Description of problem: gssproxy segfaults very often like this: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f55ec470700 (LWP 110728)] 0x00007f55f5e57c30 in pthread_mutex_lock () from /lib64/libpthread.so.0 (gdb) where #0 0x00007f55f5e57c30 in pthread_mutex_lock () from /lib64/libpthread.so.0 #1 0x00007f55f609ec98 in gss_krb5int_set_allowable_enctypes () from /lib64/libgssapi_krb5.so.2 #2 0x00007f55f6087a6e in gss_set_cred_option () from /lib64/libgssapi_krb5.so.2 #3 0x00007f55f609c46b in gss_krb5_set_allowable_enctypes () from /lib64/libgssapi_krb5.so.2 #4 0x0000559f1bb46db5 in gp_import_gssx_cred () #5 0x0000559f1bb49ef6 in gp_init_sec_context () #6 0x0000559f1bb44a5a in gp_rpc_process_call () #7 0x0000559f1bb3c6ec in gp_worker_main () #8 0x00007f55f5e55dd5 in start_thread () from /lib64/libpthread.so.0 #9 0x00007f55f5b7eead in clone () from /lib64/libc.so.6 (gdb) Version-Release number of selected component (if applicable): gssproxy-0.7.0-21.el7 How reproducible: setup nfs client with kerberos authentication
Would you be willing to provide a coredump, or output from running under valgrind with debug symbols? Do you know if this problem also occurs for you in Fedora?
Created attachment 1555033 [details] corefile
I do not have fedora, so I do not know whether it happens on fedora as well.
1. in gp_decrypt_buffer() krb5_c_decrypt() result may include padding bytes for some keytypes, 2. in gp_import_gssx_cred gss_import_cred() does not accept token with extraneous data attached, errors returned by gss_import_cred() are not handled, NULL pointer is passed to gp_set_cred_options(), resulting in segfault FIX: encode plaintext length explicitely in gp_encrypt_buffer/gp_decrypt_buffer, handle gss_import_cred() failures
Additional data: it appears that Lukas' is kerberized. Our NFS is not, but we use sssd, and we've been getting gssproxy SEGVs randomly for months (CentOS 7.6.1810, and I note that it's also SEGVing in libpthread. Sample from /var/log/messages: Apr 26 03:37:48 <server> kernel: gssproxy[37790]: segfault at 10 ip 00007f2fc66cec30 sp 00007f2fbc5d52b8 error 4 in libpthread-2.17.so[7f2fc66c5000+17000] Apr 26 03:37:48 <server> systemd: gssproxy.service: main process exited, code=killed, status=11/SEGV Apr 26 03:37:48 <server> systemd: Unit gssproxy.service entered failed state. Apr 26 03:37:48 <server> systemd: gssproxy.service failed.
As it needs sanity only verification Adding downstream bash/ipa-client-automount beaker job. https://beaker.engineering.redhat.com/jobs/3631144
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2050