From patchwork Wed Jan 20 15:42:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akash Hadke X-Patchwork-Id: 41778 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 78555396E83E; Wed, 20 Jan 2021 15:42:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 78555396E83E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1611157337; bh=EWr7e+29JBQRLGlLKA8fMIFZmQh06QFO5xrXKKJA7A8=; h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=rcW0PsNSj/JGK0cPDQ04sQa1xSgljVD1vN0YCmS2vlklNEQ4XlBKPX5KHlGoAknMe B757EITRy2FJE742ym1NzWA9jtIgpNADHT3vzy3hxV+k5r0mhqhK+pR6ttLoIgiBCM GIJZ+GkZnTLMjwrk/PpSlPe3Uqmj/h9VLJAihTdQ= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) by sourceware.org (Postfix) with ESMTPS id 4F3B43857026 for ; Wed, 20 Jan 2021 15:42:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4F3B43857026 Received: by mail-io1-xd32.google.com with SMTP id p72so22927986iod.12 for ; Wed, 20 Jan 2021 07:42:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=XJ+h+HNsp+OHxwNGe1B9yLr1txvnwHyIVZ9PO6HWLLc=; b=dZEyhYgNjSdqWFuQak7lT2iRlvywwibsnLFdPc9AS99cHBJsqJHFr5LiLTONZ4GOwZ vwpq62faGwI/sx8ZRJ1cir2Ak9gQVFrzEexfgmAq2mmmPfyXkk/wIlcR+oWJ5Is+kC/C NYE0YbMA1FDX+oyE4Cq5Qu0shgrIbkPUShlLyzBbXvRKaPdPVDKXD6X7+lKnIuh7RcL/ W6uAmz9OY8ap3tGuImev5nXg+dbiaVaziSRH1XN/GRhfVnWh+PpKUJqYZ6pFk69Qg/Mw COIS99+4oV/jhpzl9j8yw2w3IEpfvn1Hn38YsiLb/5TJMdFsEq3VJYoIC6hDxL7TPAVm ol2Q== X-Gm-Message-State: AOAM532ULsXrx2gqsFzPk3qdfWF8AA/GQjEBEqd+nran49w6Yc1Rdv2p vqPcZzz1r6mJaYZv5Y1t+6EgR1rAu4KUemT0HnSAXd+dOng= X-Google-Smtp-Source: ABdhPJzoItW6uwf+dFcwjC+Nhkir54h865PuLCN6tGbNnXP2KI5GttwCwAopcqzjIF0Mpn+bVwrI3QQQ5xAlFMMekRY= X-Received: by 2002:a02:3541:: with SMTP id y1mr8185179jae.66.1611157333343; Wed, 20 Jan 2021 07:42:13 -0800 (PST) MIME-Version: 1.0 Date: Wed, 20 Jan 2021 21:12:02 +0530 Message-ID: Subject: [PATCH] glibc: Apply patch for easy analysis of malloc issue To: libc-alpha@sourceware.org X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Akash Hadke via Libc-alpha From: Akash Hadke Reply-To: Akash Hadke Cc: akash.hadke@kpit.com, aditya.tayade@kpit.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" The function __malloc_tcache_walk added in this patch provides information of entire heap memory chunk in the core file. This patch provides the address and value of the memory chunk illegally written, which can help to understand and debug the issue. Used below CPP code for testing purpose. ============================================================================ typedef std::size_t Item; const std::size_t nItemsWanted = 64 / sizeof (Item); Item *const paItems1 = new Item [nItemsWanted]; { std::fill (paItems1, paItems1 + nItemsWanted, Item (0x8899AABBCCDDEEFF)); } delete [] paItems1; paItems1 [0] = 0x00214E414D544142; Item *const paItems3 = new Item [nItemsWanted]; Item *const paItems4 = new Item [nItemsWanted]; ============================================================================ This code fails and produce coredump below is the log of backtrace Without proposed patch: (gdb) bt #0 0x00007ff12b8f8407 in _GI__libc_malloc (bytes=64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3068 #1 0x00007ff12c261b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #2 0x000055c2db586645 in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Program-v2.cpp:22 (gdb) x/8gx e Value can't be converted to integer. With proposed patch: (gdb) bt #0 __malloc_tcache_walk (ptcache=0x55b28b3d0010, tc_idx=tc_idx@entry=3, e=e@entry=0x55b28b3e1e70) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2949 #1 0x00007f90e5abc53a in tcache_get (tc_idx=3) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2984 #2 _GI__libc_malloc (bytes=64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3096 #3 0x00007f90e6425b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #4 0x000055b28a44263b in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Program-v2.cpp:21 (gdb) x/8gx e 0x55b28b3e1e70: 0x00214e414d544142 0x000055b28b3d0010 0x55b28b3e1e80: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1e90: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1ea0: 0x8899aabbccddeeff 0x8899aabbccddeeff ChangeLog: 2021-01-20 Akash Hadke [BZ #27216] * malloc/malloc.c: Add new function __malloc_tcache_walk. glibc: Patch for better Analysis of malloc issue The function __malloc_tcache_walk added in this patch provides information of entire heap memory chunk in the core file. This patch provides address and value of the memory chunk illegally written, which can help to understand and debug the issue. Used below CPP code for testing purpose. ============================================================================ typedef std::size_t Item; const std::size_t nItemsWanted = 64 / sizeof (Item); Item *const paItems1 = new Item [nItemsWanted]; { std::fill (paItems1, paItems1 + nItemsWanted, Item (0x8899AABBCCDDEEFF)); } delete [] paItems1; paItems1 [0] = 0x00214E414D544142; Item *const paItems3 = new Item [nItemsWanted]; Item *const paItems4 = new Item [nItemsWanted]; ============================================================================ This code fails and produce coredump below is the log of backtrace Without proposed patch: (gdb) bt #0 0x00007ff12b8f8407 in _GI__libc_malloc (bytes=64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3068 #1 0x00007ff12c261b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #2 0x000055c2db586645 in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Program-v2.cpp:22 (gdb) x/8gx e Value can't be converted to integer. With proposed patch: (gdb) bt #0 __malloc_tcache_walk (ptcache=0x55b28b3d0010, tc_idx=tc_idx@entry=3, e=e@entry=0x55b28b3e1e70) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2949 #1 0x00007f90e5abc53a in tcache_get (tc_idx=3) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2984 #2 _GI__libc_malloc (bytes=64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3096 #3 0x00007f90e6425b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #4 0x000055b28a44263b in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Program-v2.cpp:21 (gdb) x/8gx e 0x55b28b3e1e70: 0x00214e414d544142 0x000055b28b3d0010 0x55b28b3e1e80: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1e90: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1ea0: 0x8899aabbccddeeff 0x8899aabbccddeeff Signed-off-by: Bogdan Dragu Signed-off-by: Akash Hadke Upstream-Status: Pending --- --- a/malloc/malloc.c 2021-01-19 14:42:22.263863000 +0530 +++ b/malloc/malloc.c 2021-01-19 15:01:42.291811660 +0530 @@ -2924,6 +2924,25 @@ static __thread bool tcache_shutting_down = false; static __thread tcache_perthread_struct *tcache = NULL; +__thread size_t __malloc_tcache_t_dummy_count; + +const tcache_entry * +__malloc_tcache_walk +(const tcache_perthread_struct *ptcache, size_t tc_idx, const tcache_entry *e) +{ + const tcache_entry *const p0 = e->next; + + const tcache_entry * p = p0; + { + for (size_t i = 0; p && i < 4; ++i) + p = p->next; + } + + ++__malloc_tcache_t_dummy_count; + + return p0; +} + /* Caller must ensure that we know tc_idx is valid and there's room for more chunks. */ static __always_inline void @@ -2946,10 +2965,14 @@ static __always_inline void * tcache_get (size_t tc_idx) { - tcache_entry *e = tcache->entries[tc_idx]; assert (tc_idx < TCACHE_MAX_BINS); - assert (tcache->entries[tc_idx] > 0); - tcache->entries[tc_idx] = e->next; + tcache_entry *const e = tcache->entries[tc_idx]; + + tcache_entry *const e_next = (tcache_entry *) __malloc_tcache_walk (tcache, tc_idx, e); + assert (e_next == e->next); + + tcache->entries[tc_idx] = e_next; + --(tcache->counts[tc_idx]); e->key = NULL; return (void *) e;