Bug 1905581
Summary: | Memory leak reported by 389-ds cmocka tests | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Viktor Ashirov <vashirov> |
Component: | p11-kit | Assignee: | Daiki Ueno <dueno> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 33 | CC: | crypto-team, dueno, kai-engert-fedora, kdudka, patrick, stefw, tmraz |
Target Milestone: | --- | Keywords: | TestBlocker, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | p11-kit-0.23.22-2.fc33 p11-kit-0.23.22-2.fc32 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-01-30 01:54:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Viktor Ashirov
2020-12-08 15:34:42 UTC
This also happens in RHEL8 with p11-kit-0.23.21-4.el8.x86_64 Probably the same bug occurs within curl compiled with nss: test 0067...[HTTP with NTLM authorization] valgrind ERROR ==3387== 4,096 bytes in 1 blocks are definitely lost in loss record 28 of 29 ==3387== at 0x4839809: malloc (vg_replace_malloc.c:307) ==3387== by 0x4E14206: realpath@@GLIBC_2.3 (in /usr/lib64/libc-2.32.so) ==3387== by 0x134767CD: ??? ==3387== by 0x1347B318: ??? ==3387== by 0x1347F129: ??? ==3387== by 0x4ACC34A: secmod_LoadPKCS11Module (pk11load.c:518) ==3387== by 0x4AD957C: SECMOD_LoadModule (pk11pars.c:1938) ==3387== by 0x4AD96B7: SECMOD_LoadModule (pk11pars.c:1974) ==3387== by 0x4AA1EC0: nss_Init (nssinit.c:712) ==3387== by 0x4AA245F: NSS_InitContext (nssinit.c:910) ==3387== by 0x48C791F: nss_init_core (nss.c:1337) ==3387== by 0x48C791F: nss_init.part.0 (nss.c:1408) ==3387== by 0x48CAAC7: nss_init (nss.c:1458) ==3387== by 0x48CAAC7: Curl_nss_force_init (nss.c:1454) ==3387== by 0x48C556D: Curl_auth_decode_ntlm_type2_message (ntlm.c:282) ==3387== by 0x4882FE9: Curl_input_ntlm (http_ntlm.c:82) ==3387== by 0x487A857: Curl_http_input_auth (http.c:968) ==3387== by 0x487DD49: Curl_http_header (http.c:3518) I suspect this is caused by the newly added progname detection logic, which caches executable path in a static variable: https://github.com/p11-glue/p11-kit/pull/307 If this is the case, I would rather suggest adding it into the suppressions file, but in case it's not easy, I've filed: https://github.com/p11-glue/p11-kit/pull/349 With the following scratch build incorporating the patch, I confirm that the leak with the 'realpath' code path disappears: https://koji.fedoraproject.org/koji/taskinfo?taskID=60579346 However, the test_slapd test seems to be still leaking, in a different path, which I'm not sure p11-kit related: ==310263== 192 bytes in 1 blocks are definitely lost in loss record 31 of 49 ==310263== at 0x4839809: malloc (vg_replace_malloc.c:307) ==310263== by 0x52718ED: CRYPTO_zalloc (mem.c:230) ==310263== by 0x523F33C: ENGINE_new (eng_lib.c:34) ==310263== by 0x526B855: UnknownInlinedFun (eng_rdrand.c:70) ... Viktor, could you try the scratch build and check whether this is my local configuration problem or not? Hi Daiki, After upgrading p11-kit packages to p11-kit-0.23.22-2.fc33.x86_64 I no longer see the memleak: $ ASAN_OPTIONS=fast_unwind_on_malloc=0 ./test_slapd [==========] Running 12 test(s). [ RUN ] test_libslapd_hello [ OK ] test_libslapd_hello [ RUN ] test_libslapd_pblock_analytics [ OK ] test_libslapd_pblock_analytics [ RUN ] test_libslapd_pblock_v3c_target_dn [ OK ] test_libslapd_pblock_v3c_target_dn [ RUN ] test_libslapd_pblock_v3c_target_sdn [ OK ] test_libslapd_pblock_v3c_target_sdn [ RUN ] test_libslapd_pblock_v3c_original_target_dn [ OK ] test_libslapd_pblock_v3c_original_target_dn [ RUN ] test_libslapd_pblock_v3c_target_uniqueid [ OK ] test_libslapd_pblock_v3c_target_uniqueid [ RUN ] test_libslapd_schema_filter_validate_simple [ OK ] test_libslapd_schema_filter_validate_simple [ RUN ] test_libslapd_operation_v3c_target_spec [ OK ] test_libslapd_operation_v3c_target_spec [ RUN ] test_libslapd_counters_atomic_usage [ OK ] test_libslapd_counters_atomic_usage [ RUN ] test_libslapd_counters_atomic_overflow [ OK ] test_libslapd_counters_atomic_overflow [ RUN ] test_libslapd_pal_meminfo [ OK ] test_libslapd_pal_meminfo [ RUN ] test_libslapd_util_cachesane [ OK ] test_libslapd_util_cachesane [==========] 12 test(s) run. [ PASSED ] 12 test(s). [==========] Running 3 test(s). [ RUN ] test_plugin_hello [ OK ] test_plugin_hello [ RUN ] test_plugin_pwdstorage_pbkdf2_auth [ OK ] test_plugin_pwdstorage_pbkdf2_auth [ RUN ] test_plugin_pwdstorage_pbkdf2_rounds [ OK ] test_plugin_pwdstorage_pbkdf2_rounds [==========] 3 test(s) run. [ PASSED ] 3 test(s). But I'm using AddressSanitizer, not Valgrind. Thank you! Thank you for confirming. I've submitted a build. FEDORA-2021-b848e92d08 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-b848e92d08 FEDORA-2021-5f917a244e has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5f917a244e FEDORA-2021-b848e92d08 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-b848e92d08` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-b848e92d08 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-5f917a244e has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5f917a244e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5f917a244e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-b848e92d08 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-5f917a244e has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. |