Bug#723144: sasl2-bin: saslauthd infinite loop inside sendto_kdc.c at function service_fds

Rodrigo Cunha rodrigo.cunha at ist.utl.pt
Mon Sep 16 20:26:05 UTC 2013 

Package: sasl2-bin
Version: 2.1.25.dfsg1-6+deb7u1
Severity: important

Dear Maintainer,

Once in a while saslauthd goes into an infinite loop, using 100% cpu.

We haven't determined what causes this, but the loop occurs inside kerberos
library at sendto_kdc.c function service_fds, more specifically at the
while loop that starts as...

%% while (selstate->nfds > 0) {

... it appears (but I might be wrong) as if all calls to ...

%% if (state->fd == INVALID_SOCKET)

... return true and the code continues (continue) forever.

Doing a simple strace returns the following two lines, forever repeating:

%% poll([{fd=9, events=POLLIN}], 1, -399174223) = 1 ([{fd=9, revents=POLLIN}])
%% gettimeofday({1377825003, 91830}, NULL) = 0

File descriptor 9 has the following properties in lsof:

COMMAND    PID USER   FD   TYPE             DEVICE SIZE/OFF    NODE
saslauthd 2023 root    9u  IPv4            2225955      0t0     UDP

NAME
XX.XX.XX.XX:36034->YY.YY.YY.YY:88

(sorry, had to mask out the IPs)

YY.YY.YY.YY is a kerberos server.

It seems as if this file descriptor is somehow invalid or something.

No network traffic into (or from) kerberos server occurs while
the saslauthd is in this state.

The only solution until now seems to be restarting saslauthd, until it
happens again, a few days after.

Best regards,

Rodrigo Cunha

-- GDB stack trace of the running process:
#0  0x00007fe0455e6df8 in *__GI___poll (fds=fds at entry=0x7fe049277198, nfds=1, timeout=<optimized out>, timeout at entry=-195696288)
    at ../sysdeps/unix/sysv/linux/poll.c:83
#1  0x00007fe046f6dff4 in cm_select_or_poll (sret=<synthetic pointer>, out=0x7fe049277198, in=0x7fe049275180) at ../../../../src/lib/krb5/os/sendto_kdc.c:530
#2  service_fds (context=context at entry=0x7fe04926d110, selstate=selstate at entry=0x7fe049275180, interval=interval at entry=1, conns=conns at entry=0x7fe04926e630, 
    seltemp=seltemp at entry=0x7fe049277198, msg_handler=msg_handler at entry=0x7fe046f6d870 <check_for_svc_unavailable>, 
    msg_handler_data=msg_handler_data at entry=0x7fff37725de8, winner_out=winner_out at entry=0x7fff37725cb8) at ../../../../src/lib/krb5/os/sendto_kdc.c:1163
#3  0x00007fe046f6ee4c in k5_sendto (context=context at entry=0x7fe04926d110, message=message at entry=0x7fff37725e70, servers=servers at entry=0x7fff37725df0, 
    socktype1=socktype1 at entry=2, socktype2=1, callback_info=callback_info at entry=0x0, reply=reply at entry=0x7fff37725e80, remoteaddr=remoteaddr at entry=0x0, 
    remoteaddrlen=remoteaddrlen at entry=0x0, server_used=server_used at entry=0x7fff37725dec, 
    msg_handler=msg_handler at entry=0x7fe046f6d870 <check_for_svc_unavailable>, msg_handler_data=msg_handler_data at entry=0x7fff37725de8)
    at ../../../../src/lib/krb5/os/sendto_kdc.c:1290
#4  0x00007fe046f6f2cc in krb5_sendto_kdc (context=context at entry=0x7fe04926d110, message=message at entry=0x7fff37725e70, realm=realm at entry=0x7fff37725e90, 
    reply=reply at entry=0x7fff37725e80, use_master=use_master at entry=0x7fff37725fa8, tcp_only=tcp_only at entry=0) at ../../../../src/lib/krb5/os/sendto_kdc.c:339
#5  0x00007fe046f47eeb in init_creds_get (context=context at entry=0x7fe04926d110, ctx=0x7fe049270c70, use_master=use_master at entry=0x7fff37725fa8)
    at ../../../../src/lib/krb5/krb/get_in_tkt.c:578
#6  0x00007fe046f4801d in krb5int_get_init_creds (context=context at entry=0x7fe04926d110, creds=creds at entry=0x7fff377272d0, client=client at entry=0x7fe049270420, 
    prompter=prompter at entry=0, prompter_data=prompter_data at entry=0x0, start_time=start_time at entry=0, in_tkt_service=in_tkt_service at entry=0x0, 
    options=options at entry=0x7fff37727280, gak_fct=gak_fct at entry=0x7fe046f48f70 <krb5_get_as_key_password>, gak_data=gak_data at entry=0x7fff37725fd0, 
    use_master=use_master at entry=0x7fff37725fa8, as_reply=as_reply at entry=0x7fff37725fb8) at ../../../../src/lib/krb5/krb/get_in_tkt.c:1649
#7  0x00007fe046f49622 in krb5_get_init_creds_password (context=0x7fe04926d110, creds=creds at entry=0x7fff377272d0, client=0x7fe049270420, 
    password=password at entry=0x7fff3772a770 "Z,", prompter=prompter at entry=0, data=data at entry=0x0, start_time=start_time at entry=0, 
    in_tkt_service=in_tkt_service at entry=0x0, options=options at entry=0x7fff37727280) at ../../../../src/lib/krb5/krb/gic_pwd.c:291
#8  0x00007fe04762bfcb in auth_krb5 (user=0x7fff3772a660 "xpto91234", password=0x7fff3772a770 "Z,", service=<optimized out>, realm=<optimized out>)
    at ../../saslauthd/auth_krb5.c:418
#9  0x00007fe047635981 in do_auth (_login=_login at entry=0x7fff3772a660 "xpto91234", password=password at entry=0x7fff3772a770 "Z,", 
    service=service at entry=0x7fff3772a880 "ldap", realm=realm at entry=0x7fff3772a990 "") at ../../saslauthd/saslauthd-main.c:410
#10 0x00007fe047634a90 in do_request (conn_fd=conn_fd at entry=8) at ../../saslauthd/ipc_unix.c:426
#11 0x00007fe047635267 in ipc_loop () at ../../saslauthd/ipc_unix.c:277
#12 0x00007fe04762b96e in main (argc=<optimized out>, argv=<optimized out>) at ../../saslauthd/saslauthd-main.c:369

-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sasl2-bin depends on:
ii  db-util                5.1.6
ii  debconf [debconf-2.0]  1.5.49
ii  libc6                  2.13-38
ii  libcomerr2             1.42.5-1.1
ii  libdb5.1               5.1.29-5
ii  libgssapi-krb5-2       1.10.1+dfsg-5+deb7u1
ii  libk5crypto3           1.10.1+dfsg-5+deb7u1
ii  libkrb5-3              1.10.1+dfsg-5+deb7u1
ii  libldap-2.4-2          2.4.35-1+dsi70+2
ii  libpam0g               1.1.3-7.1
ii  libsasl2-2             2.1.25.dfsg1-6+deb7u1
ii  libssl1.0.0            1.0.1e-2
ii  lsb-base               4.1+Debian8+deb7u1

sasl2-bin recommends no packages.

sasl2-bin suggests no packages.

-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS='kerberos5'
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"
export KRB5_KTNAME=/etc/ldap/slapd.keytab


-- debconf information:
  cyrus-sasl2/backup-sasldb2: /var/backups/sasldb2.bak
  cyrus-sasl2/upgrade-sasldb2-failed:
  cyrus-sasl2/upgrade-sasldb2-backup-failed:
  cyrus-sasl2/purge-sasldb2: false

More information about the Pkg-cyrus-sasl2-debian-devel mailing list