_malloc+993>: mov %rax,(%r15)
0x0000000803b54c44 <do_malloc+996>: mov %r14,%rdi
0x0000000803b54c47 <do_malloc+999>: callq 0x803b55b40
<DoSampledAllocation>
0x0000000803b54c4c <do_malloc+1004>: mov %rax,%r15
0x0000000803b54c4f <do_malloc+1007>: test %r15,%r15
0x0000000803b54c52 <do_malloc+1010>: jne 0x803b54c5f <do_malloc+1023>
0x0000000803b54c54 <do_malloc+1012>: callq 0x803b53f2c <__error@plt>
0x0000000803b54c59 <do_malloc+1017>: movl $0xc,(%rax)
0x0000000803b54c5f <do_malloc+1023>: mov %r15,%rax
0x0000000803b54c62 <do_malloc+1026>: add $0x500,%rsp
0x0000000803b54c69 <do_malloc+1033>: pop %rbx
0x0000000803b54c6a <do_malloc+1034>: pop %r12
0x0000000803b54c6c <do_malloc+1036>: pop %r14
0x0000000803b54c6e <do_malloc+1038>: pop %r15
0x0000000803b54c70 <do_malloc+1040>: pop %rbp
0x0000000803b54c71 <do_malloc+1041>: retq
Original comment by ch...@thesouthernlibertarian.com
on 26 Jan 2012 at 2:42
0x0000000803b54894 <do_malloc+52>: lea 0x21bf24(%rip),%rdi
0x0000000803b5489c <do_malloc+60>: callq 0x803b53afc
Looks like one of two things:
1. A compiler bug based on where it is crashing.
2. Some form of corruption based on the fact that it rears it's head when
optimization is increased.
If you can run again and when it crashes run:
gdb> info reg
Also, I am curious about what symbol 0x803b53afc represents:
gdb> info sym 0x803b53afc
As well as what the offst of %rip:
gdb> disass $rip + 0x21bf24
-Dave
Original comment by chapp...@gmail.com
on 2 Mar 2012 at 6:48
Just pinging for an update.
Original comment by chapp...@gmail.com
on 21 Apr 2012 at 6:33
I can reproduce this. Here is my dump plus the info you requested. Please see
the attached file for the full comment as it was too long to post in this text
box.
Thanks,
Marcus
Original comment by marcuslr...@gmail.com
on 25 Apr 2012 at 9:24
Attachments:
Original comment by chapp...@gmail.com
on 4 May 2012 at 5:28
Original comment by chapp...@gmail.com
on 4 May 2012 at 5:41
Could potentially be an issue with the pthread implementation you are using?
Seems to be crashing while accessing thread local storage.
Original comment by chapp...@gmail.com
on 28 Oct 2012 at 2:38
chromium-35.0.1916.153_3 on FreeBSD-10 works fine with perftools-2.2.1 with
LD_PRELOAD.
Original comment by yuriv...@gmail.com
on 21 Aug 2014 at 7:56
closing then. Weirdly chromium has a fork of gperftools inside and doesn't need
preloading of malloc. Possibly even on bsd.
Original comment by alkondratenko
on 21 Aug 2014 at 7:40
Original issue reported on code.google.com by
ch...@thesouthernlibertarian.com
on 17 Jan 2012 at 5:23