Bug 1311559

Summary:	SIGSEGV with nss-3.21.0-1.el7_2.x86_64
Product:	Red Hat Enterprise Linux 7	Reporter:	Yedidyah Bar David <didi>
Component:	nss	Assignee:	Kai Engert (:kaie) (inactive account) <kengert>
Status:	CLOSED DUPLICATE	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.2	CC:	kdudka, kengert, ksiddiqu
Target Milestone:	rc	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	nss-3.19.1-19.el7_2	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-04-25 18:33:22 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Yedidyah Bar David 2016-02-24 13:08:50 UTC

Description of problem:

I am trying the following flow:

1. Install and deploy RHEV 3.6 hosted-engine on two rhel 7.2 hosts
2. Move one host to maintenance and remove it from the engine
3. Deploy again

It fails with:

[ INFO  ] Acquiring internal CA cert from the engine
[ INFO  ] The following CA certificate is going to be used, please immediately interrupt if not correct:
[ INFO  ] Issuer: C=US, O=home.local, CN=he1.home.local.17334, Subject: C=US, O=home.local, CN=he1.home.local.17334, Fingerprint (SHA-1): 2E13C8ECC986F18C2F9C254EF4E577FD58D7F3E
[ INFO  ] Connecting to the Engine
Segmentation fault

Tried again and attached gdb prior to the stage at which it fails, so I can see the stack trace:

[New Thread 0x7faae101f700 (LWP 27016)]
[Thread 0x7faae101f700 (LWP 27016) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00007faae4ce85ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so
(gdb) bt
#0  0x00007faae4ce85ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so
#1  0x00007faae4cf3292 in ssl3_HandleHandshakeMessage () from /lib64/libssl3.so
#2  0x00007faae4cf6091 in ssl3_HandleRecord () from /lib64/libssl3.so
#3  0x00007faae4cf74e2 in ssl3_GatherCompleteHandshake () from /lib64/libssl3.so
#4  0x00007faae4d0101b in SSL_ForceHandshake () from /lib64/libssl3.so
#5  0x00007faae69bd434 in nss_connect_common () from /lib64/libcurl.so.4
#6  0x00007faae69b47ee in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4
#7  0x00007faae698c51e in https_connecting () from /lib64/libcurl.so.4
#8  0x00007faae69ae268 in multi_runsingle () from /lib64/libcurl.so.4
#9  0x00007faae69af121 in curl_multi_perform () from /lib64/libcurl.so.4
#10 0x00007faae69a64a3 in curl_easy_perform () from /lib64/libcurl.so.4
#11 0x00007faae2e19163 in do_curl_perform () from /usr/lib64/python2.7/site-packages/pycurl.so
#12 0x00007faafa1f3a10 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#13 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#14 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#15 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#16 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#17 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#18 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#19 0x00007faafa1821bd in function_call () from /lib64/libpython2.7.so.1.0
#20 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#21 0x00007faafa16c0b5 in instancemethod_call () from /lib64/libpython2.7.so.1.0
#22 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#23 0x00007faafa1b4187 in slot_tp_init () from /lib64/libpython2.7.so.1.0
#24 0x00007faafa1b2e9f in type_call () from /lib64/libpython2.7.so.1.0
#25 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#26 0x00007faafa1f138c in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#27 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#28 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#29 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#30 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#31 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#32 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#33 0x00007faafa1f52f2 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
#34 0x00007faafa1f4540 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#35 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#36 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#37 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#38 0x00007faafa1820c8 in function_call () from /lib64/libpython2.7.so.1.0
#39 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#40 0x00007faafa220ea0 in RunModule () from /lib64/libpython2.7.so.1.0
#41 0x00007faafa221684 in Py_Main () from /lib64/libpython2.7.so.1.0
#42 0x00007faaf944eb15 in __libc_start_main () from /lib64/libc.so.6
#43 0x0000000000400721 in _start ()

So checked and noticed that I have a very new nss package, nss-3.21.0-1.el7_2.x86_64, from z-stream candidate [1].

Did this:

yum downgrade nss nss-sysinit nss-tools

which picked 3.19.1-18.el7 .

Tried again deploy and it passed successfully.

[1] http://download.eng.tlv.redhat.com/rel-eng/repos/rhel-7.2-z-candidate/x86_64/

The last line output before the signal is [2]. I didn't try to further diagnose this or create a minimal reproducer.

Will later try to run this with nss-debuginfo installed and comment if I get more details.

[2] https://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py;h=800ae5539c1526e4f6f7649c602e5e77ea1849c9;hb=HEAD#l657

Comment 2 Kai Engert (:kaie) (inactive account) 2016-02-24 13:15:06 UTC

So, I was surprised how you can be using this RPM version, because we haven't released it anywhere.

Now I see that you're using the 7.2.z channel apparently.

The nss.rpm that you have used is known to be broken.
Please use an older one.

Comment 4 Kai Engert (:kaie) (inactive account) 2016-02-24 13:30:06 UTC

I'm closing this as NOTABUG. Please don't use that nss package version.
Please open a new bug, if you still see issues after we release a newer build.
For now, please use an older package version.

Comment 5 Yedidyah Bar David 2016-02-24 15:29:31 UTC

Just for completeness, following is the backtrace with the -debuginfo package installed:

#0  ssl3_GetPrfHashMechanism (ss=0x3c9e820) at ssl3con.c:3658
#1  ssl3_InitHandshakeHashes (ss=ss@entry=0x3c9e820) at ssl3con.c:4153
#2  0x00007fd463a01292 in ssl3_HandleServerHello (length=87,
    b=0x3ca6176 "V\315\314P\223\372\006\201],ΕQ\232\271\251s\250\236\066~\240\230\v\334\064\t\224^ϲ\347 S\324īg\003\323\032\366u\207\277\345\321\355ˑ\324\001?c[\227\034\201c\240W32\210\207\300\060", ss=0x3c9e820) at ssl3con.c:6629
#3  ssl3_HandleHandshakeMessage (ss=ss@entry=0x3c9e820, b=<optimized out>, length=<optimized out>) at ssl3con.c:11781
#4  0x00007fd463a04091 in ssl3_HandleHandshake (origBuf=0x3c9ebe0, ss=0x3c9e820) at ssl3con.c:11925
#5  ssl3_HandleRecord (ss=ss@entry=0x3c9e820, cText=cText@entry=0x7ffc8c9d0d40, databuf=databuf@entry=0x3c9ebe0) at ssl3con.c:12594
#6  0x00007fd463a054e2 in ssl3_GatherCompleteHandshake (ss=ss@entry=0x3c9e820, flags=flags@entry=0) at ssl3gthr.c:378
#7  0x00007fd463a0f01b in SSL_ForceHandshake (fd=<optimized out>) at sslsecur.c:458
#8  0x00007fd4656cb434 in nss_connect_common () from /lib64/libcurl.so.4
#9  0x00007fd4656c27ee in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4
#10 0x00007fd46569a51e in https_connecting () from /lib64/libcurl.so.4
#11 0x00007fd4656bc268 in multi_runsingle () from /lib64/libcurl.so.4
#12 0x00007fd4656bd121 in curl_multi_perform () from /lib64/libcurl.so.4
#13 0x00007fd4656b44a3 in curl_easy_perform () from /lib64/libcurl.so.4
#14 0x00007fd461b27163 in do_curl_perform () from /usr/lib64/python2.7/site-packages/pycurl.so
#15 0x00007fd478f83a10 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#16 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#17 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#18 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#19 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#20 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#21 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#22 0x00007fd478f121bd in function_call () from /lib64/libpython2.7.so.1.0
#23 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#24 0x00007fd478efc0b5 in instancemethod_call () from /lib64/libpython2.7.so.1.0
#25 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#26 0x00007fd478f44187 in slot_tp_init () from /lib64/libpython2.7.so.1.0
#27 0x00007fd478f42e9f in type_call () from /lib64/libpython2.7.so.1.0
#28 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#29 0x00007fd478f8138c in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#30 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#31 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#32 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#33 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#34 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#35 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#36 0x00007fd478f852f2 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
#37 0x00007fd478f84540 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#38 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#39 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#40 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#41 0x00007fd478f120c8 in function_call () from /lib64/libpython2.7.so.1.0
#42 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#43 0x00007fd478fb0ea0 in RunModule () from /lib64/libpython2.7.so.1.0
#44 0x00007fd478fb1684 in Py_Main () from /lib64/libpython2.7.so.1.0
#45 0x00007fd4781deb15 in __libc_start_main () from /lib64/libc.so.6
#46 0x0000000000400721 in _start ()

Comment 6 Kamil Dudka 2016-02-29 10:17:30 UTC

Kai, please do not close bugs as NOTABUG when they are real and not yet fixed!

*** This bug has been marked as a duplicate of bug 1312449 ***

Comment 7 Kai Engert (:kaie) (inactive account) 2016-02-29 16:19:40 UTC

the broken nss-3.21 build, and all other related base libraries like nss-util-3.21 and nspr-4.11, have been untagged from the 7.2.z candidate tag.

Your next builds should pick up the older pacakges versions, and work again.

Comment 8 Kai Engert (:kaie) (inactive account) 2016-02-29 17:32:47 UTC

reopening until verified fixed by someone with an older version

Comment 9 Kai Engert (:kaie) (inactive account) 2016-02-29 18:34:02 UTC

Fixed by downgrading to nss-3.19.1-19.el7_2

Comment 11 Yedidyah Bar David 2016-03-01 07:12:32 UTC

(In reply to Kai Engert (:kaie) from comment #8)
> reopening until verified fixed by someone with an older version

As I mentioned in comment 0, I already did that - downgrading to the older version did fix my specific flow. Perhaps should properly be done by QE, though, so not moving to VERIFIED.

Comment 12 Kaleem 2016-03-08 12:20:52 UTC

*** Bug 1314877 has been marked as a duplicate of this bug. ***