This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug malloc/16653] New: dvbv5-scan crashed with error 6
- From: "mail at stefanringel dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 03 Mar 2014 18:38:22 +0000
- Subject: [Bug malloc/16653] New: dvbv5-scan crashed with error 6
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16653
Bug ID: 16653
Summary: dvbv5-scan crashed with error 6
Product: glibc
Version: unspecified
Status: NEW
Severity: critical
Priority: P2
Component: malloc
Assignee: unassigned at sourceware dot org
Reporter: mail at stefanringel dot de
[New LWP 6654]
Core was generated by `dvbv5-scan -v -I CHANNEL
/usr/share/dvb/dvb-t/de-Berlin'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f11351861c9 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Thread 1 (LWP 6654):
#0 0x00007f11351861c9 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
resultvar = 0
pid = 6654
selftid = 6654
#1 0x00007f11351878d8 in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x2020203336383430,
sa_sigaction = 0x2020203336383430}, sa_mask = {__val = {2314885530818453536,
2314885530818453536, 7596498840077020960, 7881978211221124706,
3474859410666172973, 3544726768301601582, 3472328300576191795,
7004561081819871021, 8606977229197423155, 3832617365927915565,
3475200452259229744, 3906930058432946224, 2314885530818453555,
2314885530818453536, 8319607701661294624, 139710991171585}}, sa_flags = 86,
sa_restorer = 0x7fff72bb2f10}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f11351c7ba4 in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x7f11352d1bd8 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
ap = {{gp_offset = 40, fp_offset = 0, overflow_arg_area =
0x7fff72bb2f20, reg_save_area = 0x7fff72bb2eb0}}
fd = 5
on_2 = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007f11351cdcb7 in malloc_printerr (action=<optimized out>,
str=0x7f11352d1fa8 "malloc(): memory corruption (fast)", ptr=<optimized out>)
at malloc.c:4967
buf = "0000000000f10315"
cp = <optimized out>
#4 0x00007f11351d0d7e in _int_malloc (av=0x7f113550f760 <main_arena>,
bytes=10) at malloc.c:3348
p = 0xf10305
fb = <optimized out>
pp = <optimized out>
nb = 32
idx = <optimized out>
bin = <optimized out>
victim = 0xf10305
size = <optimized out>
victim_index = <optimized out>
remainder = <optimized out>
remainder_size = <optimized out>
block = <optimized out>
bit = <optimized out>
map = <optimized out>
fwd = <optimized out>
bck = <optimized out>
errstr = <optimized out>
__func__ = "_int_malloc"
#5 0x00007f11351d3680 in __GI___libc_malloc (bytes=10) at malloc.c:2889
ar_ptr = 0x7f113550f760 <main_arena>
victim = 0x6
__func__ = "__libc_malloc"
#6 0x000000000040d2d8 in parse_string (parms=parms@entry=0xf0b0e0,
dest=dest@entry=0xf18df8, emph=emph@entry=0xf18e00,
src=src@entry=0x7fff72bb3244 "CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\.", len=3,
default_charset=<optimized out>, output_charset=0x41274c "utf-8") at
parse_string.c:430
i = <optimized out>
len2 = 0
p = <optimized out>
p2 = <optimized out>
type = 0x412752 "iso-8859-1"
tmp1 = 0x0
tmp2 = 0x0
s = <optimized out>
emphasis = 0
#7 0x000000000040a983 in parse_service (dlen=23, verbose=1, buf=0x7fff72bb3240
"H\027\001\003CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\.", service_table=0xf18de0,
parms=0xf0b0e0) at descriptors.c:778
No locals.
#8 parse_descriptor (parms=parms@entry=0xf0b0e0, type=type@entry=SDT,
dvb_desc=dvb_desc@entry=0xf0cc50, buf=buf@entry=0x7fff72bb3240
"H\027\001\003CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\.", len=len@entry=25) at
descriptors.c:961
dlen = 23
err = 0
i = <optimized out>
#9 0x00000000004091ee in parse_sdt (version=<optimized out>, id=<optimized
out>, section_length=<synthetic pointer>, buf=0x7fff72bb323b
"@\025\377\200\031H\027\001\003CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\.", dvb_desc=0xf0cc50,
parms=0xf0b0e0) at dvb-scan.c:270
sdt_table = 0xf0cd28
len = 25
n = 0
#10 read_section (parms=parms@entry=0xf0b0e0, dmx_fd=dmx_fd@entry=4,
dvb_desc=dvb_desc@entry=0xf0cc50, pid=pid@entry=17, table=table@entry=66 'B',
ptr=ptr@entry=0x0, timeout=timeout@entry=2) at dvb-scan.c:508
count = <optimized out>
section_length = 91
table_id = <optimized out>
id = <optimized out>
version = <optimized out>
next = 0
buf =
"B\360f\003\005\323\000\000!\024\377@\025\377\200\031H\027\001\003CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\.", '\000' <repeats 1087 times>...
p = 0x7fff72bb3238
"!\024\377@\025\377\200\031H\027\001\003CBC\021\005\206RTL\207
Television@\026\377\200\fH\n\001\003CBC\004RTL2@\033\377\200\026H\024\001\003CBC\016\005\206S\207uper\206
RTL\207@\"\377\200\vH\t\001\003CBC\003VOX2v\\."
f = {pid = 17, filter = {filter = "B", '\000' <repeats 14 times>, mask
= "\377", '\000' <repeats 14 times>, mode = '\000' <repeats 15 times>}, timeout
= 0, flags = 5}
#11 0x0000000000409d0a in dvb_get_ts_tables (parms=parms@entry=0xf0b0e0,
dmx_fd=dmx_fd@entry=4, delivery_system=<optimized out>, other_nit=0,
timeout_multiply=<optimized out>, verbose=1) at dvb-scan.c:603
i = <optimized out>
rc = <optimized out>
pat_pmt_time = 1
sdt_time = 2
nit_time = 12
dvb_desc = 0xf0cc50
#12 0x0000000000401f6c in run_scan (parms=<optimized out>, args=0x7fff72bb4390)
at dvbv5-scan.c:476
dvb_desc = <optimized out>
dvb_file = 0xf0b010
freq = 506000000
sys = <optimized out>
dvb_file_new = 0x0
entry = 0xf0cf10
count = 1
dmx_fd = 4
i = <optimized out>
rc = <optimized out>
#13 main (argc=<optimized out>, argv=<optimized out>) at dvbv5-scan.c:646
args = {confname = 0x7fff72bb5326 "/usr/share/dvb/dvb-t/de-Berlin",
lnb_name = 0x0, output = 0x40de6f "dvb_channel.conf", demux_dev = 0xf0b080
"/dev/dvb/adapter0/demux0", adapter = 0, frontend = 0, demux = 0, get_detected
= 0, get_nit = 0, force_dvbv3 = 0, lnb = 0, sat_number = -1, freq_bpf = 0,
diseqc_wait = 0, dont_add_new_freqs = 0, timeout_multiply = 1, other_nit = 0,
input_format = FILE_CHANNEL, output_format = FILE_DVBV5, n_status_lines = 1}
lnb = <optimized out>
idx = 4
argp = {options = 0x40db00 <options>, parser = 0x4026c0 <parse_opt>,
args_doc = 0x40de60 "<initial file>", doc = 0x40e0f8 "scan DVB services using
the channel file", children = 0x0, help_filter = 0x0, argp_domain = 0x0}
parms = <optimized out>
>From To Syms Read Shared Object Library
0x00007f1135731610 0x00007f11357a0a46 Yes /lib64/libm.so.6
0x00007f1135518af0 0x00007f11355282e5 Yes /lib64/libgcc_s.so.1
0x00007f113516e4a0 0x00007f11352b46b3 Yes /lib64/libc.so.6
0x00007f1135a32b10 0x00007f1135a4cf40 Yes /lib64/ld-linux-x86-64.so.2
0x00007f1134f4c5c0 0x00007f1134f4d1b1 Yes
/usr/lib64/gconv/ISO8859-1.so
$1 = 0x7f1135c49000 ""
No symbol "__glib_assert_msg" in current context.
rax 0x0 0
rbx 0x56 86
rcx 0xffffffffffffffff -1
rdx 0x6 6
rsi 0x19fe 6654
rdi 0x19fe 6654
rbp 0x7fff72bb2f10 0x7fff72bb2f10
rsp 0x7fff72bb2b78 0x7fff72bb2b78
r8 0x7f11352c6ec0 139711883275968
r9 0x61b6a8 6403752
r10 0x8 8
r11 0x246 582
r12 0x7fff72bb2d20 140735118257440
r13 0x7 7
r14 0x56 86
r15 0x7 7
rip 0x7f11351861c9 0x7f11351861c9 <__GI_raise+57>
eflags 0x246 [ PF ZF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 <unavailable>
st1 <unavailable>
st2 <unavailable>
st3 <unavailable>
st4 <unavailable>
st5 <unavailable>
st6 <unavailable>
st7 <unavailable>
fctrl <unavailable>
fstat <unavailable>
ftag <unavailable>
fiseg <unavailable>
fioff <unavailable>
foseg <unavailable>
fooff <unavailable>
fop <unavailable>
xmm0 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm1 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm2 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm3 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm4 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm5 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm6 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm7 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm8 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm9 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm10 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm11 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm12 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm13 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm14 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
xmm15 {v4_float = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_double = {<unavailable>, <unavailable>}, v16_int8 =
{<unavailable> <repeats 16 times>}, v8_int16 = {<unavailable>, <unavailable>,
<unavailable>, <unavailable>, <unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v4_int32 = {<unavailable>, <unavailable>, <unavailable>,
<unavailable>}, v2_int64 = {<unavailable>, <unavailable>}, uint128 =
<unavailable>}
mxcsr <unavailable>
Dump of assembler code for function __GI_raise:
0x00007f1135186190 <+0>: mov %fs:0x2d4,%eax
0x00007f1135186198 <+8>: mov %eax,%ecx
0x00007f113518619a <+10>: mov %fs:0x2d0,%esi
0x00007f11351861a2 <+18>: test %esi,%esi
0x00007f11351861a4 <+20>: jne 0x7f11351861d8 <__GI_raise+72>
0x00007f11351861a6 <+22>: mov $0xba,%eax
0x00007f11351861ab <+27>: syscall
0x00007f11351861ad <+29>: mov %eax,%ecx
0x00007f11351861af <+31>: mov %eax,%fs:0x2d0
0x00007f11351861b7 <+39>: mov %eax,%esi
0x00007f11351861b9 <+41>: movslq %edi,%rdx
0x00007f11351861bc <+44>: movslq %esi,%rsi
0x00007f11351861bf <+47>: movslq %ecx,%rdi
0x00007f11351861c2 <+50>: mov $0xea,%eax
0x00007f11351861c7 <+55>: syscall
=> 0x00007f11351861c9 <+57>: cmp $0xfffffffffffff000,%rax
0x00007f11351861cf <+63>: ja 0x7f11351861ea <__GI_raise+90>
0x00007f11351861d1 <+65>: repz retq
0x00007f11351861d3 <+67>: nopl 0x0(%rax,%rax,1)
0x00007f11351861d8 <+72>: test %eax,%eax
0x00007f11351861da <+74>: jg 0x7f11351861b9 <__GI_raise+41>
0x00007f11351861dc <+76>: mov %eax,%ecx
0x00007f11351861de <+78>: neg %ecx
0x00007f11351861e0 <+80>: test $0x7fffffff,%eax
0x00007f11351861e5 <+85>: cmove %esi,%ecx
0x00007f11351861e8 <+88>: jmp 0x7f11351861b9 <__GI_raise+41>
0x00007f11351861ea <+90>: mov 0x388c6f(%rip),%rdx #
0x7f113550ee60
0x00007f11351861f1 <+97>: neg %eax
0x00007f11351861f3 <+99>: mov %eax,%fs:(%rdx)
0x00007f11351861f6 <+102>: or $0xffffffffffffffff,%rax
0x00007f11351861fa <+106>: retq
End of assembler dump.
dvbv5-scan[2355]: segfault at 7ffffc6a2ff8 ip 00007f4b1329a947 sp
00007ffffc6a2f90 error 6 in ld-2.19.90.so[7f4b13295000+22000]
*** Error in `dvbv5-scan': free(): corrupted unsorted chunks:
0x0000000000d8dc80 ***
*** Error in `dvbv5-scan': malloc(): memory corruption: 0x0000000000d95a30 ***
*** Error in `dvbv5-scan': malloc(): memory corruption: 0x0000000000d95a30 ***
--
You are receiving this mail because:
You are on the CC list for the bug.