Bug 91905 - get_or_allocate_specifics_ptr problems with multithreading
Summary: get_or_allocate_specifics_ptr problems with multithreading
Status: RESOLVED NOT A BUG
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR crash
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-22 16:09 UTC by Alejandro García Castro
Modified: 2004-10-24 12:46 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments
test program used (3.45 KB, application/x-gzip)
2004-10-22 16:19 UTC, Alejandro García Castro
Details
Output from valgrind 2.2.0 with your test case (9.02 KB, text/plain)
2004-10-22 16:31 UTC, Tom Hughes
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alejandro García Castro 2004-10-22 16:09:21 UTC
Version:           2.2.0-2 (using KDE KDE 3.3.1)
Installed from:    Debian testing/unstable Packages
Compiler:          gcc-3.3 
OS:                Linux

I've been testing a CORBA program with valgrind, the program works well
without valgrind but when I run the program using it I get a crash with the
log I've attached. An important point is that I've done the same test without 
threading support of the CORBA POA and everything seems to work well, 
valgrind doesn't find any problem in that case.

I'm using debian sarge package:

Maintainer: Andrés Roldán <aroldan@debian.org> 
Architecture: i386 
Version: 1:2.2.0-2

If it's useful I could upload the example that I've used to carry out the test.

valgrind --db-attach=yes --alignment=8 --num-c
==24706== Memcheck, a memory error detector for x86-linux.
==24706== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==24706== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==24706== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==24706== For more details, rerun with: -v
==24706==
==24706== warning: Valgrind's pthread_getschedparam is incomplete
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_attr_getschedparam is incomplete
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_attr_setschedparam does nothing
==24706==          (scheduling not changeable)
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_attr_destroy does nothing
==24706==          your program may misbehave as a result
IOR:010000000d00000049444c3a4563686f3a312e3000000000040000000054424f580000000101+020005000000554e4958000000000e00000061737572616e636574757269780000002a0000002f7+46d702f6f726269742d616c65782f6c696e632d363038322d302d34316238663464393836393763+00000000000000000000003c000000010102000e00000061737572616e6365747572697800ec871+c0000000100000075581804235bd49a2861b7db3c1ccd2401000000f19848e800000000caaedfba+54000000010102002a0000002f746d702f6f726269742d616c65782f6c696e632d363038322d302+d343162386634643938363937630000001c0000000100000075581804235bd49a2861b7db3c1ccd+2401000000f19848e801000000480000000100000002000000050000001c0000000100000075581+804235bd49a2861b7db3c1ccd2401000000f19848e8010000001400000001000000010001050000+00000901010000000000
==24706== warning: Valgrind's pthread_attr_getschedparam is incomplete
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_attr_setschedparam does nothing
==24706==          (scheduling not changeable)
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_attr_destroy does nothing
==24706==          your program may misbehave as a result
==24706== warning: Valgrind's pthread_cond_destroy is incomplete
==24706==          (it doesn't check if the cond is waited on)
==24706==          your program may misbehave as a result
==24706== Thread 3:
==24706== Invalid read of size 1
==24706==    at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BBED61F: ???
==24706==  Address 0xBED5590C is not stack'd, malloc'd or (recently) free'd
==24706==
==24706== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
starting debugger
==24706== starting debugger with cmd: /usr/bin/gdb -nw /proc/24714/fd/821
24714
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...Warning:
/usr/local/src/jhbuild_installation: No existe el fichero o el directorio.
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Attaching to program: /proc/24714/fd/821, process 24714
0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6
(gdb) bt
#0  0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6
#1  0x1ba96263 in vasprintf () from /lib/tls/libc.so.6
#2  0x00000000 in ?? ()
#3  0x00000000 in ?? ()
#4  0x00000000 in ?? ()
#5  0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at
vg_libpthread.c:1708
Previous frame inner to this frame (corrupt stack?)
(gdb) q
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /proc/24714/fd/821, process 24714
==24706==
==24706== Debugger has detached.  Valgrind regains control.  We continue.
==24706==
==24706== Process terminating with default action of signal 11 (SIGSEGV)
==24706==  Access not within mapped region at address 0xBED5590C
==24706==    at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BBED61F: ???
#3  0x00000000 in ?? ()
#4  0x00000000 in ?? ()
#5  0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at
vg_libpthread.c:1708
Previous frame inner to this frame (corrupt stack?)
(gdb) q
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /proc/24714/fd/821, process 24714
==24706==
==24706== Debugger has detached.  Valgrind regains control.  We continue.
==24706==
==24706== Process terminating with default action of signal 11 (SIGSEGV)
==24706==  Access not within mapped region at address 0xBED5590C
==24706==    at 0x1BA746B9: _IO_vfprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BA96262: vasprintf (in /lib/tls/libc-2.3.2.so)
==24706==    by 0x1BBED61F: ???
==24706==
==24706== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==24706== starting debugger with cmd: /usr/bin/gdb -nw /proc/24718/fd/821
24718
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...Warning:
/usr/local/src/jhbuild_installation: No existe el fichero o el directorio.
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Attaching to program: /proc/24718/fd/821, process 24718
0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6
(gdb) bt
#0  0x1ba746b9 in vfprintf () from /lib/tls/libc.so.6
#1  0x1ba96263 in vasprintf () from /lib/tls/libc.so.6
#2  0x00000000 in ?? ()
#3  0x00000000 in ?? ()
#4  0x00000000 in ?? ()
#5  0x1ba003e0 in get_or_allocate_specifics_ptr (thread=3201653004) at
vg_libpthread.c:1708
Previous frame inner to this frame (corrupt stack?)
(gdb) q
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from program: /proc/24718/fd/821, process 24718
==24706==
==24706== Debugger has detached.  Valgrind regains control.  We continue.
==24706==
==24706== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 1)
==24706== malloc/free: in use at exit: 41083 bytes in 506 blocks.
==24706== malloc/free: 776 allocs, 270 frees, 225547 bytes allocated.
==24706== For a detailed leak analysis,  rerun with: --leak-check=yes
==24706== For counts of detected errors, rerun with: -v
Segmentation fault
Comment 1 Alejandro García Castro 2004-10-22 16:19:59 UTC
Created attachment 7997 [details]
test program used

This is the test program, in order to compile you should run:

./compile

It depends on the glib and ORBit-2 libraries, ORBit-2 should be compiled with
purify option.

In order to execute the test server you should execute:

valgrind --db-attach=yes --alignment=8 --num-callers=20 ./echo-server
...
IOR:010000000d00000049444c ...
...

In order to execute the test client you should execute (copy the IOR from the
server log):
./echo-client IOR:010000000d00000049444c ...

If you want to test in a non-threaded environment just comment the next two
lines on the echo-srv.c file:

ORBit_ObjectAdaptor_set_thread_hint ((ORBit_ObjectAdaptor) child_poa,
				      ORBIT_THREAD_HINT_PER_REQUEST);
Comment 2 Tom Hughes 2004-10-22 16:23:19 UTC
It looks like you have an invalid memory access in a C library routine, probably triggered by your program passing something invalid to one of the *printf family of routines.

I don't see anything to suggest that valgrind is to blame - the stack trace looks corrupt beyond vasprintf so I don't trust the reference to vg_libpthread.c at all and most of the pthread warnings don't look too bad - the cond_destroy one is the most likely to cause problems I would think.
Comment 3 Tom Hughes 2004-10-22 16:31:02 UTC
Created attachment 7998 [details]
Output from valgrind 2.2.0 with your test case

This is the output from valgrind 2.2.0 when I tried your test case. It clearly
shows a number of problems with your program ending with the one that you
reported which causes it to fail only on my system it has managed to produce a
proper stack trace showing where the problem is.

The assertion is a minor bug in valgrind but is only happening because your
program is accessing a wildly bogus pointer that happens to point at an
unallocated part of valgrind's shadow memory area.
Comment 4 Tom Hughes 2004-10-24 12:46:10 UTC
Closing as this doesn't seem to be a bug in valgrind.