see referenced URL for thread with multiple people reporting the same issue. the patch also in that thread appears to address things. the "simplest" case i had was just running the music player daemon (mpd). it'd crash everytime on my system. http://www.musicpd.org/
In case anyone else can't see the referenced URL properly, here it is inline: http://sourceware.org/ml/libc-alpha/2011-06/msg00006.html
(In reply to comment #0) > see referenced URL for thread with multiple people reporting the same issue. Mike, could you run the reproducer under Valgrind? This looks like a very likely dup of PR 13579 (which has a trivial test case).
Created attachment 6306 [details] valgrind log for aplay/libasound Mike mentioned mpd, which I guess uses libasound. The attached log is from aplay/libasound. I put debugging statements into libasound to flag all of its calls to the dl* functions in libdl.
(In reply to comment #3) > valgrind log for aplay/libasound ==11258== Invalid read of size 4 ==11258== at 0x440951D: do_lookup_x (dl-lookup.c:98) ==11258== by 0x4409E31: _dl_lookup_symbol_x (dl-lookup.c:739) ==11258== by 0x72D297F: do_sym (dl-sym.c:178) ==11258== by 0x72D2E16: _dl_sym (dl-sym.c:283) ==11258== by 0xFE959EFF: ??? ==11258== Address 0x7563670 is 32 bytes inside a block of size 60 free'd ==11258== at 0x5017D88: free (vg_replace_malloc.c:427) ==11258== by 0x44122EF: _dl_scope_free (dl-scope.c:32) ==11258== by 0x4414557: _dl_close (dl-close.c:779) ==11258== by 0x5089DB1: dlclose_doit (dlclose.c:37) ==11258== by 0x440EDFD: _dl_catch_error (dl-error.c:178) ==11258== by 0x508A3F1: _dlerror_run (dlerror.c:164) ==11258== by 0x5089DE7: dlclose (dlclose.c:48) ==11258== by 0x6D8FBC8: snd_config_hooks_call (in /usr/lib/libasound.so.2.0.0) ==11258== by 0x6D8FD25: snd_config_hooks (in /usr/lib/libasound.so.2.0.0) ==11258== by 0x6D90E74: snd_config_update_r (in /usr/lib/libasound.so.2.0.0) ==11258== by 0x6D90F0D: snd_config_update (in /usr/lib/libasound.so.2.0.0) ==11258== by 0x6DB7DA3: snd_pcm_open (in /usr/lib/libasound.so.2.0.0) That is an exact match to PR 13579. *** This bug has been marked as a duplicate of bug 13579 ***
(In reply to comment #4) > > That is an exact match to PR 13579. It's certainly a very close match, but notice one thing: in libasound all the calls to dlopen use mode 2 (RTLD_NOW), which differs from the test case for bug 13579. I tried making a simple test case which emulated libasound's pattern of calls to the dl* functions (using RTLD_NOW with dlopen) and it ran fine with stock glibc 2.15, no crash. For what it's worth.
(In reply to comment #5) > I tried making a > simple test case which emulated libasound's pattern of calls > to the dl* functions (using RTLD_NOW with dlopen) and it > ran fine with stock glibc 2.15, no crash. Ran fine with no Valgrind errors? (Not every access to dangling memory causes a crash.)