Bug 727829

Summary: kinit: sendto_kdc.c:617: cm_get_ssflags: Assertion `i < selstate->nfds' failed.
Product: [Fedora] Fedora Reporter: Jeff Layton <jlayton>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: nalin, rjones, steved
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: krb5-1.9.1-12.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-30 15:22:05 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
core from kinit in krb5-workstation-1.9.1-8.fc16.x86_64 none

Description Jeff Layton 2011-08-03 06:59:45 EDT
krb5 1.9.1-8.fc16 throws the following error when I try to kinit:

$ kinit
kinit: sendto_kdc.c:617: cm_get_ssflags: Assertion `i < selstate->nfds' failed.

...and the process gets a SIGABRT. I downgraded it to 1.9.1-5.fc16 and the problem went away. Let me know if you need other info or a core.
Comment 1 Nalin Dahyabhai 2011-08-05 12:06:52 EDT
I think I'm going to need that backtrace (and a core, too, if you have one) please, because it's not trivially reproducing here.
Comment 2 Jeff Layton 2011-08-05 12:46:35 EDT
Created attachment 516922 [details]
core from kinit in krb5-workstation-1.9.1-8.fc16.x86_64

Here a gzipped core from kinit. Let me know if you need other info.
Comment 3 Jeff Layton 2011-08-08 09:47:06 EDT
Weird...this morning, the machine just started working. Over the weekend, I patched the machine, and the following packages got updated:

Aug 07 20:44:42 Updated: 1:perl-Pod-Escapes-1.04-185.fc17.noarch
Aug 07 20:44:43 Updated: perl-threads-1.83-185.fc17.x86_64
Aug 07 20:44:43 Updated: perl-Scalar-List-Utils-1.23-185.fc17.x86_64
Aug 07 20:44:44 Updated: perl-threads-shared-1.37-185.fc17.x86_64
Aug 07 20:44:44 Updated: 4:perl-macros-5.14.1-185.fc17.x86_64
Aug 07 20:44:45 Updated: 4:perl-libs-5.14.1-185.fc17.x86_64
Aug 07 20:44:46 Updated: 1:perl-Module-Pluggable-3.90-185.fc17.noarch
Aug 07 20:44:46 Updated: perl-PathTools-3.33-185.fc17.x86_64
Aug 07 20:44:47 Updated: 1:perl-Pod-Simple-3.16-185.fc17.noarch
Aug 07 20:45:01 Updated: 4:perl-5.14.1-185.fc17.x86_64
Aug 07 20:45:02 Updated: 1:perl-Digest-SHA-5.61-185.fc17.x86_64
Aug 07 20:45:02 Updated: perl-HTTP-Tiny-0.012-185.fc17.noarch
Aug 07 20:45:03 Updated: perl-ExtUtils-MakeMaker-6.57.5-185.fc17.noarch
Aug 07 20:45:04 Updated: perl-CPAN-1.9600-185.fc17.noarch
Aug 07 20:45:05 Updated: perl-Test-Harness-3.23-185.fc17.noarch
Aug 07 20:45:07 Updated: 4:perl-devel-5.14.1-185.fc17.x86_64
Aug 07 20:45:08 Updated: 1:perl-ExtUtils-ParseXS-2.2210-185.fc17.noarch
Aug 07 20:45:09 Updated: file-libs-5.08-1.fc17.x86_64
Aug 07 20:45:09 Updated: 1:cups-libs-1.5.0-2.fc17.x86_64
Aug 07 20:45:10 Updated: freetype-2.4.6-1.fc17.x86_64
Aug 07 20:46:25 Updated: kernel-debuginfo-common-x86_64-3.1.0-0.rc0.git21.1.fc17.x86_64
Aug 07 20:46:26 Installed: netxen-firmware-4.0.534-4.fc15.noarch
Aug 07 20:46:30 Updated: linux-firmware-20110731-2.fc17.noarch
Aug 07 20:46:53 Updated: selinux-policy-3.10.0-16.fc17.noarch
Aug 07 20:47:37 Updated: selinux-policy-targeted-3.10.0-16.fc17.noarch
Aug 07 20:49:55 Updated: kernel-debuginfo-3.1.0-0.rc0.git21.1.fc17.x86_64
Aug 07 20:49:57 Updated: freetype-devel-2.4.6-1.fc17.x86_64
Aug 07 20:50:00 Updated: 1:cups-devel-1.5.0-2.fc17.x86_64
Aug 07 20:50:00 Updated: file-5.08-1.fc17.x86_64
Aug 07 20:50:01 Updated: perl-ExtUtils-Embed-1.30-185.fc17.noarch
Aug 07 20:50:02 Updated: gpm-libs-1.20.6-18.fc17.x86_64
Aug 07 20:50:05 Updated: yum-3.4.3-6.fc17.noarch
Aug 07 20:50:05 Updated: xemacs-filesystem-21.5.31-2.fc17.noarch
Aug 07 20:50:12 Updated: fedora-logos-16.0.0-1.fc17.noarch
Aug 07 20:50:18 Updated: kernel-headers-3.1.0-0.rc0.git21.1.fc17.x86_64
Aug 07 20:50:34 Installed: kernel-3.1.0-0.rc0.git21.1.fc17.x86_64

...nothing there really stands out as being something that would affect kinit though (except maybe the selinux policy update?). I also tried booting to the older kernel and kinit still worked, so it apparently wasn't the kernel upgrade that fixed it. I'm at a loss...
Comment 4 Richard W.M. Jones 2011-08-25 07:36:23 EDT
(gdb) run
Starting program: /usr/bin/kinit 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
kinit: sendto_kdc.c:617: cm_get_ssflags: Assertion `i < selstate->nfds' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff606b355 in __GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install nss-mdns-0.10-9.fc15.x86_64 sssd-client-1.6.0-2.fc16.x86_64
(gdb) bt
#0  0x00007ffff606b355 in __GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff606cc6b in __GI_abort () at abort.c:93
#2  0x00007ffff6063cce in __assert_fail_base (fmt=<optimized out>, 
    assertion=0x7ffff731ca3f "i < selstate->nfds", 
    file=0x7ffff731ca1f "sendto_kdc.c", line=<optimized out>, 
    function=<optimized out>) at assert.c:96
#3  0x00007ffff6063d72 in __GI___assert_fail (
    assertion=0x7ffff731ca3f "i < selstate->nfds", 
    file=0x7ffff731ca1f "sendto_kdc.c", line=617, 
    function=0x7ffff731d1d0 "cm_get_ssflags") at assert.c:105
#4  0x00007ffff72e41d0 in cm_get_ssflags (fd=<optimized out>, 
    selstate=<optimized out>) at sendto_kdc.c:617
#5  service_fds (context=0x7ffff82000f0, selstate=0x7ffff8205ab0, 
    conns=0x7ffff82058a0, n_conns=2, winning_conn=0x7fffffffc884, 
    msg_handler=0x7ffff72e36f0 <check_for_svc_unavailable>, 
    msg_handler_data=0x7fffffffc964) at sendto_kdc.c:1158
#6  0x00007ffff72e4a5e in krb5int_sendto (context=0x7ffff82000f0, 
    message=0x10, addrs=<optimized out>, callback_info=0x0, 
    reply=0x7fffffffc9d0, localaddr=0x0, localaddrlen=0x0, remoteaddr=0x0, 
    remoteaddrlen=0x0, addr_used=0x7fffffffc960, 
    msg_handler=0x7ffff72e36f0 <check_for_svc_unavailable>, 
    msg_handler_data=0x7fffffffc964) at sendto_kdc.c:1299
#7  0x00007ffff72e5323 in krb5_sendto_kdc (context=0x7ffff82000f0, 
    message=0x7fffffffc9c0, realm=0x7fffffffc9e0, reply=0x7fffffffc9d0, 
    use_master=0x7fffffffcbe8, tcp_only=<optimized out>) at sendto_kdc.c:404
#8  0x00007ffff72b866b in init_creds_get (context=0x7ffff82000f0, 
    ctx=0x7ffff8202c20, use_master=0x7fffffffcbe8) at get_in_tkt.c:579
#9  0x00007ffff72b881c in krb5int_get_init_creds (context=0x7ffff82000f0, 
    creds=0x7fffffffddc0, client=<optimized out>, prompter=<optimized out>, 
    prompter_data=<optimized out>, start_time=<optimized out>, 
    in_tkt_service=0x0, options=0x7ffff8202b80, 
    gak_fct=0x7ffff72b9ce0 <krb5_get_as_key_password>, 
    gak_data=0x7fffffffcb90, use_master=0x7fffffffcbe8, 
    as_reply=0x7fffffffcbd0) at get_in_tkt.c:1622
#10 0x00007ffff72ba15f in krb5_get_init_creds_password (
    context=0x7ffff82000f0, creds=0x7fffffffddc0, client=0x7ffff8200fc0, 
    password=<optimized out>, prompter=0x7ffff7ffd570 <kinit_prompter>, 
    data=0x0, start_time=0, in_tkt_service=0x0, options=0x7ffff8202b80)
    at gic_pwd.c:257
#11 0x00007ffff7ffcea4 in k5_kinit (k5=0x7fffffffdeb0, opts=0x7fffffffde40)
    at kinit.c:696
#12 main (argc=<optimized out>, argv=<optimized out>) at kinit.c:809
Comment 5 Nalin Dahyabhai 2011-08-31 13:49:24 EDT
Okay, I can reproduce it now -- we hit it reliably if the client tries to contact a KDC that's down or not running before contacting one which would answer our requests.
Comment 6 Fedora Update System 2011-08-31 14:24:10 EDT
krb5-1.9.1-10.fc16 has been submitted as an update for Fedora 16.
Comment 7 Fedora Update System 2011-08-31 17:43:17 EDT
Package krb5-1.9.1-10.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.9.1-10.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2011-09-01 15:02:19 EDT
Package krb5-1.9.1-11.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.9.1-11.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2011-09-09 11:08:45 EDT
Package krb5-1.9.1-12.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.9.1-12.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 10 Fedora Update System 2011-09-30 15:21:59 EDT
krb5-1.9.1-12.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.