Bug 1579703 – crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]

Summary:	crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 00005...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	x86_64 Linux

Priority	urgent Severity urgent
Target Milestone:	rc
Target Release:	---
Assigned To:	SSSD Maintainers
QA Contact:	sssd-qe
Docs Contact:

URL:
Whiteboard:
Keywords:	Reopened, ZStream

Depends On:	1538555
Blocks:
	Show dependency tree / graph

Reported:	2018-05-18 03:24 EDT by Oneata Mircea Teodor
Modified:	2018-06-26 12:49 EDT (History)
CC List:	20 users (show)

See Also:
Fixed In Version:	sssd-1.16.0-19.el7_5.2
Doc Type:	Bug Fix
Doc Text:	The sssd_nss module calls a free function when the lifetime of a netgroup representation expires. Additionally, administrators can manually expire netgroups using the sssd_cache utility. However, after this manual expiration, SSSD called the function again when the lifetime expired. As a consequence, the function was called twice and resulted in a double-free memory error. With this update, the free function is no longer called when the administrator uses the sssd_cache utility. Instead it removes the netgroup from the list of known netgroups and later, when the netgroup reaches its lifetime, it is removed from memory. As a result, the double-free error no longer occurs.
Story Points:	---
Clone Of:	1538555
Environment:
Last Closed:	2018-06-26 12:49:19 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:1986	None	None	None	2018-06-26 12:49 EDT

Groups: None (edit)

Description Oneata Mircea Teodor 2018-05-18 03:24:48 EDT

This bug has been copied from bug #1538555 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 3 Amith 2018-06-07 03:55:41 EDT

Verified the bug on SSSD Version: sssd-1.16.0-19.el7_5.5.x86_64

Steps followed during verification:

1. Reproduce the bug by installing an older SSSD version : sssd-1.16.0-19.el7.x86_64 in the client system.

2. Add large number of netgroups to your 389-ds ldap server, lets say around 10000.

3. Configure sssd.conf as follows :
[sssd]
services = nss, pam
config_file_version = 2
reconnection_retries = 5
sbus_timeout = 30
domains = LDAP
debug_level = 1

[nss]
filter_users = root
filter_groups = root
debug_level = 9

[pam]
reconnection_retries = 5
offline_credentials_expiration = 0
offline_failed_login_attempts = 0
offline_failed_login_delay = 5
debug_level = 1

[sudo]
[autofs]
[ssh]

[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
cache_credentials = true
enumerate = false
ldap_schema = rfc2307
ldap_uri = ldaps://SERVER
ldap_search_base = dc=example,dc=com
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = allow
debug_level = 1

4. Execute continuous netgroup lookup on one terminal. Following is a test script which will execute lookup in the background:
function lookup1()
{
for i in {1..3000}; do
getent netgroup Testqe$i
sleep 1
done
}

function lookup2()
{
for i in {3001..6000}; do
getent netgroup Testqe$i
sleep 1
done
}
lookup1 &
lookup2 &
 
5. On another terminal, run "sss_cache -E" and monitor the pid of sssd_nss. With the old sssd build, SSSD_NSS should restart/crash. You can see the process restart by checking the status in a loop. Following is a test script which checks the same:
function chk_crash()
{
NSS_PR1=`pidof sssd_nss`
for i in {1..100}; do
echo "Test attempt number: $i"
sss_cache -E
sleep 3
NSS_PR2=`pidof sssd_nss`
if [ $NSS_PR1 -eq $NSS_PR2 ]; then 
   echo "Pid of nss is $NSS_PR1,Test works fine."
else
   echo "Initial nss pid was $NSS_PR1, now it is $NSS_PR2. SSSD_NSS restarted, test failed"; exit
fi
done
}
chk_crash

6. Install the latest build and repeat steps 4,5. We don't see any issues with nss process. I ran the loop for 100 iterations and found sssd_nss steady.

Comment 8 errata-xmlrpc 2018-06-26 12:49:19 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1986

Note You need to log in before you can comment on or make changes to this bug.

aheverle
amitkuma
apeddire
apeetham
atolani
fidencio
gparente
grajaiya
jhrozek
jnansi
lmanasko
lslebodn
mkosek
mzidek
nsoman
pbrezina
rbdiri
sbose
sgoveas
tscherf