uClibc 0.9.28{,.1} Memory Leakage

Kevin Day thekevinday at gmail.com
Mon Feb 19 19:50:47 UTC 2007 

There have been a few programs leaking memory on a uClibc 0.9.28 and
uClibc 0.9.28.1 with gcc-4.1.1. (I am preparing to start testing this
against gcc-4.1.2 with dreams of the leaks vanishing)

My tests in numerous programs that are memory leaking seem to point
towards two areas:
 1) dl_cleanup (in /lib/libdl-0.9.28.so)
 - This one shows up in almost all memory leak cases.
 2) pthreads, locking, just threads acting up in general.
 - This one usually manages to cause a segfault, threading
applications such as fuse no longer work.

Based on what I could find, I have been wondering if the fclose
problem is related, unfortunately uncommenting the fclose code as done
in the uClibc 0.9.29svn, gcc create ICE segfaults rather consistently.

Using valgrind on a freshly compiled flac source seems to reveal all
problems above.
Due to threading, a number of valgrind logs were generated.  I have
attatched one.

--
Kevin Day
-------------- next part --------------
==26513== Memcheck, a memory error detector.
==26513== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==26513== Using LibVEX rev 1658, a library for dynamic binary translation.
==26513== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==26513== Using valgrind-3.2.1, a dynamic binary instrumentation framework.
==26513== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==26513== For more details, rerun with: -v
==26513== 
==26513== My PID = 26513, parent PID = 12416.  Prog and args are:
==26513==    ./ogg123/ogg123
==26513==    -d
==26513==    oss
==26513==    /Track_01.flac
==26513== 
==26513== Syscall param clone(parent_tidptr) contains uninitialised byte(s)
==26513==    at 0x417D46C: clone (in /lib/libuClibc-0.9.28.so)
==26513==    by 0x408BC6E: pthread_create (in /lib/libpthread-0.9.28.so)
==26513==    by 0x804B7D6: buffer_thread_start (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F475: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513== 
==26513== Syscall param clone(tlsinfo) contains uninitialised byte(s)
==26513==    at 0x417D46C: clone (in /lib/libuClibc-0.9.28.so)
==26513==    by 0x408BC6E: pthread_create (in /lib/libpthread-0.9.28.so)
==26513==    by 0x804B7D6: buffer_thread_start (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F475: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513== 
==26513== Syscall param write(buf) points to uninitialised byte(s)
==26513==    at 0x417CE0B: write (in /lib/libuClibc-0.9.28.so)
==26513==    by 0x408B48C: __pthread_initialize_manager (in /lib/libpthread-0.9.28.so)
==26513==    by 0x408BC6E: pthread_create (in /lib/libpthread-0.9.28.so)
==26513==    by 0x804B7D6: buffer_thread_start (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F475: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==  Address 0xBE8D23C0 is on thread 1's stack
==26513== 
==26513== Syscall param write(buf) points to uninitialised byte(s)
==26513==    at 0x417CE0B: write (in /lib/libuClibc-0.9.28.so)
==26513==    by 0x408BCEC: pthread_create (in /lib/libpthread-0.9.28.so)
==26513==    by 0x804B7D6: buffer_thread_start (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F475: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==  Address 0xBE8D24A4 is on thread 1's stack
==2354== 
==2354== Thread 2:
==2354== Syscall param clone(child_tidptr) contains uninitialised byte(s)
==2354==    at 0x417D46C: clone (in /lib/libuClibc-0.9.28.so)
==2354==    by 0x417D479: clone (in /lib/libuClibc-0.9.28.so)
==26513== 
==26513== Thread 1:
==26513== Invalid read of size 4
==26513==    at 0x408E044: __pthread_unlock (in /lib/libpthread-0.9.28.so)
==26513==    by 0x408A0F5: pthread_mutex_unlock (in /lib/libpthread-0.9.28.so)
==26513==    by 0x8050CF1: status_reset_output_lock (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F707: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==  Address 0xC is not stack'd, malloc'd or (recently) free'd
==26513== 
==26513== Process terminating with default action of signal 11 (SIGSEGV)
==26513==  Access not within mapped region at address 0xC
==26513==    at 0x408E044: __pthread_unlock (in /lib/libpthread-0.9.28.so)
==26513==    by 0x408A0F5: pthread_mutex_unlock (in /lib/libpthread-0.9.28.so)
==26513==    by 0x8050CF1: status_reset_output_lock (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804F707: play (in /vorbis-tools-1.1.1/ogg123/ogg123)
==26513==    by 0x804FD46: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==2354== 
==2354== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 1 from 1)
==2354== malloc/free: in use at exit: 178,394 bytes in 50 blocks.
==2354== malloc/free: 8,283 allocs, 8,233 frees, 581,935 bytes allocated.
==2354== For counts of detected errors, rerun with: -v
==2354== searching for pointers to 50 not-freed blocks.
==2354== checked 527,828 bytes.
==2354== 
==2354== LEAK SUMMARY:
==2354==    definitely lost: 37,150 bytes in 7 blocks.
==2354==      possibly lost: 0 bytes in 0 blocks.
==2354==    still reachable: 141,244 bytes in 43 blocks.
==2354==         suppressed: 0 bytes in 0 blocks.
==2354== Use --leak-check=full to see details of leaked memory.
-------------- next part --------------
==30263== Memcheck, a memory error detector.
==30263== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==30263== Using LibVEX rev 1658, a library for dynamic binary translation.
==30263== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==30263== Using valgrind-3.2.1, a dynamic binary instrumentation framework.
==30263== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==30263== For more details, rerun with: -v
==30263== 
==30263== My PID = 30263, parent PID = 12416.  Prog and args are:
==30263==    ./ogg123/ogg123
==30263==    -d
==30263==    alsa
==30263==    /Track_01.flac
==30263== 
==30263== Invalid read of size 4
==30263==    at 0x4048DCC: dl_cleanup (in /lib/libdl-0.9.28.so)
==30263==    by 0x4000B2C: (within /lib/ld-uClibc-0.9.28.so)
==30263==    by 0x4171FB1: exit (in /lib/libuClibc-0.9.28.so)
==30263==    by 0x804E145: parse_cmdline_options (in /vorbis-tools-1.1.1/ogg123/ogg123)
==30263==    by 0x804FB1D: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==30263==  Address 0x446D95C is 4 bytes inside a block of size 24 free'd
==30263==    at 0x400FFA5: free (in /toolchain/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==30263==    by 0x4048CCA: (within /lib/libdl-0.9.28.so)
==30263==    by 0x4048DCB: dl_cleanup (in /lib/libdl-0.9.28.so)
==30263==    by 0x4000B2C: (within /lib/ld-uClibc-0.9.28.so)
==30263==    by 0x4171FB1: exit (in /lib/libuClibc-0.9.28.so)
==30263==    by 0x804E145: parse_cmdline_options (in /vorbis-tools-1.1.1/ogg123/ogg123)
==30263==    by 0x804FB1D: main (in /vorbis-tools-1.1.1/ogg123/ogg123)
==30263== 
==30263== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
==30263== malloc/free: in use at exit: 668 bytes in 23 blocks.
==30263== malloc/free: 46 allocs, 23 frees, 6,533 bytes allocated.
==30263== For counts of detected errors, rerun with: -v
==30263== searching for pointers to 23 not-freed blocks.
==30263== checked 351,292 bytes.
==30263== 
==30263== LEAK SUMMARY:
==30263==    definitely lost: 24 bytes in 1 blocks.
==30263==      possibly lost: 0 bytes in 0 blocks.
==30263==    still reachable: 644 bytes in 22 blocks.
==30263==         suppressed: 0 bytes in 0 blocks.
==30263== Use --leak-check=full to see details of leaked memory.

More information about the uClibc mailing list