Bug 1313090 - cthon - rpc.gssd crash reading krb5.keytab in find_keytab_entry()
Summary: cthon - rpc.gssd crash reading krb5.keytab in find_keytab_entry()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils
Version: 6.8
Hardware: Unspecified
OS: Unspecified
urgent
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Yongcheng Yang
URL:
Whiteboard: connectathon 2016, regression
: 1346419 (view as bug list)
Depends On:
Blocks: 1269194 1324930 1334848 1363837
TreeView+ depends on / blocked
 
Reported: 2016-02-29 22:37 UTC by Benjamin Coddington
Modified: 2020-06-11 12:49 UTC (History)
10 users (show)

Fixed In Version: nfs-utils-1.2.3-71.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1334848 1363837 (view as bug list)
Environment:
Last Closed: 2017-03-21 11:23:27 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1273166 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Knowledge Base (Solution) 2616241 0 None None None 2016-09-09 16:49:27 UTC
Red Hat Product Errata RHBA-2017:0741 0 normal SHIPPED_LIVE nfs-utils bug fix update 2017-03-21 12:44:36 UTC

Internal Links: 1273166

Description Benjamin Coddington 2016-02-29 22:37:27 UTC 
This one popped up on my RHEL6.8 machine testing a krb5 mount at cthon:

rpc.gssd[4484]: segfault at 20 ip 00007f180fd10566 sp 00007fff0506adb8 error 4 in libc-2.12.so[7f180fbe8000+18a000]

Program received signal SIGSEGV, Segmentation fault.
__strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp.S:702
702		movdqa	(%rsi), %xmm1
(gdb) bt
#0  __strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp.S:702
#1  0x00007fde9b2908ed in find_keytab_entry (context=0x7fde9c2ce730, kt=0x7fde9c2ce390,
    hostname=<value optimized out>, kte=<value optimized out>, svcnames=0x7ffeb1155070)
    at krb5_util.c:872
#2  0x00007fde9b291652 in gssd_refresh_krb5_machine_credential (
    hostname=0x7fde9c2cce20 "redhat73.cthon.org", ple=0x0, service=<value optimized out>)
    at krb5_util.c:1264
#3  0x00007fde9b28ebe5 in process_krb5_upcall (clp=0x7fde9c2c8d80, uid=0, fd=17,
    tgtname=<value optimized out>, service=0x0) at gssd_proc.c:1003
#4  0x00007fde9b28f5bc in handle_gssd_upcall (clp=0x7fde9c2c8d80) at gssd_proc.c:1214
#5  0x00007fde9b28d483 in scan_poll_results () at gssd_main_loop.c:83
#6  gssd_run () at gssd_main_loop.c:225
#7  0x00007fde9b28d104 in main (argc=<value optimized out>, argv=<value optimized out>) at gssd.c:222


Turns out my /etc/krb.keytab file had the wrong selinux context:

[root@redhat68 ~]# ls -laZ /etc/krb5.keytab
-r--r--r--. root root system_u:object_r:nfs_t:s0       /etc/krb5.keytab

This has fixed it:

[root@redhat68 ~]# restorecon -v /etc/krb5.keytab
restorecon reset /etc/krb5.keytab context system_u:object_r:nfs_t:s0->system_u:object_r:krb5_keytab_t:s0

The root problem looks like a reuse of the variable "i" in an inner loop in find_keytab_entry().. 

Patch posted: http://marc.info/?l=linux-nfs&m=145678536628754&w=2
Comment 3 mvalites 2016-03-08 20:43:32 UTC 
I am experiencing this issue as well. Details at http://news.gmane.org/find-root.php?message_id=56DDA2C2.3010806%40buffalo.edu
Comment 9 Yongcheng Yang 2016-06-15 07:35:30 UTC 
*** Bug 1346419 has been marked as a duplicate of this bug. ***
Comment 10 Dave Wysochanski 2016-06-21 14:30:51 UTC 
Did not make 6.8.  Talked with Scott - we should z-stream this in RHEL6.8.z due to it being a regression.
Comment 17 Yongcheng Yang 2016-11-01 07:37:44 UTC 
Moving to VERIFIED according to Comment #16.

Also include this automatic case as regression test in the future.
Comment 19 errata-xmlrpc 2017-03-21 11:23:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0741.html
Note You need to log in before you can comment on or make changes to this bug.