Bug 1389866 - [abrt] krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV
Summary: [abrt] krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: rawhide
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: IPA Maintainers
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:68c526548a349d6093601982c7d...
Depends On:
Blocks: F26AlphaBlocker
TreeView+ depends on / blocked
 
Reported: 2016-10-29 05:18 UTC by Adam Williamson
Modified: 2016-12-02 19:32 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-02 19:32:29 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (24.46 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: cgroup (268 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: core_backtrace (1.33 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: dso_list (5.68 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: environ (138 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: exploitable (82 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: limits (1.29 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: maps (24.74 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: mountinfo (3.04 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: namespaces (102 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: open_fds (182 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: proc_pid_status (1.22 KB, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details
File: var_log_messages (294 bytes, text/plain)
2016-10-29 05:18 UTC, Adam Williamson
no flags Details

Description Adam Williamson 2016-10-29 05:18:37 UTC
Description of problem:
Crash occurred during openQA FreeIPA server deployment test on Fedora-Rawhide-20161027.n.0 nightly: https://openqa.fedoraproject.org/tests/44590 . System logs at https://openqa.fedoraproject.org/tests/44590/file/role_deploy_domain_controller-var_log.tar.gz .

Version-Release number of selected component:
krb5-server-1.15-1.fc26.beta1.0

Additional info:
reporter:       libreport-2.8.0
backtrace_rating: 4
cmdline:        kdb5_util create -s -r DOMAIN.LOCAL -x ipa-setup-override-restrictions
crash_function: ipadb_change_pwd
executable:     /usr/sbin/kdb5_util
global_pid:     7853
kernel:         4.9.0-0.rc2.git1.1.fc26.x86_64
pkg_fingerprint: 812A 6B4B 64DA B85D
pkg_vendor:     Fedora Project
runlevel:       N 3
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (3 frames)
 #0 ipadb_change_pwd at ipa_kdb_passwords.c:126
 #1 add_principal at kdb5_create.c:455
 #2 kdb5_create at kdb5_create.c:317

Comment 1 Adam Williamson 2016-10-29 05:18:43 UTC
Created attachment 1215156 [details]
File: backtrace

Comment 2 Adam Williamson 2016-10-29 05:18:44 UTC
Created attachment 1215157 [details]
File: cgroup

Comment 3 Adam Williamson 2016-10-29 05:18:45 UTC
Created attachment 1215158 [details]
File: core_backtrace

Comment 4 Adam Williamson 2016-10-29 05:18:46 UTC
Created attachment 1215159 [details]
File: dso_list

Comment 5 Adam Williamson 2016-10-29 05:18:47 UTC
Created attachment 1215160 [details]
File: environ

Comment 6 Adam Williamson 2016-10-29 05:18:48 UTC
Created attachment 1215161 [details]
File: exploitable

Comment 7 Adam Williamson 2016-10-29 05:18:49 UTC
Created attachment 1215162 [details]
File: limits

Comment 8 Adam Williamson 2016-10-29 05:18:51 UTC
Created attachment 1215163 [details]
File: maps

Comment 9 Adam Williamson 2016-10-29 05:18:52 UTC
Created attachment 1215164 [details]
File: mountinfo

Comment 10 Adam Williamson 2016-10-29 05:18:53 UTC
Created attachment 1215165 [details]
File: namespaces

Comment 11 Adam Williamson 2016-10-29 05:18:54 UTC
Created attachment 1215166 [details]
File: open_fds

Comment 12 Adam Williamson 2016-10-29 05:18:55 UTC
Created attachment 1215167 [details]
File: proc_pid_status

Comment 13 Adam Williamson 2016-10-29 05:18:56 UTC
Created attachment 1215168 [details]
File: var_log_messages

Comment 14 Adam Williamson 2016-10-29 05:19:44 UTC
Proposing as a Fedora 26 Alpha blocker, per Alpha criterion "The core functional requirements for all Featured Server Roles must be met, but it is acceptable if moderate workarounds are necessary to achieve this" - 'domain controller' is one of the Featured roles, and this is part of its 'core functional requirements', obviously.

Comment 15 Robbie Harwood 2016-10-31 18:15:56 UTC
Notes for handoff: the function krb5 is trying to call into here is the encrypt_key_data handle.  A first pass suggests that there's a mismatch in what IPA expects this table to look like.

Comment 16 Robbie Harwood 2016-10-31 21:23:23 UTC
The problem is the vtable has been changed in krb5 (look at kdb.h).  This results in the following:

(gdb) p *v
$2 = {maj_ver = 6, min_ver = 0, init_library = 0x7ffff5738680 <ipadb_init_library>,
  fini_library = 0x7ffff5738540 <ipadb_fini_library>, init_module = 0x7ffff5738ef0 <ipadb_init_module>,
  fini_module = 0x7ffff57386e0 <ipadb_fini_module>, create = 0x7ffff57392f0 <ipadb_create>,
  destroy = 0x0, get_age = 0x7ffff5738550 <ipadb_get_age>, lock = 0x0, unlock = 0x0,
  get_principal = 0x7ffff573d4d0 <ipadb_get_principal>,
  put_principal = 0x7ffff573c4b0 <ipadb_free_principal>,
  delete_principal = 0x7ffff573d7f0 <ipadb_put_principal>,
  rename_principal = 0x7ffff573dc10 <ipadb_delete_principal>, iterate = 0x7ffff573de50 <ipadb_iterate>,
  create_policy = 0x7ffff573e1c0 <ipadb_create_pwd_policy>,
  get_policy = 0x7ffff573e1d0 <ipadb_get_pwd_policy>,
  put_policy = 0x7ffff573e4a0 <ipadb_put_pwd_policy>,
  iter_policy = 0x7ffff573e4b0 <ipadb_iterate_pwd_policy>,
  delete_policy = 0x7ffff573e4c0 <ipadb_delete_pwd_policy>,
  fetch_master_key = 0x7ffff573e4d0 <ipadb_free_pwd_policy>,
  fetch_master_key_list = 0x7ffff5738580 <ipadb_alloc>,
  store_master_key_list = 0x7ffff5738570 <ipadb_free>,
  dbe_search_enctype = 0x7ffff573a0b0 <ipadb_fetch_master_key>,
  change_pwd = 0x7ffff79a6b00 <krb5_dbe_def_cpw>,
  promote_db = 0x7ffff573a360 <ipadb_store_master_key_list>,
  decrypt_key_data = 0x7ffff79a5140 <krb5_dbe_def_decrypt_key_data>,
  encrypt_key_data = 0x7ffff573a570 <ipadb_change_pwd>, sign_authdata = 0x0,
  check_transited_realms = 0x0, check_policy_as = 0x0,
  check_policy_tgs = 0x7ffff5740f70 <ipadb_sign_authdata>,
  audit_as_req = 0x7ffff5742810 <ipadb_check_transited_realms>,
  refresh_config = 0x7ffff573e500 <ipadb_check_policy_as>, check_allowed_to_delegate = 0x0}
(gdb)

Suggested fix is for FreeIPA to use designated initializers to avoid shipping this problem in the future.

Comment 17 Simo Sorce 2016-11-01 13:12:06 UTC
Ther should be a version number bumped by MIT that will cause the build to fail, did the build fail to fail ? Or was the DAL version not changed (happened before for one of these v. numbers) ?

Comment 18 Robbie Harwood 2016-11-01 17:23:51 UTC
The commit that introduced the problem was 03d34fcfa329fbc2f686a0b34e2731e37f483a34 which does not seem to have incremented this version.  I'll bring it up with upstream.

Comment 19 Robbie Harwood 2016-11-01 17:28:19 UTC
Actually I take that back.  The value of KRB5_KDB_DAL_MAJOR_VERSION was changed from 5 to 6 by another commit (c38838be956ce72fcd7142f14bc374dc13dd8bb2) so freeipa should have picked it up.

Comment 20 Simo Sorce 2016-11-01 19:21:50 UTC
This should fix it:
https://github.com/freeipa/freeipa/pull/205

We were not failing when DAL MAJOR changed, that is also addressed here.

Comment 21 Martin Bašti 2016-11-08 18:07:46 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6466

Comment 22 Martin Bašti 2016-11-10 12:27:22 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/2775042787be4ea236c0b99dd75337414e24b89d

Comment 23 Petr Vobornik 2016-12-02 19:32:29 UTC
Should be fixed in freeipa-4.4.2-3.fc26 http://koji.fedoraproject.org/koji/buildinfo?buildID=821068


Note You need to log in before you can comment on or make changes to this bug.