Bug#212541: libc6: Group with many users makes processes loop and consume all memory

To: submit@bugs.debian.org
Subject: Bug#212541: libc6: Group with many users makes processes loop and consume all memory
From: Stefan Gybas <sgybas@debian.org>
Date: Wed, 24 Sep 2003 10:49:54 +0200
Message-id: <[🔎] 3F715AB2.8010101@debian.org>
Reply-to: Stefan Gybas <sgybas@debian.org>, 212541@bugs.debian.org

Package: libc6
Version: 2.3.2-8
Severity: critical
Tags: sarge sid

When I create a group with a lot of users some processes loop trying toparse /etc/group and consume all available memory until they are killed.


You can reproduce this the following way:

# (echo -n testgrp1:x:65530:; for i in `seq 92`; do echo -n user$i,;done; echo root) >> /etc/group

# grep testgrp1 /etc/group | wc
      1       1     657

Then try to change the group of a file to a group that does not exist:

# touch /tmp/grptest1
# strace chgrp doesnotexist /tmp/grptest1 2>strace.log

The process is consuming all CPU time and using more and more memory.strace.log shows that it is always repeating these steps:


open("/etc/group", O_RDONLY)            = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2879, ...}) = 0
mmap2(NULL, 2879, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000
_llseek(3, 2879, [2879], SEEK_SET)      = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2879, ...}) = 0
munmap(0x40016000, 2879)                = 0
close(3)                                = 0

When the group does exist, chgrp works fine. If you remove the root userfrom the testgrp1 it also works again:


# chgrp testgrp1 /tmp/grptest1
# vi /etc/group                    # remove root from testgrp1
# grep testgrp1 /etc/group | wc
      1       1     652
# chgrp doesnotexist /tmp/grptest1
chgrp: invalid group name `doesnotexist'

The problem doesn't seem to be the number of users in a group, it lookslike it's the length of a line in /etc/group. For example, creating agroup with 26 long user names also triggers the problem:

# (echo -n testgrp2:x:65531:; for i in `seq 26`; do echo -nsomeusersmighthaveaprettylongname$i,; done; echo root) >> /etc/group# grep testgrp2 /etc/group | wc1 1 949

Removing the "someusersmighthaveaprettylongname26" user also makes theproblem disappear:


# grep testgrp2 /etc/group | wc
      1       1     913

The problem is not only triggered in chgrp, but also in ls, tar, mysqland other programs that might look up non existing groups in /etc/group:


# touch /tmp/grptest2
# chgrp 65532 /tmp/grptest2

Add a long line to /etc/group (as above), gid 65532 must not exist:

# ls -l

I can reproduce this on a testing machine runningkernel-image-2.4.22-1-k7 and libc6 2.3.2-7 and also on an unstablesystem running kernel 2.4.22-3um (User Mode Linux) and libc6 2.3.2-8.The problem did not occur with glibc 2.3.1 which has been in testing before.

(Serverity critical because it breaks the whole system and might causedata loss if the kernel's OOM handler kills the "wrong" processes.)

Reply to:

Prev by Date: Bug#212048: [ahu@ds9a.nl: reassign]
Next by Date: cvs commit to glibc-package by jbailey
Previous by thread: Bug#205234: failure notice
Next by thread: cvs commit to glibc-package by jbailey
Index(es):
- Date
- Thread