Description of problem: [stef@stef test]$ sudo systemd-coredumpctl gdb sssd_be PID: 8710 (sssd_be) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fr 2014-09-19 15:49:34 CEST (4min 58s ago) Command Line: /usr/libexec/sssd/sssd_be --domain ad.baseos.qe --debug-to-files Executable: /usr/libexec/sssd/sssd_be Control Group: /system.slice/sssd.service Unit: sssd.service Slice: system.slice Boot ID: b053136ee4c14238a140086f0168fc1c Machine ID: 69d27b356a94476da859461d3a3bc6fd Hostname: stef.ad.baseos.qe Coredump: /var/lib/systemd/coredump/core.sssd_be.0.b053136ee4c14238a140086f0168fc1c.8710.1411134574000000.xz Message: Process 8710 (sssd_be) of user 0 dumped core. Stack trace of thread 8710: #0 0x00007f3ea4240c69 be_nsupdate_create_ptr_msg (sssd_be) #1 0x00007f3e951ce5db sdap_dyndns_update_ptr_step (libsss_ldap_common.so) #2 0x00007f3e951ce7c8 sdap_dyndns_update_done (libsss_ldap_common.so) #3 0x00007f3ea423fedc be_nsupdate_done (sssd_be) #4 0x00007f3ea007f6a8 child_invoke_callback (libsss_child.so) #5 0x00007f3ea378c824 tevent_common_loop_immediate (libtevent.so.0) #6 0x00007f3ea379106e epoll_event_loop_once (libtevent.so.0) #7 0x00007f3ea378f787 std_event_loop_once (libtevent.so.0) #8 0x00007f3ea378bfed _tevent_loop_once (libtevent.so.0) #9 0x00007f3ea378c18b tevent_common_loop_wait (libtevent.so.0) #10 0x00007f3ea378f727 std_event_loop_wait (libtevent.so.0) #11 0x00007f3ea39c7913 server_loop (libsss_util.so) #12 0x00007f3ea4236613 main (sssd_be) #13 0x00007f3e9fad30e0 __libc_start_main (libc.so.6) #14 0x00007f3ea42366ca _start (sssd_be) GNU gdb (GDB) Fedora 7.8-20.fc21 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done. done. [New LWP 8710] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/libexec/sssd/sssd_be --domain ad.baseos.qe --debug-to-files'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f3ea4240c69 in nsupdate_msg_add_ptr (old_addresses=0x7f3ea53f17b0, remove_af=<optimized out>, ttl=3600, hostname=0x7f3ea53ca860 "stef.ad.baseos.qe", addresses=0x7f3ea53f02c0, update_msg=0x7f3ea53f35b0 "realm AD.BASEOS.QE\nupdate delete 7.f.5.e.2.2.e.f.f.f.1.d.9.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. in PTR\nsend\n") at src/providers/dp_dyndns.c:309 309 switch(old_record->addr->ss_family) { (gdb) bt #0 0x00007f3ea4240c69 in nsupdate_msg_add_ptr (old_addresses=0x7f3ea53f17b0, remove_af=<optimized out>, ttl=3600, hostname=0x7f3ea53ca860 "stef.ad.baseos.qe", addresses=0x7f3ea53f02c0, update_msg=0x7f3ea53f35b0 "realm AD.BASEOS.QE\nupdate delete 7.f.5.e.2.2.e.f.f.f.1.d.9.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. in PTR\nsend\n") at src/providers/dp_dyndns.c:309 #1 be_nsupdate_create_ptr_msg (mem_ctx=mem_ctx@entry=0x7f3ea53eefa0, realm=<optimized out>, servername=<optimized out>, hostname=0x7f3ea53ca860 "stef.ad.baseos.qe", ttl=3600, remove_af=<optimized out>, addresses=0x7f3ea53f02c0, old_addresses=0x7f3ea53f17b0, _update_msg=0x7f3ea53ef000) at src/providers/dp_dyndns.c:507 #2 0x00007f3e951ce5db in sdap_dyndns_update_ptr_step (req=req@entry=0x7f3ea53eee10) at src/providers/ldap/sdap_dyndns.c:403 #3 0x00007f3e951ce7c8 in sdap_dyndns_update_done (subreq=0x0) at src/providers/ldap/sdap_dyndns.c:379 #4 0x00007f3ea423fedc in be_nsupdate_done (subreq=0x7f3ea53f7ce0) at src/providers/dp_dyndns.c:1057 #5 0x00007f3ea007f6a8 in child_invoke_callback (ev=<optimized out>, imm=<optimized out>, pvt=<optimized out>) at src/util/child_common.c:616 #6 0x00007f3ea378c824 in tevent_common_loop_immediate (ev=ev@entry=0x7f3ea5384670) at ../tevent_immediate.c:135 #7 0x00007f3ea379106e in epoll_event_loop_once (ev=0x7f3ea5384670, location=<optimized out>) at ../tevent_epoll.c:907 #8 0x00007f3ea378f787 in std_event_loop_once (ev=0x7f3ea5384670, location=0x7f3ea39dab18 "src/util/server.c:587") at ../tevent_standard.c:114 #9 0x00007f3ea378bfed in _tevent_loop_once (ev=ev@entry=0x7f3ea5384670, location=location@entry=0x7f3ea39dab18 "src/util/server.c:587") at ../tevent.c:530 #10 0x00007f3ea378c18b in tevent_common_loop_wait (ev=0x7f3ea5384670, location=0x7f3ea39dab18 "src/util/server.c:587") at ../tevent.c:634 #11 0x00007f3ea378f727 in std_event_loop_wait (ev=0x7f3ea5384670, location=0x7f3ea39dab18 "src/util/server.c:587") at ../tevent_standard.c:140 #12 0x00007f3ea39c7913 in server_loop (main_ctx=0x7f3ea5385a40) at src/util/server.c:587 #13 0x00007f3ea4236613 in main (argc=4, argv=<optimized out>) at src/providers/data_provider_be.c:2821 (gdb) p old_record $1 = (struct sss_iface_addr *) 0x7f3ea53ee710 (gdb) p old_record->addr $2 = (struct sockaddr_storage *) 0x80 Version-Release number of selected component (if applicable): sssd-common-1.12.0-7.fc21.x86_64 How reproducible: Right now it's easily reproducible, but only on one machine. Steps to Reproduce: 1. realm join --user Bender-admin ad.baseos.qe 2. getent passwd Bender.QE Actual results: Crash and no output from getent. Expected results: Proper output from getent.
[stef@stef test]$ sudo cat /etc/sssd/sssd.conf [sssd] domains = ad.baseos.qe config_file_version = 2 services = nss, pam debug_level = 0x00F0 [nss] default_shell = /bin/bash [ssh] [sudo] [domain/ad.baseos.qe] ad_domain = ad.baseos.qe krb5_realm = AD.BASEOS.QE realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/sh ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u access_provider = ad
Work around: dyndns_update = false
Can you upgrade to 1.12.1 (should be in updates-testing) ? IIRC Lukas fixed some kind of use-after-free in the dyndns code recently..
Yes, it is already fixed in newer version. Please retest with sssd-1.12.1-2.fc21 and add karma https://admin.fedoraproject.org/updates/FEDORA-2014-10547/sssd-1.12.1-2.fc21 LS