mcheck crashes simple pthreads program. Bug in glibc?
fa...@mailshack.com
on its own but if linked against mcheck it seg faults. A similar
problem can occur with efence. The problem occurs on several different
systems.
$ ./x-mcheck
memory clobbered before allocated block
Aborted
$
$ ./x-efence
Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
Segmentation fault
$
Using Valgrind the program alone is fine, mcheck is fine, but efence
falls over.
$ valgrind ./x-efence
==9817== Memcheck, a memory error detector.
==9817== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et
al.
==9817== Using LibVEX rev 1471, a library for dynamic binary
translation.
==9817== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==9817== Using valgrind-3.1.0-Debian, a dynamic binary instrumentation
framework
.
==9817== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et
al.
==9817== For more details, rerun with: -v
==9817==
Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
==9817==
==9817== Process terminating with default action of signal 11
(SIGSEGV)
==9817== Bad permissions for mapped region at address 0x417163C
==9817== at 0x402B5D7: memalign (in /usr/lib/libefence.so.0.0)
==9817== by 0x402B88A: malloc (in /usr/lib/libefence.so.0.0)
==9817== by 0x80485ED: start (x.c:19)
==9817== by 0x4033340: start_thread (in /lib/tls/i686/cmov/
libpthread-2.3.6.s
o)
==9817== by 0x41094ED: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==9817==
==9817== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 15 from
1)
==9817== malloc/free: in use at exit: 0 bytes in 0 blocks.
==9817== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==9817== For counts of detected errors, rerun with: -v
==9817== No malloc'd blocks -- no leaks are possible.
Killed
$
$ gdb x-mcheck
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db
library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) run
Starting program: /root/x-mcheck
[Thread debugging using libthread_db enabled]
[New Thread -1209440576 (LWP 9830)]
[New Thread -1209443408 (LWP 9833)]
[New Thread -1217836112 (LWP 9834)]
memory clobbered before allocated block
Program received signal SIGABRT, Aborted.
[Switching to Thread -1209443408 (LWP 9833)]
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7ebf9a1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7ec12b9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7ef387a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4 0xb7ef38b4 in __libc_fatal () from /lib/tls/i686/cmov/libc.so.6
#5 0xb7effa2f in mcheck_check_all () from /lib/tls/i686/cmov/libc.so.
6
#6 0xb7eff2a5 in mcheck_check_all () from /lib/tls/i686/cmov/libc.so.
6
#7 0xb7efa2f5 in free () from /lib/tls/i686/cmov/libc.so.6
#8 0x0804859e in start (obj=0x804a030) at x.c:22
#9 0xb7fcb341 in start_thread () from /lib/tls/i686/cmov/
libpthread.so.0
#10 0xb7f604ee in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb)
=== Environment
Ubuntu 6.06.1
ldd (GNU libc) 2.3.6
gcc (GCC) 4.0.3 (Ubuntu 4.0.3-1ubuntu5)
OR
ldd (GNU libc) 2.3.6
gcc (GCC) 4.1.1
=== Makefile
all: x x-mcheck x-efence
x: x.c Makefile
gcc -g -pthread $< -o $@
x-mcheck: x.c Makefile
gcc -g -pthread $< -o $@ -lmcheck
x-efence: x.c Makefile
gcc -g -pthread $< -o $@ -lefence
=== Program
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>
void die(int e, char *str) {
fprintf(stderr, "%s\n", str);
exit(e);
}
typedef struct {
int no;
pthread_t thread;
} *Class;
void *start(Class obj) {
int i = 0;
while (1) {
void *msg = malloc(152);
if (!msg) die(1, "Unable to create transaction message");
// printf("%d:%d\n", obj->no, i++);
free(msg);
}
return 0;
}
Class newClass(int no) {
Class obj = malloc(sizeof(*obj));
if (!obj) return 0;
obj->no = no;
if (pthread_create(&obj->thread, NULL, (void *(*)(void *))start,
obj)) {
free(obj);
return 0;
}
return obj;
}
int main(int argc, char *argv[]) {
int count = 2;
int i;
for (i = 0; i < count; ++i) {
void *p = newClass(i);
if (!p) die(1, "Creating producer");
}
sleep(60*60);
return 0;
}