Description of problem: Seems to happen constantly on a Fedora 21 Beta TC4 FreeIPA server deployed with rolekit, after a client has enrolled in the domain. Version-Release number of selected component: bind-9.9.6-2.fc21 Additional info: reporter: libreport-2.3.0 backtrace_rating: 3 cmdline: /usr/sbin/named -u named crash_function: gssapi_destroy_signverify_ctx executable: /usr/sbin/named kernel: 3.17.0-301.fc21.x86_64 runlevel: N 3 type: CCpp uid: 25 Truncated backtrace: Thread no. 1 (6 frames) #0 gssapi_destroy_signverify_ctx at /lib64/libdns.so.104 #1 dst_context_create4 at /lib64/libdns.so.104 #2 dns_tsig_verify at /lib64/libdns.so.104 #3 dns_message_checksig at /lib64/libdns.so.104 #4 client_request #5 run at /lib64/libisc.so.95
Created attachment 949159 [details] File: backtrace
Created attachment 949160 [details] File: cgroup
Created attachment 949161 [details] File: core_backtrace
Created attachment 949162 [details] File: dso_list
Created attachment 949163 [details] File: environ
Created attachment 949164 [details] File: exploitable
Created attachment 949165 [details] File: limits
Created attachment 949166 [details] File: maps
Created attachment 949167 [details] File: open_fds
Created attachment 949168 [details] File: proc_pid_status
Created attachment 949169 [details] File: var_log_messages
I deployed the server and client from 21 Beta TC4 Server DVD, set up the server with rolectl deploy (with SELinux permissive to avoid various SELinux issues), then enrolled the client via Cockpit. Immediately thereafter named seemed to start crashing constantly on the server. Had to file the report from my desktop by copying the abrt problem directory off the VM because named just keeps crashing and prevent me reporting it from the VM itself. Nominating as a Beta blocker per criterion "With the Domain Controller role active and correctly configured: Multiple clients must be able to enrol and unenrol in the domain Client systems must be able to authenticate users with Kerberos The FreeIPA configuration web UI must be available and allow at least basic configuration of user accounts and permissions " if named is going to crash constantly after enrolling a client, those requirements and others are effectively broken for both the server and the client, because they can't resolve any names.
bind-9.9.6-3.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/bind-9.9.6-3.fc21
Package bind-9.9.6-3.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing bind-9.9.6-3.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13472/bind-9.9.6-3.fc21 then log in and leave karma (feedback).
Dropping the blocker nomination from this bug. It turns out the crash is in -2, which is not in stable, but rolekit is deploying the package from updates-testing during role deployment. We don't need to pull the fix into the Beta compose, we just need to make sure it's available to rolectl.
*** Bug 1155127 has been marked as a duplicate of this bug. ***
bind-9.9.6-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.