Bug 1579703
| Summary: | crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.4 | CC: | aheverle, amitkuma, apeddire, apeetham, atolani, fidencio, gparente, grajaiya, jhrozek, jnansi, lmanasko, lslebodn, mkosek, mzidek, nsoman, pbrezina, rbdiri, sbose, sgoveas, tscherf |
| Target Milestone: | rc | Keywords: | Reopened, ZStream |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.16.0-19.el7_5.2 | Doc Type: | Bug Fix |
| Doc Text: |
The sssd_nss module calls a free function when the lifetime of a netgroup representation expires. Additionally, administrators can manually expire netgroups using the sssd_cache utility. However, after this manual expiration, SSSD called the function again when the lifetime expired. As a consequence, the function was called twice and resulted in a double-free memory error. With this update, the free function is no longer called when the administrator uses the sssd_cache utility. Instead it removes the netgroup from the list of known netgroups and later, when the netgroup reaches its lifetime, it is removed from memory. As a result, the double-free error no longer occurs.
|
Story Points: | --- |
| Clone Of: | 1538555 | Environment: | |
| Last Closed: | 2018-06-26 16:49:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1538555 | ||
| Bug Blocks: | |||
|
Description
Oneata Mircea Teodor
2018-05-18 07:24:48 UTC
Verified the bug on SSSD Version: sssd-1.16.0-19.el7_5.5.x86_64
Steps followed during verification:
1. Reproduce the bug by installing an older SSSD version : sssd-1.16.0-19.el7.x86_64 in the client system.
2. Add large number of netgroups to your 389-ds ldap server, lets say around 10000.
3. Configure sssd.conf as follows :
[sssd]
services = nss, pam
config_file_version = 2
reconnection_retries = 5
sbus_timeout = 30
domains = LDAP
debug_level = 1
[nss]
filter_users = root
filter_groups = root
debug_level = 9
[pam]
reconnection_retries = 5
offline_credentials_expiration = 0
offline_failed_login_attempts = 0
offline_failed_login_delay = 5
debug_level = 1
[sudo]
[autofs]
[ssh]
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
cache_credentials = true
enumerate = false
ldap_schema = rfc2307
ldap_uri = ldaps://SERVER
ldap_search_base = dc=example,dc=com
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = allow
debug_level = 1
4. Execute continuous netgroup lookup on one terminal. Following is a test script which will execute lookup in the background:
function lookup1()
{
for i in {1..3000}; do
getent netgroup Testqe$i
sleep 1
done
}
function lookup2()
{
for i in {3001..6000}; do
getent netgroup Testqe$i
sleep 1
done
}
lookup1 &
lookup2 &
5. On another terminal, run "sss_cache -E" and monitor the pid of sssd_nss. With the old sssd build, SSSD_NSS should restart/crash. You can see the process restart by checking the status in a loop. Following is a test script which checks the same:
function chk_crash()
{
NSS_PR1=`pidof sssd_nss`
for i in {1..100}; do
echo "Test attempt number: $i"
sss_cache -E
sleep 3
NSS_PR2=`pidof sssd_nss`
if [ $NSS_PR1 -eq $NSS_PR2 ]; then
echo "Pid of nss is $NSS_PR1,Test works fine."
else
echo "Initial nss pid was $NSS_PR1, now it is $NSS_PR2. SSSD_NSS restarted, test failed"; exit
fi
done
}
chk_crash
6. Install the latest build and repeat steps 4,5. We don't see any issues with nss process. I ran the loop for 100 iterations and found sssd_nss steady.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1986 |