[Pkg-freeradius-maintainers] Bug#1089629: Freeradius memory leak after upgrade to Debian 12

ATIC Sistemas Rede atic.sistemas.rede at usc.gal
Tue Dec 10 07:51:43 GMT 2024 

Package: freeradius
Version: 3.2.1+dfsg-4+deb12u1
Severity: important
Depends: freeradius-common, freeradius-config, libfreeradius3 (= 3.2.1+dfsg-4+deb12u1), lsb-base, libc6 (>= 2.34), libcrypt1 (>= 1:4.1.0), libct4 (>= 
0.64), libgdbm6 (>= 1.16), libjson-c5 (>= 0.15), libpam0g (>= 0.99.7.1), libperl5.36 (>= 5.36.0), libreadline8 (>= 6.0), libsqlite3-0 (>= 3.7.15), 
libssl3 (>= 3.0.0), libsystemd0, libtalloc2 (>= 2.0.4~git20101213), libwbclient0 (>= 2:4.2.1+dfsg)
APT-Manual-Installed: yes
APT-Sources: http://ftp.es.debian.org/debian bookworm/main amd64 Packages


Dear Mantainer,

Our RADIUS service primarily provides authentication for a Wi-Fi network that uses the EAP-TTLS-PAP method.
Used modules include, among others, eap, ldap, linelog, pap, and sql_log.
Over 13K different users are authenticated daily.
In Debian 11, freeradius service had stable memory consumption.
After performing a dist-upgrade to Debian 12, freeradius consumes memory without limit.
Freeradius process increases memory usage daily.
When RAM is scarce, freeradius starts using swap until it approaches 100% of virtual memory.
We have increased RAM and swap several times recently.
Now, the time frame for memory exhaustion has extended from days to weeks.
We cannot debug on production server.
We have a preproduction freeradius enviroment with same configuration.
We have started freeradius and launched a EAP-TTLS-PAP request using eapol_test utility.
We have obtained a report with Valgrind following instructions in /usr/share/doc/freeradius/bugs.gz (*).
We attach the report "valgrind.txt".

(*)
# uname -a
Linux vm075151 6.1.0-28-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64 GNU/Linux
# valgrind --tool=memcheck --leak-check=full --log-file=/tmp/valgrind.txt freeradius -Xm

Thank you.

Regards,

-- 
Subdirección de Infraestruturas - Sistemas de rede
Área de Tecnoloxías da Información e Comunicacións

Universidade de Santiago de Compostela
15782 Santiago de Compostela
http://www.usc.es/atic/sistemas
-------------- next part --------------
==1612452== Memcheck, a memory error detector
==1612452== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==1612452== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==1612452== Command: freeradius -Xm
==1612452== Parent PID: 1608875
==1612452== 
==1612453== 
==1612453== HEAP SUMMARY:
==1612453==     in use at exit: 313 bytes in 3 blocks
==1612453==   total heap usage: 5 allocs, 2 frees, 454 bytes allocated
==1612453== 
==1612453== 96 bytes in 1 blocks are possibly lost in loss record 1 of 3
==1612453==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612453==    by 0x4E04D53: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x4E068BD: talloc_init (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x11D65B: main (in /usr/sbin/freeradius)
==1612453== 
==1612453== 101 bytes in 1 blocks are possibly lost in loss record 2 of 3
==1612453==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612453==    by 0x4E04E3D: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x4E05053: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x4E06906: talloc_init (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x11D65B: main (in /usr/sbin/freeradius)
==1612453== 
==1612453== 116 bytes in 1 blocks are possibly lost in loss record 3 of 3
==1612453==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612453==    by 0x4E04E3D: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x4E05466: talloc_strdup (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612453==    by 0x12E76E: set_radius_dir (in /usr/sbin/freeradius)
==1612453==    by 0x11D67D: main (in /usr/sbin/freeradius)
==1612453== 
==1612453== LEAK SUMMARY:
==1612453==    definitely lost: 0 bytes in 0 blocks
==1612453==    indirectly lost: 0 bytes in 0 blocks
==1612453==      possibly lost: 313 bytes in 3 blocks
==1612453==    still reachable: 0 bytes in 0 blocks
==1612453==         suppressed: 0 bytes in 0 blocks
==1612453== 
==1612453== For lists of detected and suppressed errors, rerun with: -s
==1612453== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
==1612452== Conditional jump or move depends on uninitialised value(s)
==1612452==    at 0x70200AF: ???
==1612452==    by 0x6FCEC3F: ???
==1612452== 
==1612452== Conditional jump or move depends on uninitialised value(s)
==1612452==    at 0x702EE95: ???
==1612452==    by 0x6FCEC3F: ???
==1612452== 
==1612452== Conditional jump or move depends on uninitialised value(s)
==1612452==    at 0x702EB9A: ???
==1612452==    by 0x6FCEC3F: ???
==1612452== 
==1612452== 
==1612452== HEAP SUMMARY:
==1612452==     in use at exit: 127,853 bytes in 802 blocks
==1612452==   total heap usage: 91,654 allocs, 90,852 frees, 12,972,512 bytes allocated
==1612452== 
==1612452== 16 bytes in 1 blocks are definitely lost in loss record 5 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x6370771: ???
==1612452==    by 0x63427AE: ???
==1612452==    by 0x6342E47: ???
==1612452==    by 0x62A7402: ???
==1612452==    by 0x62A3987: ???
==1612452==    by 0x62A3D4F: ???
==1612452==    by 0x627BF90: ???
==1612452==    by 0x628FD74: ???
==1612452==    by 0x627B4D9: ???
==1612452==    by 0x6291287: ???
==1612452==    by 0x6285433: ???
==1612452== 
==1612452== 32 bytes in 1 blocks are definitely lost in loss record 26 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62E17B6: ???
==1612452==    by 0x62E18D4: ???
==1612452==    by 0x62EA96F: ???
==1612452==    by 0x62DF760: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452== 
==1612452== 40 bytes in 1 blocks are definitely lost in loss record 29 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x62CFF44: ???
==1612452==    by 0x6281A41: ???
==1612452==    by 0x62E2270: ???
==1612452==    by 0x62DF70D: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452== 
==1612452== 104 bytes in 1 blocks are definitely lost in loss record 36 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62E3EDE: ???
==1612452==    by 0x62DF78D: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452==    by 0x11DB94: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 128 (16 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 38 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62EA861: ???
==1612452==    by 0x62EAB49: ???
==1612452==    by 0x62DF760: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452==    by 0x11DB94: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 160 (32 direct, 128 indirect) bytes in 1 blocks are definitely lost in loss record 41 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x637D459: ???
==1612452==    by 0x644A83D: ???
==1612452==    by 0x6360A3C: ???
==1612452==    by 0x632FC5E: ???
==1612452==    by 0x40049CD: call_init (dl-init.c:74)
==1612452==    by 0x40049CD: call_init (dl-init.c:26)
==1612452==    by 0x4004AB3: _dl_init (dl-init.c:121)
==1612452==    by 0x50671F3: _dl_catch_exception (dl-error-skeleton.c:182)
==1612452==    by 0x400B21D: dl_open_worker (dl-open.c:808)
==1612452==    by 0x5067199: _dl_catch_exception (dl-error-skeleton.c:208)
==1612452==    by 0x400B5B7: _dl_open (dl-open.c:884)
==1612452==    by 0x4F9D4B7: dlopen_doit (dlopen.c:56)
==1612452== 
==1612452== 160 (32 direct, 128 indirect) bytes in 1 blocks are definitely lost in loss record 42 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x637D459: ???
==1612452==    by 0x644A898: ???
==1612452==    by 0x6360A3C: ???
==1612452==    by 0x632FC5E: ???
==1612452==    by 0x40049CD: call_init (dl-init.c:74)
==1612452==    by 0x40049CD: call_init (dl-init.c:26)
==1612452==    by 0x4004AB3: _dl_init (dl-init.c:121)
==1612452==    by 0x50671F3: _dl_catch_exception (dl-error-skeleton.c:182)
==1612452==    by 0x400B21D: dl_open_worker (dl-open.c:808)
==1612452==    by 0x5067199: _dl_catch_exception (dl-error-skeleton.c:208)
==1612452==    by 0x400B5B7: _dl_open (dl-open.c:884)
==1612452==    by 0x4F9D4B7: dlopen_doit (dlopen.c:56)
==1612452== 
==1612452== 384 (32 direct, 352 indirect) bytes in 1 blocks are definitely lost in loss record 46 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x637D459: ???
==1612452==    by 0x644A768: ???
==1612452==    by 0x6360A3C: ???
==1612452==    by 0x632FC5E: ???
==1612452==    by 0x40049CD: call_init (dl-init.c:74)
==1612452==    by 0x40049CD: call_init (dl-init.c:26)
==1612452==    by 0x4004AB3: _dl_init (dl-init.c:121)
==1612452==    by 0x50671F3: _dl_catch_exception (dl-error-skeleton.c:182)
==1612452==    by 0x400B21D: dl_open_worker (dl-open.c:808)
==1612452==    by 0x5067199: _dl_catch_exception (dl-error-skeleton.c:208)
==1612452==    by 0x400B5B7: _dl_open (dl-open.c:884)
==1612452==    by 0x4F9D4B7: dlopen_doit (dlopen.c:56)
==1612452== 
==1612452== 404 (392 direct, 12 indirect) bytes in 1 blocks are definitely lost in loss record 48 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62E1FA6: ???
==1612452==    by 0x62E222E: ???
==1612452==    by 0x62DF70D: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452==    by 0x11DB94: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 904 (32 direct, 872 indirect) bytes in 1 blocks are definitely lost in loss record 52 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62DF6A8: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452==    by 0x11DB94: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 1,152 bytes in 1 blocks are definitely lost in loss record 54 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x4E04D53: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612452==    by 0x4E055ED: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.4.0)
==1612452==    by 0x11FD69: client_list_init (in /usr/sbin/freeradius)
==1612452==    by 0x12047E: client_add (in /usr/sbin/freeradius)
==1612452==    by 0x12218C: client_list_parse_section (in /usr/sbin/freeradius)
==1612452==    by 0x12EF38: main_config_init (in /usr/sbin/freeradius)
==1612452==    by 0x11D9E7: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 4,112 bytes in 1 blocks are definitely lost in loss record 59 of 65
==1612452==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==1612452==    by 0x62DD8CA: ???
==1612452==    by 0x62E224A: ???
==1612452==    by 0x62DF70D: ???
==1612452==    by 0x6281ADB: ???
==1612452==    by 0x6297617: ???
==1612452==    by 0x627B8E9: ???
==1612452==    by 0x627BB8C: ???
==1612452==    by 0x624EF26: ???
==1612452==    by 0x131673: module_instantiate (in /usr/sbin/freeradius)
==1612452==    by 0x132B57: modules_init (in /usr/sbin/freeradius)
==1612452==    by 0x11DB94: main (in /usr/sbin/freeradius)
==1612452== 
==1612452== 19,199 (152 direct, 19,047 indirect) bytes in 1 blocks are definitely lost in loss record 63 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x6837848: ???
==1612452==    by 0x6839063: ???
==1612452==    by 0x6360944: ???
==1612452==    by 0x632FC5E: ???
==1612452==    by 0x40049CD: call_init (dl-init.c:74)
==1612452==    by 0x40049CD: call_init (dl-init.c:26)
==1612452==    by 0x4004AB3: _dl_init (dl-init.c:121)
==1612452==    by 0x50671F3: _dl_catch_exception (dl-error-skeleton.c:182)
==1612452==    by 0x400B21D: dl_open_worker (dl-open.c:808)
==1612452==    by 0x5067199: _dl_catch_exception (dl-error-skeleton.c:208)
==1612452==    by 0x400B5B7: _dl_open (dl-open.c:884)
==1612452==    by 0x4F9D4B7: dlopen_doit (dlopen.c:56)
==1612452== 
==1612452== 73,155 (152 direct, 73,003 indirect) bytes in 1 blocks are definitely lost in loss record 65 of 65
==1612452==    at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==1612452==    by 0x6837848: ???
==1612452==    by 0x6839063: ???
==1612452==    by 0x636080C: ???
==1612452==    by 0x632FC5E: ???
==1612452==    by 0x40049CD: call_init (dl-init.c:74)
==1612452==    by 0x40049CD: call_init (dl-init.c:26)
==1612452==    by 0x4004AB3: _dl_init (dl-init.c:121)
==1612452==    by 0x50671F3: _dl_catch_exception (dl-error-skeleton.c:182)
==1612452==    by 0x400B21D: dl_open_worker (dl-open.c:808)
==1612452==    by 0x5067199: _dl_catch_exception (dl-error-skeleton.c:208)
==1612452==    by 0x400B5B7: _dl_open (dl-open.c:884)
==1612452==    by 0x4F9D4B7: dlopen_doit (dlopen.c:56)
==1612452== 
==1612452== LEAK SUMMARY:
==1612452==    definitely lost: 6,296 bytes in 14 blocks
==1612452==    indirectly lost: 93,654 bytes in 722 blocks
==1612452==      possibly lost: 0 bytes in 0 blocks
==1612452==    still reachable: 27,903 bytes in 66 blocks
==1612452==         suppressed: 0 bytes in 0 blocks
==1612452== Reachable blocks (those to which a pointer was found) are not shown.
==1612452== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1612452== 
==1612452== Use --track-origins=yes to see where uninitialised values come from
==1612452== For lists of detected and suppressed errors, rerun with: -s
==1612452== ERROR SUMMARY: 17 errors from 17 contexts (suppressed: 0 from 0)
==1612452== could not unlink /tmp/vgdb-pipe-from-vgdb-to-1612452-by-root-on-???
==1612452== could not unlink /tmp/vgdb-pipe-to-vgdb-from-1612452-by-root-on-???
==1612452== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-1612452-by-root-on-???

More information about the Pkg-freeradius-maintainers mailing list