Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-91832

sasl_authentication_session_gssapi_test memory leak detected on RHEL88 and Ubuntu22

    • Server Security
    • Fully Compatible
    • ALL
    • v8.0
    • Security 2024-07-08, Security 2024-07-22, Security 2024-08-05, Programmability 2024-07-08
    • 200

      I'm running into a memory leak in sasl_authentication_session_gssapi_test when upgrading from rhel80 to rhel88:

      [cpp_unit_test:sasl_authentication_session_gssapi_test] SUMMARY: AddressSanitizer: 34724 byte(s) leaked in 48 allocation(s).
      

      https://parsley.mongodb.com/test/mongodb_mongo_master_linux_debug_aubsan_compile_required_compile_and_run_unittests_first_quarter_patch_4a989e7e2a0a77238a908a922f8dabd754a94d08_6679a134b56998000761f951_24_06_24_16_40_00/0/e8e357d9caec0fd16c68af10b8a7555f?bookmarks=0,101,174,181,182,189&shareLine=0

      repro steps:

      buildscripts/scons.py --variables-files=etc/scons/mongodbtoolchain_stable_clang.vars --build-profile=san +sasl_authentication_session_gssapi_test
      ninja -f san.ninja +sasl_authentication_session_gssapi_test
      

      The memory leaked was all allocated inside of the sasl library's sasl_client_start call. I verified that sasl_dispose is getting called on the underlying connection handle as well. I originally thought a call to gss_acquire_cred might increase the ref counter on memory managed by the connection object, but it looks like every gss_acquire_cred has a matching gss_release_cred It's possible it's an issue in libsasl/krb but seems unlikely given that we're not really doing anything very unique in this code path as far as I can tell

      This is also occurring on my ubuntu22 workstation, so it's possibly an issue that happens everywhere except the specific platform we're running asan on (rhel80). This is the last issue blocking us from upgrading to rhel88 for mongo 8.0

      This appears to not occur on RHEL80 which is the only variant we're currently running the address sanitizer on.

      Full stack trace of the leak (on an ubuntu22 workstation):

      https://gist.github.com/zackwintermdb/a7a9fea8ae7f4cdb4f2827dc40ce9986

      Slack thread: https://mongodb.slack.com/archives/CB3CW8M8C/p1719279196709339

            Assignee:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Reporter:
            zack.winter@mongodb.com Zack Winter
            Votes:
            0 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: