Bug 1309439 - libtevent leaks memory during signal handling
libtevent leaks memory during signal handling
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libtevent (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Jakub Hrozek
Steeve Goveas
: ZStream
Depends On:
Blocks: 1309440 1324387
  Show dependency treegraph
Reported: 2016-02-17 15:00 EST by Jakub Hrozek
Modified: 2016-11-17 06:47 EST (History)
10 users (show)

See Also:
Fixed In Version: libtevent-0.9.26-2.el7
Doc Type: Bug Fix
Doc Text:
Previously, the libtevent package suffered from a memory leak in signal handling. This bug has been fixed and memory leaks no longer occur in libtevent.
Story Points: ---
Clone Of:
: 1309440 1324387 (view as bug list)
Last Closed: 2016-11-04 03:07:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
reproducer (999 bytes, text/plain)
2016-02-18 08:57 EST, Pavel Březina
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2474 normal SHIPPED_LIVE libtevent bug fix update 2016-11-03 10:07:48 EDT

  None (edit)
Description Jakub Hrozek 2016-02-17 15:00:02 EST
Description of problem:
libtevent allocates memory during tevent_common_add_signal() but doesn't free it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. register a signal handler with libtevent
2. watch the memory usage of a program after startup
3. receive a bunch of signals
3. observe memory usage go up

Actual results:

Expected results:

Additional info:
this is best tested through sssd performing many allocations
Comment 2 Pavel Březina 2016-02-18 08:57:04 EST
Steps to reproduce are wrong. It is not about receiving the signals, the leak occurs on registering a signal handler. I'm attaching a simple reproducer in C.
Comment 3 Pavel Březina 2016-02-18 08:57 EST
Created attachment 1128225 [details]
Comment 5 gagriogi 2016-02-24 08:14:58 EST
Steeve, do you think we can manage to have this in Z-stream?
Comment 6 Jakub Hrozek 2016-03-30 11:21:22 EDT
(In reply to gagriogi from comment #5)
> Steeve, do you think we can manage to have this in Z-stream?

We tentatively agreed to include this in U4.
Comment 8 Jakub Hrozek 2016-03-30 11:22:42 EDT
Pavel, can you please create some reproducer (C code would be fine) that QE could use to reproduce and verify the bug?
Comment 9 Pavel Březina 2016-03-31 08:26:50 EDT
The reproducer was attached in February :-)

Comment 12 Jakub Hrozek 2016-04-01 04:26:55 EDT
To reproduce, grab the source file that Pavel attached as comment #3 and save it as some file, I used tev.c as an example. Make sure that libtevent-devel and libtalloc-devel are installed.
Then compile the source with:
$ gcc -ltevent -ltalloc tev.c
and run the resulting binary:

With the unpatched packages, you should see a bunch of "struct sigaction" structures being reported by libtalloc as leaked. You should not see these leaks with the patched version.
Comment 13 Jakub Hrozek 2016-04-01 04:27:39 EDT
Steeve, can you add a qa_ack based on comment #12 as a reproducer?
Comment 19 Amith 2016-08-21 07:21:13 EDT
Verified the bug on libtevent Version: libtevent-0.9.28-1.el7.x86_64

Steps followed during verification:
1. Already reproduced this bug with the older build: libtevent-0.9.25-1.el7.x86_64 during verification of RHEL-7.2.Z bug BZ1324387.

2. With the patched build, the "struct sigaction" shouldn't be reported, see the output:

# ./a.out 
full talloc report on 'null_context' (total   2928 bytes in   7 blocks)
    struct tevent_sig_state        contains   2768 bytes in   1 blocks (ref 0) 0x1a53680
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53320
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53290
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53200
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53170
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a530e0
Comment 21 errata-xmlrpc 2016-11-04 03:07:16 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.