Created attachment 1771782 [details] matlab files that cause malloc(): unaligned tcache chunk detected Description of problem: malloc(): unaligned tcache chunk detected Aborted (core dumped) Version-Release number of selected component (if applicable): 2.32-4 How reproducible: Steps to Reproduce: 1. run eclosed script in matlab 2021a. Increase prs to physical number of cores 2. 3. Actual results: malloc(): unaligned tcache chunk detected malloc(): unaligned tcache chunk detected Aborted (core dumped) Expected results: Additional info:
strace of debug.m openat(AT_FDCWD, "/home/knutjb/.matlab/local_cluster_jobs/R2021a/Job276.in.mat", O_RDONLY) = 888 150376 fstat(888, {st_mode=S_IFREG|0644, st_size=17691, ...}) = 0 150376 read(888, "MATLAB 5.0 MAT-file, Platform: G"..., 4096) = 4096 150376 lseek(888, 0, SEEK_CUR) = 4096 150376 lseek(888, 16384, SEEK_SET) = 16384 150376 read(888, "x'\301\314\237\207\240\374\207-\312/\216>=d}i\23\303\356\347\236\327\374c\242\254\316\252\230~"..., 4096) = 1307 150376 lseek(888, 17691, SEEK_SET) = 17691 150376 lseek(888, 0, SEEK_SET) = 0 150376 read(888, "MATLAB 5.0 MAT-file, Platform: G"..., 4096) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 lseek(888, 4096, SEEK_SET) = 4096 150376 read(888, "\342\346i^^\3^ |\224>g\351\276\376.\360\273\320\374.j\362\353vz+&\373x\245\371"..., 4096) = 4096 150376 read(888, "a\235\374\241\32AI\356G\16\367\243:\271Ev\315\270?\25p\277p\270_\324\317\355\335\222R\205"..., 4096) = 4096 150376 lseek(888, 16384, SEEK_SET) = 16384 150376 read(888, "x'\301\314\237\207\240\374\207-\312/\216>=d}i\23\303\356\347\236\327\374c\242\254\316\252\230~"..., 4096) = 1307 150376 lseek(888, 17691, SEEK_SET) = 17691 150376 lseek(888, 16384, SEEK_SET) = 16384 150376 read(888, "x'\301\314\237\207\240\374\207-\312/\216>=d}i\23\303\356\347\236\327\374c\242\254\316\252\230~"..., 4096) = 1307 150376 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2228, ...}) = 0 150376 futex(0x7f16dc020b18, FUTEX_WAKE_PRIVATE, 2147483647) = 1 150376 close(888) = 0 150375 <... futex resumed>) = 0 150375 futex(0x7f16dc020ac8, FUTEX_WAKE_PRIVATE, 1) = 0 150376 futex(0x7f15710ed7b0, FUTEX_WAKE_PRIVATE, 1 <unfinished ...> 150375 futex(0x7f15710ed7b0, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...> 150376 <... futex resumed>) = 0 150375 <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) 150375 futex(0x7f15710ed7b0, FUTEX_WAKE_PRIVATE, 1) = 0 150375 futex(0x7f1570c2eda0, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...> 150376 writev(2, [{iov_base="malloc(): unaligned tcache chunk"..., iov_len=41}, {iov_base="\n", iov_len=1}], 2) = 42 150376 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15e620f000 150376 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 150376 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [PIPE], 8) = 0 150376 getpid() = 150251 150376 gettid() = 150376 150376 tgkill(150251, 150376, SIGABRT) = 0 150376 rt_sigprocmask(SIG_SETMASK, [PIPE], NULL, 8) = 0 150376 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=150251, si_uid=1000} --- 150376 rt_sigaction(SIGBUS, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [BUS], NULL, 8) = 0 150376 rt_sigaction(SIGFPE, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [FPE], NULL, 8) = 0 150376 rt_sigaction(SIGILL, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [ILL], NULL, 8) = 0 150376 rt_sigaction(SIGSEGV, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0 150376 rt_sigaction(SIGSYS, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [SYS], NULL, 8) = 0 150376 rt_sigaction(SIGTRAP, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663ba0, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [TRAP], NULL, 8) = 0 150376 rt_sigaction(SIGABRT, {sa_handler=SIG_DFL, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, {sa_handler=0x7f1734663f20, sa_mask=[INT TSTP WINCH], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f17b76e21e0}, 8) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 150376 getpid() = 150251 150376 openat(AT_FDCWD, "/home/knutjb/matlab_crash_dump.150251-1", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 888 150376 writev(2, [{iov_base="malloc(): unaligned tcache chunk"..., iov_len=41}, {iov_base="\n", iov_len=1}], 2) = 42 150376 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15d65fd000 150376 munmap(0x7f15e620f000, 4096) = 0 150376 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 150376 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [INT PIPE TSTP WINCH], 8) = 0 150376 getpid() = 150251 150376 gettid() = 150376 150376 tgkill(150251, 150376, SIGABRT) = 0 150376 rt_sigprocmask(SIG_SETMASK, [INT PIPE TSTP WINCH], NULL, 8) = 0 150376 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=150251, si_uid=1000} --- 150318 <... futex resumed>) = ? 150413 <... futex resumed>) = ? 150407 <... futex resumed>) = ? 151103 <... futex resumed>) = ? 151216 <... futex resumed>) = ? 151137 <... futex resumed>) = ? 151104 <... epoll_wait resumed> <unfinished ...>) = ? 151101 <... futex resumed>) = ? 167681 <... futex resumed>) = ? 151099 <... futex resumed>) = ? 150251 <... futex resumed>) = ? 151102 <... futex resumed>) = ? 151100 <... futex resumed>) = ? 150462 <... futex resumed>) = ? 151153 <... futex resumed>) = 0 150435 <... futex resumed>) = ? 171282 <... epoll_wait resumed> <unfinished ...>) = ? 151105 <... epoll_wait resumed> <unfinished ...>) = ? 150426 <... futex resumed>) = ? 150425 <... futex resumed>) = ? 150424 <... futex resumed>) = ? 150423 <... futex resumed>) = ? 150422 <... futex resumed>) = ? 150421 <... futex resumed>) = ? 150420 <... futex resumed>) = ? 150419 <... futex resumed>) = ? 150418 <... futex resumed>) = ? 150417 <... futex resumed>) = ? 150416 <... futex resumed>) = ? 150415 <... futex resumed>) = ? 150414 <... futex resumed>) = ? 150412 <... futex resumed>) = ? 150411 <... futex resumed>) = ? 150410 <... accept resumed> <unfinished ...>) = ? 150406 <... futex resumed>) = ? 150405 <... futex resumed>) = ? 150404 <... futex resumed>) = ? 150403 <... futex resumed>) = ? 150402 <... futex resumed>) = ? 150401 <... futex resumed>) = ? 150400 <... futex resumed>) = ? 150399 <... futex resumed>) = ? 150398 <... futex resumed>) = ? 150397 <... futex resumed>) = ? 150396 <... futex resumed>) = ? 150395 <... futex resumed>) = ? 150394 <... futex resumed>) = ? 150393 <... futex resumed>) = ? 150392 <... futex resumed>) = ? 150391 <... futex resumed>) = ? 150390 <... futex resumed>) = ? 150389 <... futex resumed>) = ? 150388 <... futex resumed>) = ? 150387 <... futex resumed>) = ? 150385 <... futex resumed>) = ? 150384 <... futex resumed>) = ? 150382 <... epoll_wait resumed> <unfinished ...>) = ? 150381 <... futex resumed>) = ? 150380 <... futex resumed>) = ? 150379 <... epoll_wait resumed> <unfinished ...>) = ? 150375 <... futex resumed>) = ? 150371 <... futex resumed>) = ? 150370 <... futex resumed>) = ? 150346 <... futex resumed>) = ? 150345 <... futex resumed>) = ? 150344 <... futex resumed>) = ? 150343 <... futex resumed>) = ? 150342 <... futex resumed>) = ? 150341 <... futex resumed>) = ? 150340 <... futex resumed>) = ? 150339 <... futex resumed>) = ? 150338 <... futex resumed>) = ? 150337 <... futex resumed>) = ? 150336 <... futex resumed>) = ? 150335 <... futex resumed>) = ? 150334 <... futex resumed>) = ? 150333 <... futex resumed>) = ? 150332 <... futex resumed>) = ? 150331 <... futex resumed>) = ? 150330 <... futex resumed>) = ? 150329 <... futex resumed>) = ? 150328 <... futex resumed>) = ?
Sorry, without additional data, we are not able to debug this. In our experience, heap corruption bugs are application bugs in the vast majority of cases, and not bugs in the glibc memory allocator. glibc updates occasionally expose additional application bugs because of changes in heap layout.
It was caused by Matlab using matlab v5 to store the cache in and when it was forced to version above 7.3 it worked.