|
From: Melchior F. <mf...@kd...> - 2004-03-18 16:43:15
|
vg 2.1.1 and CVS/HEAD crash when run with several applications:
$ valgrind --tool=memcheck rle test.rgb
==6989== Memcheck, a memory error detector for x86-linux.
==6989== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward.
==6989== Using valgrind-2.1.2-CVS, a program supervision framework for x86-linux.
==6989== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
==6989== For more details, rerun with: -v
==6989==
==6989== Invalid read of size 4
==6989== at 0x3C923927: _IO_vfprintf_internal (in /lib/i686/libc.so.6)
==6989== by 0x3C94061B: _IO_vsprintf_internal (in /lib/i686/libc.so.6)
==6989== by 0x3C6D9DD9: qDebug(char const*, ...) (qglobal.cpp:479)
==6989== by 0x804F1C0: (within /home/m/kde/kdelibs/kimgio/rle)
==6989== Address 0x0 is not stack'd, malloc'd or free'd
==6989==
==6989== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==6989== Access not within mapped region at address 0x0
==6989== at 0x3C923927: _IO_vfprintf_internal (in /lib/i686/libc.so.6)
==6989== by 0x3C94061B: _IO_vsprintf_internal (in /lib/i686/libc.so.6)
==6989== by 0x3C6D9DD9: qDebug(char const*, ...) (qglobal.cpp:479)
==6989== by 0x804F1C0: (within /home/m/kde/kdelibs/kimgio/rle)
==6989==
==6989== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 63 from 1)
==6989== malloc/free: in use at exit: 665084 bytes in 545 blocks.
==6989== malloc/free: 564 allocs, 19 frees, 665232 bytes allocated.
==6989== For a detailed leak analysis, rerun with: --leak-check=yes
==6989== For counts of detected errors, rerun with: -v
Segmentation fault
The "rle" program in this example runs fine without valgrind and also when
run under gdb control. Also, if I comment out the claimed offending
line (qDebug...) then I get the same crash on another, completely unrelated
line. I'm convinced that the "rle" progam is OK. I get the same crash
("Address 0x0 is not stack'd, malloc'd or free'd") when I run valgrind
on the FlightGear and other apps, so it's hardly an application bug.
I'm aware that this bug report is a bit vague. Just tell me what
further information you need.
m.
Linux 2.6.4
Intel PIV
glibc 2.3.2
gcc 3.3.1 (SuSE Linux)
XFree86 4.4rc2
KDE CVS/HEAD (>3.2)
|
|
From: Nicholas N. <nj...@ca...> - 2004-03-18 17:34:17
|
On Thu, 18 Mar 2004, Melchior FRANZ wrote:
> The "rle" program in this example runs fine without valgrind and also when
> run under gdb control. Also, if I comment out the claimed offending
> line (qDebug...) then I get the same crash on another, completely unrelated
> line. I'm convinced that the "rle" progam is OK. I get the same crash
> ("Address 0x0 is not stack'd, malloc'd or free'd") when I run valgrind
> on the FlightGear and other apps, so it's hardly an application bug.
Does it happen with --tool=none?
> I'm aware that this bug report is a bit vague. Just tell me what
> further information you need.
An example program exhibiting the fault would be ideal, if you can manage
it.
N
|
|
From: Melchior F. <mf...@kd...> - 2004-03-18 20:59:11
|
* Nicholas Nethercote -- Thursday 18 March 2004 18:34: > An example program exhibiting the fault would be ideal, if you can manage > it. Tried some more programs: ls, mail, mutt, xedit, xpinguin worked without problems, while ppe, kmail, knode, fgfs did not. There's no obvious connection between members of either group. I don't know since which valgrind version, or since which other changes the problem exists. I'll try some older Linux kernels and some older valgrind versions. :-| m. |
|
From: Melchior F. <mf...@kd...> - 2004-03-18 20:59:18
|
* Nicholas Nethercote -- Thursday 18 March 2004 18:34:
> On Thu, 18 Mar 2004, Melchior FRANZ wrote:
> > ("Address 0x0 is not stack'd, malloc'd or free'd")
>
> Does it happen with --tool=none?
Yes.
$ valgrind --tool=none rle foo.rgb
==2475== Nulgrind, a binary JIT-compiler for x86-linux.
==2475== Copyright (C) 2002-2004, and GNU GPL'd, by Nicholas Nethercote.
==2475== Using valgrind-2.1.2-CVS, a program supervision framework for x86-linux.
==2475== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
==2475== For more details, rerun with: -v
==2475==
==2475==
==2475== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==2475== Access not within mapped region at address 0x0
==2475== at 0x81BD61D3: access (in /lib/i686/libc.so.6)
==2475== by 0x816C5F33: QFile::exists(QString const&) (qfile.cpp:274)
==2475== by 0x816C453A: QDir::exists(QString const&, bool) (qdir.cpp:1080)
==2475== by 0x816D2AF7: QGPluginManager::addLibraryPath(QString const&) (qgpluginmanager.cpp:314)
==2475==
Segmentation fault
> An example program exhibiting the fault would be ideal, if you can manage
> it.
OK. I'll strip it down as much as possible and post it. (Won't be long.)
m.
|
|
From: Melchior F. <mf...@kd...> - 2004-03-18 20:59:18
|
* Nicholas Nethercote -- Thursday 18 March 2004 18:34:
> An example program exhibiting the fault would be ideal, if you can manage
> it.
It has become a bit small:
$ cat main.cpp
#include <qimage.h>
int main(void)
{
QImage img("foo.png");
return 0;
}
$ g++ -g -Wall -o rle main.cpp -lstdc++ -I$QTDIR/include -L$QTDIR/lib -lqt-mt
$ ./rle
$ valgrind --tool=none ./rle
==3057== Nulgrind, a binary JIT-compiler for x86-linux.
==3057== Copyright (C) 2002-2004, and GNU GPL'd, by Nicholas Nethercote.
==3057== Using valgrind-2.1.2-CVS, a program supervision framework for x86-linux.
==3057== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
==3057== For more details, rerun with: -v
==3057==
==3057==
==3057== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==3057== Access not within mapped region at address 0x0
==3057== at 0x819A51D3: access (in /lib/i686/libc.so.6)
==3057== by 0x816C5F33: QFile::exists(QString const&) (qfile.cpp:274)
==3057== by 0x816C453A: QDir::exists(QString const&, bool) (qdir.cpp:1080)
==3057== by 0x816D2AF7: QGPluginManager::addLibraryPath(QString const&) (qgpluginmanager.cpp:314)
==3057==
Segmentation fault
Note that ./rle alone doesn't exhibit any problems, nor does running it
under gdb or strace. Only valgrind is picky, and not only with this program.
Also with FlightGear, which is not a Qt program.
Maybe it's the kernel? (2.6.4)
m.
|
|
From: Nicholas N. <nj...@ca...> - 2004-03-19 09:24:02
|
On Thu, 18 Mar 2004, Melchior FRANZ wrote:
> > An example program exhibiting the fault would be ideal, if you can manage
> > it.
>
> It has become a bit small:
>
>
> $ cat main.cpp
> #include <qimage.h>
>
> int main(void)
> {
> QImage img("foo.png");
> return 0;
> }
>
> $ g++ -g -Wall -o rle main.cpp -lstdc++ -I$QTDIR/include -L$QTDIR/lib -lqt-mt
> $ ./rle
> $ valgrind --tool=none ./rle
> ==3057== Nulgrind, a binary JIT-compiler for x86-linux.
> ==3057== Copyright (C) 2002-2004, and GNU GPL'd, by Nicholas Nethercote.
> ==3057== Using valgrind-2.1.2-CVS, a program supervision framework for x86-linux.
> ==3057== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
> ==3057== For more details, rerun with: -v
> ==3057==
> ==3057==
> ==3057== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==3057== Access not within mapped region at address 0x0
> ==3057== at 0x819A51D3: access (in /lib/i686/libc.so.6)
> ==3057== by 0x816C5F33: QFile::exists(QString const&) (qfile.cpp:274)
> ==3057== by 0x816C453A: QDir::exists(QString const&, bool) (qdir.cpp:1080)
> ==3057== by 0x816D2AF7: QGPluginManager::addLibraryPath(QString const&) (qgpluginmanager.cpp:314)
> ==3057==
> Segmentation fault
Hmm, it runs fine for me on a 2.4.20-30.9 kernel.
N
|
|
From: Melchior F. <mf...@kd...> - 2004-03-19 17:14:46
|
* Nicholas Nethercote -- Friday 19 March 2004 10:23:
> Hmm, it runs fine for me on a 2.4.20-30.9 kernel.
Tried 2.4.22 and got the same segfault. glibc could be a cause then.
It looks as if valgrind makes the 0x0 up. Don't know if the following
is of any use:
18: JMPo $0x819A51BA ($2) [------]
74: 9C 8F 45 20
pushfl ; popl 32(%ebp)
78: B8 BA 51 9A 81
movl $0x819A51BA, %eax
83: 89 45 24
movl %eax, 0x24(%ebp)
86: 0F 0B 0F 0B 90
ud2; ud2; nop /* call VG_(patchme) */
--7537-- signal 11 arrived ... si_code=1
--7537-- SIGSEGV: si_code=1 faultaddr=0x0 tid=1 esp=0xABFFD9BC seg=NULL shad=0xAC100000-0xAC100000
--7537-- delivering signal 11 (SIGSEGV) to thread 1
--7537-- delivering 11 to default handler terminate+core
==7537==
==7537== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==7537== Access not within mapped region at address 0x0
==7537== at 0x819A51D3: access (in /lib/i686/libc.so.6)
==7537== by 0x816C5F33: QFile::exists(QString const&) (qfile.cpp:274)
==7537== by 0x816C453A: QDir::exists(QString const&, bool) (qdir.cpp:1080)
==7537== by 0x816D2AF7: QGPluginManager::addLibraryPath(QString const&) (qgpluginmanager.cpp:314)
==7537==
Segmentation fault
|