1796559 – Memory leak when libauth-samba4.so is dlopen-ed twice

Bug 1796559 - Memory leak when libauth-samba4.so is dlopen-ed twice

Summary: Memory leak when libauth-samba4.so is dlopen-ed twice

Keywords:
Status:	CLOSED DUPLICATE of bug 1796433
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	samba
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Guenther Deschner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-30 17:15 UTC by Lukas Slebodnik
Modified:	2020-02-06 21:59 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2020-02-06 21:57:24 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Lukas Slebodnik 2020-01-30 17:15:48 UTC

Description of problem:
Samba has lot of libraries and therefore it is good idea to check
check resolving of all symbols using dlopen for tested project.
It is also necessary to call dlclose after test otherwise it would influence next test.

And with the recent upgrade of samba there is a memory leak.


Version-Release number of selected component (if applicable):
sh$ rpm -qf /usr/lib64/samba/libsmbd-base-samba4.so /usr/lib64/samba/libauth-samba4.so
samba-client-libs-4.12.0-0.0.rc1.fc32.x86_64
samba-client-libs-4.12.0-0.0.rc1.fc32.x86_64

How reproducible:
Deterministic

Steps to Reproduce:
1. dnf install -y valgrind gcc samba-client-libs
2.  cat > dlopen-check.c <<EOF
#include <dlfcn.h>
#include <stdlib.h>
#include <stdio.h>

int main(int argc, char **argv) {
    if (argc != 3) {
        printf("$name DLOPEN-COUNT PATH-TO-LIBRARY\n");
        return 2;
    }
    //const char* name = "/usr/lib64/samba/libsmbd-base-samba4.so";

    for (int i=0; i < atoi(argv[1]); ++i) {
        void * handle = dlopen(argv[2],  RTLD_GLOBAL|RTLD_NOW);
        if (!handle) {
            printf("dlopen() failed: %s\n", dlerror());
        } else {
            int ret = dlclose(handle);
            if (ret) return ret;
        }
    }

    return 0;
}
EOF
3. gcc dlopen-check.c -g3 -o dlopen-check -ldl
4. valgrind --leak-check=full ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so && echo OK

Actual results:
sh$ valgrind --leak-check=full ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so && echo OK
==4617== Memcheck, a memory error detector
==4617== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==4617== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==4617== Command: ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so
==4617== 
==4617== 
==4617== HEAP SUMMARY:
==4617==     in use at exit: 95,977 bytes in 39 blocks
==4617==   total heap usage: 3,892 allocs, 3,853 frees, 731,396 bytes allocated
==4617== 
==4617== 24 bytes in 1 blocks are possibly lost in loss record 1 of 10
==4617==    at 0x483A809: malloc (vg_replace_malloc.c:309)
==4617==    by 0x4013D84: tls_get_addr_tail (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x4019EEB: __tls_get_addr (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x5BFFAB5: ???
==4617==    by 0x5BEECFA: ???
==4617==    by 0x5BDFB74: ???
==4617==    by 0x5BB3A14: ???
==4617==    by 0x4011781: call_init.part.0 (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x4011890: _dl_init (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x49A7034: _dl_catch_exception (in /usr/lib64/libc-2.30.9000.so)
==4617==    by 0x4015C33: dl_open_worker (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x49A6FD7: _dl_catch_exception (in /usr/lib64/libc-2.30.9000.so)
==4617== 
==4617== 512 bytes in 1 blocks are possibly lost in loss record 5 of 10
==4617==    at 0x483A809: malloc (vg_replace_malloc.c:309)
==4617==    by 0x4013C7C: _dl_resize_dtv (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x40146BD: _dl_update_slotinfo (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x401481B: update_get_addr (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x4019EEB: __tls_get_addr (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x5BFFAB5: ???
==4617==    by 0x5BEECFA: ???
==4617==    by 0x5BDFB74: ???
==4617==    by 0x5BB3A14: ???
==4617==    by 0x4011781: call_init.part.0 (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x4011890: _dl_init (in /usr/lib64/ld-2.30.9000.so)
==4617==    by 0x49A7034: _dl_catch_exception (in /usr/lib64/libc-2.30.9000.so)
==4617== 
==4617== LEAK SUMMARY:
==4617==    definitely lost: 0 bytes in 0 blocks
==4617==    indirectly lost: 0 bytes in 0 blocks
==4617==      possibly lost: 536 bytes in 2 blocks
==4617==    still reachable: 95,441 bytes in 37 blocks
==4617==         suppressed: 0 bytes in 0 blocks
==4617== Reachable blocks (those to which a pointer was found) are not shown.
==4617== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==4617== 
==4617== For lists of detected and suppressed errors, rerun with: -s
==4617== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
OK

Expected results:
sh$ valgrind --leak-check=full ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so && echo OK
==78== Memcheck, a memory error detector
==78== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==78== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==78== Command: ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so
==78== 
==78== 
==78== HEAP SUMMARY:
==78==     in use at exit: 9,730 bytes in 24 blocks
==78==   total heap usage: 3,756 allocs, 3,732 frees, 655,211 bytes allocated
==78== 
==78== LEAK SUMMARY:
==78==    definitely lost: 0 bytes in 0 blocks
==78==    indirectly lost: 0 bytes in 0 blocks
==78==      possibly lost: 0 bytes in 0 blocks
==78==    still reachable: 9,730 bytes in 24 blocks
==78==         suppressed: 0 bytes in 0 blocks
==78== Reachable blocks (those to which a pointer was found) are not shown.
==78== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==78== 
==78== For lists of detected and suppressed errors, rerun with: -s
==78== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
OK

Additional info:
I cannot see leak in case of dlopen is called just once

sh$ valgrind --leak-check=full ./dlopen-check 1 /usr/lib64/samba/libauth-samba4.so && echo OK
==4628== Memcheck, a memory error detector
==4628== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==4628== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==4628== Command: ./dlopen-check 1 /usr/lib64/samba/libauth-samba4.so
==4628== 
==4628== 
==4628== HEAP SUMMARY:
==4628==     in use at exit: 95,593 bytes in 44 blocks
==4628==   total heap usage: 1,972 allocs, 1,928 frees, 415,451 bytes allocated
==4628== 
==4628== LEAK SUMMARY:
==4628==    definitely lost: 0 bytes in 0 blocks
==4628==    indirectly lost: 0 bytes in 0 blocks
==4628==      possibly lost: 0 bytes in 0 blocks
==4628==    still reachable: 95,593 bytes in 44 blocks
==4628==         suppressed: 0 bytes in 0 blocks
==4628== Reachable blocks (those to which a pointer was found) are not shown.
==4628== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==4628== 
==4628== For lists of detected and suppressed errors, rerun with: -s
==4628== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
OK

Or in case of older samba
sh$ rpm -qf /usr/lib64/samba/libauth-samba4.so
samba-client-libs-4.11.4-0.fc31.x86_64
sh$ valgrind --leak-check=full ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so && echo OK
==80== Memcheck, a memory error detector
==80== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==80== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==80== Command: ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so
==80== 
==80== 
==80== HEAP SUMMARY:
==80==     in use at exit: 9,730 bytes in 24 blocks
==80==   total heap usage: 3,756 allocs, 3,732 frees, 655,211 bytes allocated
==80== 
==80== LEAK SUMMARY:
==80==    definitely lost: 0 bytes in 0 blocks
==80==    indirectly lost: 0 bytes in 0 blocks
==80==      possibly lost: 0 bytes in 0 blocks
==80==    still reachable: 9,730 bytes in 24 blocks
==80==         suppressed: 0 bytes in 0 blocks
==80== Reachable blocks (those to which a pointer was found) are not shown.
==80== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==80== 
==80== For lists of detected and suppressed errors, rerun with: -s
==80== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
OK

Comment 1 Mark Wielaard 2020-02-06 21:43:53 UTC

This doesn't happen on f31 with valgrind-3.15.0-11, glibc-2.30-10.fc31 and samba-client-libs-2:4.11.6-0.

Comment 2 Carlos O'Donell 2020-02-06 21:55:05 UTC

(In reply to Mark Wielaard from comment #1)
> This doesn't happen on f31 with valgrind-3.15.0-11, glibc-2.30-10.fc31 and
> samba-client-libs-2:4.11.6-0.

See my analysis here: https://bugzilla.redhat.com/show_bug.cgi?id=1796433#c14

I think valgrind needs to update supression lists.

Comment 3 Carlos O'Donell 2020-02-06 21:57:24 UTC

(In reply to Carlos O'Donell from comment #2)
> (In reply to Mark Wielaard from comment #1)
> > This doesn't happen on f31 with valgrind-3.15.0-11, glibc-2.30-10.fc31 and
> > samba-client-libs-2:4.11.6-0.
> 
> See my analysis here: https://bugzilla.redhat.com/show_bug.cgi?id=1796433#c14
> 
> I think valgrind needs to update supression lists.

I just moved bug 1796433 to valgrind. Closing this as a duplicate.

*** This bug has been marked as a duplicate of bug 1796433 ***

Comment 4 Mark Wielaard 2020-02-06 21:59:25 UTC

Replicated on rawhide with glibc-2.30.9000-33.fc32 valgrind-3.15.0-15 samba-client-libs-4.12.0-0.1.rc1

With glibc debuginfo installed we get:

$ valgrind --leak-check=full ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so
==1546407== Memcheck, a memory error detector
==1546407== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1546407== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1546407== Command: ./dlopen-check 2 /usr/lib64/samba/libauth-samba4.so
==1546407== 
==1546407== 
==1546407== HEAP SUMMARY:
==1546407==     in use at exit: 95,977 bytes in 39 blocks
==1546407==   total heap usage: 3,892 allocs, 3,853 frees, 731,476 bytes allocated
==1546407== 
==1546407== 24 bytes in 1 blocks are possibly lost in loss record 1 of 10
==1546407==    at 0x483A809: malloc (vg_replace_malloc.c:309)
==1546407==    by 0x4013D84: allocate_dtv_entry (dl-tls.c:582)
==1546407==    by 0x4013D84: allocate_and_init (dl-tls.c:607)
==1546407==    by 0x4013D84: tls_get_addr_tail (dl-tls.c:787)
==1546407==    by 0x4019EEB: __tls_get_addr (tls_get_addr.S:55)
==1546407==    by 0x5BEFAB5: ???
==1546407==    by 0x5BDECFA: ???
==1546407==    by 0x5BCFB74: ???
==1546407==    by 0x5BA3A14: ???
==1546407==    by 0x4011781: call_init.part.0 (dl-init.c:72)
==1546407==    by 0x4011890: call_init (dl-init.c:30)
==1546407==    by 0x4011890: _dl_init (dl-init.c:119)
==1546407==    by 0x4995FF4: _dl_catch_exception (dl-error-skeleton.c:182)
==1546407==    by 0x4015C33: dl_open_worker (dl-open.c:758)
==1546407==    by 0x4995F97: _dl_catch_exception (dl-error-skeleton.c:208)
==1546407== 
==1546407== 512 bytes in 1 blocks are possibly lost in loss record 5 of 10
==1546407==    at 0x483A809: malloc (vg_replace_malloc.c:309)
==1546407==    by 0x4013C7C: _dl_resize_dtv (dl-tls.c:411)
==1546407==    by 0x40146BD: _dl_update_slotinfo (dl-tls.c:701)
==1546407==    by 0x401481B: update_get_addr (dl-tls.c:799)
==1546407==    by 0x4019EEB: __tls_get_addr (tls_get_addr.S:55)
==1546407==    by 0x5BEFAB5: ???
==1546407==    by 0x5BDECFA: ???
==1546407==    by 0x5BCFB74: ???
==1546407==    by 0x5BA3A14: ???
==1546407==    by 0x4011781: call_init.part.0 (dl-init.c:72)
==1546407==    by 0x4011890: call_init (dl-init.c:30)
==1546407==    by 0x4011890: _dl_init (dl-init.c:119)
==1546407==    by 0x4995FF4: _dl_catch_exception (dl-error-skeleton.c:182)
==1546407== 
==1546407== LEAK SUMMARY:
==1546407==    definitely lost: 0 bytes in 0 blocks
==1546407==    indirectly lost: 0 bytes in 0 blocks
==1546407==      possibly lost: 536 bytes in 2 blocks
==1546407==    still reachable: 95,441 bytes in 37 blocks
==1546407==         suppressed: 0 bytes in 0 blocks
==1546407== Reachable blocks (those to which a pointer was found) are not shown.
==1546407== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1546407== 
==1546407== For lists of detected and suppressed errors, rerun with: -s
==1546407== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

Note You need to log in before you can comment on or make changes to this bug.