Hide Forgot
Description of problem: When the openldap library chases referrals, it leaks memory. This is a problem especially for long-running deamons such as the SSSD and even more so when running in an environment that makes heavy use of referrals, for example Microsoft Active Directory. In those environments, the memory leak reach to the point where SSSD has to be restarted once upon a time to reclaim lost memory. Version-Release number of selected component (if applicable): openldap-2.4.23-20.el6.x86_64 How reproducible: always Steps to Reproduce: 1. configure a server that uses referrals 2. look up an entry that triggers referral chasing Actual results: a memory leak Expected results: no memory leak Additional info: We are using the ldap_set_rebind_proc() function in SSSD. This is how valgrind reports the memory leak: ==5618== 58 (32 direct, 26 indirect) bytes in 1 blocks are definitely lost in loss record 94 of 391 ==5618== at 0x4A05BB4: calloc (vg_replace_malloc.c:467) ==5618== by 0x3A3F408113: ber_memcalloc_x (memory.c:283) ==5618== by 0x3A41C14393: ldap_control_create (controls.c:490) ==5618== by 0xC7045DA: sss_ldap_control_create (sss_ldap.c:68) ==5618== by 0xC7BF09F: sdap_rebind_proc (sdap_async_connection.c:1727) ==5618== by 0x3A41C225ED: ldap_new_connection (request.c:564) ==5618== by 0x3A41C233F1: ldap_send_server_request (request.c:249) ==5618== by 0x3A41C242D2: ldap_chase_v3referrals (request.c:1255) ==5618== by 0x3A41C11803: wait4msg (result.c:728) ==5618== by 0xC785705: sdap_process_result (sdap_async.c:179) ==5618== by 0xC785329: sdap_ldap_result (sdap_async.c:152) ==5618== by 0x3A32406A67: std_event_loop_once (tevent_standard.c:326) Also see the upstream sssd bug #1251 - https://fedorahosted.org/sssd/ticket/1251
I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me to test on some newer release, too?
(In reply to comment #1) > I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me > to test on some newer release, too? Not necessary. It seems that this part of the code was not changed.
Jakub originally sent me this backtrace, it looks like another leak: ==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are definitely lost in loss record 564 of 564 ==13700== at 0x40053B3: calloc (vg_replace_malloc.c:467) ==13700== by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6) ==13700== by 0x12249F: ldap_send_server_request (in /lib/libldap-2.4.so.2.5.6) ==13700== by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6) ==13700== by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6) ==13700== by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0) ==13700== by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8) ==13700== by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8) ==13700== by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8) ==13700== by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8) ==13700== by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be) ==13700== by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be) I'm not sure if this is caused by a bug in OpenLDAP or by not freeing some result in SSSD. I will investigate.
(In reply to comment #4) > Jakub originally sent me this backtrace, it looks like another leak: > > ==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are > definitely lost in loss record 564 of 564 > ==13700== at 0x40053B3: calloc (vg_replace_malloc.c:467) > ==13700== by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6) > ==13700== by 0x12249F: ldap_send_server_request (in > /lib/libldap-2.4.so.2.5.6) > ==13700== by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6) > ==13700== by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6) > ==13700== by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0) > ==13700== by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8) > ==13700== by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8) > ==13700== by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8) > ==13700== by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8) > ==13700== by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be) > ==13700== by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be) > Yes this original leak came from the customer who was using Active Directory. The leak I included in the opening comment was what I reproduces with 389DS.
*** Bug 808064 has been marked as a duplicate of this bug. ***
Upstream report: http://www.openldap.org/its/index.cgi?findid=6744 Upstream fix (applies cleanly): http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=518dd3a
You are right, I've got a patch for this leak. The test packages you gave me fix the memory leak while following referrals. Can we get it into 6.3?
Fixed in openldap-2.4.23-22.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - remote LDAP server responds with referral to a client query, referral chasing is enabled in the library - library leaks memory - upstream patch applied - the library no longer causes memory leak when chasing a referral
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0899.html