Re: mpv coredump

To: current-users%NetBSD.org@localhost, Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: mpv coredump
From: Kamil Rytarowski <n54%gmx.com@localhost>
Date: Sun, 16 Feb 2020 13:02:32 +0100
On 16.02.2020 12:48, Thomas Klausner wrote:
> Hi!
> 
> I've upgraded kernel + userland to 9.99.47/amd64.
> Now mpv (built on 9.99.43) dumps core immediately.
> 

Does it work if you just revert this:

Modified Files:
	src/lib/libpthread: pthread.c pthread_int.h pthread_mutex.c
	    pthread_tsd.c

Log Message:
Enhance the pthread(3) + malloc(3) init model

Separate the pthread_atfork(3) call from pthread_tsd_init()
and move it into a distinct function.

Call inside pthread__init() late TSD initialization route, just after
"pthread_atfork(NULL, NULL, pthread__fork_callback);".

Document that malloc(3) initialization is now controlled again and called
during the first pthread_atfork(3) call.

Remove #if 0 code from pthread_mutex.c as we no longer initialize malloc
prematurely.


To generate a diff of this commit:
cvs rdiff -u -r1.164 -r1.165 src/lib/libpthread/pthread.c
cvs rdiff -u -r1.101 -r1.102 src/lib/libpthread/pthread_int.h
cvs rdiff -u -r1.74 -r1.75 src/lib/libpthread/pthread_mutex.c
cvs rdiff -u -r1.18 -r1.19 src/lib/libpthread/pthread_tsd.c

Alternatively please try to revert:

Modified Files:
	src/external/bsd/jemalloc/dist/src: tcache.c

Log Message:
jemalloc: Avoid variable length array with length 0

Cherry-pick upstrem patch.

https://github.com/jemalloc/jemalloc/pull/1768


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/jemalloc/dist/src/tcache.c


I hope that the problem is in the latter.

> Core was generated by `mpv'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x0000794efd8ebd31 in je_extent_heap_remove (ph=ph@entry=0x794eec804fb8, phn=phn@entry=0x794eecc097c0)
> at /usr/src/external/bsd/jemalloc/lib/../dist/src/extent.c:278                                                                                                                                                                                     278     ph_gen(, extent_heap_, extent_heap_t, extent_t, ph_link, extent_snad_comp)
> [Current thread is 1 (process 5)] 
> (gdb) bt
> #0  0x0000794efd8ebd31 in je_extent_heap_remove (ph=ph@entry=0x794eec804fb8, phn=phn@entry=0x794eecc097c0) at /usr/src/external/bsd/jemalloc/lib/../dist/src/extent.c:278
> #1  0x0000794efd913977 in arena_bin_slabs_nonfull_remove (slab=0x794eecc097c0, bin=0x794eec804f40) at /usr/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1484
> #2  arena_dissociate_bin_slab (bin=0x794eec804f40, slab=0x794eecc097c0, arena=0x794eec8008c0) at /usr/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1484
> #3  arena_dalloc_bin_locked_impl (tsdn=tsdn@entry=0x794f085a30a0, arena=arena@entry=0x794eec8008c0, slab=0x794eecc097c0, ptr=<optimized out>, junked=junked@entry=true) at /usr/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1546
> #4  0x0000794efd914d49 in je_arena_dalloc_bin_junked_locked (tsdn=tsdn@entry=0x794f085a30a0, arena=arena@entry=0x794eec8008c0, extent=<optimized out>, ptr=<optimized out>) at /usr/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1562
> #5  0x0000794efd8be7a5 in je_tcache_bin_flush_small (tsd=tsd@entry=0x794f085a30a0, tcache=tcache@entry=0x794f085a3260, tbin=0x794f085a3300, binind=binind@entry=6, rem=100)
>     at /usr/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/tsd.h:138
> #6  0x0000794efd91cced in tcache_dalloc_small (slow_path=false, binind=6, ptr=0x794f0804ef60, tcache=0x794f085a3260, tsd=<optimized out>) at /usr/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/tcache_inlines.h:178
> #7  arena_dalloc (slow_path=false, alloc_ctx=<synthetic pointer>, tcache=0x794f085a3260, ptr=0x794f0804ef60, tsdn=<optimized out>) at /usr/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/arena_inlines_b.h:224
> #8  idalloctm (slow_path=false, is_internal=false, alloc_ctx=<synthetic pointer>, tcache=0x794f085a3260, ptr=0x794f0804ef60, tsdn=<optimized out>)
>     at /usr/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/jemalloc_internal_inlines_c.h:118
> #9  ifree (slow_path=false, tcache=0x794f085a3260, ptr=0x794f0804ef60, tsd=<optimized out>) at /usr/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2255
> #10 free (ptr=0x794f0804ef60) at /usr/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2429
> #11 0x000000000050e09a in ta_free (ptr=<optimized out>) at ../ta/ta.c:270
> #12 0x000000000046c76c in free_str_list (dst=0x794eed9ff3a0) at ../options/m_option.c:1280
> #13 0x0000000000475ca8 in m_option_free (opt=0x794eed9ff3e0, dst=0x794eed9ff3a0) at ../options/m_option.h:533
> #14 m_property_do (log=<optimized out>, prop_list=0x794f08868c00, name=name@entry=0x794f081abd88 "property-list", action=action@entry=6, arg=0x794eed9ff4f0, ctx=ctx@entry=0x794f088ea040) at ../options/m_property.c:128
> #15 0x000000000048c6fe in mp_property_do (name=0x794f081abd88 "property-list", action=action@entry=6, val=<optimized out>, val@entry=0x794eed9ff4f0, ctx=0x794f088ea040) at ../player/command.c:3605
> #16 0x000000000047ca5c in getproperty_fn (arg=arg@entry=0x794eed9ff560) at ../player/client.c:1356
> #17 0x000000000047ebd4 in run_locked (fn_data=0x794eed9ff560, fn=0x47c9a3 <getproperty_fn>, ctx=0x794f088fec40) at ../player/client.c:1012
> #18 mpv_get_property (ctx=0x794f088fec40, name=name@entry=0x794f081abd88 "property-list", format=format@entry=MPV_FORMAT_STRING, data=data@entry=0x794eed9ff5b0) at ../player/client.c:1431
> #19 0x00000000004978db in script_get_property (L=0x794f08530000) at ../player/lua.c:780
> #20 0x0000794eff40dc47 in luaD_precall (L=L@entry=0x794f08530000, func=<optimized out>, func@entry=0x794f08158820, nresults=nresults@entry=1) at ldo.c:319
> #21 0x0000794eff41a89b in luaV_execute (L=L@entry=0x794f08530000) at lvm.c:709
> #22 0x0000794eff40e05b in luaD_call (L=L@entry=0x794f08530000, func=<optimized out>, nResults=nResults@entry=1, allowyield=allowyield@entry=0) at ldo.c:402
> #23 0x0000794eff4095d6 in lua_callk (L=L@entry=0x794f08530000, nargs=nargs@entry=0, nresults=nresults@entry=1, ctx=ctx@entry=0, k=k@entry=0x0) at lapi.c:905
> #24 0x00000000004962c2 in load_builtin (L=0x794f08530000) at ../player/lua.c:217
> #25 0x0000794eff40dc47 in luaD_precall (L=L@entry=0x794f08530000, func=<optimized out>, nresults=1) at ldo.c:319
> #26 0x0000794eff40e03e in luaD_call (L=L@entry=0x794f08530000, func=<optimized out>, nResults=nResults@entry=1, allowyield=allowyield@entry=0) at ldo.c:401
> #27 0x0000794eff4095d6 in lua_callk (L=L@entry=0x794f08530000, nargs=nargs@entry=2, nresults=nresults@entry=1, ctx=ctx@entry=0, k=k@entry=0x0) at lapi.c:905
> #28 0x0000794eff4280d1 in ll_require (L=0x794f08530000) at loadlib.c:520
> #29 0x0000794eff40dc47 in luaD_precall (L=L@entry=0x794f08530000, func=<optimized out>, func@entry=0x794f08158650, nresults=nresults@entry=0) at ldo.c:319
> #30 0x0000794eff41a89b in luaV_execute (L=L@entry=0x794f08530000) at lvm.c:709
> #31 0x0000794eff40e05b in luaD_call (L=L@entry=0x794f08530000, func=<optimized out>, nResults=nResults@entry=0, allowyield=allowyield@entry=0) at ldo.c:402
> #32 0x0000794eff4095d6 in lua_callk (L=L@entry=0x794f08530000, nargs=nargs@entry=0, nresults=nresults@entry=0, ctx=ctx@entry=0, k=k@entry=0x0) at lapi.c:905
> #33 0x0000000000497755 in require (L=L@entry=0x794f08530000, name=name@entry=0x794f085c0830 "@stats.lua") at ../player/lua.c:235
> #34 0x0000000000497856 in load_scripts (L=0x794f08530000) at ../player/lua.c:263
> #35 0x0000794eff40dc47 in luaD_precall (L=L@entry=0x794f08530000, func=<optimized out>, nresults=0) at ldo.c:319
> #36 0x0000794eff40e03e in luaD_call (L=0x794f08530000, func=<optimized out>, nResults=<optimized out>, allowyield=<optimized out>) at ldo.c:401
> #37 0x0000794eff40d488 in luaD_rawrunprotected (L=L@entry=0x794f08530000, f=f@entry=0x794eff40788b <f_call>, ud=ud@entry=0x794eed9ffc90) at ldo.c:131
> #38 0x0000794eff40e2eb in luaD_pcall (L=L@entry=0x794f08530000, func=func@entry=0x794eff40788b <f_call>, u=u@entry=0x794eed9ffc90, old_top=48, ef=<optimized out>) at ldo.c:603
> #39 0x0000794eff4096b3 in lua_pcallk (L=L@entry=0x794f08530000, nargs=nargs@entry=0, nresults=nresults@entry=0, errfunc=errfunc@entry=-2, ctx=ctx@entry=0, k=k@entry=0x0) at lapi.c:949
> #40 0x0000000000498e4d in run_lua (L=0x794f08530000) at ../player/lua.c:332
> #41 0x0000794eff40dc47 in luaD_precall (L=L@entry=0x794f08530000, func=<optimized out>, nresults=0) at ldo.c:319
> #42 0x0000794eff40e03e in luaD_call (L=0x794f08530000, func=<optimized out>, nResults=<optimized out>, allowyield=<optimized out>) at ldo.c:401
> #43 0x0000794eff40d488 in luaD_rawrunprotected (L=L@entry=0x794f08530000, f=f@entry=0x794eff40788b <f_call>, ud=ud@entry=0x794eed9ffed0) at ldo.c:131
> #44 0x0000794eff40e2eb in luaD_pcall (L=L@entry=0x794f08530000, func=func@entry=0x794eff40788b <f_call>, u=u@entry=0x794eed9ffed0, old_top=16, ef=<optimized out>) at ldo.c:603
> #45 0x0000794eff4096b3 in lua_pcallk (L=L@entry=0x794f08530000, nargs=nargs@entry=1, nresults=nresults@entry=0, errfunc=errfunc@entry=0, ctx=ctx@entry=0, k=k@entry=0x0) at lapi.c:949
> #46 0x00000000004992e7 in mp_cpcall (func=0x498b47 <run_lua>, ud=0x794f08542040, L=0x794f08530000) at ../player/lua.c:102
> #47 load_lua (client=<optimized out>, fname=0x794f085c0830 "@stats.lua") at ../player/lua.c:365
> #48 0x00000000004a0e28 in script_thread (p=0x794f08877060) at ../player/scripting.c:95
> #49 0x0000794f0100cbd2 in pthread__create_tramp (cookie=0x794f0889d000) at /usr/src/lib/libpthread/pthread.c:595
> #50 0x0000794efd88fd10 in ?? () from /usr/lib/libc.so.12
> #51 0x0000000000200000 in ?? ()
> #52 0x0000000000000000 in ?? ()
> (gdb) 
> 
>  Thomas
>
Attachment: signature.asc
Description: OpenPGP digital signature
Follow-Ups:
- Re: mpv coredump
  - From: Thomas Klausner
References:
- mpv coredump
  - From: Thomas Klausner
Prev by Date: Re: 9.99.47 panic: diagnostic assertion "lwp_locked(l, spc->spc_mutex)" failed: file ".../kern_synch.c", line 1001
Next by Date: Re: mpv coredump
Previous by Thread: mpv coredump
Next by Thread: Re: mpv coredump
Indexes:
Home | Main Index | Thread Index | Old Index