1261023 – login via ssh as remote user often fails with: "Write failed: Broken pipe"

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1261023 - login via ssh as remote user often fails with: "Write failed: Broken pipe"

Summary: login via ssh as remote user often fails with: "Write failed: Broken pipe"

Keywords:
Status:	CLOSED DUPLICATE of bug 1263134
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-08 12:46 UTC by Patrik Kis
Modified:	2015-10-05 07:33 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-15 13:56:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
strace of sshd child (535.22 KB, text/plain) 2015-09-10 12:50 UTC, Sumit Bose	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1262914	0	high	CLOSED	CVE-2015-5277 glibc: data corruption while reading the NSS files database	2023-05-12 23:59:55 UTC

Internal Links: 1262914

Description Patrik Kis 2015-09-08 12:46:56 UTC

Description of problem:
Login attempts via ssh as remote user (AD or IPA) often fails with:

# ssh <user>@<domain>@localhost
<user>@<domain>@localhost's password: 
Write failed: Broken pipe

The problem was observed on the latest RHEL-7.2 test composes; not sure the issue is caused directly by sssd, but I'm clueless (sssd debugs will be attached). The problems were newer seen on RHEL-7.1 machines. The issue appears only time to time, usually after sssd restart. When join to AD is via winbind the problem does not appear.

Version-Release number of selected component (if applicable):
sssd-1.13.0-26.el7
openssh-6.6.1p1-18.el7
realmd-0.16.1-3.el7
pam-1.1.8-12.el7_1.1

How reproducible:
~50%

Steps to Reproduce:
1. join to AD with realmd
2. try to login via ssh
3. if login succeed try to restart sssd and/or join again

Actual results:
ssh often fails

Expected results:
ssh is reliable

Additional info:

Comment 2 Sumit Bose 2015-09-08 14:03:03 UTC

Both authentication and access control part look good in the SSSD logs. Can you add pam and nss responder logs and sshd logs with a high debug level as welll?

Comment 3 Lukas Slebodnik 2015-09-08 14:07:30 UTC

It would be also good to attach /var/log/secure

Comment 9 Sumit Bose 2015-09-10 12:50:41 UTC

Created attachment 1072168 [details]
strace of sshd child

Thank you for providing the test environment, it was very useful. I used strace to see what sshd is doing and found a "corrupted double-linked list" error in one of the sshd child processes.

Currently I cannot make sense of the output so I attached the file for others to check.

Comment 10 Jakub Hrozek 2015-09-11 12:45:02 UTC

(In reply to Sumit Bose from comment #9)
> Created attachment 1072168 [details]
> strace of sshd child
> 
> Thank you for providing the test environment, it was very useful. I used
> strace to see what sshd is doing and found a "corrupted double-linked list"
> error in one of the sshd child processes.
> 
> Currently I cannot make sense of the output so I attached the file for
> others to check.

Thanks a lot for looking into this. 

Do you think it's time to reassign this bugzilla to sshd, then?

Comment 13 Florian Weimer 2015-09-14 15:45:53 UTC

We have tracked this down to a security bug, bug 1262914 in glibc.

Comment 19 Florian Weimer 2015-09-15 13:56:01 UTC

We have confirmed that this issue is indeed caused by glibc bug 1262914, based on further analysis of the issue.  After installing a glibc scratch build with the upstream fix applied, the original sssd issue is no longer reproducible.

I'm closing this as a duplicate of the (internal) glibc 7.2 bug for this issue.

*** This bug has been marked as a duplicate of bug 1263134 ***

Note You need to log in before you can comment on or make changes to this bug.