Bug 171240 - nscd aborts with "*** %n in writable segment detected ***"
Summary: nscd aborts with "*** %n in writable segment detected ***"
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-19 19:59 UTC by Nalin Dahyabhai
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 2.3.90-15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-20 09:47:12 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Nalin Dahyabhai 2005-10-19 19:59:57 UTC 
Description of problem:
nscd-2.3.90-14 aborts when it attempts to add an entry to its cache

Version-Release number of selected component (if applicable):
2.3.90-14, glibc 2.3.90-14 (i686), kernel-2.6.13-1.1617_FC5 (i686)

How reproducible:
Always

Steps to Reproduce:
1. Start up nscd in debugging mode
2. Run "id root" on the same system
  
Actual results:
8469: Access Vector Cache (AVC) started
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETFDPW
8469: provide access to FD 6, for passwd
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETFDGR
8469: provide access to FD 8, for group
8469: handle_request: request received (Version = 2) from PID 8478
8469:   GETGRBYGID (1)
8469: Haven't found "1" in group cache!
*** %n in writable segment detected ***

Additional info:
With the debuginfo packages installed, running 'nscd -d' under gdb gives this
backtrace:
#0  0x00f99402 in __kernel_vsyscall ()
#1  0x00139908 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#2  0x0013b078 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0x0016ea6d in __libc_message (do_abort=1, fmt=0x22c0f0 "%s")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x0016eb8b in *__GI___libc_fatal (
    message=0x22cea8 "*** %n in writable segment detected ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:181
#5  0x0014e144 in _IO_vfprintf (s=0xb104a610, format=0x4e2cd0 "%d%c%n%s",
    ap=0x4e2cd9 "short write in %s: %s") at vfprintf.c:1818
#6  0x001ef3e1 in *__GI___vsnprintf_chk (s=0xb104a750 "1", maxlen=14, flags=1,
    slen=4294967295, format=0x4e2cd0 "%d%c%n%s", args=0xb104a73c "\001")
    at vsnprintf_chk.c:64
#7  0x001ef317 in __snprintf_chk (s=0xb104a750 "1", maxlen=14, flags=1,
    slen=4294967295, format=0x4e2cd0 "%d%c%n%s") at snprintf_chk.c:34
#8  0x004d86c1 in cache_addgr (db=0x4e50c4, fd=13, req=0xb104ae48,
    key=0xb104ae68, grp=0xb104ad64, owner=4294967295, he=0x0, dh=0x0, errval=0)
    at grpcache.c:178
#9  0x004d9083 in addgrbyX (db=0x4e50c4, fd=13, req=0xb104ae48, key=
      {v = 0x1, g = 1}, keystr=0xb104ae68 "1", uid=4294967295, he=0x0, dh=0x0)
    at grpcache.c:465
#10 0x004d9227 in addgrbygid (db=0x4e50c4, fd=13, req=0xb104ae48,
    key=0xb104ae68, uid=4294967295) at grpcache.c:515
#11 0x004d74bd in nscd_run (p=0x3) at connections.c:983
#12 0x008c1bd2 in start_thread (arg=0xb104bbb0) at pthread_create.c:261
#13 0x001dc67e in ?? () from /lib/libc.so.6
Comment 1 Jakub Jelinek 2005-10-20 09:47:12 UTC 
This is actually a kernel bug (#165351).
But I've put a workaround into glibc-2.3.90-15.
Note You need to log in before you can comment on or make changes to this bug.