Wed Sep 16 16:09:30 EDT 1998 C980916-3722 Have a problem where pthreads under 4.0D once and a while tries to free an invalid pointer when a thread is being created (or maybe destroyed). The following two stack traces are such examples of such an occurance. Thu Sep 17 20:10:35 EDT 1998 After exchanging a couple of pieces of mail, I finally called John Dailey @ DEC. Very frustrating. I had to be very, very patient and understanding with this guy. He argued with me that I should be using the libc mallocs and the program runs forever. I had to tell him that I was disappointed that I had to do the hard sell to submit possible bugs such as this to important parts of the operating system. I asked him if there was anything that I should have done differently and he finally said no. He said that he would bump it up to engineering although he did not sound hopeful that anything would come of it. In general I get the feeling that his #1 job was not to report bugs in the OS but provide solutions to my problem -- i.e. work arounds. This is not acceptable, IMHO. ------------------------------------------------------------------------------- >0 0x1200903b0 in dmalloc_error(func=0x1400398e8="_chunk_free") "error.c":308 #1 0x12008db78 in _chunk_free(file=0x3ff801395a8="\366?\272\'", line=0, pnt=0x14c141ff8) "chunk.c":2387 #2 0x1200882ac in free(pnt=0x14c142000) "malloc.c":543 #3 0x3ff80588088 in vmFreePage(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #4 0x3ff80578e54 in stkDestroy(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #5 0x3ff8057e0dc in thdDestroy(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #6 0x3ff8058895c in vmPutCache(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #7 0x3ff8057e220 in thdFree(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #8 0x3ff8056a114 in dspDispellZombies(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #9 0x3ff80579b5c in __pthread_create(0x1400398e8, 0x11ffff020, 0x5d, 0x0, 0x0, 0x21) in /usr/shlib/libpthread.so #10 0x1200150d0 in serve(server_sd=80) "cqd.c":540 #11 0x120016bf4 in main(argc=3, argv=0x11ffffa28) "cqd.c":1289 ------------------------------------------------------------------------------- >0 0x1200903b0 in dmalloc_error(func=0x1400398e8="_chunk_free") "error.c":308 #1 0x12008db78 in _chunk_free(file=0x3ff8058808c="\301?\272\'\024\334\275#@\212}\247\200\202\035\246\020G[k\301?\272\'\b", line=0, pnt=0x14c0d1ff8) "chunk.c":2387 #2 0x1200882ac in free(pnt=0x14c0d2000) "malloc.c":543 #3 0x3ff80588088 in vmFreePage(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #4 0x3ff80578e54 in stkDestroy(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #5 0x3ff8057e0dc in thdDestroy(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #6 0x3ff8057e28c in thdFree(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #7 0x3ff8056a114 in dspDispellZombies(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #8 0x3ff80579b5c in __pthread_create(0x1400398e8, 0x11ffff050, 0x5d, 0x0, 0x0, 0x5d) in /usr/shlib/libpthread.so #9 0x1200150d0 in serve(server_sd=80) "cqd.c":540 #10 0x120016bf4 in main(argc=3, argv=0x11ffffa28) "cqd.c":1289 ------------------------------------------------------------------------------- /* * This should be compiled on 4.0D with cc x.c -pthread * * The 2 second delay in the handle thread and the 0.5 second delay in * main seem to be a bit magical. I could not get it to fail with * other settings. It is some timing interaction with thread_destroy * and create I guess. */ #include #include #include #include #include #include #include #define PAGE_SIZE (8 * 1024) #define NUM_PAGES 1024 #define MEM_ROUND 32 static char memory[PAGE_SIZE * NUM_PAGES]; static char *memory_p = NULL; /* simulate a malloc */ void *malloc(int size) { void *addr; int round; round = size % MEM_ROUND; if (round != 0) { size += MEM_ROUND - round; } if (memory_p == NULL) { memory_p = memory; } addr = memory_p; memory_p += size; printf("Mallocing %d bytes got %p\n", size, addr); return addr; } /* simulate a free */ void free(char *pnt) { /* check the free address */ if (pnt < memory || pnt > memory_p) { fprintf(stderr, "Invalid free address %p\n", pnt); abort(); } printf("Freeing %p\n", pnt); } /* simulate a realloc */ void *realloc(void *pnt, int size) { printf("Reallocing %p to %d bytes\n", pnt, size); free(pnt); return NULL; } /* our little thread */ void *handle(void *arg) { struct timeval timeout = { 2, 0 }; (void)select(0, NULL, NULL, NULL, &timeout); (void)printf("Thread exiting\n"); return NULL; } int main() { int ret; pthread_t thread; struct timeval timeout = { 0, 500000 }; /* make sure we are using our local routines */ realloc(malloc(10), 20); free(malloc(20)); while (1) { (void)printf("Creating a thread\n"); /* fork a thread to handle connection -- client_sd is closed in handle */ ret = pthread_create(&thread, NULL, handle, NULL); if (ret != 0) { (void)fprintf(stderr, "pthread_create failed: %s\n", strerror(ret)); continue; } ret = pthread_detach(thread); if (ret != 0) { (void)fprintf(stderr, "pthread_detached failed: %s\n", strerror(ret)); } /* pause for a while */ (void)select(0, NULL, NULL, NULL, &timeout); } exit(0); }