Version-Release number of selected component (if applicable): nss-3.31.0-1.1.fc26.i686 nss-pem-1.0.3-3.fc26.i686 nss-softokn-3.32.0-1.0.fc26.i686 nss-softokn-freebl-3.32.0-1.0.fc26.i686 nss-sysinit-3.31.0-1.1.fc26.i686 nss-tools-3.31.0-1.1.fc26.i686 nss-util-3.32.0-1.0.fc26.i686 Steps to Reproduce: 1. valgrind --leak-check=full curl -so/dev/null https://google.com Actual results: # valgrind --leak-check=full curl -so/dev/null https://google.com [...] HEAP SUMMARY: in use at exit: 5,214 bytes in 31 blocks total heap usage: 142,804 allocs, 142,773 frees, 12,229,522 bytes allocated 303 bytes in 1 blocks are definitely lost in loss record 14 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) by 0x48FDBEB: SSL_ForceHandshake (sslsecur.c:403) 429 bytes in 3 blocks are definitely lost in loss record 15 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x6455167: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457B1F: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457F48: ??? (in /usr/lib/libfreeblpriv3.so) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) 606 bytes in 2 blocks are definitely lost in loss record 17 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) by 0x48F65A5: ssl3_GatherAppDataRecord (ssl3gthr.c:592) 715 bytes in 5 blocks are definitely lost in loss record 19 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x6455167: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457B1F: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457F48: ??? (in /usr/lib/libfreeblpriv3.so) by 0x63266A2: ??? by 0x6327884: ??? by 0x4999B81: PK11_Encrypt (pk11obj.c:970) by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874) by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439) by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578) 1,515 bytes in 5 blocks are definitely lost in loss record 20 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so) by 0x63266A2: ??? by 0x6327884: ??? by 0x4999B81: PK11_Encrypt (pk11obj.c:970) by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874) by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439) by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578) by 0x48E9E21: ssl3_SendRecord (ssl3con.c:2772) LEAK SUMMARY: definitely lost: 3,568 bytes in 16 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 1,646 bytes in 15 blocks suppressed: 0 bytes in 0 blocks Expected results: Downgrade to nss-softokn-3.31.0-1.0.fc26.i686 fixes the problem: # dnf install https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-devel-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-freebl-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-freebl-devel-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-debuginfo-3.31.0-1.0.fc26.i686.rpm # valgrind --leak-check=full curl -so/dev/null https://google.com [...] HEAP SUMMARY: in use at exit: 1,646 bytes in 15 blocks total heap usage: 142,832 allocs, 142,817 frees, 12,242,922 bytes allocated LEAK SUMMARY: definitely lost: 0 bytes in 0 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 1,646 bytes in 15 blocks suppressed: 0 bytes in 0 blocks Additional info: This regression in stable Fedora delayed a release of curl security update: https://koji.fedoraproject.org/koji/taskinfo?taskID=21127860
I forgot to upgrade nss-softokn-debuginfo while pasting valgrind's output. Pasting now again with more symbols resolved: # valgrind --leak-check=full curl -so/dev/null https://google.com [...] HEAP SUMMARY: in use at exit: 5,214 bytes in 31 blocks total heap usage: 142,807 allocs, 142,776 frees, 12,229,574 bytes allocated 303 bytes in 1 blocks are definitely lost in loss record 14 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: AES_AllocateContext (rijndael.c:1021) by 0x6457F0A: AES_CreateContext (rijndael.c:1238) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) by 0x48FDBEB: SSL_ForceHandshake (sslsecur.c:403) 429 bytes in 3 blocks are definitely lost in loss record 15 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x6455167: GCM_CreateContext (gcm.c:599) by 0x6457B1F: AES_InitContext (rijndael.c:1193) by 0x6457F48: AES_CreateContext (rijndael.c:1240) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) 606 bytes in 2 blocks are definitely lost in loss record 17 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: AES_AllocateContext (rijndael.c:1021) by 0x6457F0A: AES_CreateContext (rijndael.c:1238) by 0x63266A2: ??? by 0x63281E4: ??? by 0x4999974: PK11_Decrypt (pk11obj.c:923) by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871) by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385) by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608) by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514) by 0x48F65A5: ssl3_GatherAppDataRecord (ssl3gthr.c:592) 715 bytes in 5 blocks are definitely lost in loss record 19 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x6455167: GCM_CreateContext (gcm.c:599) by 0x6457B1F: AES_InitContext (rijndael.c:1193) by 0x6457F48: AES_CreateContext (rijndael.c:1240) by 0x63266A2: ??? by 0x6327884: ??? by 0x4999B81: PK11_Encrypt (pk11obj.c:970) by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874) by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439) by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578) 1,515 bytes in 5 blocks are definitely lost in loss record 20 of 20 at 0x483302A: calloc (vg_replace_malloc.c:711) by 0x4AC7E43: PR_Calloc (prmem.c:443) by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114) by 0x645710A: AES_AllocateContext (rijndael.c:1021) by 0x6457F0A: AES_CreateContext (rijndael.c:1238) by 0x63266A2: ??? by 0x6327884: ??? by 0x4999B81: PK11_Encrypt (pk11obj.c:970) by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874) by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439) by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578) by 0x48E9E21: ssl3_SendRecord (ssl3con.c:2772) LEAK SUMMARY: definitely lost: 3,568 bytes in 16 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 1,646 bytes in 15 blocks suppressed: 0 bytes in 0 blocks
nspr-4.16.0-1.fc26 nss-3.32.0-1.0.fc26 nss-softokn-3.32.0-1.1.fc26 nss-util-3.32.0-1.0.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a
nspr-4.16.0-1.fc25 nss-3.32.0-1.0.fc25 nss-softokn-3.32.0-1.1.fc25 nss-util-3.32.0-1.0.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c
nspr-4.16.0-1.fc25, nss-3.32.0-1.0.fc25, nss-softokn-3.32.0-1.1.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c
nspr-4.16.0-1.fc26, nss-3.32.0-1.0.fc26, nss-softokn-3.32.0-1.1.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a
nspr-4.16.0-1.fc26 nss-3.32.0-1.1.fc26 nss-softokn-3.32.0-1.2.fc26 nss-util-3.32.0-1.0.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a
nspr-4.16.0-1.fc25 nss-3.32.0-1.1.fc25 nss-softokn-3.32.0-1.2.fc25 nss-util-3.32.0-1.0.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c
nspr-4.16.0-1.fc25, nss-3.32.0-1.1.fc25, nss-softokn-3.32.0-1.2.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c
nspr-4.16.0-1.fc26, nss-3.32.0-1.1.fc26, nss-softokn-3.32.0-1.2.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a
nspr-4.16.0-1.fc26, nss-3.32.0-1.1.fc26, nss-softokn-3.32.0-1.2.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
nspr-4.16.0-1.fc25, nss-3.32.0-1.1.fc25, nss-softokn-3.32.0-1.2.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.