Memory error in GLX programs when linked with gcc -lmcheck

golightly.ben · July 3, 2018, 8:12pm

Simple programs linked with “gcc -lmcheck” seem to detect a memory error in GLX such as:

*** Error in `./a.out’: munmap_chunk(): invalid pointer: 0x0000000000f57cd0 ***

At the end of this message I have provided a minimal example, glxbug.c, with compilation instructions.

Although the error itself may be harmless in practice, it means I cannot use “-lmcheck” to guard the rest of my code as it aborts on that error.

Useful info:

This error does not appear using Valgrind - so it may be timing related
It could be a false positive (bug) in "gcc -lmcheck" (in which case, they would appreciate your findings)
Both 32bit (compile with -m32) and 64bit versions catch the same error
Versions without -lmcheck work, and valgrind doesn't detect any error
I ran the installer with my GTX 460, and recently upgraded to a GTX 1080 without running the installer again
I used Nvidia installer version: NVIDIA-Linux-x86_64-384.98

Example program follows:

// glxbug.c

// USAGE:
// gcc -lmcheck -lX11 -lGLX glxbug.c
// ./a.out

// EXAMPLE OUTPUT:
// *** Error in `./a.out': munmap_chunk(): invalid pointer: 0x0000000000f57cd0 ***
// Aborted

// INFO:
// $ gcc --version
// gcc (Debian 4.9.2-10+deb8u1) 4.9.2

#include <assert.h>
#include <X11/Xlib.h>

// I am using glx.h version 1.4 (Debian package mesa-common-dev 10.3.2-1+deb8u1)
#include <GL/glx.h>

#include <assert.h>
#include <X11/Xlib.h>
#include <GL/glx.h>

int main(void)
{
    Display *xdisplay = XOpenDisplay(NULL);
    if (!xdisplay) { return -1; }

    // any glX function will do
    const char *glx_extensions =
        glXQueryExtensionsString(xdisplay, XDefaultScreen(xdisplay));
}

System details:

Debian GNU/Linux 8.10 (jessie)
gcc (Debian 4.9.2-10+deb8u1) 4.9.2
NVIDIA-Linux-x86_64-384.98

nidia-bug-report.log.gz available on request (let me know an e-mail)

hussam · July 4, 2018, 3:07pm

Thread 1 (Thread 0x7ffff7fcb740 (LWP 13531)):
#0  0x00007ffff752089b in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x00007ffff7521c21 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x00007ffff75632a7 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x00007ffff75698aa in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x00007ffff7569e0c in munmap_chunk () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x00007ffff756ff49 in freehook () from /usr/lib/libc.so.6
No symbol table info available.
#6  0x00007ffff612e698 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#7  0x00007ffff60d14c0 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#8  0x00007ffff7de4e2a in call_init.part () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#9  0x00007ffff7de4f76 in _dl_init () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#10 0x00007ffff7de8f93 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#11 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#12 0x00007ffff7de885b in _dl_open () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#13 0x00007ffff70c0e86 in dlopen_doit () from /usr/lib/libdl.so.2
No symbol table info available.
#14 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#15 0x00007ffff7611c9f in _dl_catch_error () from /usr/lib/libc.so.6
No symbol table info available.
#16 0x00007ffff70c1597 in _dlerror_run () from /usr/lib/libdl.so.2
No symbol table info available.
#17 0x00007ffff70c0f51 in dlopen@@GLIBC_2.2.5 () from /usr/lib/libdl.so.2
No symbol table info available.
#18 0x00007ffff7872409 in __glXLookupVendorByName (
    vendorName=0x555555759da0 "nvidia") at libglxmapping.c:430
        vendor = 0x5555557660b0
        i = <optimized out>
        count = <optimized out>
        success = <optimized out>
        glxMainProc = <optimized out>
        filename = <optimized out>
---Type <return> to continue, or q <return> to quit---
        pEntry = 0x5555557660b0
        locked = 1
        vendorNameLen = 6
#19 0x00007ffff78737a8 in __glXLookupVendorByScreen (
    dpy=dpy@entry=0x555555757590, screen=screen@entry=0) at libglxmapping.c:574
        name = <optimized out>
        saveptr = 0x555555759da6 ""
        queriedVendorNames = 0x555555759da0 "nvidia"
        envName = "__GLX_FORCE_VENDOR_LIBRARY_0

Thread 1 (Thread 0x7ffff7fcb740 (LWP 13531)):
#0 0x00007ffff752089b in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x00007ffff7521c21 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x00007ffff75632a7 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x00007ffff75698aa in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4 0x00007ffff7569e0c in munmap_chunk () from /usr/lib/libc.so.6
No symbol table info available.
#5 0x00007ffff756ff49 in freehook () from /usr/lib/libc.so.6
No symbol table info available.
#6 0x00007ffff612e698 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#7 0x00007ffff60d14c0 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#8 0x00007ffff7de4e2a in call_init.part () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#9 0x00007ffff7de4f76 in _dl_init () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#10 0x00007ffff7de8f93 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
—Type to continue, or q to quit—
No symbol table info available.
#11 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#12 0x00007ffff7de885b in _dl_open () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#13 0x00007ffff70c0e86 in dlopen_doit () from /usr/lib/libdl.so.2
No symbol table info available.
#14 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#15 0x00007ffff7611c9f in _dl_catch_error () from /usr/lib/libc.so.6
No symbol table info available.
#16 0x00007ffff70c1597 in _dlerror_run () from /usr/lib/libdl.so.2
No symbol table info available.
#17 0x00007ffff70c0f51 in dlopen@@GLIBC_2.2.5 () from /usr/lib/libdl.so.2
No symbol table info available.
#18 0x00007ffff7872409 in __glXLookupVendorByName (
vendorName=0x555555759da0 “nvidia”) at libglxmapping.c:430
vendor = 0x5555557660b0
i =
count =
success =
glxMainProc =
filename =
—Type to continue, or q to quit—
pEntry = 0x5555557660b0
locked = 1
vendorNameLen = 6
#19 0x00007ffff78737a8 in __glXLookupVendorByScreen (
dpy=dpy@entry=0x555555757590, screen=screen@entry=0) at libglxmapping.c:574
name =
saveptr = 0x555555759da6 “”
queriedVendorNames = 0x555555759da0 “nvidia”
envName = “__GLX_FORCE_VENDOR_LIBRARY_0\000\177\000\000\210J\206\367\377\177\000”
specifiedVendorName =
vendor = 0x0
dpyInfo = 0x555555765650
#20 0x00007ffff7873821 in __glXGetDynDispatch (dpy=dpy@entry=0x555555757590,
screen=screen@entry=0) at libglxmapping.c:608
vendor =
#21 0x00007ffff786cea1 in glXQueryExtensionsString (dpy=0x555555757590,
screen=0) at libglx.c:1477
vendor =
#22 0x00005555555548e8 in main () at glxbug.c:31
xdisplay = 0x555555757590
glx_extensions = 0x0

0010J06677777

Thread 1 (Thread 0x7ffff7fcb740 (LWP 13531)):
#0 0x00007ffff752089b in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x00007ffff7521c21 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x00007ffff75632a7 in __libc_message () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x00007ffff75698aa in malloc_printerr () from /usr/lib/libc.so.6
No symbol table info available.
#4 0x00007ffff7569e0c in munmap_chunk () from /usr/lib/libc.so.6
No symbol table info available.
#5 0x00007ffff756ff49 in freehook () from /usr/lib/libc.so.6
No symbol table info available.
#6 0x00007ffff612e698 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#7 0x00007ffff60d14c0 in ?? () from /usr/lib/libGLX_nvidia.so.0
No symbol table info available.
#8 0x00007ffff7de4e2a in call_init.part () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#9 0x00007ffff7de4f76 in _dl_init () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#10 0x00007ffff7de8f93 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
—Type to continue, or q to quit—
No symbol table info available.
#11 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#12 0x00007ffff7de885b in _dl_open () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#13 0x00007ffff70c0e86 in dlopen_doit () from /usr/lib/libdl.so.2
No symbol table info available.
#14 0x00007ffff7611c0f in _dl_catch_exception () from /usr/lib/libc.so.6
No symbol table info available.
#15 0x00007ffff7611c9f in _dl_catch_error () from /usr/lib/libc.so.6
No symbol table info available.
#16 0x00007ffff70c1597 in _dlerror_run () from /usr/lib/libdl.so.2
No symbol table info available.
#17 0x00007ffff70c0f51 in dlopen@@GLIBC_2.2.5 () from /usr/lib/libdl.so.2
No symbol table info available.
#18 0x00007ffff7872409 in __glXLookupVendorByName (
vendorName=0x555555759da0 “nvidia”) at libglxmapping.c:430
vendor = 0x5555557660b0
i =
count =
success =
glxMainProc =
filename =
—Type to continue, or q to quit—
pEntry = 0x5555557660b0
locked = 1
vendorNameLen = 6
#19 0x00007ffff78737a8 in __glXLookupVendorByScreen (
dpy=dpy@entry=0x555555757590, screen=screen@entry=0) at libglxmapping.c:574
name =
saveptr = 0x555555759da6 “”
queriedVendorNames = 0x555555759da0 “nvidia”
envName = “__GLX_FORCE_VENDOR_LIBRARY_0\000\177\000\000\210J\206\367\377\177\000”
specifiedVendorName =
vendor = 0x0
dpyInfo = 0x555555765650
#20 0x00007ffff7873821 in __glXGetDynDispatch (dpy=dpy@entry=0x555555757590,
screen=screen@entry=0) at libglxmapping.c:608
vendor =
#21 0x00007ffff786cea1 in glXQueryExtensionsString (dpy=0x555555757590,
screen=0) at libglx.c:1477
vendor =
#22 0x00005555555548e8 in main () at glxbug.c:31
xdisplay = 0x555555757590
glx_extensions = 0x0

00"
        specifiedVendorName = <optimized out>
        vendor = 0x0
        dpyInfo = 0x555555765650
#20 0x00007ffff7873821 in __glXGetDynDispatch (dpy=dpy@entry=0x555555757590, 
    screen=screen@entry=0) at libglxmapping.c:608
        vendor = <optimized out>
#21 0x00007ffff786cea1 in glXQueryExtensionsString (dpy=0x555555757590, 
    screen=0) at libglx.c:1477
        vendor = <optimized out>
#22 0x00005555555548e8 in main () at glxbug.c:31
        xdisplay = 0x555555757590
        glx_extensions = 0x0

aplattner · August 3, 2018, 12:09am

I looked into this and I think it’s a bug in mcheck’s handling of the posix_memalign() function. I can reproduce the crash with a simple application that does this:

#include <stdlib.h>
#include <stdio.h>

int main()
{
    void *p = 0;
    int ret = posix_memalign(&p, sizeof(void*), 0);
    printf("ret was %d, pointer is %p\n", ret, p);
    free(p);
    return 0;
}

$ gcc test.c -lmcheck -ggdb
$ ./a.out
ret was 0, pointer is 0x558c32d102e0
munmap_chunk(): invalid pointer
Aborted (core dumped)

golightly.ben · August 6, 2018, 11:16pm

Many thanks for looking into this Aaron.

Your code sample reproduces the error for me, too.

I’ll report this to the GCC developers.

This page is currently ranking high on Google for “gcc -lmcheck” so I will edit THIS post with any updates
for people finding this through Google (I won’t bump the thread though!).

hussam · August 6, 2018, 11:25pm

If you report it to GCC bug tracker (or libc?), can you please post the bug id here so I can CC myself?
Thank you.

golightly.ben · August 6, 2018, 11:37pm

Yes 86873 – "gcc -lmcheck" aborts on free when using posix_memalign

EDIT: glibc bug report: 23489 – "gcc -lmcheck" aborts on free when using posix_memalign

hussam · August 7, 2018, 11:55am

@aplattner, what version of glibc are you using?

aplattner · August 7, 2018, 7:19pm

krypton  tmp $ ./a.out
ret was 0, pointer is 0x55ce968f12e0
munmap_chunk(): invalid pointer
Aborted (core dumped)
krypton  tmp $ ldd --version
ldd (GNU libc) 2.28
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
krypton  tmp $ pacman -Q glibc
glibc 2.28-1

Topic		Replies	Views
384.69 libglx xorg strtol sigsegv generally thread context fs base is changed during GLX init. Linux	36	3384	December 24, 2017
Memory corruption problems nvv4l2decoder/nvjpegdec in R32.4.4 + R35.4.1 Jetson TX2 decoder	4	702	December 4, 2023
sporadic seg fault of X.Org Server 1.15.1 (Ubuntu) with Nvidia 352.30 driver after uptime of 1-10 da Linux	4	1738	August 28, 2015
Some applications crash on exit with nvidia 375.10 Linux	10	3819	October 14, 2021
Ubuntu 19.04 Driver Installed but not Used Linux	102	16153	October 12, 2021
Cuda-gdb deadlock in pgi_managed_new CUDA-GDB	15	1078	November 13, 2023
CentOS 7 headless with nVidia drivers installed, OpenGL not using nVidia drivers, only llvmpipe Linux opengl , linux	44	5126	May 10, 2022
Black screen in Ubuntu 18 even after purging Nvidia and installing drivers from repository Linux	35	1606	December 14, 2023
Nv-nsight-cu-cli segfault Nsight Compute cuda	6	1748	May 5, 2020
Cannot run any CUDA kernels CUDA runtime doesn't recognize NVIDIA GPU CUDA Programming and Performance	26	12335	August 24, 2010

Memory error in GLX programs when linked with gcc -lmcheck

Related topics