Bug 1158722 - A memory leak in cmdNetworkDHCPLeases
Summary: A memory leak in cmdNetworkDHCPLeases
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-30 03:30 UTC by Luyao Huang
Modified: 2015-11-19 05:54 UTC (History)
6 users (show)

Fixed In Version: libvirt-1.2.13-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 05:54:54 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2202 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2015-11-19 08:17:58 UTC

Description Luyao Huang 2014-10-30 03:30:55 UTC 
description of problem:
A memory leak in cmdNetworkDHCPLeases

Version-Release number of selected component (if applicable):
libvirt-1.2.8-5.el7.x86_64
qemu-kvm-rhev-2.1.2-4.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.# valgrind -v --leak-check=full virsh net-dhcp-leases default
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2014-10-30 10:08:18  00:22:44:66:88:aa  ipv4      192.168.122.50/24         -               -

==25162==
==25162== HEAP SUMMARY:
==25162==     in use at exit: 109,071 bytes in 1,096 blocks
==25162==   total heap usage: 4,872 allocs, 3,776 frees, 1,494,000 bytes allocated
==25162==
==25162== Searching for pointers to 1,096 not-freed blocks
==25162== Checked 1,557,440 bytes
==25162==
==25162== 18 bytes in 1 blocks are definitely lost in loss record 41 of 192
==25162==    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25162==    by 0x85CE36F: __vasprintf_chk (vasprintf_chk.c:80)
==25162==    by 0x4EE52D5: UnknownInlinedFun (stdio2.h:210)
==25162==    by 0x4EE52D5: virVasprintfInternal (virstring.c:459)
==25162==    by 0x4EE53CA: virAsprintfInternal (virstring.c:480)
==25162==    by 0x14FE96: cmdNetworkDHCPLeases (virsh-network.c:1378)
==25162==    by 0x13006B: vshCommandRun (virsh.c:1915)
==25162==    by 0x12A9E1: main (virsh.c:3699)
==25162==
==25162== 40 bytes in 1 blocks are possibly lost in loss record 121 of 192
==25162==    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25162==    by 0xBA21FDB: _PR_Getfd (prfdcach.c:112)
==25162==    by 0xBA3BCB6: pt_SetMethods.isra.11 (ptio.c:3303)
==25162==    by 0xBA3C2A4: PR_OpenFile (ptio.c:3581)
==25162==    by 0xD951989: blapi_SHVerifyFile (shvfy.c:355)
==25162==    by 0xD951CB0: blapi_SHVerify (shvfy.c:289)
==25162==    by 0xD927AE9: freebl_fipsSoftwareIntegrityTest (fipsfreebl.c:1541)
==25162==    by 0xD927AE9: bl_startup_tests (fipsfreebl.c:1732)
==25162==    by 0x400F502: call_init (dl-init.c:82)
==25162==    by 0x400F502: _dl_init (dl-init.c:131)
==25162==    by 0x4001459: ??? (in /usr/lib64/ld-2.17.so)
==25162==    by 0x2: ???
==25162==    by 0xFFF0002E2: ???
==25162==    by 0xFFF0002E8: ???
==25162==
==25162== 48 bytes in 1 blocks are possibly lost in loss record 126 of 192
==25162==    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25162==    by 0xBA21FC9: _PR_Getfd (prfdcach.c:109)
==25162==    by 0xBA3BCB6: pt_SetMethods.isra.11 (ptio.c:3303)
==25162==    by 0xBA3C2A4: PR_OpenFile (ptio.c:3581)
==25162==    by 0xD951989: blapi_SHVerifyFile (shvfy.c:355)
==25162==    by 0xD951CB0: blapi_SHVerify (shvfy.c:289)
==25162==    by 0xD927AE9: freebl_fipsSoftwareIntegrityTest (fipsfreebl.c:1541)
==25162==    by 0xD927AE9: bl_startup_tests (fipsfreebl.c:1732)
==25162==    by 0x400F502: call_init (dl-init.c:82)
==25162==    by 0x400F502: _dl_init (dl-init.c:131)
==25162==    by 0x4001459: ??? (in /usr/lib64/ld-2.17.so)
==25162==    by 0x2: ???
==25162==    by 0xFFF0002E2: ???
==25162==    by 0xFFF0002E8: ???
==25162==
==25162== LEAK SUMMARY:
==25162==    definitely lost: 18 bytes in 1 blocks
==25162==    indirectly lost: 0 bytes in 0 blocks
==25162==      possibly lost: 88 bytes in 2 blocks
==25162==    still reachable: 108,965 bytes in 1,093 blocks
==25162==         suppressed: 0 bytes in 0 blocks
==25162== Reachable blocks (those to which a pointer was found) are not shown.
==25162== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==25162==
==25162== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 2 from 2)
--25162--
--25162-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib64/valgrind/default.supp:1296
==25162==
==25162== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 2 from 2)


Actual results:
A 1 blocks are definitely lost


Expected results:
fix it


Additional info:
send a patch to fix this issue:

https://www.redhat.com/archives/libvir-list/2014-October/msg01026.html
Comment 2 Peter Krempa 2014-10-30 06:31:23 UTC 
Fixed upstream:

commit 089663aefaed6ae7acd5d8bdd362030ff661dce1
Author: Luyao Huang <lhuang>
Date:   Thu Oct 30 10:35:14 2014 +0800

    virsh: Fix memory leak in cmdNetworkDHCPLeases
    
    After cidr_format is allocated by virAsprintf and used by vshPrintExtra
    it needs to be freed.
    
    Fix the following memory leak from valgrind:
     18 bytes in 1 blocks are definitely lost in loss record 41 of 192
        at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
        by 0x85CE36F: __vasprintf_chk (vasprintf_chk.c:80)
        by 0x4EE52D5: UnknownInlinedFun (stdio2.h:210)
        by 0x4EE52D5: virVasprintfInternal (virstring.c:459)
        by 0x4EE53CA: virAsprintfInternal (virstring.c:480)
        by 0x14FE96: cmdNetworkDHCPLeases (virsh-network.c:1378)
        by 0x13006B: vshCommandRun (virsh.c:1915)
        by 0x12A9E1: main (virsh.c:3699)
    
    Signed-off-by: Luyao Huang <lhuang>
Comment 6 vivian zhang 2015-05-22 07:34:45 UTC 
I can produce this on build libvirt-1.2.8-5.el7.x86_64

verify this bug on build libvirt-1.2.15-2.el7.x86_64

1. prepare a guest with interface
...
 <interface type='network'>
      <mac address='52:54:00:29:f7:6e'/>
      <source network='default' bridge='virbr0'/>
      <target dev='vnet0'/>
      <model type='rtl8139'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='network'>
      <mac address='52:54:00:2d:14:70'/>
      <source network='default' bridge='virbr0'/>
      <target dev='vnet1'/>
      <model type='rtl8139'/>
      <alias name='net2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </interface>
...

2. check net-dhcp-leases
# valgrind -v --leak-check=full virsh net-dhcp-leases default
...

Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2015-05-22 15:55:34  52:54:00:29:f7:6e  ipv4      192.168.122.203/24        localhost       -
 2015-05-22 15:55:34  52:54:00:2d:14:70  ipv4      192.168.122.72/24         -               -

==23838== 
==23838== HEAP SUMMARY:
==23838==     in use at exit: 103,733 bytes in 1,084 blocks
==23838==   total heap usage: 4,355 allocs, 3,271 frees, 1,203,039 bytes allocated
==23838== 
==23838== Searching for pointers to 1,084 not-freed blocks
==23838== Checked 1,464,496 bytes
==23838== 
==23838== LEAK SUMMARY:
==23838==    definitely lost: 0 bytes in 0 blocks
==23838==    indirectly lost: 0 bytes in 0 blocks
==23838==      possibly lost: 0 bytes in 0 blocks
==23838==    still reachable: 103,733 bytes in 1,084 blocks
==23838==         suppressed: 0 bytes in 0 blocks
==23838== Reachable blocks (those to which a pointer was found) are not shown.
==23838== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==23838== 
==23838== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
--23838-- 
--23838-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib64/valgrind/default.supp:1296
==23838== 
==23838== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

no memory leak, move to verified
Comment 8 errata-xmlrpc 2015-11-19 05:54:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html
Note You need to log in before you can comment on or make changes to this bug.