From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jiri Slaby <jslaby@suse.cz>
Subject: Re: trinity: lots of free(): invalid pointer
Date: Mon, 20 Jan 2014 20:31:43 +0100
Message-ID: <52DD799F.7090403@suse.cz>
References: <52D70DC5.8070104@suse.cz> <20140117190932.GA4300@redhat.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <trinity-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        bh=0mtjRp09nyebrIU6os684bRqGVHBubleAj18HZK6hZ4=;
        b=e1EpopOxBzq6z/TgHygMcqMV+gRjoen+iq57c4ajO0Q5p0Q6WYDqey7wjD8FbHTAWc
         RYFUuozXKOwcIYE2KdI6BHx1oByPGwxmCl4n6YTqZVrs6fLnQ0u0KLM+aaDAxAY2WKH6
         8W07/NYTTYw8asMzvnWtRLnLe+k5NExYH/N6uTTQqfIIKZPdngLi0rvzrNU5On9ZPj66
         FvqSfbYvugdwVM4v8suZUyUnSJGvYP5uRK8Z5zes4iPpnNpRoM9nS32TeTXCG4WRP8KX
         FvdEVL6SwEKfoWOmaKd/R46Ov9neYpMV2qdq+ydvtec9p++Q/mBa63G65XOWfeN93/8M
         zUbg==
In-Reply-To: <20140117190932.GA4300@redhat.com>
Sender: trinity-owner@vger.kernel.org
List-ID: <trinity.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Dave Jones <davej@redhat.com>
Cc: trinity@vger.kernel.org

On 01/17/2014 08:09 PM, Dave Jones wrote:
> On Wed, Jan 15, 2014 at 11:37:57PM +0100, Jiri Slaby wrote:
>  > Hi Dave,
>  > 
>  > I see lots of $SUBJ generated by the current snapshot of trinity.
>  > 0x4120ae below is free in the loop in post_move_pages. So this is
>  > perhaps introduced with one of:
>  > commit ae3b98fcbf52c808b0a3eb4eb5311c9fdf433f55
>  > Author: Dave Jones <davej@redhat.com>
>  > Date:   Wed Jan 8 11:08:22 2014 -0500
>  > 
>  >     only allocate page_types array once
>  > 
>  > commit 2a749813619348b3bfd144fe04488f698d83accc
>  > Author: Dave Jones <davej@redhat.com>
>  > Date:   Tue Jan 7 12:11:11 2014 -0500
>  > 
>  >     teach move_pages about the maps list
>  > 
>  > 
>  > Any ideas?
> 
> I rewrote a bunch of that code a few days ago, are you still seeing it ?
> I'm not able to reproduce it here.  A run with -c move_pages runs and runs.

Yeah, I still see it with the current snapshot. But, not with move_pages
anymore, it seems. There had to be more sources, the current one is
(with -x move_pages):
 *** Error in `trinity': double free or corruption (top):
0x00000000014f9bc0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x740af)[0x7f0c48ba30af]
/lib64/libc.so.6(+0x798de)[0x7f0c48ba88de]
/lib64/libc.so.6(+0x7a5e6)[0x7f0c48ba95e6]
trinity[0x40abc8]
trinity[0x40dabc]
trinity[0x40338a]
trinity[0x40704c]
trinity[0x402c47]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f0c48b50b15]
trinity[0x402f13]

The topmost trinity item 0x40abc8 is "entry->post(childno)". There seems
to be a lost/optimized-out frame between this call and libc :/.

thanks,
-- 
js
suse labs