Bug 16662

Summary: Memory handling problems under IRIX 6.5.30
Product: dbus Reporter: Tuomas Jormola <tj>
Component: coreAssignee: Havoc Pennington <hp>
Status: RESOLVED DUPLICATE QA Contact: John (J5) Palmieri <johnp>
Severity: enhancement    
Priority: low CC: srcshelton, tj, walters
Version: 1.2.xKeywords: NEEDINFO, want-backtrace
Hardware: SGI   
OS: IRIX   
Whiteboard:
i915 platform: i915 features:
Attachments: dmalloc log file running dbus-daemon --introspect
stacktrace of the segfault when running dbus-daemon --introspect

Description Tuomas Jormola 2008-07-10 06:18:25 UTC
Created attachment 17618 [details]
dmalloc log file running dbus-daemon --introspect

Hi,

I'm trying to get dbus 1.2.1 working on an SGI Octane2 machine running IRIX 6.5.30. I'm using MipsPro 7.4.3m compiler. I've compiled all kinds of complex, modern free software on this platform (X.Org 7.3 libraries, Gtk+, Cairo, etc.) so it should be capable of running also dbus. Expat 2.0.1 is compiled under the prefix /opt/local. This is the basic configure settings for non-modified dbus-1.2.1 source when not using special malloc library.

CC='cc -n32 -mips4 -c99' CPPFLAGS='-I/opt/local/include' LDFLAGS='-L/opt/local/lib' ./configure --prefix=/scratch/tmp/dbus/orig --without-init-scripts --with-xml=expat

When running dbus-daemon compiled like this with --introspect argument, it will die with "Bus error (core dumped)" message without printing anything. The file introspect-stacktrace-orig.txt contains the stack trace obtained with the dbx debugger.

I then configured dbus by linking everything against SpeedShop memory allocation library (http://www.techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?cmd=getdoc&coll=0650&db=man&fname=3%20malloc_ss) by adding -lmalloc_ss to LDFLAGS shown above in order to get some trace info about the problem. When running with default trace settings, this gets printed:

(15:42:25)(root@saraswati)(/scratch/tmp/dbus/dbus-1.2.1-malloc_ss/bus)$ ./dbus-daemon --introspect
SSmalloc error (Process 1419844): overrun address (0x10090260), tail guard @0x1009038e is corrupt
SSmalloc error (Process 1419844): failed realloc (0x10090260, 604); returned NULL pointer
SSmalloc error (Process 1419844): memory area @0x10090260 has already been freed
Can not introspect - Out of memory

and with tracing

(15:46:26)(root@saraswati)(/scratch/tmp/dbus/dbus-1.2.1-malloc_ss/bus)$ _SSMALLOC_TRACING=1 _SPEEDSHOP_VERBOSE=1 ./dbus-daemon --introspect
SSmalloc: SpeedShop debugging malloc library (-lmalloc_ss) initialization
        _SPEEDSHOP_VERBOSE = 1
        _SSMALLOC_TRACING: enabled
        _SSMALLOC_FASTCHK: enabled
        _SSMALLOC_FULLWARN: disabled
        _SSMALLOC_MAXMALLOC = 0 (==> no maximum)
        _SSMALLOC_NO_REUSE: disabled
        _SSMALLOC_CLEAR_MALLOC: disabled
        _SSMALLOC_CLEAR_FREE: disabled
ssmalloclog event #1 = 0, 0x100900b0, 8, 0x00000000, error = 0
    0 PCs:
ssmalloclog event #2 = 0, 0x100900d0, 8, 0x00000000, error = 0
    0 PCs:
ssmalloclog event #3 = 0, 0x100900f0, 8, 0x00000000, error = 0
    0 PCs:
ssmalloclog event #4 = 0, 0x10090110, 8, 0x00000000, error = 0
    0 PCs:
ssmalloclog event #5 = 1, 0x100901b0, 151, 0x10090110, error = 0
    0 PCs:
ssmalloclog event #6 = 1, 0x10090260, 302, 0x100901b0, error = 0
    0 PCs:
SSmalloc error (Process 1420500): overrun address (0x10090260), tail guard @0x1009038e is corrupt
ssmalloclog event #7 = 3, 0x00000000, 0, 0x10090260, error = 13
    0 PCs:
SSmalloc error (Process 1420500): failed realloc (0x10090260, 604); returned NULL pointer
ssmalloclog event #8 = 3, 0x00000000, 604, 0x10090260, error = 3
    0 PCs:
SSmalloc error (Process 1420500): memory area @0x10090260 has already been freed
ssmalloclog event #9 = 3, 0x00000000, 0, 0x10090260, error = 10
    0 PCs:
ssmalloclog event #10 = 2, 0x10090260, 0, 0x00000000, error = 0
    0 PCs:
Can not introspect - Out of memory

Finally I compiled dbus against dmalloc library http://dmalloc.com adding -DDMALLOC -DDMALLOC_FUNC_CHECK to the CPPFLAGS when configuring and #include <dmalloc.h> to each C file. Full dmalloc trace log file is attached as introspect-dmalloc.log.

I hope this is useful for tracing the problem. I'm glad to help any way possible, like providing shell access to the machine if somebody wants do further debug this..
Comment 1 Tuomas Jormola 2008-07-10 06:19:23 UTC
Created attachment 17619 [details]
stacktrace of the segfault when running dbus-daemon --introspect
Comment 2 Colin Walters 2008-07-24 11:59:23 UTC
In a brief look, I don't see why we'd crash at that particular point honestly.
Comment 3 Stian Skjelstad 2010-06-01 01:10:58 UTC
(In reply to comment #0)
> Created an attachment (id=17618) [details]
> dmalloc log file running dbus-daemon --introspect

This log would be more valuable if there were some stacktrace availble from the failure-point.



> (15:42:25)(root@saraswati)(/scratch/tmp/dbus/dbus-1.2.1-malloc_ss/bus)$
> ./dbus-daemon --introspect
> SSmalloc error (Process 1419844): overrun address (0x10090260), tail guard
> @0x1009038e is corrupt
> SSmalloc error (Process 1419844): failed realloc (0x10090260, 604); returned
> NULL pointer
> SSmalloc error (Process 1419844): memory area @0x10090260 has already been
> freed
> Can not introspect - Out of memory

Here too, a stacktrace would be nice at the first failure-point.


The very last stacktrace probably happens after some memory-corruption has occured, destroying internal malloc() structures.
Comment 4 Simon McVittie 2011-01-06 09:10:12 UTC
Sorry, support for proprietary platforms/compilers isn't a priority given the number of other open bugs. Backtraces or patches would be welcome.
Comment 5 Simon McVittie 2011-01-06 09:37:22 UTC
*** Bug 26390 has been marked as a duplicate of this bug. ***
Comment 6 Simon McVittie 2011-01-06 09:38:09 UTC
The extra information on Bug #26390 might be useful for those who like Irix?
Comment 7 Simon McVittie 2011-01-07 06:41:35 UTC
This might possibly be a dup of Bug #11668, which mentions that it affects Irix and has similar symptoms. It'd be interesting to retry when that bug has been fixed.
Comment 8 Peter O'Gorman, The Written Word, Inc. 2011-01-13 10:12:06 UTC
We patch our dbus to get a replacement vsnprintf from gnulib (vsnprintf-posix module), then no segfaults on IRIX.

Be happy to provide a patch for trunk if someone wants to pick a snprintf (gnulib, trio, something else).

*** This bug has been marked as a duplicate of bug 11668 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.