Problem
The UCS Policies are not updated properly anymore and a manual attempt will result in the following error:
/usr/lib/univention-directory-policy/univention-policy-update-config-registry -v
WARN: failed to execute univention_policy_result: Error getting univention-policy-result for 'cn=ucs-1234,cn=dc,cn=computers,dc=univention,dc=intranet':
==2665==ERROR: AddressSanitizer failed to allocate 0xdfff0001000 (15392894357504) bytes at address 2008fff7000 (errno: 12)==2665==ReserveShadowMemoryRange failed while trying to map 0xdfff0001000 bytes. Perhaps you're using ulimit -v
Environment (optional)
Customer has vm.overcommit_memory disabled:
root@ucs-1234:~# cat /proc/sys/vm/overcommit_memory
2
Solution
Enable overcommit memory:
root@ucs-1234:~# echo 0 | tee /proc/sys/vm/overcommit_memory
0
Do not forget, to update the /etc/sysctl.conf to make this persistent after reboots, either by removing the manuelly added line (vm.overcommit_memory=2) or enforcing the default manually (vm.overcommit_memory=0)
Root Cause
The AddressSanitizer uses the mmap syscall to creates a new mapping in the heap, which is by default ( vm.overcommit_memory=0) only reserved if the memory area is actually used. If customers disable the overcommit_memory, the process will try to reserve over 15 TB of memory, which will likely fail on current hardware.