1848585 – OpenSCAP consumes all memory

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1848585 - OpenSCAP consumes all memory

Summary: OpenSCAP consumes all memory

Keywords:
Status:	CLOSED DUPLICATE of bug 1824152
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	openscap
Sub Component:
Version:	8.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.0
Assignee:	Jan Černý
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-18 14:48 UTC by Victor M.
Modified:	2020-11-14 04:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-09-09 08:41:43 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Victor M. 2020-06-18 14:48:47 UTC

Description of problem:

a VM box running RHEL8.2 with 2Gb Memory and 4cores gets the "oscap eval" cli OOM killed while performing a scan of one of the profiles (xccdf_org.ssgproject.content_profile_e8)



Version-Release number of selected component (if applicable):

RHEL version: Red Hat Enterprise Linux release 8.2 (Ootpa)
oscap version: OpenSCAP command line tool (oscap) 1.3.2

yum packages:

openscap.x86_64                                    1.3.2-6.el8                                     @rhel-8-for-x86_64-appstream-rpms
openscap-scanner.x86_64                            1.3.2-6.el8                                     @rhel-8-for-x86_64-appstream-rpms
perl-Pod-Escapes.noarch                            1:1.07-395.el8                                  @rhel-8-for-x86_64-baseos-rpms   
scap-security-guide.noarch                         0.1.48-7.el8                                    @rhel-8-for-x86_64-appstream-rpms


How reproducible:

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_e8 --results scan_result.xml  /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml


Actual results:

The oscap process is OOM killed, it consumes all the memory and swap of the host and ends abruptly. exit return code is 1

Expected results:

The report being generated after performing the scan.


Additional info:

from /var/log/messages:

Jun  9 13:36:31 rhel80-1 kernel: Killed process 151687 (oscap) total-vm:7034872kB, anon-rss:1452732kB, file-rss:0kB, shmem-rss:0kB


We couldn't find anywhere the minimum requirements for running oscap on RHEL VMs , it would be very useful to know which are the minimum HW requirements to perform a scan of any of the supported profiles.

Comment 2 Matus Marhefka 2020-08-07 07:48:06 UTC

Hello Victor,

the minimal HW requirements should be described here: https://access.redhat.com/articles/rhel-limits

The issue which you encountered is caused by the openscap scanner bad memory management which causes oom kill on some systems, there are few bugs reported for this already:
https://bugzilla.redhat.com/show_bug.cgi?id=1816199
https://bugzilla.redhat.com/show_bug.cgi?id=1824152

The recently found https://bugzilla.redhat.com/show_bug.cgi?id=1861301 should greatly improve the situation and it will be released in RHEL-8.3.

Comment 3 Jan Černý 2020-09-09 08:41:43 UTC

I think that this is basically a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1824152 because it's also about memory problems and OOM killing for unspecific reasons during profile evaluation.

*** This bug has been marked as a duplicate of bug 1824152 ***

Note You need to log in before you can comment on or make changes to this bug.