libsmbios icon indicating copy to clipboard operation
libsmbios copied to clipboard

Published 20 hours ago verified publisher icon dell

memory leak in Fedora 30

Open superm1 opened this issue 5 years ago • 7 comments

fwupd CI is reporting this issue:

14/16 dell-self-test                          FAIL     0.12 s (exit status 1)
15/16 synapticsmst-self-test                  OK       0.04 s 
16/16 uefi-self-test                          OK       0.07 s 
Ok:                   14
Expected Fail:         0
Fail:                  1
Unexpected Pass:       0
Skipped:               1
Timeout:               0
The output from the failed tests:
14/16 dell-self-test                          FAIL     0.12 s (exit status 1)
--- command ---
/build/build/meson-private/dist-build/plugins/dell/dell-self-test
--- stdout ---
/fwupd/plugin{dell:tpm}: OK
/fwupd/plugin{dell:dock}: OK
--- stderr ---
ERROR:esys:src/tss2-esys/esys_tcti_default.c:210:get_tcti_default() No standard TCTI could be loaded 
ERROR:esys:src/tss2-esys/esys_context.c:68:Esys_Initialize() Initialize default tcti. ErrorCode (0x00070002) 
ERROR:esys:src/tss2-esys/esys_tcti_default.c:210:get_tcti_default() No standard TCTI could be loaded 
ERROR:esys:src/tss2-esys/esys_context.c:68:Esys_Initialize() Initialize default tcti. ErrorCode (0x00070002) 
ERROR:esys:src/tss2-esys/esys_tcti_default.c:210:get_tcti_default() No standard TCTI could be loaded 
ERROR:esys:src/tss2-esys/esys_context.c:68:Esys_Initialize() Initialize default tcti. ErrorCode (0x00070002) 
ERROR:esys:src/tss2-esys/esys_tcti_default.c:210:get_tcti_default() No standard TCTI could be loaded 
ERROR:esys:src/tss2-esys/esys_context.c:68:Esys_Initialize() Initialize default tcti. ErrorCode (0x00070002) 
=================================================================
==3002==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 546 byte(s) in 1 object(s) allocated from:
    #0 0x7f04b4a68e56 in __interceptor_calloc (/lib64/libasan.so.5+0x10de56)
    #1 0x7f04b4375fd5  (/lib64/libsmbios_c.so.2+0x28fd5)
    #2 0x554245445f435f52  (<unknown module>)
Direct leak of 73 byte(s) in 2 object(s) allocated from:
    #0 0x7f04b4a68c58 in __interceptor_malloc (/lib64/libasan.so.5+0x10dc58)
    #1 0x7f04b4143137 in __vasprintf_internal (/lib64/libc.so.6+0x7a137)
SUMMARY: AddressSanitizer: 619 byte(s) leaked in 3 allocation(s).
-------

CI doesn't run on Dell systems, but it seems that there is a memory leak somewhere in a failure path.

superm1 avatar Oct 18 '19 21:10 superm1

The memory leak is specifically from calling sysinfo_get_dell_system_id

Here is the libsmbios debugging output:

memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
init_mem_struct_filename: 
reopen:  file: /dev/mem,  rw: 0
closefds: 
init_mem_struct_filename: out:
copy_mmap: buffer(0x7ffd9960542c) offset(884804) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(884804), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(901188) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(901188), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
sysinfo_get_dell_system_id: calling id_byte function: get_dell_id_byte_from_oem_item
smbios_table_factory: 
init_smbios_struct: 
smbios_get_table_firm_tables: Using /sys/firmware/dmi/tables/smbios_entry_point for entry point
smbios_get_table_firm_tables: Using /sys/firmware/dmi/tables/DMI for DMI
smbios_get_table_firm_tables: 
smbios_verify_smbios: SMBIOS TEP csum 0.
validate_dmi_tep: DMI TEP csum 0.
smbios_verify_smbios: Major version: 3 Minor version: 2
smbios_get_table_firm_tables:  out: 0
do_smbios_fixups
do_dell_check_type_fixup
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960507c) offset(1040502) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960507c), offset(1040502), length(11), mmoff(118)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
smbios_struct_get_string_number(0x6230000028f0, 1)
smbios_struct_get_string_number(0x6230000028f0, 2)
sysinfo_get_dell_system_id: calling id_byte function: get_id_byte_from_mem_diamond
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(884804) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(884804), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(901188) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(901188), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
sysinfo_get_dell_system_id: calling id_byte function: get_dell_id_byte_from_oem_item
smbios_table_factory: 
smbios_struct_get_string_number(0x6230000028f0, 1)
smbios_struct_get_string_number(0x6230000028f0, 2)
sysinfo_get_dell_system_id: calling id_byte function: get_id_byte_from_mem_diamond
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(884804) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(884804), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(901188) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(901188), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
sysinfo_get_dell_system_id: calling id_byte function: get_dell_id_byte_from_oem_item
smbios_table_factory: 
smbios_struct_get_string_number(0x6230000028f0, 1)
smbios_struct_get_string_number(0x6230000028f0, 2)
sysinfo_get_dell_system_id: calling id_byte function: get_id_byte_from_mem_diamond
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(884804) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(884804), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
memory_obj_factory: 1
return_mem: 
memory_obj_factory: 2
copy_mmap: buffer(0x7ffd9960542c) offset(901188) length(11) rw(0)
copy_mmap: ->rw: 0  fd: (nil)
reopen:  file: /dev/mem,  rw: 0
copy_mmap: Start of copy loop
copy_mmap: 	LOOP: bytesCopied(0) length(11)
remap: 
copy_mmap: 	lastMapping(0x7f6b9562d000)
trycopy: 		buffer(0x7ffd9960542c), offset(901188), length(11), mmoff(68)
trycopy: 		COPYING(11)
copy_mmap: 		 out: lastMapping(0x7f6b9562d000)
closefds: 
closefds: 		munmap(0x7f6b9562d000)
memory_obj_free:   m(0x7f6b995a20c0)  singleton(0x7f6b995a20c0)
linux_cleanup:  memory
closefds: 
sysinfo_get_dell_system_id: calling id_byte function: get_dell_id_byte_from_oem_item
smbios_table_factory: 
smbios_struct_get_string_number(0x6230000028f0, 1)
smbios_struct_get_string_number(0x6230000028f0, 2)

superm1 avatar Oct 18 '19 22:10 superm1

Is this still an issue? There were a few recent PRs that may be relevant to this issue, though the issue was not mentioned. As this is the roadblock for a new release, I would be interested in helping to resolve this.

awehrfritz avatar Jan 16 '20 20:01 awehrfritz

I haven't checked again lately, but given this is specifically in the error path I don't think the recent PRs will have solved it.

Help is certainly welcome if you have the time and ability.

To summarize the issue see this commit in fwupd that works around it: https://github.com/fwupd/fwupd/commit/66dd3a02cb89c020c8d602fcc1cb38dbfa822124#diff-a60e5446a876ad45a9fd10a068b50816

Basically running any simple C application that calls sysinfo_get_dell_system_id when compiled with address sanitizer turned on on a non-Dell system (or even a VM/locked down container on a Dell system) should repro it.

superm1 avatar Jan 16 '20 20:01 superm1

I looked at this a little bit today and as far as I an tell it seems that the singleton that gets created and re-used by default all over never gets freed.

superm1 avatar Jan 31 '20 22:01 superm1

And that code and approach has been around since the beginning of libsmbios (eefc88b2). I'd suspect sorting this out will require a pretty big overhaul.

superm1 avatar Jan 31 '20 22:01 superm1

Thanks @superm1, much appreciated!

Do you reckon you (or someone in your team at Dell*) get this overhaul done in the near future or would it be better to release a new point version of the lib to at least get the new battery feature out there and into the next round of disto releases?

*I reckon such kind of a rewrite would require someone with intimate knowledge of the lib (and it’s history) and thus would be difficult for a casual contributor to carry out.

awehrfritz avatar Feb 01 '20 00:02 awehrfritz

I think given the situation we'll tag a release now with this problem in it still, and it will have to be solved in the future.

I'll try to find someone with some cycles to work on this issue for the future.

The people who originally worked on libsmbios are now working on other things or other companies, so it is likely to be someone new will need to do it.

superm1 avatar Feb 01 '20 01:02 superm1