Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 889182 - crash in memory cache
crash in memory cache
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.4
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks: 895654
  Show dependency treegraph
 
Reported: 2012-12-20 07:52 EST by Jakub Hrozek
Modified: 2013-02-21 04:42 EST (History)
5 users (show)

See Also:
Fixed In Version: sssd-1.9.2-59.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:42:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Jakub Hrozek 2012-12-20 07:52:55 EST 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1722

I was running some load testing on my laptop when searching for an unrelated issue and I saw this crash:


{{{
Program terminated with signal 11, Segmentation fault.
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139

warning: Source file is more recent than executable.
139	    slot = mcc->hash_table[hash];
(gdb) bt
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
#5  0x000000000041667e in fill_grent (packet=0x1c91450, dom=0x1579770, nctx=0x1576980, 
    filter_groups=true, gr_mmap_cache=true, msgs=0x1bba2e0, count=0x7fff01e848b0)
    at src/responder/nss/nsssrv_cmd.c:2185
#6  0x00000000004169ec in nss_cmd_getgr_send_reply (dctx=0x1c88b20, filter=true)
    at src/responder/nss/nsssrv_cmd.c:2236
#7  0x000000000041a23d in nss_cmd_getgrgid (cctx=0x1caa7d0)
    at src/responder/nss/nsssrv_cmd.c:2801
#8  0x0000000000435015 in sss_cmd_execute (cctx=0x1caa7d0, sss_cmds=0x6b1ac0 <nss_cmds>)
    at src/responder/common/responder_cmd.c:153
#9  0x000000000043768f in client_recv (cctx=0x1caa7d0)
    at src/responder/common/responder_common.c:293
#10 0x0000000000437ddd in client_fd_handler (ev=0x156f380, fde=0x1c56b90, flags=1, ptr=
    0x1caa7d0) at src/responder/common/responder_common.c:343
#11 0x000000313bc07552 in epoll_event_loop (tvalp=0x7fff01e84b50, std_ev=0x156f450)
    at ../tevent_standard.c:328
#12 std_event_loop_once (ev=<optimized out>, location=<optimized out>)
    at ../tevent_standard.c:567
#13 0x000000313bc04060 in _tevent_loop_once (ev=ev@entry=0x156f380, 
    location=location@entry=0x4a2c9f "src/util/server.c:601") at ../tevent.c:507
#14 0x000000313bc041eb in tevent_common_loop_wait (ev=0x156f380, location=
    0x4a2c9f "src/util/server.c:601") at ../tevent.c:608
#15 0x00000000004761f3 in server_loop (main_ctx=0x1570500) at src/util/server.c:601
#16 0x000000000040a285 in main (argc=1, argv=0x7fff01e84e88)
    at src/responder/nss/nsssrv.c:563
(gdb) bt full
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
        prev = 0x0
        cur = 0x0
        slot = 6648164
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
No locals.
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
        rec = 0x7fd3aaaf1058
        tot_slots = 50000
        cur = 0
        i = 46318276
        t = 46318276
        used = true
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
        old_rec = 0x0
        rec = 0x0
        old_slots = 0
        num_slots = 13
        base_slot = 0
        i = 347
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
        rec = 0x7fff01e84b50
        data = 0x7fff01e84e80
        gidkey = {str = 0x7fff01e845d0 "5471", len = 5}
        gidstr = "5471\000\000\000\000\261#G"
        data_len = 339
        rec_len = 387
        pos = 0
        ret = 4

}}}
Comment 2 Jakub Hrozek 2012-12-20 08:58:45 EST 
To reproduce:
for i in `getent group someverylargegroup | tr ',' ' '`; do id $i; done
Comment 4 Kaushik Banerjee 2013-01-08 02:35:39 EST 
Verified in version 1.9.2-59

Report from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Performance test 002 - bz889182 and 888800 - crash in memory cache
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup1 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: Looking up 1000 users increased sssd_nss memory usage by 2964 kB
:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup2 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: id lookup on 5000 users increased sssd_nss memory usage by 41500 kB
:: [   LOG    ] :: Duration: 6h 19m 42s
:: [   LOG    ] :: Assertions: 6 good, 0 bad
:: [   PASS   ] :: RESULT: Performance test 002 - bz889182 and 888800 - crash in memory cache
Comment 5 errata-xmlrpc 2013-02-21 04:42:57 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.