Description of problem: The latest upgrade of krb5 in f26 and f26 introduce a memory leak when parsing krb5 configuration. Reproducer will use klist as an example but it caused many failures to sssd unit tests which only use krb5-libs Version-Release number of selected component (if applicable): sh$ rpm -q krb5-libs krb5-libs-1.15.2-5.fc26.x86_64 How reproducible: Deterministic Steps to Reproduce: 1. dnf install -y -e0 -d0 --enablerepo=updates-testing krb5-workstation valgrind 2. valgrind --leak-check=full klist Actual results: sh# dnf install -y -e0 -d0 --enablerepo=updates-testing krb5-workstation valgrind sh# valgrind --leak-check=full klist ==53== Memcheck, a memory error detector ==53== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==53== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==53== Command: klist ==53== klist: Invalid UID in persistent keyring name while getting default ccache ==53== ==53== HEAP SUMMARY: ==53== in use at exit: 2,343 bytes in 47 blocks ==53== total heap usage: 114 allocs, 67 frees, 59,128 bytes allocated ==53== ==53== 40 bytes in 1 blocks are definitely lost in loss record 8 of 19 ==53== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) ==53== by 0x60825B3: __scandir_tail (in /usr/lib64/libc-2.25.so) ==53== by 0x4EC3A0B: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC35BD: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC40F2: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC27B6: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC2868: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC2F20: ??? (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EC635E: profile_init_flags (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4EB8331: k5_os_init_context (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x4E8F108: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3) ==53== by 0x109B1D: ??? (in /usr/bin/klist) ==53== ==53== LEAK SUMMARY: ==53== definitely lost: 40 bytes in 1 blocks ==53== indirectly lost: 0 bytes in 0 blocks ==53== possibly lost: 0 bytes in 0 blocks ==53== still reachable: 2,303 bytes in 46 blocks ==53== suppressed: 0 bytes in 0 blocks ==53== Reachable blocks (those to which a pointer was found) are not shown. ==53== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==53== ==53== For counts of detected and suppressed errors, rerun with: -v ==53== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Expected results: No leaks (the same as with older version) sh# rpm -q krb5-libs krb5-libs-1.15.2-4.fc26.x86_64 sh# valgrind --leak-check=full klist ==65== Memcheck, a memory error detector ==65== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==65== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==65== Command: klist ==65== klist: Invalid UID in persistent keyring name while getting default ccache ==65== ==65== HEAP SUMMARY: ==65== in use at exit: 2,303 bytes in 46 blocks ==65== total heap usage: 112 allocs, 66 frees, 59,008 bytes allocated ==65== ==65== LEAK SUMMARY: ==65== definitely lost: 0 bytes in 0 blocks ==65== indirectly lost: 0 bytes in 0 blocks ==65== possibly lost: 0 bytes in 0 blocks ==65== still reachable: 2,303 bytes in 46 blocks ==65== suppressed: 0 bytes in 0 blocks ==65== Reachable blocks (those to which a pointer was found) are not shown. ==65== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==65== ==65== For counts of detected and suppressed errors, rerun with: -v ==65== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) Additional info: Valgrind output from f27 + installed some debug symbols ==27362== 40 bytes in 1 blocks are definitely lost in loss record 10 of 23 ==27362== at 0x4C2FB6B: malloc (vg_replace_malloc.c:299) ==27362== by 0x608B433: __scandir_tail (in /usr/lib64/libc-2.26.so) ==27362== by 0x4EC5E4B: parse_include_dir (prof_parse.c:301) ==27362== by 0x4EC59FD: parse_line (prof_parse.c:334) ==27362== by 0x4EC59FD: parse_file (prof_parse.c:384) ==27362== by 0x4EC6532: profile_parse_file (prof_parse.c:460) ==27362== by 0x4EC4BF6: profile_update_file_data_locked (prof_file.c:371) ==27362== by 0x4EC4CA8: profile_update_file_data (prof_file.c:390) ==27362== by 0x4EC5360: profile_open_file (prof_file.c:287) ==27362== by 0x4EC879E: profile_init_flags (prof_init.c:190) ==27362== by 0x4EBA78F: os_init_paths (init_os_ctx.c:387) ==27362== by 0x4EBA78F: k5_os_init_context (init_os_ctx.c:438) ==27362== by 0x4E91558: krb5_init_context_profile (init_ctx.c:195) ==27362== by 0x109CED: ??? (in /usr/bin/klist)
Thank you for filing a bug. However, since this is a fixed-size leak, I will not be holding back updates to Fedora.
(In reply to Robbie Harwood from comment #1) > Thank you for filing a bug. However, since this is a fixed-size leak, I > will not be holding back updates to Fedora. Could you a little bit elaborate here? Does it mean that there is not a plan to fix it in fedora soon? or that broken version will stay in updates-testing and will not be pushed to updates.
It means I have more important things to work on right now, and I see no reason not to push it to updates.
I understand the time constraints, but if there is a known fix, would you consider either building another update (which we could then install on your CI machines in the meantime before the 'real' update hits the repos) or just pointing us to the fix so that we can send you a 'fedpkg patch' ? Or is this a totally unknown issue that we should fix in the first place?
krb5-1.15.2-6.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-539b4a2339
krb5-1.15.2-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-090f152cad
Thank you very much for fixing the leak, Robbie.
(In reply to Jakub Hrozek from comment #7) > Thank you very much for fixing the leak, Robbie. +1 Thank you very much for unblocking sssd ci.
krb5-1.15.2-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-090f152cad
krb5-1.15.2-6.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-539b4a2339
krb5-1.15.2-7.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-391a1f3e61
krb5-1.15.2-7.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0
krb5-1.15.2-7.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0
krb5-1.15.2-7.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-391a1f3e61
krb5-1.15.2-7.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.15.2-7.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.