Bug 171240 - nscd aborts with "*** %n in writable segment detected ***"
nscd aborts with "*** %n in writable segment detected ***"
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-19 15:59 EDT by Nalin Dahyabhai
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.3.90-15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-20 05:47:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2005-10-19 15:59:57 EDT
Description of problem:
nscd-2.3.90-14 aborts when it attempts to add an entry to its cache

Version-Release number of selected component (if applicable):
2.3.90-14, glibc 2.3.90-14 (i686), kernel-2.6.13-1.1617_FC5 (i686)

How reproducible:
Always

Steps to Reproduce:
1. Start up nscd in debugging mode
2. Run "id root" on the same system
  
Actual results:
8469: Access Vector Cache (AVC) started
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETFDPW
8469: provide access to FD 6, for passwd
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETFDGR
8469: provide access to FD 8, for group
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETGRBYGID (1)
8469: Haven't found "1" in group cache!
*** %n in writable segment detected ***

Additional info:
With the debuginfo packages installed, running 'nscd -d' under gdb gives this
backtrace:
#0  0x00f99402 in __kernel_vsyscall ()
#1  0x00139908 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#2  0x0013b078 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0x0016ea6d in __libc_message (do_abort=1, fmt=0x22c0f0 "%s")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x0016eb8b in *__GI___libc_fatal (
    message=0x22cea8 "*** %n in writable segment detected ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:181
#5  0x0014e144 in _IO_vfprintf (s=0xb104a610, format=0x4e2cd0 "%d%c%n%s",
    ap=0x4e2cd9 "short write in %s: %s") at vfprintf.c:1818
#6  0x001ef3e1 in *__GI___vsnprintf_chk (s=0xb104a750 "1", maxlen=14, flags=1,
    slen=4294967295, format=0x4e2cd0 "%d%c%n%s", args=0xb104a73c "\001")
    at vsnprintf_chk.c:64
#7  0x001ef317 in __snprintf_chk (s=0xb104a750 "1", maxlen=14, flags=1,
    slen=4294967295, format=0x4e2cd0 "%d%c%n%s") at snprintf_chk.c:34
#8  0x004d86c1 in cache_addgr (db=0x4e50c4, fd=13, req=0xb104ae48,
    key=0xb104ae68, grp=0xb104ad64, owner=4294967295, he=0x0, dh=0x0, errval=0)
    at grpcache.c:178
#9  0x004d9083 in addgrbyX (db=0x4e50c4, fd=13, req=0xb104ae48, key=
      {v = 0x1, g = 1}, keystr=0xb104ae68 "1", uid=4294967295, he=0x0, dh=0x0)
    at grpcache.c:465
#10 0x004d9227 in addgrbygid (db=0x4e50c4, fd=13, req=0xb104ae48,
    key=0xb104ae68, uid=4294967295) at grpcache.c:515
#11 0x004d74bd in nscd_run (p=0x3) at connections.c:983
#12 0x008c1bd2 in start_thread (arg=0xb104bbb0) at pthread_create.c:261
#13 0x001dc67e in ?? () from /lib/libc.so.6
Comment 1 Jakub Jelinek 2005-10-20 05:47:12 EDT
This is actually a kernel bug (#165351).
But I've put a workaround into glibc-2.3.90-15.

Note You need to log in before you can comment on or make changes to this bug.