Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1071823

Summary: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Product: Red Hat Enterprise Linux 6 Reporter: Christian Horn <chorn>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: brian.murrell, dpal, grajaiya, jagee, jgalipea, lslebodn, mkosek, pbrezina, preichl
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.11.5.1-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Hostid backend was used even when unconfigured Consequence: SSSD crashes when connecting via ssh Fix: Check that hostid backend is configured properly Result: SSSD no longer crashes when hostid backend is not configured
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 04:48:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1051164    
Bug Blocks: 994246    
Attachments:
Description Flags
sosreport of affected system
none
coredump
none
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used none

Description Christian Horn 2014-03-03 08:56:31 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Christian Horn 2014-03-03 09:00:17 UTC 
Sorry, one "return" too much.

Description of problem:
  sssd_be segfault

Version-Release number of selected component (if applicable):
  current

How reproducible:
  always

Steps to Reproduce:
1. deploy SSSD and sssd.conf from sosreport
2. prepare pam config as per sosreport (basically deployed by authconfig to use sssd)
3. start sssd
4. "ssh chorn@localhost"

Actual results:
Mar  3 08:49:57 rhel6u4a kernel: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Mar  3 08:49:58 rhel6u4a abrt[1514]: Saved core dump of pid 1507 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2014-03-03-08:49:57-1507 (1253376 bytes)
Mar  3 08:49:58 rhel6u4a abrtd: Directory 'ccpp-2014-03-03-08:49:57-1507' creation detected
Mar  3 08:49:58 rhel6u4a sssd[be[fluxcoil.net]]: Starting up
Mar  3 08:49:59 rhel6u4a abrtd: Package 'sssd' isn't signed with proper key
Mar  3 08:49:59 rhel6u4a abrtd: 'post-create' on '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507' exited with 1
Mar  3 08:49:59 rhel6u4a abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507'


Expected results:
No segfault

Additional info:
I can also supply the KVM guest who contains this, in case it turns out harder to reproduce than asumed.
Comment 3 Christian Horn 2014-03-03 09:02:42 UTC 
Created attachment 869858 [details]
sosreport of affected system
Comment 4 Christian Horn 2014-03-03 09:11:00 UTC 
Created attachment 869860 [details]
coredump
Comment 5 Christian Horn 2014-03-03 09:14:16 UTC 
Created attachment 869861 [details]
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used
Comment 6 Jakub Hrozek 2014-03-03 09:21:32 UTC 
Pavel, can you try and reproduce the bug using Christian's config?
Comment 7 Pavel Reichl 2014-03-05 10:46:12 UTC 
To replicate the bug it was needed to have:

GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

in /etc/ssh/sshd_config

The bug itself is reproducible only in SSSD 1.9 because in later releases it was fixed by:

https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e

SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need for any other action.
Comment 8 Christian Horn 2014-03-05 12:51:10 UTC 
(In reply to Pavel Reichl from comment #7)
> To replicate the bug it was needed to have:
> 
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
> 
> in /etc/ssh/sshd_config
Good investigation!
I think these are the defaults deployed from kickstart.. did you have tuned these on your testsystem then and thus not hit the issue initially?

> The bug itself is reproducible only in SSSD 1.9 because in later releases it
> was fixed by:
> https://git.fedorahosted.org/cgit/sssd.git/commit/
> ?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e
I have the issue documented in kbase https://access.redhat.com/site/solutions/745093 so we have good chances that others hitting this will map it easily to the bz here.

> SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> for any other action.
Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for happening inside of a z-stream..

For me it sounds ok to wait for a rebase to solve this, we have not yet seen this in customer environments.
Comment 9 Pavel Reichl 2014-03-05 13:10:13 UTC 
Sorry for misunderstanding, I meant that it will be solved on next RHEL 6 release bz1051164 (no 6.5.z stream is planned).

> I think these are the defaults deployed from kickstart.. did you have tuned 
> these on your testsystem then and thus not hit the issue initially?

They were not in my default sshd_config.
Comment 10 Christian Horn 2014-03-05 13:13:33 UTC 
(In reply to Pavel Reichl from comment #9)
> Sorry for misunderstanding, I meant that it will be solved on next RHEL 6
> release bz1051164 (no 6.5.z stream is planned).
Ok, thanks for clearing up.
Comment 11 Jakub Hrozek 2014-03-05 13:44:17 UTC 
(In reply to Christian Horn from comment #8)
> > SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> > for any other action.
> Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for
> happening inside of a z-stream..
> 
> For me it sounds ok to wait for a rebase to solve this, we have not yet seen
> this in customer environments.

No, the rebase is coming up in 6.6. We would backport this specific fix in case a customer hits the issue.

FWIW, the SSSD has a mechanism to restart the worker processes in case of a failure. So even though a segfault is bad, it should only disrupt the one operation in progress, not the whole setup.
Comment 12 Jakub Hrozek 2014-03-05 16:08:26 UTC 
The upstream fix was 3082504f4fb4e4efdc50c99369204e5b2cfac40e
Comment 13 Jakub Hrozek 2014-03-17 21:55:11 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1751
Comment 15 Brian J. Murrell 2014-05-04 18:46:17 UTC 
(In reply to Jakub Hrozek from comment #11)
> We would backport this specific fix in
> case a customer hits the issue.

It is: 1093795.
Comment 16 Jakub Hrozek 2014-05-05 13:17:21 UTC 
*** Bug 1093795 has been marked as a duplicate of this bug. ***
Comment 17 Jeremy Agee 2014-09-12 21:14:05 UTC 
Marking verified.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Command 'ssh_user_password_login sshtestuser Secret123' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/messages' should not contain 'sssd_be\[[0-9]*\]: segfault' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'HostID back end target is not configured' 
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
Comment 18 errata-xmlrpc 2014-10-14 04:48:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html