Bug 1071823 - sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Summary: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1093795 (view as bug list)
Depends On: 1051164
Blocks: 994246
TreeView+ depends on / blocked
 
Reported: 2014-03-03 08:56 UTC by Christian Horn
Modified: 2018-12-06 15:59 UTC (History)
9 users (show)

Fixed In Version: sssd-1.11.5.1-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Hostid backend was used even when unconfigured Consequence: SSSD crashes when connecting via ssh Fix: Check that hostid backend is configured properly Result: SSSD no longer crashes when hostid backend is not configured
Clone Of:
Environment:
Last Closed: 2014-10-14 04:48:06 UTC


Attachments (Terms of Use)
sosreport of affected system (6.27 MB, application/x-xz)
2014-03-03 09:02 UTC, Christian Horn
no flags Details
coredump (450.37 KB, application/x-gzip)
2014-03-03 09:11 UTC, Christian Horn
no flags Details
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used (6.28 MB, application/x-xz)
2014-03-03 09:14 UTC, Christian Horn
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1375 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC
Red Hat Knowledge Base (Solution) 745093 None None None Never

Description Christian Horn 2014-03-03 08:56:31 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Christian Horn 2014-03-03 09:00:17 UTC
Sorry, one "return" too much.

Description of problem:
  sssd_be segfault

Version-Release number of selected component (if applicable):
  current

How reproducible:
  always

Steps to Reproduce:
1. deploy SSSD and sssd.conf from sosreport
2. prepare pam config as per sosreport (basically deployed by authconfig to use sssd)
3. start sssd
4. "ssh chorn@localhost"

Actual results:
Mar  3 08:49:57 rhel6u4a kernel: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Mar  3 08:49:58 rhel6u4a abrt[1514]: Saved core dump of pid 1507 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2014-03-03-08:49:57-1507 (1253376 bytes)
Mar  3 08:49:58 rhel6u4a abrtd: Directory 'ccpp-2014-03-03-08:49:57-1507' creation detected
Mar  3 08:49:58 rhel6u4a sssd[be[fluxcoil.net]]: Starting up
Mar  3 08:49:59 rhel6u4a abrtd: Package 'sssd' isn't signed with proper key
Mar  3 08:49:59 rhel6u4a abrtd: 'post-create' on '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507' exited with 1
Mar  3 08:49:59 rhel6u4a abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507'


Expected results:
No segfault

Additional info:
I can also supply the KVM guest who contains this, in case it turns out harder to reproduce than asumed.

Comment 3 Christian Horn 2014-03-03 09:02:42 UTC
Created attachment 869858 [details]
sosreport of affected system

Comment 4 Christian Horn 2014-03-03 09:11:00 UTC
Created attachment 869860 [details]
coredump

Comment 5 Christian Horn 2014-03-03 09:14:16 UTC
Created attachment 869861 [details]
sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used

Comment 6 Jakub Hrozek 2014-03-03 09:21:32 UTC
Pavel, can you try and reproduce the bug using Christian's config?

Comment 7 Pavel Reichl 2014-03-05 10:46:12 UTC
To replicate the bug it was needed to have:

GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

in /etc/ssh/sshd_config

The bug itself is reproducible only in SSSD 1.9 because in later releases it was fixed by:

https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e

SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need for any other action.

Comment 8 Christian Horn 2014-03-05 12:51:10 UTC
(In reply to Pavel Reichl from comment #7)
> To replicate the bug it was needed to have:
> 
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
> 
> in /etc/ssh/sshd_config
Good investigation!
I think these are the defaults deployed from kickstart.. did you have tuned these on your testsystem then and thus not hit the issue initially?

> The bug itself is reproducible only in SSSD 1.9 because in later releases it
> was fixed by:
> https://git.fedorahosted.org/cgit/sssd.git/commit/
> ?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e
I have the issue documented in kbase https://access.redhat.com/site/solutions/745093 so we have good chances that others hitting this will map it easily to the bz here.

> SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> for any other action.
Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for happening inside of a z-stream..

For me it sounds ok to wait for a rebase to solve this, we have not yet seen this in customer environments.

Comment 9 Pavel Reichl 2014-03-05 13:10:13 UTC
Sorry for misunderstanding, I meant that it will be solved on next RHEL 6 release bz1051164 (no 6.5.z stream is planned).

> I think these are the defaults deployed from kickstart.. did you have tuned 
> these on your testsystem then and thus not hit the issue initially?

They were not in my default sshd_config.

Comment 10 Christian Horn 2014-03-05 13:13:33 UTC
(In reply to Pavel Reichl from comment #9)
> Sorry for misunderstanding, I meant that it will be solved on next RHEL 6
> release bz1051164 (no 6.5.z stream is planned).
Ok, thanks for clearing up.

Comment 11 Jakub Hrozek 2014-03-05 13:44:17 UTC
(In reply to Christian Horn from comment #8)
> > SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need
> > for any other action.
> Rebase is planned inside of 6.5.z stream then?  Sounds quite heavy for
> happening inside of a z-stream..
> 
> For me it sounds ok to wait for a rebase to solve this, we have not yet seen
> this in customer environments.

No, the rebase is coming up in 6.6. We would backport this specific fix in case a customer hits the issue.

FWIW, the SSSD has a mechanism to restart the worker processes in case of a failure. So even though a segfault is bad, it should only disrupt the one operation in progress, not the whole setup.

Comment 12 Jakub Hrozek 2014-03-05 16:08:26 UTC
The upstream fix was 3082504f4fb4e4efdc50c99369204e5b2cfac40e

Comment 13 Jakub Hrozek 2014-03-17 21:55:11 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1751

Comment 15 Brian J. Murrell 2014-05-04 18:46:17 UTC
(In reply to Jakub Hrozek from comment #11)
> We would backport this specific fix in
> case a customer hits the issue.

It is: 1093795.

Comment 16 Jakub Hrozek 2014-05-05 13:17:21 UTC
*** Bug 1093795 has been marked as a duplicate of this bug. ***

Comment 17 Jeremy Agee 2014-09-12 21:14:05 UTC
Marking verified.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Command 'ssh_user_password_login sshtestuser@sssdad.com Secret123' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/messages' should not contain 'sssd_be\[[0-9]*\]: segfault' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'HostID back end target is not configured' 
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured

Comment 18 errata-xmlrpc 2014-10-14 04:48:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html


Note You need to log in before you can comment on or make changes to this bug.