amd64 :: SIGABRT in malloc()

amd64 :: SIGABRT in malloc()

[B S Srinidhi]

Hi,

I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.

I've an application running on an amd64 machine. This app crashes while
allocating memory of size 300:

        suffix = malloc(sizeof(char) * 300);

When run under GDB, I get the following bt:

*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***

Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0  0x0000002a96214de0 in raise () from /lib/libc.so.6
#1  0x0000002a96216290 in abort () from /lib/libc.so.6
#2  0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
#3  0x0000002a962518fa in free () from /lib/libc.so.6
#4  0x0000002a96252d4b in malloc () from /lib/libc.so.6
<snipped>

Any ideas as to why this could be happening? How can I debug this
problem? And why is malloc() calling free()? 

Any help or pointers would be of great help.

Srinidhi.
-- 
ASCII ribbon campaign ( )         B S Srinidhi
 - against HTML email  X          http://srinidhi.deeproot.co.in
             & vCards / \         DeepRoot Linux

Re: amd64 :: SIGABRT in malloc()

[Mihai Dontu]

B S Srinidhi wrote:
> Hi,
> 
> I'm new to this list, but I've searched the archives (a little bit) to
> find a solution to my problem and haven't found anything.
> 
> I've an application running on an amd64 machine. This app crashes while
> allocating memory of size 300:
> 
>         suffix = malloc(sizeof(char) * 300);
> 
> When run under GDB, I get the following bt:
> 
> *** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***
> 
> Program received signal SIGABRT, Aborted.
> 0x0000002a96214de0 in raise () from /lib/libc.so.6
> (gdb) where
> #0  0x0000002a96214de0 in raise () from /lib/libc.so.6
> #1  0x0000002a96216290 in abort () from /lib/libc.so.6
> #2  0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
> #3  0x0000002a962518fa in free () from /lib/libc.so.6
> #4  0x0000002a96252d4b in malloc () from /lib/libc.so.6
> <snipped>
> 
> Any ideas as to why this could be happening? How can I debug this
> problem? And why is malloc() calling free()? 
> 
> Any help or pointers would be of great help.
> 
> Srinidhi.
Since you managed to get a stack trace (thus using a  program
that malloc()-s on its own) you can conclude there is nothing
wrong with malloc(). But there might be a heap corruption  in
your program. Depends on what your program was  doing  before
this.

M.D.


-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/

Re: amd64 :: SIGABRT in malloc()

[B S Srinidhi]

Hi,

Thanks alot for the quick reply. :)

On Thu, 2006-03-16 at 12:38 +0200, Mihai Dontu wrote:
> Since you managed to get a stack trace (thus using a  program
> that malloc()-s on its own) you can conclude there is nothing
> wrong with malloc(). But there might be a heap corruption  in
> your program. Depends on what your program was  doing  before
> this.

Even I thought so, but this program has stopped working after a recent
(a couple of months back) update of libc6. So was wondering if that
could have caused this problem. I had no issues running this same
program in the older libc (sorry I don't remember the version of the
older libc).

The current version of libc is: 2.3.6-3.

Srinidhi.
-- 
ASCII ribbon campaign ( )         B S Srinidhi
 - against HTML email  X          http://srinidhi.deeproot.co.in
             & vCards / \         DeepRoot Linux

RE: amd64 :: SIGABRT in malloc()

[krishna.vamsi]

Is it failing while allocating or while trying to use the allocated
memory ??

Because if it fails it is supposed to return NULL,  

The kind of error usually signifies the heap corruption(from the man of
malloc), can u tell us wht is the value of MALLOC_CHECK_ environment
variable value, please set it to 1 and run the program again.. 

-Vamsi

-----Original Message-----
From: linux-c-programming-owner@vger.kernel.org
[mailto:linux-c-programming-owner@vger.kernel.org] On Behalf Of B S
Srinidhi
Sent: Thursday, March 16, 2006 3:59 PM
To: linux-c-programming@vger.kernel.org
Subject: amd64 :: SIGABRT in malloc()


Hi,

I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.

I've an application running on an amd64 machine. This app crashes while
allocating memory of size 300:

        suffix = malloc(sizeof(char) * 300);

When run under GDB, I get the following bt:

*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0
***

Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0  0x0000002a96214de0 in raise () from /lib/libc.so.6
#1  0x0000002a96216290 in abort () from /lib/libc.so.6
#2  0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6 #3
0x0000002a962518fa in free () from /lib/libc.so.6 #4  0x0000002a96252d4b
in malloc () from /lib/libc.so.6 <snipped>

Any ideas as to why this could be happening? How can I debug this
problem? And why is malloc() calling free()? 

Any help or pointers would be of great help.

Srinidhi.
-- 
ASCII ribbon campaign ( )         B S Srinidhi
 - against HTML email  X          http://srinidhi.deeproot.co.in
             & vCards / \         DeepRoot Linux

-
To unsubscribe from this list: send the line "unsubscribe
linux-c-programming" in the body of a message to
majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html

Re: amd64 :: SIGABRT in malloc()

[Glynn Clements]

B S Srinidhi wrote:

> I'm new to this list, but I've searched the archives (a little bit) to
> find a solution to my problem and haven't found anything.
> 
> I've an application running on an amd64 machine. This app crashes while
> allocating memory of size 300:
> 
>         suffix = malloc(sizeof(char) * 300);
> 
> When run under GDB, I get the following bt:
> 
> *** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***
> 
> Program received signal SIGABRT, Aborted.
> 0x0000002a96214de0 in raise () from /lib/libc.so.6
> (gdb) where
> #0  0x0000002a96214de0 in raise () from /lib/libc.so.6
> #1  0x0000002a96216290 in abort () from /lib/libc.so.6
> #2  0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
> #3  0x0000002a962518fa in free () from /lib/libc.so.6
> #4  0x0000002a96252d4b in malloc () from /lib/libc.so.6
> <snipped>
> 
> Any ideas as to why this could be happening? 

The heap has been corrupted, e.g. due to a buffer overrun.

> How can I debug this problem?

Tracking down heap corruption can be awkward, as the error won't
usually occur until some time later. There are some hints in the glibc
Info file regarding the use of mprobe(). Another possibility is
Electric Fence (libefence).

> And why is malloc() calling free()? 

I don't know about that. It may just indicate incomplete debugging
information in libc.

-- 
Glynn Clements <glynn@gclements.plus.com>

Re: amd64 :: SIGABRT in malloc()

[B S Srinidhi]

Hi,

On Thu, 2006-03-16 at 10:55 +0000, Glynn Clements wrote:
> The heap has been corrupted, e.g. due to a buffer overrun.
> 

Thanks a lot for the tip-off. :) After reading this and a suggestion
from one of my friends, I ran the program in valgrind. 

/me still wondering why didn't he think of that earlier.

> > How can I debug this problem?
> 
> Tracking down heap corruption can be awkward, as the error won't
> usually occur until some time later. There are some hints in the glibc

You are absolutely right. Such a crash occurs much later the culprit
have left the scene. Policing such a thing is quite difficult.

> Info file regarding the use of mprobe(). Another possibility is
> Electric Fence (libefence).
> 

mcheck() and mprobe() didn't help me much (or I didn't know what to
infer from their output :D)

I used valgrind instead, and it pointed out a specific error that caught
my attention:

        Address 0x6BE0300 is 0 bytes after a block of size 432 alloc'd

This error was being generated at a place where I was allocating a
structure (much before the actual crash) and without checking the return
value of malloc(), data was written into the structure. Which caused all
the problem.

Now I'm trying to analyze the output of valgrind and doing some more
checks on the code.

Thanks a lot everyone who responded to my post. :D

Srinidhi.
-- 
ASCII ribbon campaign ( )         B S Srinidhi
 - against HTML email  X          http://srinidhi.deeproot.co.in
             & vCards / \         DeepRoot Linux