Bug#222130: libc6 : valgrind detects bad pointer in dl-close.c at program exit
Package: libc6
Version: 2.3.2.ds1-10
The program heavily uses dlopen/dlclose but for the test I disabled all
dlcloses (so all libraries remail loaded
Valgrind command rule :
valgrind --gdb-attach=yes --num-callers=20 AP_App -d AP.DataDist.APDDPull
--root /tmp --user SomeTestUser --feedback -h MSPDD
Where anything from AP_App is my program
ldd shows :
libActivator_TS.so => /home/u19809/projects/AP/APEE_RT/IpaqEmu/lib/
libActivator_TS.so (0x40018000)
libpthread.so.0 => /usr/lib/debug/libpthread.so.0 (0x40027000)
libc.so.6 => /usr/lib/debug/libc.so.6 (0x40079000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
(Notice the libc6-dbg version. But the libc6 behaves the same.
At startup Valgrind reports :==6195== Conditional jump or move depends on
uninitialised value(s)
==6195== at 0x400093CA: _dl_relocate_object (in /lib/ld-2.3.2.so)
==6195== by 0x40387E25: dl_open_worker (dl-open.c:297)
==6195== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==6195== by 0x403880A8: __GI__dl_open (dl-open.c:505)
==6195== by 0x40251827: dlopen_doit (in /mnt/buro/fs.permanent/home/u19809/
projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6195== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==6195== by 0x40251BA0: _dlerror_run (in /mnt/buro/fs.permanent/home/
u19809/projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6195== by 0x40251864: __dlopen_check (in /mnt/buro/fs.permanent/home/
u19809/projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6195== by 0x402515C0: AC_DLLLoad (ActivatorOSloading_A.c:13)
==6195== by 0x4024D885: AC_IFindRootManager_L (ActivatorLoader_A.c:293)
==6195== by 0x4024CC51: AC_FindManager (ActivatorLoader_A.c:46)
==6195== by 0x4024CDA8: AC_FindBehaviorByCID (ActivatorLoader_A.c:97)
==6195== by 0x8049231: main (main.c:160)
==6195== by 0x40296DA5: __libc_start_main (libc-start.c:242)
==6195== by 0x8048A90: ??? (start.S:102)
==6195==
5 more times at different address in relocate_object but for the same library
that is to be loaded (Notice AC_DLLLoad is at a different location)
at 0x40009FDC: _dl_relocate_object (in /lib/ld-2.3.2.so)
at 0x4000A030: _dl_relocate_object (in /lib/ld-2.3.2.so)
at 0x40009520: _dl_relocate_object (in /lib/ld-2.3.2.so)
at 0x40009575: _dl_relocate_object (in /lib/ld-2.3.2.so)
Also notice the call to dlopen_doit in my library but that call does not exist
(why would ld.so call my library ???)
and then for another loaded library (notice the call LoadRepositorymanager()
==6490==
==6490== Conditional jump or move depends on uninitialised value(s)
==6490== at 0x400093D8: _dl_relocate_object (in /lib/ld-2.3.2.so)
==6490== by 0x40387E25: dl_open_worker (dl-open.c:297)
==6490== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==6490== by 0x403880A8: __GI__dl_open (dl-open.c:505)
==6490== by 0x40251827: dlopen_doit (in /mnt/buro/fs.permanent/home/u19809/
projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6490== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==6490== by 0x40251BA0: _dlerror_run (in /mnt/buro/fs.permanent/home/
u19809/projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6490== by 0x40251864: __dlopen_check (in /mnt/buro/fs.permanent/home/
u19809/projects/AP/APEE_RT/IpaqEmu/lib/libActivator_TS.so.1.0.0)
==6490== by 0x402515C0: AC_DLLLoad (ActivatorOSloading_A.c:13)
==6490== by 0x4128840F: LoadRepositoryManager (testmanager.c:1708)
==6490== by 0x412892D6: __AC_AP_Base_SimpleManager_BootFt
(testmanager.c:2037)
==6490== by 0x4024DA13: AC_IFindRootManager_L (ActivatorLoader_A.c:334)
==6490== by 0x4024CC51: AC_FindManager (ActivatorLoader_A.c:46)
==6490== by 0x4024CDA8: AC_FindBehaviorByCID (ActivatorLoader_A.c:97)
==6490== by 0x8049231: main (main.c:160)
==6490== by 0x40296DA5: __libc_start_main (libc-start.c:242)
==6490== by 0x8048A90: ??? (start.S:102)
==6490==
==6490== ---- Attach to GDB ? --- [Return/N/n/Y/y/C/c] ----
At program exit (notice the call to __GI_exit (called with exit(222) in C)
==6195==
==6195== Invalid read of size 1
==6195== at 0x40388546: __GI__dl_close (dl-close.c:122)
==6195== by 0x403893CA: do_dlclose (dl-libc.c:96)
==6195== by 0x4000BF15: _dl_catch_error (in /lib/ld-2.3.2.so)
==6195== by 0x4038930D: dlerror_run (dl-libc.c:42)
==6195== by 0x4038C96C: free_mem (nsswitch.c:763)
==6195== by 0x4038C7F4: __GI___libc_freeres (set-freeres.c:49)
==6195== by 0x4018DB97: vgPlain___libc_freeres_wrapper (vg_intercept.c:872)
==6195== by 0x402AC927: __GI_exit (exit.c:82)
==6195== by 0x4024B7BE: AC_ExcPop (ActivatorErrorHandling_A.c:393)
==6195== by 0x804930E: main (main.c:164)
==6195== by 0x40296DA5: __libc_start_main (libc-start.c:242)
==6195== by 0x8048A90: ??? (start.S:102)
==6195== Address 0x1E7 is not stack'd, malloc'd or free'd
==6195==
==6195== ---- Attach to GDB ? --- [Return/N/n/Y/y/C/c] ----
and from gdb :
#0 vg_do_syscall3 (syscallno=4294966784, arg1=6326, arg2=0, arg3=0)
at vg_mylibc.c:92
#1 0x40194805 in vgPlain_system (
cmd=0xbffff17c "/usr/bin/gdb -nw /proc/6195/exe 6195") at vg_mylibc.c:1277
#2 0x401903af in vgPlain_start_GDB_whilst_on_client_stack () at
vg_main.c:1816
#3 0x40197af4 in vgPlain_swizzle_esp_then_start_GDB ()
from /usr/lib/valgrind/valgrind.so
#4 0x40388546 in *__GI__dl_close (_map=0xfffffe00) at dl-close.c:104
#5 0x40388546 in *__GI__dl_close (_map=0xfffffe00) at dl-close.c:104
#6 0x403893cb in do_dlclose (ptr=0xfffffe00) at dl-libc.c:96
#7 0x4000bf16 in _dl_catch_error () from /lib/ld-linux.so.2
#8 0x4038930e in dlerror_run (operate=0, args=0x0) at dl-libc.c:42
#9 0x4038c96d in free_mem () at nsswitch.c:763
#10 0x4038c7f5 in *__GI___libc_freeres () at set-freeres.c:49
#11 0x4018db98 in vgPlain___libc_freeres_wrapper () at vg_intercept.c:872
#12 0x402ac928 in *__GI_exit (status=222) at exit.c:82
#13 0x4024b7bf in AC_ExcPop ()
at IntelLinuxGnu.arch/foremuipaq/ActivatorErrorHandling_A.c:393
#14 0x0804930f in main (argc=8, argv=0xbffff544) at main.c:164
(gdb)
Next the program core dumps.
Reply to: