Bug 838981

Summary: Automounter segfaults when cd'ing into /net/* directories when too many exports exist
Product: Red Hat Enterprise Linux 6 Reporter: Kyle Squizzato <ksquizza>
Component: autofsAssignee: Ian Kent <ikent>
Status: CLOSED DUPLICATE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 6.4CC: bhubbard, cww, ikent, rwheeler, toracat
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-04 01:56:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 846704    

Description Kyle Squizzato 2012-07-10 14:46:35 UTC 
Description of problem:
Automounter will segfault when cding into the /net/nfsserver/ directory when the directory contains a large amount of exports (150+).

Version-Release number of selected component (if applicable):
autofs-5.0.5-64.el6


How reproducible:
Always


Steps to Reproduce:
1. Create a large amount of NFS exports by running a simple for loop on an NFS server:

for i in {1..250}; 
         do 
           mkdir /share$i; 
           echo "/share$i *(rw,sync)" >> /etc/exports;
           cd share$i; touch test; 
           service nfs reload;
         done

2. Change directories into the /net/nfsserver/ directory, the cd command will hang.

3. Autofs will segfault and die:

 # service autofs status
 automount dead but pid file exists

 
  
Actual results:
Changing directories into /net/nfsserver hangs and segfaults autofs.


Expected results:
Should not segfault autofs and should cd successfully.


Additional info:
Rolling back to autofs-5.0.5-39.el6 resolves the issue.  

Here's a backtrace of the issue:


Program terminated with signal 11, Segmentation fault.
#0  0x00007f01bdcb0862 in create_client (info=0x7f01bda959e0, client=0x7f01bda95a50) at rpc_subs.c:381
381		if  (!clnt_control(*client, CLSET_FD_CLOSE, NULL)) {
(gdb) thread apply all bt

Thread 6 (Thread 0x7f01be8c5700 (LWP 1986)):
#0  0x00007f01c001bfc3 in __poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f01c1546a18 in get_pkt (ap=0x7f01c1ca02d0) at automount.c:885
#2  handle_packet (ap=0x7f01c1ca02d0) at automount.c:1022
#3  0x00007f01c1548402 in handle_mounts (arg=<value optimized out>) at automount.c:1590
#4  0x00007f01c1104851 in start_thread (arg=0x7f01be8c5700) at pthread_create.c:301
#5  0x00007f01c002567d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 5 (Thread 0x7f01bfb1b700 (LWP 1983)):
#0  0x00007f01c001bfc3 in __poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f01c1546a18 in get_pkt (ap=0x7f01c1c99f50) at automount.c:885
#2  handle_packet (ap=0x7f01c1c99f50) at automount.c:1022
#3  0x00007f01c1548402 in handle_mounts (arg=<value optimized out>) at automount.c:1590
#4  0x00007f01c1104851 in start_thread (arg=0x7f01bfb1b700) at pthread_create.c:301
#5  0x00007f01c002567d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 4 (Thread 0x7f01c1514700 (LWP 1980)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f01c1553057 in st_queue_handler (arg=<value optimized out>) at state.c:1073
#2  0x00007f01c1104851 in start_thread (arg=0x7f01c1514700) at pthread_create.c:301
#3  0x00007f01c002567d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 3 (Thread 0x7f01c1525700 (LWP 1979)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:216
#1  0x00007f01c155ce7a in alarm_handler (arg=<value optimized out>) at alarm.c:206
#2  0x00007f01c1104851 in start_thread (arg=0x7f01c1525700) at pthread_create.c:301
#3  0x00007f01c002567d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7f01c1527700 (LWP 1978)):
#0  do_sigwait (set=<value optimized out>, sig=0x7fffe9d77e7c) at ../sysdeps/unix/sysv/linux/sigwait.c:65
#1  __sigwait (set=<value optimized out>, sig=0x7fffe9d77e7c) at ../sysdeps/unix/sysv/linux/sigwait.c:100
#2  0x00007f01c1547d17 in statemachine (argc=0, argv=<value optimized out>) at automount.c:1332
#3  main (argc=0, argv=<value optimized out>) at automount.c:2214

Thread 1 (Thread 0x7f01bda98700 (LWP 2165)):
#0  0x00007f01bdcb0862 in create_client (info=0x7f01bda959e0, client=0x7f01bda95a50) at rpc_subs.c:381
#1  0x00007f01bdcb0f69 in rpc_portmap_getport (info=0x7f01bda95a90, parms=0x7f01bda95af0, port=0x7f01bda95aa8) at rpc_subs.c:560
#2  0x00007f01bdcb1490 in rpc_get_exports (host=<value optimized out>, seconds=<value optimized out>, micros=<value optimized out>, option=<value optimized out>) at rpc_subs.c:898
#3  0x00007f01bdcad9ac in lookup_mount (ap=0x7f01c1ca02d0, name=0x7f01bda95e50 "10.12.59.133", name_len=12, context=0x7f01b0000fd0) at lookup_hosts.c:250
#4  0x00007f01c1550ce2 in lookup_nss_mount (ap=0x7f01c1ca02d0, source=0x0, name=0x7f01bda95e50 "10.12.59.133", name_len=12) at lookup.c:898
#5  0x00007f01c1549710 in do_mount_indirect (arg=<value optimized out>) at indirect.c:813
#6  0x00007f01c1104851 in start_thread (arg=0x7f01bda98700) at pthread_create.c:301
#7  0x00007f01c002567d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Comment 1 Ian Kent 2012-07-11 02:35:11 UTC 
Can you try this package please:
http://people.redhat.com/~ikent/autofs-5.0.5-54.bz827024.1.el6
Comment 2 Kyle Squizzato 2012-07-12 20:50:02 UTC 
(In reply to comment #1)
> Can you try this package please:
> http://people.redhat.com/~ikent/autofs-5.0.5-54.bz827024.1.el6

Hi Ian, 

This works perfectly.
Comment 3 Ian Kent 2012-07-13 05:41:23 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > Can you try this package please:
> > http://people.redhat.com/~ikent/autofs-5.0.5-54.bz827024.1.el6
> 
> Hi Ian, 
> 
> This works perfectly.

Great, bug 827024 appears to be private so we'll leave this
open and I'll close it when 827024 is closed.

If you need a supported release sooner then we'll need to go
via support and work through the process.
Comment 4 Ian Kent 2012-07-13 05:43:31 UTC 
Oh, hang on, you should be in the Emplotee group so maybe you
can see the bug .....

If you can we probably should mark this a a duplicate.
Comment 5 Akemi Yagi 2012-07-14 16:09:16 UTC 
Knowledgebase article (thanks to Kyle):

https://access.redhat.com/knowledge/solutions/159413
Comment 8 Brad Hubbard 2012-08-04 01:56:31 UTC 

*** This bug has been marked as a duplicate of bug 827024 ***