Bug 1353951 - sssd_pam leaks file descriptors
Summary: sssd_pam leaks file descriptors
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Lukas Slebodnik
QA Contact: Steeve Goveas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-08 13:51 UTC by Steeve Goveas
Modified: 2020-05-02 18:26 UTC (History)
7 users (show)

Fixed In Version: sssd-1.14.0-18.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 07:19:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 4155 None None None 2020-05-02 18:26:07 UTC
Red Hat Product Errata RHEA-2016:2476 normal SHIPPED_LIVE sssd bug fix and enhancement update 2016-11-03 14:08:11 UTC

Description Steeve Goveas 2016-07-08 13:51:33 UTC
Description of problem:
Regression of bz726475. This same test works fine with rhel7.2.

Version-Release number of selected component (if applicable):
sssd-1.14.0-0.2.beta1.el7

How reproducible:
always

Actual results:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: performance_01: BZ726475 test for file descriptor leak
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running 'check_user_func'
spawn ./check_user -n 1000 kau1
Password: 
User "kau1" authenticated successfully 1000 times
:: [   PASS   ] :: Command 'check_user_func' (Expected 0, got 0)
:: [   PASS   ] :: no sssd fd leaks: consistent 21 fds 
:: [   FAIL   ] :: sssd_be fd leak: initial-22 final-23 
:: [   PASS   ] :: no sssd_pam fd leaks: consistent 21 fds 
:: [   FAIL   ] :: sssd_nss fd leak: initial-23 final-24 
'659e97fa-c85d-4900-8b12-3898d3a994e9'
performance-01-BZ726475-test-for-file-descriptor-leak result: FAIL
Expected results:


Additional info:

Comment 3 Jakub Hrozek 2016-07-09 09:38:37 UTC
Hi Steeve, I tried to reproduce the failure locally, but in my testing the client socket is closed after some idle time, as expected.

Could you please send me a link to the beaker test so I can reserve a machine and poke around?

Comment 7 Jakub Hrozek 2016-07-14 15:06:00 UTC
Lukas agreed to take a look.

Comment 8 Lukas Slebodnik 2016-07-28 11:04:18 UTC
Initial fd for sssd_nss
lrwx------. 1 root root 64 Jul 27 16:58 0 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 1 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 2 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 3 -> anon_inode:[eventpoll]
lr-x------. 1 root root 64 Jul 27 16:58 4 -> pipe:[40752]
l-wx------. 1 root root 64 Jul 27 16:58 5 -> pipe:[40752]
lrwx------. 1 root root 64 Jul 27 16:58 6 -> anon_inode:[eventpoll]
lr-x------. 1 root root 64 Jul 27 16:58 7 -> pipe:[39724]
l-wx------. 1 root root 64 Jul 27 16:58 8 -> pipe:[39724]
lrwx------. 1 root root 64 Jul 27 16:58 9 -> /var/lib/sss/db/config.ldb
l-wx------. 1 root root 64 Jul 27 16:58 10 -> /var/log/sssd/sssd_nss.log
lr-x------. 1 root root 64 Jul 27 16:58 11 -> anon_inode:inotify
lrwx------. 1 root root 64 Jul 27 16:58 12 -> socket:[40753]
lrwx------. 1 root root 64 Jul 27 16:58 13 -> socket:[40754]
lrwx------. 1 root root 64 Jul 27 16:58 14 -> socket:[40755]
lrwx------. 1 root root 64 Jul 27 16:58 15 -> anon_inode:[eventpoll]
lrwx------. 1 root root 64 Jul 27 16:58 16 -> /var/lib/sss/db/cache_LDAP.ldb
lrwx------. 1 root root 64 Jul 27 16:58 17 -> anon_inode:[eventpoll]
lrwx------. 1 root root 64 Jul 27 16:58 18 -> /var/lib/sss/db/timestamps_LDAP.ldb
lrwx------. 1 root root 64 Jul 27 16:58 19 -> socket:[40756]
lrwx------. 1 root root 64 Jul 27 16:58 20 -> /var/lib/sss/mc/passwd
lrwx------. 1 root root 64 Jul 27 16:58 21 -> /var/lib/sss/mc/group
lrwx------. 1 root root 64 Jul 27 16:58 22 -> /var/lib/sss/mc/initgroups

Final fd for sssd_nss
lrwx------. 1 root root 64 Jul 27 16:58 0 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 1 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 2 -> /dev/null
lrwx------. 1 root root 64 Jul 27 16:58 3 -> anon_inode:[eventpoll]
lr-x------. 1 root root 64 Jul 27 16:58 4 -> pipe:[40752]
l-wx------. 1 root root 64 Jul 27 16:58 5 -> pipe:[40752]
lrwx------. 1 root root 64 Jul 27 16:58 6 -> anon_inode:[eventpoll]
lr-x------. 1 root root 64 Jul 27 16:58 7 -> pipe:[39724]
l-wx------. 1 root root 64 Jul 27 16:58 8 -> pipe:[39724]
lrwx------. 1 root root 64 Jul 27 16:58 9 -> /var/lib/sss/db/config.ldb
l-wx------. 1 root root 64 Jul 27 16:58 10 -> /var/log/sssd/sssd_nss.log
lr-x------. 1 root root 64 Jul 27 16:58 11 -> anon_inode:inotify
lrwx------. 1 root root 64 Jul 27 16:58 12 -> socket:[40753]
lrwx------. 1 root root 64 Jul 27 16:58 13 -> socket:[40754]
lrwx------. 1 root root 64 Jul 27 16:58 14 -> socket:[40755]
lrwx------. 1 root root 64 Jul 27 16:58 15 -> anon_inode:[eventpoll]
lrwx------. 1 root root 64 Jul 27 16:58 16 -> /var/lib/sss/db/cache_LDAP.ldb
lrwx------. 1 root root 64 Jul 27 16:58 17 -> anon_inode:[eventpoll]
lrwx------. 1 root root 64 Jul 27 16:58 18 -> /var/lib/sss/db/timestamps_LDAP.ldb
lrwx------. 1 root root 64 Jul 27 16:58 19 -> socket:[40756]
lrwx------. 1 root root 64 Jul 27 16:58 20 -> /var/lib/sss/mc/passwd
lrwx------. 1 root root 64 Jul 27 16:58 21 -> /var/lib/sss/mc/group
lrwx------. 1 root root 64 Jul 27 16:58 22 -> /var/lib/sss/mc/initgroups
lr-x------. 1 root root 64 Jul 27 16:58 25 -> /var/lib/sss/mc/passwd

Comment 9 Lukas Slebodnik 2016-07-28 11:08:20 UTC
It looks like a "race-condition" when sssd tried to reload memory cache.

I will try to run other test and capture file descriptors after a while.
There should not be memory cache for passwd opened twice.

I expect that memory cache is opened due to negative cache for local users
https://fedorahosted.org/sssd/ticket/2928

Comment 10 Jakub Hrozek 2016-08-04 14:29:41 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3122

Comment 11 Jakub Hrozek 2016-08-09 09:35:07 UTC
* master: 950716d2087446205c84f00b371f468d6ead1ec2

Comment 12 Jakub Hrozek 2016-08-10 10:08:12 UTC
Hi Steeve, we fixed the bug upstream, can you qa_ack this bug report?

Comment 14 Steeve Goveas 2016-09-20 10:45:53 UTC
Verified in version
sssd-1.14.0-41.el7

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: performance_01: BZ726475 test for file descriptor leak
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running 'check_user_func'
spawn ./check_user -n 1000 kau1
Password: 
User "kau1" authenticated successfully 1000 times
:: [   PASS   ] :: Command 'check_user_func' (Expected 0, got 0)
:: [   PASS   ] :: no sssd fd leaks: consistent 21 fds 
:: [   PASS   ] :: no sssd_be fd leaks: consistent 22 fds 
:: [   PASS   ] :: no sssd_pam fd leaks: consistent 21 fds 
:: [   PASS   ] :: no sssd_nss fd leaks: consistent 23 fds 
'5a25d15e-a72e-48ea-ac91-e4f61f4821e7'
performance-01-BZ726475-test-for-file-descriptor-leak result: PASS

Comment 16 errata-xmlrpc 2016-11-04 07:19:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html


Note You need to log in before you can comment on or make changes to this bug.