|
| O9.50-1823(.6) glibc double free or corruption. |
 |
Sun, 24 Feb 2008 13:17:38 -080 |
1. I closed a page (ctrl+w) and got this jewel
2. I was running w/ OPERA_PLUGINWRAPPER_DEBUG set to 10
3. I started opera from the command line
~% opera > & opera.log
*** glibc detected *** /usr/local/lib/opera/9.50-20080221.6/opera: double free o
r corruption (fasttop): 0x09a1a270 ***
======= Backtrace: =========
/lib/libc.so.6[0xb749c9e0]
/lib/libc.so.6(cfree+0x89)[0xb749e6d9]
/usr/local/lib/opera/9.50-20080221.6/opera[0x870e78b]
/usr/local/lib/opera/9.50-20080221.6/opera[0x83f98e0]
/usr/local/lib/opera/9.50-20080221.6/opera[0x870efed]
/usr/local/lib/opera/9.50-20080221.6/opera[0x80ab65b]
/usr/local/lib/opera/9.50-20080221.6/opera[0x80b9415]
/usr/local/lib/opera/9.50-20080221.6/opera[0x80bf73d]
/usr/local/lib/opera/9.50-20080221.6/opera[0x80d5992]
/usr/local/lib/opera/9.50-20080221.6/opera[0x80d63b6]
/usr/local/lib/opera/9.50-20080221.6/opera[0x844d7e6]
/usr/local/lib/opera/9.50-20080221.6/opera[0x85e9eee]
/usr/local/lib/opera/9.50-20080221.6/opera[0x843fef0]
/usr/local/lib/opera/9.50-20080221.6/opera[0x843febb]
/usr/local/lib/opera/9.50-20080221.6/opera[0x844460d]
/usr/local/lib/opera/9.50-20080221.6/opera[0x844ad61]
/usr/local/lib/opera/9.50-20080221.6/opera[0x864c527]
/usr/local/lib/opera/9.50-20080221.6/opera[0x865da0a]
/usr/local/lib/opera/9.50-20080221.6/opera[0x864b029]
/usr/local/lib/opera/9.50-20080221.6/opera[0x86852b7]
/usr/local/lib/opera/9.50-20080221.6/opera[0x8764451]
/usr/local/lib/opera/9.50-20080221.6/opera[0x8764a5a]
/usr/local/lib/opera/9.50-20080221.6/opera[0x81ae129]
/usr/local/lib/opera/9.50-20080221.6/opera[0x81ae26a]
/usr/local/lib/opera/9.50-20080221.6/opera[0x81af1de]
/usr/local/lib/opera/9.50-20080221.6/opera[0x867e221]
/usr/local/lib/opera/9.50-20080221.6/opera[0x867e3b6]
/usr/local/lib/opera/9.50-20080221.6/opera[0x88e1dd8]
/usr/qt/3/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUO
bject+0x169)[0xb7a114d9]
/usr/qt/3/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEi+0xcd)[0xb7a1212d]
/usr/qt/3/lib/libqt-mt.so.3(_ZN6QTimer7timeoutEv+0x29)[0xb7d4e1b9]
/usr/qt/3/lib/libqt-mt.so.3(_ZN6QTimer5eventEP6QEvent+0x3f)[0xb7a34c9f]
/usr/qt/3/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+
0x97)[0xb79b1d87]
/usr/qt/3/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x71)[0xb
79b2941]
/usr/qt/3/lib/libqt-mt.so.3(_ZN10QEventLoop14activateTimersEv+0x1fc)[0xb79a6ecc]
/usr/qt/3/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0x78c)[0xb79619cc]
/usr/qt/3/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x51)[0xb79c88c1]
/usr/qt/3/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x26)[0xb79c8746]
/usr/qt/3/lib/libqt-mt.so.3(_ZN12QApplication4execEv+0x1f)[0xb79b180f]
/usr/local/lib/opera/9.50-20080221.6/opera[0x867dff3]
/usr/local/lib/opera/9.50-20080221.6/opera[0x8064faf]
/usr/local/lib/opera/9.50-20080221.6/opera(_ZN7QWidget10setEnabledEb+0x20b)[0x80
5e3a7]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb744cfdc]
/usr/local/lib/opera/9.50-20080221.6/opera(_ZN7QWidget25setPaletteBackgroundColo
rERK6QColor+0xc5)[0x805e291]
======= Memory map: ========
06000000-06417000 r-xp 00000000 03:43 16704623 /opt/sun-jdk-1.6.0.03/jre/lib/i
386/client/libjvm.so
06417000-06430000 rw-p 00417000 03:43 16704623 /opt/sun-jdk-1.6.0.03/jre/lib/i
386/client/libjvm.so
06430000-0684f000 rw-p 06430000 00:00 0
08048000-08a85000 r-xp 00000000 03:43 17164978 /usr/local/lib/opera/9.50-20080
221.6/opera
08a85000-08ae2000 rw-p 00a3c000 03:43 17164978 /usr/local/lib/opera/9.50-20080
221.6/opera
08ae2000-09f9d000 rw-p 08ae2000 00:00 0 [heap]
b39dd000-b39de000 ---p b39dd000 00:00 0
b39de000-b41de000 rwxp b39de000 00:00 0
b41de000-b41df000 ---p b41de000 00:00 0
b41df000-b49df000 rwxp b41df000 00:00 0
b49df000-b4cdb000 rw-p b49df000 00:00 0
b4cfd000-b4d20000 r--p 00000000 03:43 10060285 /usr/share/fonts/corefonts/verd
ana.ttf
b4d20000-b4dc6000 rw-p b4d20000 00:00 0
b4e12000-b4e64000 r--p 00000000 03:43 10050913 /usr/share/fonts/corefonts/time
sbd.ttf
b4e64000-b4e65000 ---p b4e64000 00:00 0
b4e65000-b5665000 rwxp b4e65000 00:00 0
b5c00000-b5c21000 rw-p b5c00000 00:00 0
b5c21000-b5d00000 ---p b5c21000 00:00 0
b5dd1000-b5dd5000 r--p 00000000 03:43 16807757 /usr/share/fonts/100dpi/helvB10
.pcf.gz
b5dd5000-b5df8000 r--p 00000000 03:43 10045040 /usr/share/fonts/corefonts/geor
giab.ttf
b5df8000-b5e45000 r--p 00000000 03:43 10045036 /usr/share/fonts/corefonts/cour
bd.ttf
b5e45000-b5e66000 r--p 00000000 03:43 10059882 /usr/share/fonts/corefonts/treb
ucbi.ttf
b5e66000-b5e74000 r-xp 00000000 03:43 16692070 /lib/libresolv-2.6.1.so
b5e74000-b5e75000 r--p 0000e000 03:43 16692070 /lib/libresolv-2.6.1.so
b5e75000-b5e76000 rw-p 0000f000 03:43 16692070 /lib/libresolv-2.6.1.so
b5e76000-b5e78000 rw-p b5e76000 00:00 0
b5e78000-b5e80000 r-xp 00000000 03:43 16653061 /lib/libnss_files-2.6.1.so
b5e80000-b5e81000 r--p 00007000 03:43 16653061 /lib/libnss_files-2.6.1.so
b5e81000-b5e82000 rw-p 00008000 03:43 16653061 /lib/libnss_files-2.6.1.so
b5e91000-b5e92000 ---p b5e91000 00:00 0
b5e92000-b6692000 rwxp b5e92000 00:00 0
b6692000-b66d8000 r--p 00000000 03:43 10045027 /usr/share/fonts/corefonts/aria
lbd.ttf
b66d8000-b6789000 r-xp 00000000 03:43 15442160 /usr/lib/libaspell.so.15.1.4
b6789000-b678e000 rw-p 000b1000 03:43 15442160 /usr/lib/libaspell.so.15.1.4
b678e000-b6792000 rw-p b678e000 00:00 0
b6792000-b6796000 r-xp 00000000 03:43 17164977 /usr/local/lib/opera/9.50-20080
221.6/spellcheck.so
b6796000-b6797000 rw-p 00004000 03:43 17164977 /usr/local/lib/opera/9.50-20080
221.6/spellcheck.so
b6797000-b6798000 ---p b6797000 00:00 0
b6798000-b6f98000 rwxp b6798000 00:00 0
b6f98000-b6fbe000 rw-p b6f98000 00:00 0
b6fbe000-b7002000 r--p 00000000 03:43 10045025 /usr/share/fonts/corefonts/aria
l.ttf
b7002000-b7042000 r-xp 00000000 03:43 14662259 /usr/lib/libXt.so.6.0.0
b7042000-b7046000 rw-p 0003f000 03:43 14662259 /usr/lib/libXt.so.6.0.0
b704f000-b7053000 r-xp 00000000 03:43 16692047 /lib/libnss_dns-2.6.1.so
b7053000-b7054000 r--p 00003000 03:43 16692047 /lib/libnss_dns-2.6.1.so
b7054000-b7055000 rw-p 00004000 03:43 16692047 /lib/libnss_dns-2.6.1.so
b7055000-b7056000 r-xp 00000000 03:43 17164973 /usr/local/lib/opera/9.50-20080
221.6/missingsyms.so
b7056000-b7057000 rw-p 00000000 03:43 17164973 /usr/local/lib/opera/9.50-20080
221.6/missingsyms.so
b7057000-b705d000 r--s 00000000 03:43 9010839 /var/cache/fontconfig/87f5e0511
80a7a75f16eb6fe7dbd3749-x86.cache-2
b705d000-b705f000 r--s 00000000 03:43 9012425 /var/cache/fontconfig/76fa4b957
c916922374347f144bde9da-x86.cache-2
b705f000-b706d000 r--s 00000000 03:43 9012172 /var/cache/fontconfig/8d4af6639
93b81a124ee82e610bb31f9-x86.cache-2
b706d000-b7080000 r--s 00000000 03:43 9007988 /var/cache/fontconfig/4b5cf4386
f1cde02a336ba961b4ac82d-xAbort (core dumped)
~
And of course Opera took in the shorts
Core was generated by `/usr/local/lib/opera/9.50-20080221.6/opera'.
Program terminated with signal 6, Aborted.
#0 0xb7f36410 in __kernel_vsyscall ()
(gdb) thread apply all bt
Thread 2 (process 24949):
#0 0xb7f36410 in __kernel_vsyscall ()
#1 0xb76a0576 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2 0x086b1c3c in ?? ()
#3 0x091ef560 in ?? ()
#4 0x091ef548 in ?? ()
#5 0x0960f2f8 in ?? ()
#6 0x0960f2f8 in ?? ()
#7 0x00000000 in ?? ()
Thread 1 (process 24939):
#0 0xb7f36410 in __kernel_vsyscall ()
#1 0xb7460121 in *__GI_raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb7461908 in *__GI_abort () at abort.c:88
#3 0xb7496c9b in __libc_message (do_abort=2, fmt=0xb754bb08 "*** glibc
detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4 0xb749c9e0 in malloc_printerr (action=2, str=0xb754bb9c "double free or
corruption (fasttop)", ptr=<value optimized out>) at malloc.c:5887
#5 0xb749e6d9 in *__GI___libc_free (mem=0x9a1a270) at malloc.c:3622
#6 0x0870e78b in ?? ()
#7 0x09a1a270 in ?? ()
#8 0xb7564120 in ?? () from /lib/libc.so.6
#9 0x09d27cf8 in ?? ()
#10 0x09d27cf8 in ?? ()
#11 0x09a1b190 in ?? ()
#12 0x09c27f08 in ?? ()
#13 0xbfd17ed8 in ?? ()
#14 0x083f98e0 in ?? ()
#15 0x09a1b190 in ?? ()
#16 0xb7564120 in ?? () from /lib/libc.so.6
#17 0x09bbf3a0 in ?? ()
#18 0x09bbf3a0 in ?? ()
#19 0x00000000 in ?? ()
(gdb)
--
|
| Post Reply
|
| Re: O9.50-1823(.6) glibc double free or corruption. |
 |
Sun, 24 Feb 2008 13:26:17 -080 |
Bug report submitted - bug-314705
--
|
| Post Reply
|
| Re: O9.50-1823(.6) glibc double free or corruption. |
 |
Wed, 27 Feb 2008 09:25:36 -080 |
"Robt. W. Fletcher Jr" <me@wa.us> writes:
> Bug report submitted - bug-314705
They wanted a crash log, duh? If I could have duplicated the
seg-fault, I would have sent it on.
This is what happens when you ship stripped binary images during
pre-alpha testing. If they didn't strip symbols, the gdb bt would have
provided sufficient info (all packages on my system are compiled w/
symbols).
Bug-314705 closed.
--
|
| Post Reply
|
| Re: O9.50-1823(.6) glibc double free or corruption. |
 |
Thu, 28 Feb 2008 08:15:30 -080 |
Eirik Byrkjeflot Anonsen <eirik@opera.com> writes:
> "Robt. W. Fletcher Jr" <me@wa.us> writes:
>
>> "Robt. W. Fletcher Jr" <me@wa.us> writes:
>>
>>> Bug report submitted - bug-314705
>>
>> They wanted a crash log, duh? If I could have duplicated the
>> seg-fault, I would have sent it on.
>>
>> This is what happens when you ship stripped binary images during
>> pre-alpha testing. If they didn't strip symbols, the gdb bt would
>> have provided sufficient info (all packages on my system are
>> compiled w/ symbols).
>>
>> Bug-314705 closed.
>>
>
> Our build system should be storing the non-stripped version. That
> should enable us to "re-symbolize" backtraces from the
stripped
> version.
Okay, nice to know. I had just about decided to stop reporting Opera
seg-faults, w/ just --- gdb apply all bt -- backtraces.
Given this release, I finally decided to ALWAYS start inspect after
starting Opera. Another way of saying this release is seg-fault prone
on my system.
--
|
| Post Reply
|
| Re: O9.50-1823(.6) glibc double free or corruption. |
 |
Thu, 28 Feb 2008 08:51:07 +010 |
"Robt. W. Fletcher Jr" <me@wa.us> writes:
> "Robt. W. Fletcher Jr" <me@wa.us> writes:
>
>> Bug report submitted - bug-314705
>
> They wanted a crash log, duh? If I could have duplicated the
> seg-fault, I would have sent it on.
>
> This is what happens when you ship stripped binary images during
> pre-alpha testing. If they didn't strip symbols, the gdb bt would have
> provided sufficient info (all packages on my system are compiled w/
> symbols).
>
> Bug-314705 closed.
>
Our build system should be storing the non-stripped version. That
should enable us to "re-symbolize" backtraces from the stripped
version.
|
| Post Reply
|
|
|
|
|
|
|
|
|
|