RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1071823 - sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Summary: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1093795 (view as bug list)
Depends On: 1051164
Blocks: 994246
TreeView+ depends on / blocked
 
Reported: 2014-03-03 08:56 UTC by Christian Horn
Modified: 2020-05-02 17:13 UTC (History)
9 users (show)

Fixed In Version: sssd-1.11.5.1-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Hostid backend was used even when unconfigured Consequence: SSSD crashes when connecting via ssh Fix: Check that hostid backend is configured properly Result: SSSD no longer crashes when hostid backend is not configured
Clone Of:
Environment:
Last Closed: 2014-10-14 04:48:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
sosreport of affected system (6.27 MB, application/x-xz)
2014-03-03 09:02 UTC, Christian Horn 		no flags Details
coredump (450.37 KB, application/x-gzip)
2014-03-03 09:11 UTC, Christian Horn 		no flags Details
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used (6.28 MB, application/x-xz)
2014-03-03 09:14 UTC, Christian Horn 		no flags Details
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2793 0 None closed [abrt] sssd-1.9.3-1.fc18: be_host_handler: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 2021-02-03 13:43:44 UTC
Red Hat Knowledge Base (Solution) 745093 0 None None None Never
Red Hat Product Errata RHBA-2014:1375 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC

Description Christian Horn 2014-03-03 08:56:31 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Christian Horn 2014-03-03 09:00:17 UTC 
Sorry, one "return" too much.

Description of problem:
  sssd_be segfault

Version-Release number of selected component (if applicable):
  current

How reproducible:
  always

Steps to Reproduce:
1. deploy SSSD and sssd.conf from sosreport
2. prepare pam config as per sosreport (basically deployed by authconfig to use sssd)
3. start sssd
4. "ssh chorn@localhost"

Actual results:
Mar  3 08:49:57 rhel6u4a kernel: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Mar  3 08:49:58 rhel6u4a abrt[1514]: Saved core dump of pid 1507 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2014-03-03-08:49:57-1507 (1253376 bytes)
Mar  3 08:49:58 rhel6u4a abrtd: Directory 'ccpp-2014-03-03-08:49:57-1507' creation detected
Mar  3 08:49:58 rhel6u4a sssd[be[fluxcoil.net]]: Starting up
Mar  3 08:49:59 rhel6u4a abrtd: Package 'sssd' isn't signed with proper key
Mar  3 08:49:59 rhel6u4a abrtd: 'post-create' on '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507' exited with 1
Mar  3 08:49:59 rhel6u4a abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507'


Expected results:
No segfault

Additional info:
I can also supply the KVM guest who contains this, in case it turns out harder to reproduce than asumed.
Comment 3 Christian Horn 2014-03-03 09:02:42 UTC 
Created attachment 869858 [details]
sosreport of affected system
Comment 4 Christian Horn 2014-03-03 09:11:00 UTC 
Created attachment 869860 [details]
coredump
Comment 5 Christian Horn 2014-03-03 09:14:16 UTC 
Created attachment 869861 [details]
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used
Comment 6 Jakub Hrozek 2014-03-03 09:21:32 UTC 
Pavel, can you try and reproduce the bug using Christian's config?
Comment 7 Pavel Reichl 2014-03-05 10:46:12 UTC 
To replicate the bug it was needed to have:

GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

in /etc/ssh/sshd_config

The bug itself is reproducible only in SSSD 1.9 because in later releases it was fixed by:

https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e

SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need for any other action.
Comment 8 Christian Horn 2014-03-05 12:51:10 UTC 
(In reply to Pavel Reichl from comment #7)
> To replicate the bug it was needed to have:
> 
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
> 
> in /etc/ssh/sshd_config
Good investigation!
I think these are the defaults deployed from kickstart.. did you have tuned these on your testsystem then and thus not hit the issue initially?

> The bug itself is reproducible only in SSSD 1.9 because in later releases it
> was fixed by:
> https://git.fedorahosted.org/cgit/sssd.git/commit/
> ?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e
I have the issue documented in kbase https://access.redhat.com/site/solutions/745093 so we have good chances that others hitting this will map it easily to the bz here.

> SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> for any other action.
Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for happening inside of a z-stream..

For me it sounds ok to wait for a rebase to solve this, we have not yet seen this in customer environments.
Comment 9 Pavel Reichl 2014-03-05 13:10:13 UTC 
Sorry for misunderstanding, I meant that it will be solved on next RHEL 6 release bz1051164 (no 6.5.z stream is planned).

> I think these are the defaults deployed from kickstart.. did you have tuned 
> these on your testsystem then and thus not hit the issue initially?

They were not in my default sshd_config.
Comment 10 Christian Horn 2014-03-05 13:13:33 UTC 
(In reply to Pavel Reichl from comment #9)
> Sorry for misunderstanding, I meant that it will be solved on next RHEL 6
> release bz1051164 (no 6.5.z stream is planned).
Ok, thanks for clearing up.
Comment 11 Jakub Hrozek 2014-03-05 13:44:17 UTC 
(In reply to Christian Horn from comment #8)
> > SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> > for any other action.
> Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for
> happening inside of a z-stream..
> 
> For me it sounds ok to wait for a rebase to solve this, we have not yet seen
> this in customer environments.

No, the rebase is coming up in 6.6. We would backport this specific fix in case a customer hits the issue.

FWIW, the SSSD has a mechanism to restart the worker processes in case of a failure. So even though a segfault is bad, it should only disrupt the one operation in progress, not the whole setup.
Comment 12 Jakub Hrozek 2014-03-05 16:08:26 UTC 
The upstream fix was 3082504f4fb4e4efdc50c99369204e5b2cfac40e
Comment 13 Jakub Hrozek 2014-03-17 21:55:11 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1751
Comment 15 Brian J. Murrell 2014-05-04 18:46:17 UTC 
(In reply to Jakub Hrozek from comment #11)
> We would backport this specific fix in
> case a customer hits the issue.

It is: 1093795.
Comment 16 Jakub Hrozek 2014-05-05 13:17:21 UTC 
*** Bug 1093795 has been marked as a duplicate of this bug. ***
Comment 17 Jeremy Agee 2014-09-12 21:14:05 UTC 
Marking verified.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Command 'ssh_user_password_login sshtestuser Secret123' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/messages' should not contain 'sssd_be\[[0-9]*\]: segfault' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'HostID back end target is not configured' 
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
Comment 18 errata-xmlrpc 2014-10-14 04:48:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html
Note You need to log in before you can comment on or make changes to this bug.