Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

double free or corruption, invalid pointer #4356

Closed
p6rt opened this issue Jun 28, 2015 · 9 comments
Closed

double free or corruption, invalid pointer #4356

p6rt opened this issue Jun 28, 2015 · 9 comments
Labels
SEGV Segmentation fault, bus error, etc.

Comments

@p6rt
Copy link

p6rt commented Jun 28, 2015

Migrated from rt.perl.org#125500 (status was 'rejected')

Searchable as RT125500$

@p6rt
Copy link
Author

p6rt commented Jun 28, 2015

From @AlexDaniel

For any missing information see IRC log​:
http://irclog.perlgeek.de/perl6/2015-06-28#i_10815783

@p6rt
Copy link
Author

p6rt commented Jun 28, 2015

From @AlexDaniel

Whoops, accidentally pressed the send button. Here is the information​:

Errors that I get​:
*** Error in `/home/alex/git/rakudobrew/moar-nom/install/bin/moar'​: double
free or corruption (!prev)​: 0x0eab14f8 ***
or
*** Error in `/home/alex/git/rakudobrew/moar-nom/install/bin/moar'​: free()​:
invalid pointer​: 0x09b99c58 ***
or similar

Valgrind output​:
https://gist.github.com/AlexDaniel/a3ce0f8315ddd93fed38

The whole code​:
https://gist.github.com/AlexDaniel/76569d745033eac7e3b3
Please note that I cannot golf it down to anything shorter, any change to
the code makes the problem disappear. It is very unstable. I was quickly
writing that code to get my stuff done when I suddenly stumbled upon that
problem. If you change the input file it will stop breaking as well.

Exact instructions to run it​:
* Run it like this​: ./asc-to-svg pins.ASC B
* please note argument B, it is important
* Here is the file pins.ASC https://files.progarm.org/pins.ASC
* Here is how the output looks like​:
https://gist.github.com/AlexDaniel/76569d745033eac7e3b3
* Sometimes it works correctly, but most of the times it breaks
* On my machine it takes 36 seconds to break
* If it didn't break after 36 seconds, then it will not break
* It breaks on exactly the same line every time (at least that's what I'm
seeing right now)
* It depends on the code a lot. For example, if you remove this unused
line​: my $FILENAME = 'pins.ASC'; it will stop breaking

Linux Margo 3.16.0-4-586 #​1 Debian 3.16.7-ckt4-3 (2015-02-03) i686 GNU/Linux

JimmyZ thinks that it is a gc bug.

On Sun, Jun 28, 2015 at 10​:00 AM, perl6 via RT <perl6-bugs-followup@​perl.org

wrote​:

Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding​:
"double free or corruption, invalid pointer",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [perl #​125500].

Please include the string​:

     \[perl #&#8203;125500\]

in the subject line of all future correspondence about this issue. To do
so,
you may reply to this message.

                    Thank you,
                    perl6\-bugs\-followup@&#8203;perl\.org

-------------------------------------------------------------------------
For any missing information see IRC log​:
http://irclog.perlgeek.de/perl6/2015-06-28#i_10815783

@p6rt
Copy link
Author

p6rt commented Jun 28, 2015

From @AlexDaniel

Wrong link.
Here is how the output looks like​:
https://gist.github.com/AlexDaniel/d8c7333f181b41cc64a6

On Sun, Jun 28, 2015 at 10​:00 AM, perl6 via RT <perl6-bugs-followup@​perl.org

wrote​:

Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding​:
"double free or corruption, invalid pointer",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [perl #​125500].

Please include the string​:

     \[perl #&#8203;125500\]

in the subject line of all future correspondence about this issue. To do
so,
you may reply to this message.

                    Thank you,
                    perl6\-bugs\-followup@&#8203;perl\.org

-------------------------------------------------------------------------
For any missing information see IRC log​:
http://irclog.perlgeek.de/perl6/2015-06-28#i_10815783

@p6rt
Copy link
Author

p6rt commented Jun 29, 2015

From @FROGGS

More backtrace​:

[...]
  <circle cx="159.779006" cy="230.867814" r="1" fill="#​2cf24d" />
*** Error in `/home/froggs/dev/nqp/install/bin/moar'​: double free or corruption (!prev)​: 0x00000000107a8770 ***

Program received signal SIGABRT, Aborted.
0x00007ffff7419cc9 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c​: Datei oder Verzeichnis nicht gefunden.
(gdb) bt full
#​0 0x00007ffff7419cc9 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
  resultvar = 0
  pid = 6048
  selftid = 6048
#​1 0x00007ffff741d0d8 in __GI_abort () at abort.c​:89
  save_stage = 2
  act = {__sigaction_handler = {sa_handler = 0x7fffffffd320, sa_sigaction = 0x7fffffffd320}, sa_mask = {__val = {2048, 9186935046144, 256, 32, 648540062062, 4, 4097,
  18446603336221207681, 257, 64, 4097, 18446603336221207649, 257, 64, 112, 140737488343968}}, sa_flags = 5361, sa_restorer = 0xffff800000002c31}
  sigs = {__val = {32, 0 <repeats 15 times>}}
#​2 0x00007ffff7456394 in __libc_message (do_abort=do_abort@​entry=1, fmt=fmt@​entry=0x7ffff7564b28 "*** Error in `%s'​: %s​: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c​:175
  ap = {{gp_offset = 40, fp_offset = 0, overflow_arg_area = 0x7fffffffd5e0, reg_save_area = 0x7fffffffd570}}
  fd = 14
  on_2 = <optimized out>
  list = <optimized out>
  nlist = <optimized out>
  cp = <optimized out>
  written = <optimized out>
#​3 0x00007ffff746266e in malloc_printerr (ptr=<optimized out>, str=0x7ffff7564c10 "double free or corruption (!prev)", action=1) at malloc.c​:4996
  buf = "00000000107a8770"
  cp = <optimized out>
#​4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c​:3840
  size = <optimized out>
  fb = <optimized out>
  nextchunk = <optimized out>
  nextsize = <optimized out>
  nextinuse = <optimized out>
  prevsize = <optimized out>
  bck = <optimized out>
  fwd = <optimized out>
  errstr = <optimized out>
  locked = <optimized out>
#​5 0x00007ffff79070a3 in MVM_frame_dec_ref (tc=0x603730, frame=0xf5addd0) at src/core/frame.c​:85
  pool_index = <optimized out>
  outer_to_decr = 0xfcbe5c0
#​6 0x00007ffff793ecd2 in gc_free (tc=<optimized out>, obj=0x7ffff6630fc8) at src/6model/reprs/MVMCode.c​:70
  code_obj = 0x7ffff6630fc8
#​7 0x00007ffff7923520 in MVM_gc_collect_free_nursery_uncopied (tc=0x603730, limit=0x7ffff66b0fd0) at src/gc/collect.c​:546
  obj = 0x7ffff6630fc8
  item = 0x7ffff6630fc8
  dead = <optimized out>
  scan = 0x7ffff6630fc8
#​8 0x00007ffff791fba7 in run_gc (tc=tc@​entry=0x603730, what_to_do=what_to_do@​entry=0 '\000') at src/gc/orchestrate.c​:316
  other = <optimized out>
  gen = 0 '\000'
  i = <optimized out>
  n = <optimized out>
#​9 0x00007ffff79203ac in MVM_gc_enter_from_allocator (tc=tc@​entry=0x603730) at src/gc/orchestrate.c​:420
  last_starter = 0x620290
  num_threads = 0
  is_full = 0
---Type <return> to continue, or q <return> to quit---
#​10 0x00007ffff79207d8 in MVM_gc_allocate_nursery (tc=tc@​entry=0x603730, size=72) at src/gc/allocation.c​:32
  allocated = <optimized out>
#​11 0x00007ffff792082c in MVM_gc_allocate (size=<optimized out>, tc=tc@​entry=0x603730) at src/gc/allocation.h​:12
No locals.
#​12 MVM_gc_allocate_zeroed (tc=tc@​entry=0x603730, size=<optimized out>) at src/gc/allocation.c​:49
No locals.
#​13 0x00007ffff7920a18 in MVM_gc_allocate_object (tc=0x603730, st=<optimized out>) at src/gc/allocation.c​:85
  obj = <optimized out>
#​14 0x00007ffff7908242 in MVM_frame_takeclosure (tc=0x603730, code=<optimized out>) at src/core/frame.c​:832
  closure = <optimized out>
#​15 0x00007ffff78f9699 in MVM_interp_run (tc=0x17a0, tc@​entry=0x603730, initial_invoke=0x0, invoke_data=0x6) at src/core/interp.c​:781
  op = 6
  LABELS = {0x7ffff78f0c19 <MVM_interp_run+153>, 0x7ffff78fc0e1 <MVM_interp_run+46433>, 0x7ffff78f0c5b <MVM_interp_run+219>, 0x7ffff78f0c5b <MVM_interp_run+219>,
  0x7ffff78f5c11 <MVM_interp_run+20625>, 0x7ffff78f5c54 <MVM_interp_run+20692>, 0x7ffff78f7383 <MVM_interp_run+26627>, 0x7ffff78f7466 <MVM_interp_run+26854>,
  0x7ffff78f79c5 <MVM_interp_run+28229>, 0x7ffff78f1bc4 <MVM_interp_run+4164>, 0x7ffff78f7938 <MVM_interp_run+28088>, 0x7ffff78f793d <MVM_interp_run+28093>,
  0x7ffff78f7942 <MVM_interp_run+28098>, 0x7ffff78f7947 <MVM_interp_run+28103>, 0x7ffff78f7955 <MVM_interp_run+28117>, 0x7ffff78f7965 <MVM_interp_run+28133>,
[...]

@p6rt
Copy link
Author

p6rt commented Jun 29, 2015

The RT System itself - Status changed from 'new' to 'open'

@p6rt
Copy link
Author

p6rt commented Feb 27, 2017

From @MasterDuke17

I ran this in a loop both in and outside valgrind for several hours and never got an error of any kind. I haven't attempted to golf or bisect it, but I believe whatever the problem was it's now fixed.

@p6rt
Copy link
Author

p6rt commented Feb 27, 2017

From @AlexDaniel

On 2017-02-26 20​:16​:14, ddgreen@​gmail.com wrote​:

I ran this in a loop both in and outside valgrind for several hours
and never got an error of any kind. I haven't attempted to golf or
bisect it, but I believe whatever the problem was it's now fixed.

That's not surprising given that the problem went away if you did *any* kind of change to the source code. Now that rakudo changed a lot, surely it doesn't crash anymore.

Does it mean that the bug was fixed? Nobody knows. But I guess we should close this anyway.

@p6rt
Copy link
Author

p6rt commented Oct 6, 2017

From @AlexDaniel

I'll close this ticket. I'm failing to reproduce the issue on 2015-ish versions of rakudo, let alone HEAD. I think the actual problem was resolved and hopefully there are tests for it, but trying to find what exactly fixed it is a total waste of time unfortunately. Even with all powers of whateverables this is not going to happen.

Maybe I can try bisecting it manually, but I know that it will just point to a random moar/nqp bump and that will be it. We'd much rather spend time on new SEGV tickets than this one.

On 2017-02-26 20​:55​:48, alex.jakimenko@​gmail.com wrote​:

On 2017-02-26 20​:16​:14, ddgreen@​gmail.com wrote​:

I ran this in a loop both in and outside valgrind for several hours
and never got an error of any kind. I haven't attempted to golf or
bisect it, but I believe whatever the problem was it's now fixed.

That's not surprising given that the problem went away if you did
*any* kind of
change to the source code. Now that rakudo changed a lot, surely it
doesn't
crash anymore.

Does it mean that the bug was fixed? Nobody knows. But I guess we
should close
this anyway.

@p6rt
Copy link
Author

p6rt commented Oct 6, 2017

@AlexDaniel - Status changed from 'open' to 'rejected'

@p6rt p6rt closed this as completed Oct 6, 2017
@p6rt p6rt added the SEGV Segmentation fault, bus error, etc. label Jan 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SEGV Segmentation fault, bus error, etc.
Projects
None yet
Development

No branches or pull requests

1 participant