Bug 11999 - Winbind leaks memory with each cached credentials login
Summary: Winbind leaks memory with each cached credentials login
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.4.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-29 11:56 UTC by Andreas Schneider
Modified: 2016-07-08 07:25 UTC (History)
3 users (show)

See Also:

Attachments
patch for master (also applies to Samba 3.6) (1.54 KB, patch)
2016-06-29 12:27 UTC, Andreas Schneider 		gd: review+
Details
patch for 4.3 (1.74 KB, patch)
2016-06-30 06:13 UTC, Andreas Schneider 		gd: review+
jra: review+
Details
patch for 4.4 (1.74 KB, patch)
2016-06-30 06:13 UTC, Andreas Schneider 		gd: review+
jra: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2016-06-29 11:56:14 UTC 
When Winbind is configured with

   winbind offline logon = true

we leak with memory with each login. On systems with heavy load this can add up quickly and the OOM will kill winbind then.

Patch will follow.
Comment 1 Andreas Schneider 2016-06-29 12:27:48 UTC 
Created attachment 12233 [details]
patch for master (also applies to Samba 3.6)
Comment 2 Andreas Schneider 2016-06-29 12:45:58 UTC 
==3045== 47,360 bytes in 160 blocks are indirectly lost in loss record 442 of 445
==3045==    at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
==3045==    by 0x1E1359: traverse_fn_get_credlist (winbindd_cache.c:3396)
==3045==    by 0x6E87814: tdb_traverse_internal (traverse.c:190)
==3045==    by 0x6E87A51: tdb_traverse (traverse.c:272)
==3045==    by 0x1E1CDD: wcache_remove_oldest_cached_creds (winbindd_cache.c:3438)
==3045==    by 0x21AC8A: winbindd_store_creds (winbindd_creds.c:103)
==3045==    by 0x1EA589: winbindd_dual_pam_auth (winbindd_pam.c:1831)
==3045==    by 0x20031A: child_handler (winbindd_dual.c:440)
==3045==    by 0x6C7CEA5: epoll_event_loop_once (tevent_epoll.c:728)
==3045==    by 0x6C7B2D5: std_event_loop_once (tevent_standard.c:114)
==3045==    by 0x6C76C3C: _tevent_loop_once (tevent.c:533)
==3045==    by 0x201473: fork_domain_child (winbindd_dual.c:1548)
==3045==    by 0x201BE4: wb_child_request_trigger (winbindd_dual.c:145)
==3045==    by 0x6C77867: tevent_common_loop_immediate (tevent_immediate.c:135)
==3045==    by 0x6C7CC95: epoll_event_loop_once (tevent_epoll.c:906)
==3045==    by 0x6C7B2D5: std_event_loop_once (tevent_standard.c:114)
==3045==    by 0x6C76C3C: _tevent_loop_once (tevent.c:533)
==3045==    by 0x1D89B3: main (winbindd.c:1490)
==3045== 
==3045== 53,280 (5,920 direct, 47,360 indirect) bytes in 20 blocks are definitely lost in loss record 443 of 445
==3045==    at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
==3045==    by 0x1E1359: traverse_fn_get_credlist (winbindd_cache.c:3396)
==3045==    by 0x6E87814: tdb_traverse_internal (traverse.c:190)
==3045==    by 0x6E87A51: tdb_traverse (traverse.c:272)
==3045==    by 0x1E1CDD: wcache_remove_oldest_cached_creds (winbindd_cache.c:3438)
==3045==    by 0x21AC8A: winbindd_store_creds (winbindd_creds.c:103)
==3045==    by 0x1EA589: winbindd_dual_pam_auth (winbindd_pam.c:1831)
==3045==    by 0x20031A: child_handler (winbindd_dual.c:440)
==3045==    by 0x6C7CEA5: epoll_event_loop_once (tevent_epoll.c:728)
==3045==    by 0x6C7B2D5: std_event_loop_once (tevent_standard.c:114)
==3045==    by 0x6C76C3C: _tevent_loop_once (tevent.c:533)
==3045==    by 0x201473: fork_domain_child (winbindd_dual.c:1548)
==3045==    by 0x201BE4: wb_child_request_trigger (winbindd_dual.c:145)
==3045==    by 0x6C77867: tevent_common_loop_immediate (tevent_immediate.c:135)
==3045==    by 0x6C7CC95: epoll_event_loop_once (tevent_epoll.c:906)
==3045==    by 0x6C7B2D5: std_event_loop_once (tevent_standard.c:114)
==3045==    by 0x6C76C3C: _tevent_loop_once (tevent.c:533)
==3045==    by 0x1D89B3: main (winbindd.c:1490)
Comment 3 Guenther Deschner 2016-06-29 12:46:09 UTC 
Comment on attachment 12233 [details]
patch for master (also applies to Samba 3.6)

LGTM, Thanks!
Comment 4 Andreas Schneider 2016-06-30 06:13:07 UTC 
Created attachment 12245 [details]
patch for 4.3
Comment 5 Andreas Schneider 2016-06-30 06:13:43 UTC 
Created attachment 12246 [details]
patch for 4.4
Comment 6 Andreas Schneider 2016-06-30 13:52:18 UTC 
Karloin, please add the patches to the relevant branches. Thanks!
Comment 7 Jeremy Allison 2016-06-30 16:20:24 UTC 
Comment on attachment 12246 [details]
patch for 4.4

Great catch. I feel bad for having missed that in the original code :-).
Comment 8 Karolin Seeger 2016-07-04 07:24:11 UTC 
(In reply to Andreas Schneider from comment #6)
Pushed to autobuild-v4-[4|3]-test.
Comment 9 Karolin Seeger 2016-07-08 07:25:20 UTC 
(In reply to Karolin Seeger from comment #8)
Pushed to both branches.
Closing out bug report.

Thanks!