RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 889182 - crash in memory cache
Summary: crash in memory cache
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 895654
TreeView+ depends on / blocked
 
Reported: 2012-12-20 12:52 UTC by Jakub Hrozek
Modified: 2020-05-02 17:10 UTC (History)
5 users (show)

Fixed In Version: sssd-1.9.2-59.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:42:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2764 0 None closed crash in memory cache 2020-10-15 18:07:21 UTC
Red Hat Product Errata RHSA-2013:0508 0 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Jakub Hrozek 2012-12-20 12:52:55 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1722

I was running some load testing on my laptop when searching for an unrelated issue and I saw this crash:


{{{
Program terminated with signal 11, Segmentation fault.
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139

warning: Source file is more recent than executable.
139	    slot = mcc->hash_table[hash];
(gdb) bt
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
#5  0x000000000041667e in fill_grent (packet=0x1c91450, dom=0x1579770, nctx=0x1576980, 
    filter_groups=true, gr_mmap_cache=true, msgs=0x1bba2e0, count=0x7fff01e848b0)
    at src/responder/nss/nsssrv_cmd.c:2185
#6  0x00000000004169ec in nss_cmd_getgr_send_reply (dctx=0x1c88b20, filter=true)
    at src/responder/nss/nsssrv_cmd.c:2236
#7  0x000000000041a23d in nss_cmd_getgrgid (cctx=0x1caa7d0)
    at src/responder/nss/nsssrv_cmd.c:2801
#8  0x0000000000435015 in sss_cmd_execute (cctx=0x1caa7d0, sss_cmds=0x6b1ac0 <nss_cmds>)
    at src/responder/common/responder_cmd.c:153
#9  0x000000000043768f in client_recv (cctx=0x1caa7d0)
    at src/responder/common/responder_common.c:293
#10 0x0000000000437ddd in client_fd_handler (ev=0x156f380, fde=0x1c56b90, flags=1, ptr=
    0x1caa7d0) at src/responder/common/responder_common.c:343
#11 0x000000313bc07552 in epoll_event_loop (tvalp=0x7fff01e84b50, std_ev=0x156f450)
    at ../tevent_standard.c:328
#12 std_event_loop_once (ev=<optimized out>, location=<optimized out>)
    at ../tevent_standard.c:567
#13 0x000000313bc04060 in _tevent_loop_once (ev=ev@entry=0x156f380, 
    location=location@entry=0x4a2c9f "src/util/server.c:601") at ../tevent.c:507
#14 0x000000313bc041eb in tevent_common_loop_wait (ev=0x156f380, location=
    0x4a2c9f "src/util/server.c:601") at ../tevent.c:608
#15 0x00000000004761f3 in server_loop (main_ctx=0x1570500) at src/util/server.c:601
#16 0x000000000040a285 in main (argc=1, argv=0x7fff01e84e88)
    at src/responder/nss/nsssrv.c:563
(gdb) bt full
#0  0x000000000042e296 in sss_mc_rm_rec_from_chain (mcc=0x1581750, rec=0x7fd3aaaf1058, 
    hash=1482184792) at src/responder/nss/nsssrv_mmap_cache.c:139
        prev = 0x0
        cur = 0x0
        slot = 6648164
#1  0x000000000042e370 in sss_mc_invalidate_rec (mcc=0x1581750, rec=0x7fd3aaaf1058)
    at src/responder/nss/nsssrv_mmap_cache.c:169
No locals.
#2  0x000000000042e6ef in sss_mc_find_free_slots (mcc=0x1581750, num_slots=13)
    at src/responder/nss/nsssrv_mmap_cache.c:256
        rec = 0x7fd3aaaf1058
        tot_slots = 50000
        cur = 0
        i = 46318276
        t = 46318276
        used = true
#3  0x000000000042e910 in sss_mc_get_record (mcc=0x1581750, rec_len=387, key=
    0x7fff01e84750) at src/responder/nss/nsssrv_mmap_cache.c:331
        old_rec = 0x0
        rec = 0x0
        old_slots = 0
        num_slots = 13
        base_slot = 0
        i = 347
#4  0x000000000042f063 in sss_mmap_cache_gr_store (mcc=0x1581750, name=0x7fff01e84750, pw=
    0x7fff01e84740, gid=5471, memnum=40, membuf=0x1c8d8da "rlandy", memsize=329)
    at src/responder/nss/nsssrv_mmap_cache.c:566
        rec = 0x7fff01e84b50
        data = 0x7fff01e84e80
        gidkey = {str = 0x7fff01e845d0 "5471", len = 5}
        gidstr = "5471\000\000\000\000\261#G"
        data_len = 339
        rec_len = 387
        pos = 0
        ret = 4

}}}
Comment 2 Jakub Hrozek 2012-12-20 13:58:45 UTC 
To reproduce:
for i in `getent group someverylargegroup | tr ',' ' '`; do id $i; done
Comment 4 Kaushik Banerjee 2013-01-08 07:35:39 UTC 
Verified in version 1.9.2-59

Report from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Performance test 002 - bz889182 and 888800 - crash in memory cache
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup1 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: Looking up 1000 users increased sssd_nss memory usage by 2964 kB
:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'for i in `getent group someverylargegroup2 | tr ',' ' '`; do id $i; done'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   PASS   ] :: id lookup on 5000 users increased sssd_nss memory usage by 41500 kB
:: [   LOG    ] :: Duration: 6h 19m 42s
:: [   LOG    ] :: Assertions: 6 good, 0 bad
:: [   PASS   ] :: RESULT: Performance test 002 - bz889182 and 888800 - crash in memory cache
Comment 5 errata-xmlrpc 2013-02-21 09:42:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.