[Samba] 3.0.4: smbd's + nscd's = 100% CPU; load > 4

Jeremy Allison jra at samba.org
Tue Jul 13 17:34:47 GMT 2004 

On Wed, Jul 07, 2004 at 08:50:20PM +0200, Dragan.Krnic at bahn.de wrote:
> 
> Bingo! It is exactly the same case.
> Two user names were spelled out slightly wrong
> in the /etc/group. As a consequence,
> under certain circumstances the "smbd" process
> keeps trying to resolve the name and doesn't
> take "no" from "nscd" for an answer.
> Each "smbd" process is looping around
> these 5 system calls:
> 1) create a socket,
> 2) connect to nscd's socket,
> 3) write the mis-spelled name,
> 4) read negative answer
> 5) close socket:
> 
>    socket(PF_UNIX,SOCK_STREAM,0)=26
>    connect(26,{sa_family=AF_UNIX,path="/var/run/.nscd_socket"},110)=0
>    writev(26,[{"\2\0...\0\22\0...",12},{"GeorgeDubbyaBusch\0",18}],2)=30
>    read(26,"\2\0\0\...\0\377\377\377\377\377\377"...,36)=36
>    close(26)=0
> 
> and the nscds spin like this
> 
>    poll({fd=3,events=POLLRDNORM,revents=POLLRDNORM}],1,-1)=1
>    accept(3,,NULL)=9
>    read(9,"\2\0\0\0\0\0\0\0\22\0\0\0",12)=12
>    read(9,"GeorgeDubbyaBusch\0",18)=18
>    write(9,"\2\0\...\0\377\377\377\377\377\377"...,36=36
>    close(9)=0
> 
> Since both mis-spelled names are among the
> earliest user names in 2 most frequently used
> groups (one is "users"), it's hard to tell
> why the smbd processes spin out of control so
> infrequently. Jeremy will know more about that.

Ok, looking at the code in 3.0 there is no loop around the
lookup for a bad user name. The code in question is here:

        for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
                struct passwd *pw = getpwnam(*gr);
                                                                                                                                        
                if (pw == NULL)
                        continue;
                add_uid_to_array_unique(pw->pw_uid, uids, num);
        }

Note that if pw == NULL then the name should be skipped and
the next entry examined. This code is not looping on bad lookups
within smbd.

Is it possible to attach to the smbd in question with gdb and
walk through this code with a bad username in the group entry
list and see if the getpwnam call ever returns NULL or just
loops inside glibc ?

Jeremy.

More information about the samba mailing list