Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 889182 - crash in memory cache
Summary: crash in memory cache
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 895654
TreeView+ depends on / blocked
 
Reported: 2012-12-20 12:52 UTC by Jakub Hrozek
Modified: 2020-05-02 17:10 UTC (History)
5 users (show)

Fixed In Version: sssd-1.9.2-59.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:42:57 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2764 0 None closed crash in memory cache 2020-10-15 18:07:21 UTC
Red Hat Product Errata RHSA-2013:0508 0 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Jakub Hrozek 2012-12-20 12:52:55 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1722

I was running some load testing on my laptop when searching for an unrelated issue and I saw this crash:


{{{
Program terminated with signal 11, Segmentation fault.
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139

warning: Source file is more recent than executable.
139	    slot = mcc->hash_table[hash];
(gdb) bt
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
#5  0x000000000041667e in fill_grent (packet=0x1c91450, dom=0x1579770, nctx=0x1576980, 
    filter_groups=true, gr_mmap_cache=true, msgs=0x1bba2e0, count=0x7fff01e848b0)
    at src/responder/nss/nsssrv_cmd.c:2185
#6  0x00000000004169ec in nss_cmd_getgr_send_reply (dctx=0x1c88b20, filter=true)
    at src/responder/nss/nsssrv_cmd.c:2236
#7  0x000000000041a23d in nss_cmd_getgrgid (cctx=0x1caa7d0)
    at src/responder/nss/nsssrv_cmd.c:2801
#8  0x0000000000435015 in sss_cmd_execute (cctx=0x1caa7d0, sss_cmds=0x6b1ac0 <nss_cmds>)
    at src/responder/common/responder_cmd.c:153
#9  0x000000000043768f in client_recv (cctx=0x1caa7d0)
    at src/responder/common/responder_common.c:293
#10 0x0000000000437ddd in client_fd_handler (ev=0x156f380, fde=0x1c56b90, flags=1, ptr=
    0x1caa7d0) at src/responder/common/responder_common.c:343
#11 0x000000313bc07552 in epoll_event_loop (tvalp=0x7fff01e84b50, std_ev=0x156f450)
    at ../tevent_standard.c:328
#12 std_event_loop_once (ev=<optimized out>, location=<optimized out>)
    at ../tevent_standard.c:567
#13 0x000000313bc04060 in _tevent_loop_once (ev=ev@entry=0x156f380, 
    location=location@entry=0x4a2c9f "src/util/server.c:601") at ../tevent.c:507
#14 0x000000313bc041eb in tevent_common_loop_wait (ev=0x156f380, location=
    0x4a2c9f "src/util/server.c:601") at ../tevent.c:608
#15 0x00000000004761f3 in server_loop (main_ctx=0x1570500) at src/util/server.c:601
#16 0x000000000040a285 in main (argc=1, argv=0x7fff01e84e88)
    at src/responder/nss/nsssrv.c:563
(gdb) bt full
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
        prev = 0x0
        cur = 0x0
        slot = 6648164
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
No locals.
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
        rec = 0x7fd3aaaf1058
        tot_slots = 50000
        cur = 0
        i = 46318276
        t = 46318276
        used = true
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
        old_rec = 0x0
        rec = 0x0
        old_slots = 0
        num_slots = 13
        base_slot = 0
        i = 347
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
        rec = 0x7fff01e84b50
        data = 0x7fff01e84e80
        gidkey = {str = 0x7fff01e845d0 "5471", len = 5}
        gidstr = "5471\000\000\000\000\261#G"
        data_len = 339
        rec_len = 387
        pos = 0
        ret = 4

}}}

Comment 2 Jakub Hrozek 2012-12-20 13:58:45 UTC
To reproduce:
for i in `getent group someverylargegroup | tr ',' ' '`; do id $i; done

Comment 4 Kaushik Banerjee 2013-01-08 07:35:39 UTC
Verified in version 1.9.2-59

Report from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Performance test 002 - bz889182 and 888800 - crash in memory cache
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup1 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: Looking up 1000 users increased sssd_nss memory usage by 2964 kB
:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup2 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: id lookup on 5000 users increased sssd_nss memory usage by 41500 kB
:: [   LOG    ] :: Duration: 6h 19m 42s
:: [   LOG    ] :: Assertions: 6 good, 0 bad
:: [   PASS   ] :: RESULT: Performance test 002 - bz889182 and 888800 - crash in memory cache

Comment 5 errata-xmlrpc 2013-02-21 09:42:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html


Note You need to log in before you can comment on or make changes to this bug.