Ubuntu
binutils package

  1. Bug #1266492
  2. Comment #5

Comment 5 for bug 1266492

Revision history for this message
In , Darryl L. Miles (darryl-miles) wrote :

malloc_printerr() on error detection "free(): invalid next size (fast)" ends up calling into:

backtrace.c:init()
dl-libc.c:do_dlopen()
malloc.c:calloc()
malloc.c:malloc_printerr()

The malloc error reporting should only report the first error, not attempt to recusively report all error (we knew it was corrupted at the outer most point, so any further work inside malloc is also likely to find corruption).

Full stack trace to follow.

The main problem is the process does not abort() and die, it hangs around in:

pthread_once.S:pthread_one()
backtrace.c:__backtrace()

I think due to recursive lock, this lock should trylock() on the 2nd time and abort() the process immediately. It does appear to deadlock itself.