NULL bin issue in arena_dalloc_bin_locked
jasone at canonware.com
Fri Nov 29 12:11:40 PST 2013
On Nov 29, 2013, at 4:32 AM, Max Fest <fest at dragonwar.fr> wrote:
> i got an issue with the lib, i get some random segmentation fault with my program on basic operation.
> During the call of a destructor for example.
> On the top of my backtrace i've got this :
> (gdb) frame 0
> #0 arena_dalloc_bin_locked (arena=arena at entry=0x7f4fc645b1c0, chunk=chunk at entry=0x7f4de8000000, ptr=ptr at entry=0x7f4de817b800, mapelm=<optimized out>) at /home/server/dwcatacore3/dep/jemalloc/src/arena.c:1713
> 1713 } else if (run->nfree == 1 && run != bin->runcur)
> (gdb) info locals
> pageind = 379
> run = 0x7f4de8179000
> bin = 0x0
> bin_info = 0x1f551d0
> size = 1536
> So you can see that bin is NULL, and the call at bin->runcur will ran into a segmentation fault.
> I use jemalloc 3.4.1 compiled with my project as a dependance. It run on a Debian 7 x86_64.
> Is it a jemalloc related issue ?
> The full backtrace : http://pastebin.com/w2KVAs8p
It’s likely that your application is corrupting page run state by double freeing an allocation. If you run a debug build of jemalloc and disable thread caching, jemalloc will probably fail an assertion when the double free occurs.
More information about the jemalloc-discuss