Bug 167483 - __libc_freeres error valgrind with shared libraries with multiple --rpath
Summary: __libc_freeres error valgrind with shared libraries with multiple --rpath
Status: RESOLVED INTENTIONAL
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (show other bugs)
Version: 3.3.1
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-26 17:38 UTC by Török Edwin
Modified: 2009-06-26 03:54 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
script to reproduce issue (471 bytes, text/plain)
2008-07-26 17:39 UTC, Török Edwin
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Török Edwin 2008-07-26 17:38:59 UTC
I get this valgring warning, even on a simple main/exit(0) program that is
linked with multiple shared libraries using libtool.

==17019== Invalid free() / delete / delete[]
==17019==    at 0x4A06B6E: free (vg_replace_malloc.c:323)
==17019==    by 0x4F1198A: free_mem (dl-libc.c:235)
==17019==    by 0x4F11541: __libc_freeres (set-freeres.c:47)
==17019==    by 0x480331C: _vgnU_freeres (vg_preloaded.c:60)
==17019==    by 0x4E40A24: exit (exit.c:90)
==17019==    by 0x4E2A1AC: (below main) (libc-start.c:254)
==17019==  Address 0x5160000 is not stack'd, malloc'd or (recently) free'd

According to valgrind manual this is a bug present in old glibcs.
However I am using glibc 2.7, and this warnings started showing up
only since december 2007.
I opened a debian bugreport at the time, but got no reply:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456303

I tried valgrind 3.3.0-1, 3.2.3-3, and 3.3.1. They show same
behaviour with latest libc.

Originally observed as: build clamav, run clamscan under valgrind,
watch valgrind output at the end.

uname -a:
Linux lightspeed2 2.6.25-2-amd64 #1 SMP Thu Jun 12 15:38:32 UTC 2008 x86_64
GNU/Linux

Steps to reproduce:
Run the attached script.

Output:
==17019== Memcheck, a memory error detector.
==17019== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==17019== Using LibVEX rev 1854, a library for dynamic binary translation.
==17019== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==17019== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==17019== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==17019==
--17019-- Command line
--17019--    ./a.out
--17019-- Startup, with flags:
--17019--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--17019--    -v
--17019-- Contents of /proc/version:
--17019--   Linux version 2.6.25-2-amd64 (Debian 2.6.25-5) (waldi@debian.org)
(gcc version 4.1.3 20080420 (prerelease) (Debian 4.1.2-22)) #1 SMP Thu Jun 12
15:38:32 UTC 2008
--17019-- Arch and hwcaps: AMD64, amd64-sse2
--17019-- Page sizes: currently 4096, max supported 4096
--17019-- Valgrind library directory: /usr/lib/valgrind
--17019-- Reading syms from /home/edwin/steps/a.out (0x400000)
--17019-- Reading syms from /usr/lib/valgrind/amd64-linux/memcheck (0x38000000)
--17019--    object doesn't have a dynamic symbol table
--17019-- Reading syms from /lib/ld-2.7.so (0x3CBA600000)
--17019-- Reading debug info from /lib/ld-2.7.so...
--17019-- ... CRC mismatch (computed d87157a2 wanted 4d6b5fd5)
--17019-- Reading debug info from /usr/lib/debug/lib/ld-2.7.so...
--17019-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--17019-- Reading suppressions file: /usr/lib/valgrind/default.supp
--17019-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_core.so
(0x4803000)
--17019-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so
(0x4A04000)
--17019-- REDIR: 0x3cba614f40 (index) redirected to 0x4a07e40 (index)
--17019-- REDIR: 0x3cba6150f0 (strcmp) redirected to 0x4a080a0 (strcmp)
--17019-- REDIR: 0x3cba615200 (strlen) redirected to 0x4a07fd0 (strlen)
--17019-- Reading syms from /home/edwin/steps/.libs/libclamav.so.3.0.3 (0x4C0B000)
--17019-- Reading syms from /usr/lib/debug/libc-2.7.so (0x4E0C000)
--17019-- Reading syms from /usr/lib/debug/libnsl-2.7.so (0x5161000)
--17019-- REDIR: 0x4e87490 (rindex) redirected to 0x4a07cf0 (rindex)
--17019-- REDIR: 0x4e81a10 (free) redirected to 0x4a06b00 (free)
==17019== Invalid free() / delete / delete[]
==17019==    at 0x4A06B6E: free (vg_replace_malloc.c:323)
==17019==    by 0x4F1198A: free_mem (dl-libc.c:235)
==17019==    by 0x4F11541: __libc_freeres (set-freeres.c:47)
==17019==    by 0x480331C: _vgnU_freeres (vg_preloaded.c:60)
==17019==    by 0x4E40A24: exit (exit.c:90)
==17019==    by 0x4E2A1AC: (below main) (libc-start.c:254)
==17019==  Address 0x5160000 is not stack'd, malloc'd or (recently) free'd
==17019==
==17019== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==17019==
==17019== 1 errors in context 1 of 1:
==17019== Invalid free() / delete / delete[]
==17019==    at 0x4A06B6E: free (vg_replace_malloc.c:323)
==17019==    by 0x4F1198A: free_mem (dl-libc.c:235)
==17019==    by 0x4F11541: __libc_freeres (set-freeres.c:47)
==17019==    by 0x480331C: _vgnU_freeres (vg_preloaded.c:60)
==17019==    by 0x4E40A24: exit (exit.c:90)
==17019==    by 0x4E2A1AC: (below main) (libc-start.c:254)
==17019==  Address 0x5160000 is not stack'd, malloc'd or (recently) free'd
--17019--
--17019-- supp:      8 dl-hack3-cond-1
==17019==
==17019== IN SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==17019==
==17019== malloc/free: in use at exit: 0 bytes in 0 blocks.
==17019== malloc/free: 0 allocs, 1 frees, 0 bytes allocated.
==17019==
==17019== All heap blocks were freed -- no leaks are possible.
--17019--  memcheck: sanity checks: 0 cheap, 1 expensive
--17019--  memcheck: auxmaps: 3 auxmap entries (192k, 0M) in use
--17019--  memcheck: auxmaps_L1: 282 searches, 1123 cmps, ratio 39:10
--17019--  memcheck: auxmaps_L2: 3 searches, 3 nodes
--17019--  memcheck: SMs: n_issued      = 15 (240k, 0M)
--17019--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
--17019--  memcheck: SMs: max_noaccess  = 524287 (8388592k, 8191M)
--17019--  memcheck: SMs: max_undefined = 0 (0k, 0M)
--17019--  memcheck: SMs: max_defined   = 178 (2848k, 2M)
--17019--  memcheck: SMs: max_non_DSM   = 15 (240k, 0M)
--17019--  memcheck: max sec V bit nodes:    0 (0k, 0M)
--17019--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--17019--  memcheck: max shadow mem size:   4384k, 4M
--17019-- translate:            fast SP updates identified: 1,214 ( 87.5%)
--17019-- translate:   generic_known SP updates identified: 104 (  7.5%)
--17019-- translate: generic_unknown SP updates identified: 68 (  4.9%)
--17019--     tt/tc: 3,440 tt lookups requiring 3,484 probes
--17019--     tt/tc: 3,440 fast-cache updates, 5 flushes
--17019--  transtab: new        1,576 (36,303 -> 598,777; ratio 164:10) [0 scs]
--17019--  transtab: dumped     0 (0 -> ??)
--17019--  transtab: discarded  16 (340 -> ??)
--17019-- scheduler: 29,117 jumps (bb entries).
--17019-- scheduler: 0/1,939 major/minor sched events.
--17019--    sanity: 1 cheap, 1 expensive checks.
--17019--    exectx: 769 lists, 9 contexts (avg 0 per list)
--17019--    exectx: 9 searches, 0 full compares (0 per 1000)
--17019--    exectx: 0 cmp2, 28 cmp4, 0 cmpAll
--17019--  errormgr: 9 supplist searches, 183 comparisons during search
--17019--  errormgr: 9 errlist searches, 36 comparisons during searc
Comment 1 Török Edwin 2008-07-26 17:39:46 UTC
Created attachment 26423 [details]
script to reproduce issue

Run this script in an empty directory, you will see the __free_res error.
Comment 2 Nicholas Nethercote 2009-06-26 03:54:58 UTC
I'm going to close this as WONTFIX for several reasons:
- It's really a glibc problem
- You can workaround with --run-libc-freeres=no, or with a suppression
- It's not a widespread problem.