I am trying to find the cause for:
*** glibc detected *** ...: invalid fastbin entry (free): 0x00007fc384ced120 ***
The program dumped core, so I was able to trace this back to a destructor of a very simple class similar to this:
class foo : public foo_base
{
    ...
    ...
    std::vector<boost::weak_ptr<bar> > vec;
}
The destructor is virtual in foo_base and not implemented in foo
The vector vec is only assigned to in the constructor and not modified thereafter.
The address mentioned by the glibc error is identical to vec._M_impl._M_start
Where could I start searching for the cause?
Knowing what a fastbin is, how can it be invalid?
Could this be a double free situation, or would glibc definitely raise a double free in this case?
This may be due to a bug in glibc. 
The RedHat Advisories provide additional details:
https://rhn.redhat.com/errata/RHBA-2014-0480.html
To identify if you are affected by this bug:
rpm -qa | grep glibc
If your version of glibc is 2.12 and doesn't have a .149 or later suffix, then your server may be affected by this issue.
To "answer" my own question:
I was able to rule out a double free situation, because it turned out that all foo instances were always (correctly) kept in smart pointers.
A memory corruption bug has recently been found. It is impossible to confirm this to have been the cause for the original problem, but it seems reasonable.
The problem was never reproduced.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With