Red Hat Bugzilla – Bug 1071823
sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000]
Last modified: 2014-10-14 00:48:06 EDT
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Sorry, one "return" too much. Description of problem: sssd_be segfault Version-Release number of selected component (if applicable): current How reproducible: always Steps to Reproduce: 1. deploy SSSD and sssd.conf from sosreport 2. prepare pam config as per sosreport (basically deployed by authconfig to use sssd) 3. start sssd 4. "ssh chorn@localhost" Actual results: Mar 3 08:49:57 rhel6u4a kernel: sssd_be[1507]: segfault at 8 ip 000000000040f68c sp 00007fff22d76f30 error 4 in sssd_be[400000+8c000] Mar 3 08:49:58 rhel6u4a abrt[1514]: Saved core dump of pid 1507 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2014-03-03-08:49:57-1507 (1253376 bytes) Mar 3 08:49:58 rhel6u4a abrtd: Directory 'ccpp-2014-03-03-08:49:57-1507' creation detected Mar 3 08:49:58 rhel6u4a sssd[be[fluxcoil.net]]: Starting up Mar 3 08:49:59 rhel6u4a abrtd: Package 'sssd' isn't signed with proper key Mar 3 08:49:59 rhel6u4a abrtd: 'post-create' on '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507' exited with 1 Mar 3 08:49:59 rhel6u4a abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2014-03-03-08:49:57-1507' Expected results: No segfault Additional info: I can also supply the KVM guest who contains this, in case it turns out harder to reproduce than asumed.
Created attachment 869858 [details] sosreport of affected system
Created attachment 869860 [details] coredump
Created attachment 869861 [details] sosreport of affected system. sssd-1.9.2-129.el6 from RHEL6.5GA used
Pavel, can you try and reproduce the bug using Christian's config?
To replicate the bug it was needed to have: GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts PubkeyAuthentication yes ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h in /etc/ssh/sshd_config The bug itself is reproducible only in SSSD 1.9 because in later releases it was fixed by: https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need for any other action.
(In reply to Pavel Reichl from comment #7) > To replicate the bug it was needed to have: > > GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts > PubkeyAuthentication yes > ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h > > in /etc/ssh/sshd_config Good investigation! I think these are the defaults deployed from kickstart.. did you have tuned these on your testsystem then and thus not hit the issue initially? > The bug itself is reproducible only in SSSD 1.9 because in later releases it > was fixed by: > https://git.fedorahosted.org/cgit/sssd.git/commit/ > ?id=3082504f4fb4e4efdc50c99369204e5b2cfac40e I have the issue documented in kbase https://access.redhat.com/site/solutions/745093 so we have good chances that others hitting this will map it easily to the bz here. > SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need > for any other action. Rebase is planned inside of 6.5.z stream then? Sounds quite heavy for happening inside of a z-stream.. For me it sounds ok to wait for a rebase to solve this, we have not yet seen this in customer environments.
Sorry for misunderstanding, I meant that it will be solved on next RHEL 6 release bz1051164 (no 6.5.z stream is planned). > I think these are the defaults deployed from kickstart.. did you have tuned > these on your testsystem then and thus not hit the issue initially? They were not in my default sshd_config.
(In reply to Pavel Reichl from comment #9) > Sorry for misunderstanding, I meant that it will be solved on next RHEL 6 > release bz1051164 (no 6.5.z stream is planned). Ok, thanks for clearing up.
(In reply to Christian Horn from comment #8) > > SSSD 1.11 should be soon supported on RHEL 6.5 so there is probably no need > > for any other action. > Rebase is planned inside of 6.5.z stream then? Sounds quite heavy for > happening inside of a z-stream.. > > For me it sounds ok to wait for a rebase to solve this, we have not yet seen > this in customer environments. No, the rebase is coming up in 6.6. We would backport this specific fix in case a customer hits the issue. FWIW, the SSSD has a mechanism to restart the worker processes in case of a failure. So even though a segfault is bad, it should only disrupt the one operation in progress, not the whole setup.
The upstream fix was 3082504f4fb4e4efdc50c99369204e5b2cfac40e
Upstream ticket: https://fedorahosted.org/sssd/ticket/1751
(In reply to Jakub Hrozek from comment #11) > We would backport this specific fix in > case a customer hits the issue. It is: 1093795.
*** Bug 1093795 has been marked as a duplicate of this bug. ***
Marking verified. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Command 'ssh_user_password_login sshtestuser@sssdad.com Secret123' (Expected 0, got 0) :: [ PASS ] :: File '/var/log/messages' should not contain 'sssd_be\[[0-9]*\]: segfault' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'HostID back end target is not configured' :: [ LOG ] :: Duration: 13s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: sss_ssh_knownhostsproxy001: bz 1071823 segfault when HostID back end target is not configured
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1375.html