Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem: /usr/libexec/sssd/sssd_pam: Program terminated with signal 11, Segmentation fault
Version-Release number of selected component (if applicable):
sssd-common-1.14.0-15.el7.x86_64
python-sssdconfig-1.14.0-15.el7.noarch
sssd-krb5-1.14.0-15.el7.x86_64
sssd-common-pac-1.14.0-15.el7.x86_64
sssd-ldap-1.14.0-15.el7.x86_64
sssd-client-1.14.0-15.el7.x86_64
sssd-ad-1.14.0-15.el7.x86_64
sssd-proxy-1.14.0-15.el7.x86_64
sssd-debuginfo-1.14.0-15.el7.x86_64
sssd-1.14.0-15.el7.x86_64
sssd-ipa-1.14.0-15.el7.x86_64
sssd-krb5-common-1.14.0-15.el7.x86_64
How reproducible: Once
Steps to Reproduce:
Somewhere while verifying bz1301300.
But couldn't reproduce or confirm the steps.
Logging the bug as per discussion with Jakub to keep a track.
Actual results:
dmesg show segfault.
Expected results:
Fix the crash.
Additional info: Attaching the logs and traceback file.
===Some contents of the file in the traceback folder==
cat crash_function
ldb_msg_find_element
cat cmdline
/usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
cat exploitable
Likely crash reason: Jump to an invalid address
Exploitable rating (0-9 scale): 6
cat kernel
3.10.0-489.el7.x86_64
cat reason
sssd_pam killed by SIGSEGV
[System Logs]:
Aug 10 17:52:04 master.testrelm.test kernel: sssd_pam[22349]: segfault at 8 ip 00007f7c991e27a9 sp 00007fffa73e6880 error 4 in libldb.so.1.1.26[7f7c991d5000+2d000]
Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core
[User Logs]:
Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core
According to coredump, we crashed because we did not check
the return value of sysdb_search_user_by_upn
(gdb) l 1540
1535 if (preq->pd->name_is_upn) {
1536 ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
1537
1538 /* Since sysdb_search_user_by_upn() searches the whole cache we
1539 * have to set the domain so that it matches the result. */
1540 sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
1541 if (sysdb_name == NULL) {
1542 DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
1543 return EINVAL;
1544 }
It's already fixed in upstream https://git.fedorahosted.org/cgit/sssd.git/commit/?id=5cda8428d23266aaaf4d7cddba50311202365c16
and it is fixed in sssd-1.14.0-16
Hi Sudhir, Lukas is right and this bug is fixed in the recent build. Can you please try it out?
In the meantime it would be nice to get qa_ack as well so we can add this bug to the errata.
Jakub,
I did install the latest build of sssd-1.14.0-18.el7.x86_64 along with ipa-server-4.4.0-7.el7.x86_64 and i don't see a crash yet.
But I would like to keep the machine running for the day before marking this as VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHEA-2016-2476.html