Bug 1505277

Summary: Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss
Product: Red Hat Enterprise Linux 7 Reporter: Sumit Bose <sbose>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.4CC: aheverle, anazmy, ekeck, fidencio, gparente, grajaiya, jhrozek, knweiss, lslebodn, mkosek, msauton, mzidek, ndehadra, orion, pbrezina, sbose, sgoveas, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.16.0-2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1509177 (view as bug list) Environment:
Last Closed: 2018-04-10 17:18:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1509177    

Description Sumit Bose 2017-10-23 08:09:40 UTC 
Description of problem:
sssd_nss crashed on freeIPA server. Crash might be related to IPA server
failures
in BZ1491508


Version-Release number of selected component (if applicable):
sh# rpm -q sssd
sssd-1.15.3-4.fc27.x86_64

How reproducible:
Ocasional

Additional info:
           PID: 31529 (sssd_nss)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 7 (BUS)
     Timestamp: Thu 2017-09-21 04:32:16 EDT (1h 24min ago)
  Command Line: /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
    Executable: /usr/libexec/sssd/sssd_nss
 Control Group: /system.slice/sssd.service
          Unit: sssd.service
         Slice: system.slice
       Boot ID: a9165bb26d374913b7bd700309a8a49b
    Machine ID: 85798e17e07f460490da106a2201860f
      Hostname: kvm-02-guest21.testrelm.test
       Storage: /var/lib/systemd/coredump/core.sssd_nss.0.a9165bb26d374913b7bd7
00309a8a49b.31529.1505982736000000.lz4
       Message: Process 31529 (sssd_nss) of user 0 dumped core.

                Stack trace of thread 31529:
                #0  0x00005558ca283978 cache_req_search_domains_next (sssd_nss)
                #1  0x00005558ca283e0d cache_req_search_domains_done (sssd_nss)
                #2  0x00007f5034e83a24 tevent_common_loop_immediate
(libtevent.so.0)
                #3  0x00007f5034e88c1b epoll_event_loop_once (libtevent.so.0)
                #4  0x00007f5034e87277 std_event_loop_once (libtevent.so.0)
                #5  0x00007f5034e8304d _tevent_loop_once (libtevent.so.0)
                #6  0x00007f5034e8326b tevent_common_loop_wait (libtevent.so.0)
                #7  0x00007f5034e87217 std_event_loop_wait (libtevent.so.0)
                #8  0x00007f5038c20c53 server_loop (libsss_util.so)
                #9  0x00005558ca26cf0b main (sssd_nss)
                #10 0x00007f503441803a __libc_start_main (libc.so.6)
                #11 0x00005558ca26cf8a _start (sssd_nss)

           PID: 31898 (sssd_nss)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 7 (BUS)
     Timestamp: Thu 2017-09-21 04:34:36 EDT (1h 22min ago)
  Command Line: /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
    Executable: /usr/libexec/sssd/sssd_nss
 Control Group: /system.slice/sssd.service
          Unit: sssd.service
         Slice: system.slice
       Boot ID: a9165bb26d374913b7bd700309a8a49b
    Machine ID: 85798e17e07f460490da106a2201860f
      Hostname: kvm-02-guest21.testrelm.test
       Storage: /var/lib/systemd/coredump/core.sssd_nss.0.a9165bb26d374913b7bd7
00309a8a49b.31898.1505982876000000.lz4
       Message: Process 31898 (sssd_nss) of user 0 dumped core.

                Stack trace of thread 31898:
                #0  0x000055dfeb471978 cache_req_search_domains_next (sssd_nss)
                #1  0x000055dfeb471e0d cache_req_search_domains_done (sssd_nss)
                #2  0x00007f11d315fa24 tevent_common_loop_immediate
(libtevent.so.0)
                #3  0x00007f11d3164c1b epoll_event_loop_once (libtevent.so.0)
                #4  0x00007f11d3163277 std_event_loop_once (libtevent.so.0)
                #5  0x00007f11d315f04d _tevent_loop_once (libtevent.so.0)
                #6  0x00007f11d315f26b tevent_common_loop_wait (libtevent.so.0)
                #7  0x00007f11d3163217 std_event_loop_wait (libtevent.so.0)
                #8  0x00007f11d6efcc53 server_loop (libsss_util.so)
                #9  0x000055dfeb45af0b main (sssd_nss)
                #10 0x00007f11d26f403a __libc_start_main (libc.so.6)
                #11 0x000055dfeb45af8a _start (sssd_nss)
Comment 7 Jakub Hrozek 2017-10-26 08:30:20 UTC 
* master: 0f44eefe2ce75a0814c8688495477f6c57f3d39a
Comment 21 Nikhil Dehadrai 2017-12-06 09:41:30 UTC 
IPA-VERSION: ipa-server-4.5.4-6.el7.x86_64
SSSD-VERSION: sssd-1.16.0-9.el7.x86_64


Verified that the sanity test suite for IPA-ADtrust runs successfully.

Thus marking the status of bug to "VERIFIED".
Comment 25 errata-xmlrpc 2018-04-10 17:18:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0929