1311559 – SIGSEGV with nss-3.21.0-1.el7_2.x86_64

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1311559 - SIGSEGV with nss-3.21.0-1.el7_2.x86_64

Summary: SIGSEGV with nss-3.21.0-1.el7_2.x86_64

Keywords:
Status:	CLOSED DUPLICATE of bug 1312449
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	nss
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Kai Engert (:kaie) (inactive account)
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1314877 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-24 13:08 UTC by Yedidyah Bar David
Modified:	2016-04-25 18:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:	nss-3.19.1-19.el7_2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-25 18:33:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Yedidyah Bar David 2016-02-24 13:08:50 UTC

Description of problem:

I am trying the following flow:

1. Install and deploy RHEV 3.6 hosted-engine on two rhel 7.2 hosts
2. Move one host to maintenance and remove it from the engine
3. Deploy again

It fails with:

[ INFO  ] Acquiring internal CA cert from the engine
[ INFO  ] The following CA certificate is going to be used, please immediately interrupt if not correct:
[ INFO  ] Issuer: C=US, O=home.local, CN=he1.home.local.17334, Subject: C=US, O=home.local, CN=he1.home.local.17334, Fingerprint (SHA-1): 2E13C8ECC986F18C2F9C254EF4E577FD58D7F3E
[ INFO  ] Connecting to the Engine
Segmentation fault

Tried again and attached gdb prior to the stage at which it fails, so I can see the stack trace:

[New Thread 0x7faae101f700 (LWP 27016)]
[Thread 0x7faae101f700 (LWP 27016) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00007faae4ce85ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so
(gdb) bt
#0  0x00007faae4ce85ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so
#1  0x00007faae4cf3292 in ssl3_HandleHandshakeMessage () from /lib64/libssl3.so
#2  0x00007faae4cf6091 in ssl3_HandleRecord () from /lib64/libssl3.so
#3  0x00007faae4cf74e2 in ssl3_GatherCompleteHandshake () from /lib64/libssl3.so
#4  0x00007faae4d0101b in SSL_ForceHandshake () from /lib64/libssl3.so
#5  0x00007faae69bd434 in nss_connect_common () from /lib64/libcurl.so.4
#6  0x00007faae69b47ee in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4
#7  0x00007faae698c51e in https_connecting () from /lib64/libcurl.so.4
#8  0x00007faae69ae268 in multi_runsingle () from /lib64/libcurl.so.4
#9  0x00007faae69af121 in curl_multi_perform () from /lib64/libcurl.so.4
#10 0x00007faae69a64a3 in curl_easy_perform () from /lib64/libcurl.so.4
#11 0x00007faae2e19163 in do_curl_perform () from /usr/lib64/python2.7/site-packages/pycurl.so
#12 0x00007faafa1f3a10 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#13 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#14 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#15 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#16 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#17 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#18 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#19 0x00007faafa1821bd in function_call () from /lib64/libpython2.7.so.1.0
#20 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#21 0x00007faafa16c0b5 in instancemethod_call () from /lib64/libpython2.7.so.1.0
#22 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#23 0x00007faafa1b4187 in slot_tp_init () from /lib64/libpython2.7.so.1.0
#24 0x00007faafa1b2e9f in type_call () from /lib64/libpython2.7.so.1.0
#25 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#26 0x00007faafa1f138c in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#27 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#28 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#29 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#30 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#31 0x00007faafa1f3990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#32 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#33 0x00007faafa1f52f2 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
#34 0x00007faafa1f4540 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#35 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#36 0x00007faafa1f389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#37 0x00007faafa1f51ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#38 0x00007faafa1820c8 in function_call () from /lib64/libpython2.7.so.1.0
#39 0x00007faafa15d0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#40 0x00007faafa220ea0 in RunModule () from /lib64/libpython2.7.so.1.0
#41 0x00007faafa221684 in Py_Main () from /lib64/libpython2.7.so.1.0
#42 0x00007faaf944eb15 in __libc_start_main () from /lib64/libc.so.6
#43 0x0000000000400721 in _start ()

So checked and noticed that I have a very new nss package, nss-3.21.0-1.el7_2.x86_64, from z-stream candidate [1].

Did this:

yum downgrade nss nss-sysinit nss-tools

which picked 3.19.1-18.el7 .

Tried again deploy and it passed successfully.

[1] http://download.eng.tlv.redhat.com/rel-eng/repos/rhel-7.2-z-candidate/x86_64/

The last line output before the signal is [2]. I didn't try to further diagnose this or create a minimal reproducer.

Will later try to run this with nss-debuginfo installed and comment if I get more details.

[2] https://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/plugins/ovirt-hosted-engine-setup/engine/add_host.py;h=800ae5539c1526e4f6f7649c602e5e77ea1849c9;hb=HEAD#l657

Comment 2 Kai Engert (:kaie) (inactive account) 2016-02-24 13:15:06 UTC

So, I was surprised how you can be using this RPM version, because we haven't released it anywhere.

Now I see that you're using the 7.2.z channel apparently.

The nss.rpm that you have used is known to be broken.
Please use an older one.

Comment 4 Kai Engert (:kaie) (inactive account) 2016-02-24 13:30:06 UTC

I'm closing this as NOTABUG. Please don't use that nss package version.
Please open a new bug, if you still see issues after we release a newer build.
For now, please use an older package version.

Comment 5 Yedidyah Bar David 2016-02-24 15:29:31 UTC

Just for completeness, following is the backtrace with the -debuginfo package installed:

#0  ssl3_GetPrfHashMechanism (ss=0x3c9e820) at ssl3con.c:3658
#1  ssl3_InitHandshakeHashes (ss=ss@entry=0x3c9e820) at ssl3con.c:4153
#2  0x00007fd463a01292 in ssl3_HandleServerHello (length=87,
    b=0x3ca6176 "V\315\314P\223\372\006\201],ΕQ\232\271\251s\250\236\066~\240\230\v\334\064\t\224^ϲ\347 S\324īg\003\323\032\366u\207\277\345\321\355ˑ\324\001?c[\227\034\201c\240W32\210\207\300\060", ss=0x3c9e820) at ssl3con.c:6629
#3  ssl3_HandleHandshakeMessage (ss=ss@entry=0x3c9e820, b=<optimized out>, length=<optimized out>) at ssl3con.c:11781
#4  0x00007fd463a04091 in ssl3_HandleHandshake (origBuf=0x3c9ebe0, ss=0x3c9e820) at ssl3con.c:11925
#5  ssl3_HandleRecord (ss=ss@entry=0x3c9e820, cText=cText@entry=0x7ffc8c9d0d40, databuf=databuf@entry=0x3c9ebe0) at ssl3con.c:12594
#6  0x00007fd463a054e2 in ssl3_GatherCompleteHandshake (ss=ss@entry=0x3c9e820, flags=flags@entry=0) at ssl3gthr.c:378
#7  0x00007fd463a0f01b in SSL_ForceHandshake (fd=<optimized out>) at sslsecur.c:458
#8  0x00007fd4656cb434 in nss_connect_common () from /lib64/libcurl.so.4
#9  0x00007fd4656c27ee in Curl_ssl_connect_nonblocking () from /lib64/libcurl.so.4
#10 0x00007fd46569a51e in https_connecting () from /lib64/libcurl.so.4
#11 0x00007fd4656bc268 in multi_runsingle () from /lib64/libcurl.so.4
#12 0x00007fd4656bd121 in curl_multi_perform () from /lib64/libcurl.so.4
#13 0x00007fd4656b44a3 in curl_easy_perform () from /lib64/libcurl.so.4
#14 0x00007fd461b27163 in do_curl_perform () from /usr/lib64/python2.7/site-packages/pycurl.so
#15 0x00007fd478f83a10 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#16 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#17 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#18 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#19 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#20 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#21 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#22 0x00007fd478f121bd in function_call () from /lib64/libpython2.7.so.1.0
#23 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#24 0x00007fd478efc0b5 in instancemethod_call () from /lib64/libpython2.7.so.1.0
#25 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#26 0x00007fd478f44187 in slot_tp_init () from /lib64/libpython2.7.so.1.0
#27 0x00007fd478f42e9f in type_call () from /lib64/libpython2.7.so.1.0
#28 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#29 0x00007fd478f8138c in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#30 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#31 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#32 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#33 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#34 0x00007fd478f83990 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#35 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#36 0x00007fd478f852f2 in PyEval_EvalCode () from /lib64/libpython2.7.so.1.0
#37 0x00007fd478f84540 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#38 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#39 0x00007fd478f8389f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
#40 0x00007fd478f851ed in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
#41 0x00007fd478f120c8 in function_call () from /lib64/libpython2.7.so.1.0
#42 0x00007fd478eed0c3 in PyObject_Call () from /lib64/libpython2.7.so.1.0
#43 0x00007fd478fb0ea0 in RunModule () from /lib64/libpython2.7.so.1.0
#44 0x00007fd478fb1684 in Py_Main () from /lib64/libpython2.7.so.1.0
#45 0x00007fd4781deb15 in __libc_start_main () from /lib64/libc.so.6
#46 0x0000000000400721 in _start ()

Comment 6 Kamil Dudka 2016-02-29 10:17:30 UTC

Kai, please do not close bugs as NOTABUG when they are real and not yet fixed!

*** This bug has been marked as a duplicate of bug 1312449 ***

Comment 7 Kai Engert (:kaie) (inactive account) 2016-02-29 16:19:40 UTC

the broken nss-3.21 build, and all other related base libraries like nss-util-3.21 and nspr-4.11, have been untagged from the 7.2.z candidate tag.

Your next builds should pick up the older pacakges versions, and work again.

Comment 8 Kai Engert (:kaie) (inactive account) 2016-02-29 17:32:47 UTC

reopening until verified fixed by someone with an older version

Comment 9 Kai Engert (:kaie) (inactive account) 2016-02-29 18:34:02 UTC

Fixed by downgrading to nss-3.19.1-19.el7_2

Comment 11 Yedidyah Bar David 2016-03-01 07:12:32 UTC

(In reply to Kai Engert (:kaie) from comment #8)
> reopening until verified fixed by someone with an older version

As I mentioned in comment 0, I already did that - downgrading to the older version did fix my specific flow. Perhaps should properly be done by QE, though, so not moving to VERIFIED.

Comment 12 Kaleem 2016-03-08 12:20:52 UTC

*** Bug 1314877 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.