Bug 2019553

Summary: [abrt] shadow-utils: spw_free(): newgrp killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Charles Timko <ctimko>
Component: shadow-utilsAssignee: Iker Pedrosa <ipedrosa>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: ipedrosa, pvrabec, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/22037ec58a0b9dea1a41d92afe521a02a65bc00f
Whiteboard: abrt_hash:674cda46df56e7c45bfb489facb31e68640e9d0f;VARIANT_ID=workstation;
Fixed In Version: shadow-utils-4.9-8.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-26 01:22:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: core_backtrace
none
File: cpuinfo
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: open_fds
none
File: proc_pid_status none

Description Charles Timko 2021-11-02 19:49:21 UTC 
Description of problem:
Added my account (which is configured through SSSD) to group wheel, and then calling newgrp triggered the sigsegv.

Version-Release number of selected component:
shadow-utils-2:4.9-3.fc35

Additional info:
reporter:       libreport-2.15.2
backtrace_rating: 4
cgroup:         0::/user.slice/user-4202930.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-f7b5869c-82f3-4f72-986f-15653b5d0667.scope
cmdline:        newgrp wheel
crash_function: spw_free
executable:     /usr/bin/newgrp
journald_cursor: s=d9599decfbf44dfbba374eb07f3bb98e;i=12df;b=bba89e2a3dc24be8a0d38b4a9ee7327b;m=6b14647d;t=5cfd36b6e988f;x=ca78ae0ca848010d
kernel:         5.14.10-300.fc35.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            4202930

Truncated backtrace:
Thread no. 1 (2 frames)
 #0 spw_free at ../lib/shadowmem.c:82
 #1 check_perms at /usr/src/debug/shadow-utils-4.9-3.fc35.x86_64/src/newgrp.c:167
Comment 1 Charles Timko 2021-11-02 19:49:23 UTC 
Created attachment 1839344 [details]
File: backtrace
Comment 2 Charles Timko 2021-11-02 19:49:25 UTC 
Created attachment 1839345 [details]
File: core_backtrace
Comment 3 Charles Timko 2021-11-02 19:49:26 UTC 
Created attachment 1839346 [details]
File: cpuinfo
Comment 4 Charles Timko 2021-11-02 19:49:28 UTC 
Created attachment 1839347 [details]
File: dso_list
Comment 5 Charles Timko 2021-11-02 19:49:29 UTC 
Created attachment 1839348 [details]
File: environ
Comment 6 Charles Timko 2021-11-02 19:49:30 UTC 
Created attachment 1839349 [details]
File: exploitable
Comment 7 Charles Timko 2021-11-02 19:49:31 UTC 
Created attachment 1839350 [details]
File: limits
Comment 8 Charles Timko 2021-11-02 19:49:32 UTC 
Created attachment 1839351 [details]
File: maps
Comment 9 Charles Timko 2021-11-02 19:49:33 UTC 
Created attachment 1839352 [details]
File: mountinfo
Comment 10 Charles Timko 2021-11-02 19:49:35 UTC 
Created attachment 1839353 [details]
File: open_fds
Comment 11 Charles Timko 2021-11-02 19:49:36 UTC 
Created attachment 1839354 [details]
File: proc_pid_status
Comment 12 Charles Timko 2021-11-02 20:05:39 UTC 
I followed the steps I have recorded at https://docs.engineering.redhat.com/display/~ctimko/Installing+Fedora+34+or+Fedora+35
Comment 13 Iker Pedrosa 2021-11-08 14:09:47 UTC 
I guess this is happening due to this change https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57

Would you be willing to test a fix that I could prepare?
Comment 14 Charles Timko 2021-11-08 17:53:28 UTC 
I'd be happy to. Let me know when it's ready.
Comment 15 Iker Pedrosa 2021-11-09 09:57:24 UTC 
The test build is available in https://copr.fedorainfracloud.org/coprs/ipedrosa/newgrp-segfault/

Steps to test:
1. dnf copr enable ipedrosa/newgrp-segfault
2. dnf update shadow-utils
3. Test
Comment 16 Charles Timko 2021-11-09 13:44:18 UTC 
I got a GPG Check Failed when trying to do the update:

sudo dnf update shadow-utils
Copr repo for newgrp-segfault owned by ipedrosa                                                                   14 kB/s | 7.6 kB     00:00    
Dependencies resolved.
=================================================================================================================================================
 Package                 Architecture      Version                      Repository                                                          Size
=================================================================================================================================================
Upgrading:
 shadow-utils            x86_64            2:4.9-6test.fc35             copr:copr.fedorainfracloud.org:ipedrosa:newgrp-segfault            1.1 M

Transaction Summary
=================================================================================================================================================
Upgrade  1 Package

Total download size: 1.1 M
Is this ok [y/N]: y
Downloading Packages:
shadow-utils-4.9-6test.fc35.x86_64.rpm                                                                           2.6 MB/s | 1.1 MB     00:00    
-------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                            2.6 MB/s | 1.1 MB     00:00     
Copr repo for newgrp-segfault owned by ipedrosa                                                                  3.7 kB/s | 1.0 kB     00:00    
The GPG keys listed for the "Copr repo for newgrp-segfault owned by ipedrosa" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: shadow-utils-2:4.9-6test.fc35.x86_64
 GPG Keys are configured as: https://download.copr.fedorainfracloud.org/results/ipedrosa/newgrp-segfault/pubkey.gpg
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

I reran it with `sudo dnf update --nogpgcheck shadow-utils` and that installed.

[ctimko@ctimko ~]$ sudo groupadd test_group
[ctimko@ctimko ~]$ sudo usermod -aG test_group ctimko
[ctimko@ctimko ~]$ groups
ctimko wheel devel eso-srt
[ctimko@ctimko ~]$ newgrp test_group
[ctimko@ctimko ~]$ groups
test_group wheel devel eso-srt ctimko

Seems to work as expected now.
Comment 17 Iker Pedrosa 2021-11-11 08:22:20 UTC 
Upstream PR:
    https://github.com/shadow-maint/shadow/pull/437
Comment 18 Iker Pedrosa 2021-11-19 08:28:07 UTC 
master
    newgrp: fix segmentation fault - 497e90751bc0d95cc998b0f06305040563903948
Comment 19 Fedora Update System 2021-11-23 08:48:17 UTC 
FEDORA-2021-380251ce99 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-380251ce99
Comment 20 Fedora Update System 2021-11-24 01:57:08 UTC 
FEDORA-2021-380251ce99 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-380251ce99`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-380251ce99

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 21 Fedora Update System 2021-11-26 01:22:24 UTC 
FEDORA-2021-380251ce99 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.