Bug 1309439 – libtevent leaks memory during signal handling

Bug 1309439 - libtevent leaks memory during signal handling

Summary:	libtevent leaks memory during signal handling

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libtevent (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	All Linux

Priority	urgent Severity urgent
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Hrozek
QA Contact:	Steeve Goveas
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:
Blocks:	1309440 1324387
	Show dependency tree / graph

Reported:	2016-02-17 15:00 EST by Jakub Hrozek
Modified:	2016-11-17 06:47 EST (History)
CC List:	10 users (show)

See Also:
Fixed In Version:	libtevent-0.9.26-2.el7
Doc Type:	Bug Fix
Doc Text:	Previously, the libtevent package suffered from a memory leak in signal handling. This bug has been fixed and memory leaks no longer occur in libtevent.
Story Points:	---
Clone Of:
Clones:	1309440 1324387 (view as bug list)
Environment:
Last Closed:	2016-11-04 03:07:16 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
reproducer (999 bytes, text/plain) 2016-02-18 08:57 EST, Pavel Březina	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jakub Hrozek 2016-02-17 15:00:02 EST

Description of problem:
libtevent allocates memory during tevent_common_add_signal() but doesn't free it.

Version-Release number of selected component (if applicable):
libtevent-0.9.25-1.el7

How reproducible:
always

Steps to Reproduce:
1. register a signal handler with libtevent
2. watch the memory usage of a program after startup
3. receive a bunch of signals
3. observe memory usage go up

Actual results:


Expected results:


Additional info:
this is best tested through sssd performing many allocations

Comment 2 Pavel Březina 2016-02-18 08:57:04 EST

Steps to reproduce are wrong. It is not about receiving the signals, the leak occurs on registering a signal handler. I'm attaching a simple reproducer in C.

Comment 3 Pavel Březina 2016-02-18 08:57 EST

Created attachment 1128225 [details]
reproducer

Comment 5 gagriogi 2016-02-24 08:14:58 EST

Steeve, do you think we can manage to have this in Z-stream?

Comment 6 Jakub Hrozek 2016-03-30 11:21:22 EDT

(In reply to gagriogi from comment #5)
> Steeve, do you think we can manage to have this in Z-stream?

We tentatively agreed to include this in U4.

Comment 8 Jakub Hrozek 2016-03-30 11:22:42 EDT

Pavel, can you please create some reproducer (C code would be fine) that QE could use to reproduce and verify the bug?

Comment 9 Pavel Březina 2016-03-31 08:26:50 EDT

The reproducer was attached in February :-)

https://bugzilla.redhat.com/show_bug.cgi?id=1309439#c3

Comment 12 Jakub Hrozek 2016-04-01 04:26:55 EDT

To reproduce, grab the source file that Pavel attached as comment #3 and save it as some file, I used tev.c as an example. Make sure that libtevent-devel and libtalloc-devel are installed.
Then compile the source with:
$ gcc -ltevent -ltalloc tev.c
and run the resulting binary:
$./a.out

With the unpatched packages, you should see a bunch of "struct sigaction" structures being reported by libtalloc as leaked. You should not see these leaks with the patched version.

Comment 13 Jakub Hrozek 2016-04-01 04:27:39 EDT

Steeve, can you add a qa_ack based on comment #12 as a reproducer?

Comment 19 Amith 2016-08-21 07:21:13 EDT

Verified the bug on libtevent Version: libtevent-0.9.28-1.el7.x86_64

Steps followed during verification:
1. Already reproduced this bug with the older build: libtevent-0.9.25-1.el7.x86_64 during verification of RHEL-7.2.Z bug BZ1324387.

2. With the patched build, the "struct sigaction" shouldn't be reported, see the output:

# ./a.out 
full talloc report on 'null_context' (total   2928 bytes in   7 blocks)
    struct tevent_sig_state        contains   2768 bytes in   1 blocks (ref 0) 0x1a53680
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53320
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53290
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53200
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a53170
    struct tevent_ops_list         contains     32 bytes in   1 blocks (ref 0) 0x1a530e0

Comment 21 errata-xmlrpc 2016-11-04 03:07:16 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2474.html

Note You need to log in before you can comment on or make changes to this bug.