Hide Forgot
Created attachment 1133230 [details] mail text received for segfault seen Description of problem: This segfault observed when we tried to install a 7.2.update2 IPA client to 6.8 IPA server. Version-Release number of selected component (if applicable): 6.8 IPA: ======== [root@auto-hv-02-guest02 ~]# rpm -q ipa-server ipa-server-3.0.0-50.el6.x86_64 [root@auto-hv-02-guest02 ~]# 7.2 IPA: ======== [root@hp-dl380pgen8-02-vm-8 ~]# rpm -q ipa-client ipa-client-4.2.0-15.el7_2.6.x86_64 [root@hp-dl380pgen8-02-vm-8 ~]# How reproducible: Always Steps to Reproduce: 1. Install 7.2 IPA client with 6.8 IPA Server. Actual results: Segfault seen during ipa-join and client install fails. Expected results: No segfault and client install should be successful. Additional info: (1) Please find the attached segfault info
Kaleem what is the version of nss? I wonder if it is bug 1312449
[root@hp-dl380pgen8-02-vm-8 ~]# rpm -q nss nss-3.21.0-1.el7_2.x86_64 [root@hp-dl380pgen8-02-vm-8 ~]#
Kai, can you have a look? Petr thinks this looks like BZ #1312449. The segfault occurs in ssl3_InitHandshakeHashes(). The system has nss-3.21.0-1.el7_2.x86_64.
I'm getting a segfault for TLS/SSL handshake in libldap and NSS: (gdb) run /usr/sbin/ipa-client-install Starting program: /usr/bin/python /usr/sbin/ipa-client-install [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Detaching after fork from child process 583. Detaching after fork from child process 585. Detaching after fork from child process 586. WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd Using existing certificate '/etc/ipa/ca.crt'. Program received signal SIGSEGV, Segmentation fault. 0x00007fffeb57d5ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so (gdb) bt #0 0x00007fffeb57d5ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so #1 0x00007fffeb588292 in ssl3_HandleHandshakeMessage () from /lib64/libssl3.so #2 0x00007fffeb58b091 in ssl3_HandleRecord () from /lib64/libssl3.so #3 0x00007fffeb58c4e2 in ssl3_GatherCompleteHandshake () from /lib64/libssl3.so #4 0x00007fffeb58d2c5 in ssl_GatherRecord1stHandshake () from /lib64/libssl3.so #5 0x00007fffeb595a65 in ssl_Do1stHandshake () from /lib64/libssl3.so #6 0x00007fffeb596067 in SSL_ForceHandshake () from /lib64/libssl3.so #7 0x00007fffe98d39d6 in tlsm_session_accept_or_connect () from /lib64/libldap_r-2.4.so.2 #8 0x00007fffe98cfd35 in ldap_int_tls_connect.isra.2 () from /lib64/libldap_r-2.4.so.2 #9 0x00007fffe98d05b8 in ldap_int_tls_start () from /lib64/libldap_r-2.4.so.2 #10 0x00007fffe98d09b1 in ldap_start_tls_s () from /lib64/libldap_r-2.4.so.2 #11 0x00007fffe9af61ff in l_ldap_start_tls_s (self=0x15d6648, args=<optimized out>) at Modules/LDAPObject.c:1164 #12 0x00007ffff7af6702 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7fffffffcc20, func=<built-in method start_tls_s of LDAP object at remote 0x15d6648>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4408 #13 PyEval_EvalFrameEx ( f=f@entry=Frame 0x163f660, for file /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 99, in _ldap_call (self=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>, func=<built-in method start_tls_s of LDAP object at remote 0x15d6648>, args=(), kwargs={}, diagnostic_message_success=None), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2779 #14 0x00007ffff7af71ed in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=<optimized out>, argcount=argcount@entry=2, kws=0x1642ad0, kwcount=0, defs=0x0, defcount=0, closure=closure@entry=0x0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:3330 #15 0x00007ffff7af589f in fast_function (nk=<optimized out>, na=2, n=2, pp_stack=0x7fffffffce20, func=<function at remote 0xc7a398>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4194 #16 call_function (oparg=<optimized out>, pp_stack=0x7fffffffce20) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4119 #17 PyEval_EvalFrameEx ( f=f@entry=Frame 0x1642940, for file /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 564, in start_tls_s (self=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740 #18 0x00007ffff7af5990 in fast_function (nk=<optimized out>, na=1, n=1, pp_stack=0x7fffffffcf80, func=<function at remote 0xc7b9b0>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4184 #19 call_function (oparg=<optimized out>, pp_stack=0x7fffffffcf80) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4119 #20 PyEval_EvalFrameEx ( f=f@entry=Frame 0x1636880, for file /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 1571, in __init__ (self=<IPAdmin(_schema=None, cacert='/etc/ipa/ca.crt', warning=<instancemethod at remote 0x1296af0>, port=389, _conn=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>, realm=None, __log_manager=<IPALogManager(loggers={'ipa.ipaplatform.base.tasks': <Logger(name='ipa.ipaplatform.base.tasks', parent=<Logger(name='ipa', parent=<RootLogger(name='root', parent=None, handlers=[], level=30, disabled=0, propagate=1, filters=[]) at remote 0xa1be90>, handlers=[<FileHandler(stream=<file at remote 0x156cae0>, level=10, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__b...(truncated), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740 I've tcpdumped port 389 and analyzed the traffic with wireshark. The client does a proper START TLS and requests TLSv1.2. The server replies with a TLSv1.2 ServerHello, Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f). The connection breaks down after ServerHelloDone.
This was a known broken build, which I believe, was never shipped to customers. Please tell me, (a) from where did you get nss-3.21.0-1.el7_2 ? (b) does downgrading to nss-3.19.1-19.el7_2 fixes the bug for you ? If (b) fixes it for you, then this is a duplicate of bug 1311559