Bug 2227784

Summary: libipa_otp_lasttoken plugin memory leak
Product: Red Hat Enterprise Linux 9 Reporter: Rob Crittenden <rcritten>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: MODIFIED --- QA Contact: Sudhir Menon <sumenon>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: amore, asharov, frenaud, ipa-qe, rcritten, sumenon, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.10.2-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2209636 Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2209636    
Bug Blocks: 2227783    

Description Rob Crittenden 2023-07-31 13:04:09 UTC 
+++ This bug was initially created as a clone of Bug #2209636 +++

Description of problem:
Freshly installed replica is leaking memory. From the valgrind output it seems it's actually libipa_otp_lasttoken plugin library:

The leak summary gives this ( 2,5 MB definitely lost overall + 350K indirectly lost ) :

==23733== LEAK SUMMARY:
==23733==    definitely lost: 2,493,525 bytes in 66,549 blocks
==23733==    indirectly lost: 347,788 bytes in 34,963 blocks
==23733==      possibly lost: 3,818 bytes in 9 blocks
==23733==    still reachable: 3,897,465 bytes in 40,026 blocks
==23733==                       of which reachable via heuristic:
==23733==                         stdstring          : 30 bytes in 1 blocks
==23733==         suppressed: 0 bytes in 0 blocks
==23733==

==> libipa_otp_lasttoken plugin seems to be involved here ...

951,768 bytes in 10,116 blocks are definitely lost in loss record 2,421 of 2,422
==23733==    at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==23733==    by 0x63C0B89: strdup (in /usr/lib64/libc-2.17.so)
==23733==    by 0x5094AF2: slapi_ch_strdup (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E0FB6: slapi_pblock_get (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
===> ==23733==    by 0x14DF6233: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==> ==23733==    by 0x14DF6500: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==23733==    by 0x50E8077: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E8332: plugin_call_plugins (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x16ADE22D: ldbm_back_modify (in /usr/lib64/dirsrv/plugins/libback-ldbm.so)
==23733==    by 0x50D3FE5: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50D550A: do_modify (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x123886: ??? (in /usr/sbin/ns-slapd)
==23733==    by 0x8042F7A: ??? (in /usr/lib64/libnspr4.so)
==23733==    by 0x8683EA4: start_thread (in /usr/lib64/libpthread-2.17.so)
==23733==    by 0x6432B0C: clone (in /usr/lib64/libc-2.17.so)

==> and here too ..

==23733== 660,205 (353,280 direct, 306,925 indirect) bytes in 10,116 blocks are definitely lost in loss record 2,420 of 2,422
==23733==    at 0x4C2C291: realloc (vg_replace_malloc.c:836)
==23733==    by 0x509495A: slapi_ch_realloc (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x5093AD1: slapi_ch_array_add_ext (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50A54B7: slapi_entry_attr_get_charray_ext (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50A551D: slapi_entry_attr_get_charray (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==> ==23733==    by 0x14DF6265: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==> ==23733==    by 0x14DF6500: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==23733==    by 0x50E8077: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E8332: plugin_call_plugins (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x16ADE22D: ldbm_back_modify (in /usr/lib64/dirsrv/plugins/libback-ldbm.so)
==23733==    by 0x50D3FE5: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50D550A: do_modify (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x123886: ??? (in /usr/sbin/ns-slapd)
==23733==    by 0x8042F7A: ??? (in /usr/lib64/libnspr4.so)
==23733==    by 0x8683EA4: start_thread (in /usr/lib64/libpthread-2.17.so)

==> And again here ...

==23733== 492,254 bytes in 5,023 blocks are definitely lost in loss record 2,418 of 2,422
==23733==    at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==23733==    by 0x63C0B89: strdup (in /usr/lib64/libc-2.17.so)
==23733==    by 0x5094AF2: slapi_ch_strdup (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E0FB6: slapi_pblock_get (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x14DF6233: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==23733==    by 0x14DF662E: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==23733==    by 0x50E8077: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E8332: plugin_call_plugins (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x16AD2047: ldbm_back_delete (in /usr/lib64/dirsrv/plugins/libback-ldbm.so)
==23733==    by 0x509881A: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x5098BB2: do_delete (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x1238A0: ??? (in /usr/sbin/ns-slapd)
==23733==    by 0x8042F7A: ??? (in /usr/lib64/libnspr4.so)
==23733==    by 0x8683EA4: start_thread (in /usr/lib64/libpthread-2.17.so)
==23733==    by 0x6432B0C: clone (in /usr/lib64/libc-2.17.so)
==23733==    by 0x6432B0C: clone (in /usr/lib64/libc-2.17.so)

==> And still ..

==23733== 306,925 bytes in 34,044 blocks are indirectly lost in loss record 2,416 of 2,422
==23733==    at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==23733==    by 0x50947D2: slapi_ch_malloc (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50A5493: slapi_entry_attr_get_charray_ext (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50A551D: slapi_entry_attr_get_charray (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==> ==23733==    by 0x14DF6265: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==> ==23733==    by 0x14DF6500: ??? (in /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so)
==23733==    by 0x50E8077: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50E8332: plugin_call_plugins (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x16ADE22D: ldbm_back_modify (in /usr/lib64/dirsrv/plugins/libback-ldbm.so)
==23733==    by 0x50D3FE5: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x50D550A: do_modify (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==23733==    by 0x123886: ??? (in /usr/sbin/ns-slapd)
==23733==    by 0x8042F7A: ??? (in /usr/lib64/libnspr4.so)
==23733==    by 0x8683EA4: start_thread (in /usr/lib64/libpthread-2.17.so)
==23733==    by 0x6432B0C: clone (in /usr/lib64/libc-2.17.so)

Version-Release number of selected component (if applicable):
ipa-server-4.6.8-5.el7_9.12.x86_64                          Mon Apr 17 14:58:57 2023


How reproducible:
can't reproduce it on test environment

Actual results:
Memory leaks with consiquent failure of dirsrv

Expected results:
No memory leak

Additional info:
valgrind output in attachement, you can find sosreport from the server in attached case.
Comment 1 Florence Blanc-Renaud 2023-07-31 16:06:58 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/089907b4853207ea70c7ca02896b84718251cf6f
Comment 3 Florence Blanc-Renaud 2023-08-01 06:12:19 UTC 
Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/421e8e9ac886c50b4bb463a62b8ad5de8da94f31

ipa-4-9:
https://pagure.io/freeipa/c/9438ce9207445e4ad4a9c7bdf0c9e569cabac571

ipa-4-6:
https://pagure.io/freeipa/c/66c35a574e2f2e43773fb4c60bc6983cca724579