Created attachment 1849712 [details] Panic on user login Created attachment 1849712 [details] Panic on user login Description of problem: [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2022-01-08-061433 How reproducible: Always Steps to Reproduce: 1. $ oc adm groups new group1 2. Setup a keycloak OIDC server. On the keycloak IdP server, create user people1 and group group1, and make people1 belong to group1. 3. Then configure "groups" in oauth/cluster: oc edit oauth cluster ... spec: identityProviders: - mappingMethod: claim name: keycloak-oidc openID: ca: name: keycloak-oidc-ca claims: email: - email groups: - non-existent1 - groups - non-existent2 name: - name preferredUsername: - preferred_username - username - name - email clientID: myclient clientSecret: name: keycloak-oidc-secret extraScopes: [] issuer: $KEYCLOAK_HOST/auth/realms/master type: OpenID 4. Wait oauht-openshift pods rotate successfully. 5. Login OpenShift with people1 in web console. Actual results: 5. The web console shows: " This request caused apiserver to panic. Look in the logs for details. " See screenshot attached. Checked oauth-openshift pods, one pod logs showed: ... 2022-01-09T14:20:47.888194041Z I0109 14:20:47.888172 1 named_certificates.go:53] "Loaded SNI cert" index=0 certName="self-signed loopback" certDetail="\"apiserver-loopback-client@1641738046\" [serving] validServingFor=[apiserver-loopback-client] issuer=\"apiserver-loopback-client-ca@1641738046\" (2022-01-09 13:20:45 +0000 UTC to 2023-01-09 13:20:45 +0000 UTC (now=2022-01-09 14:20:47.8881505 +0000 UTC))" 2022-01-09T14:29:24.841769164Z E0109 14:29:24.841563 1 runtime.go:76] Observed a panic: assignment to entry in nil map 2022-01-09T14:29:24.841769164Z goroutine 1337 [running]: 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP.func1.1() 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/timeout.go:103 +0xb0 2022-01-09T14:29:24.841769164Z panic({0x1b33ce0, 0x20e7b20}) 2022-01-09T14:29:24.841769164Z runtime/panic.go:1038 +0x215 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper.(*UserGroupsMapper).addUserToGroup(0xc000a25a00, {0xc00036ea10, 0xd}, {0xc000dfcc66, 0x7}, {0xc000dfcc4a, 0xc000348ea0}) 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper/groupmapper.go:207 +0x4f1 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper.(*UserGroupsMapper).processGroups(0xc000a25a00, {0xc00036ea10, 0xd}, {0xc000dfcc66, 0x7}, 0x1) 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper/groupmapper.go:114 +0x15e 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper.(*UserGroupsMapper).UserFor(0xc000a25a00, {0x214f828, 0xc000e92a80}) 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/groupmapper/groupmapper.go:83 +0xf0 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/oauth/external.(*Handler).ServeHTTP(0xc0008b5680, {0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/oauth/external/handler.go:197 +0x7aa 2022-01-09T14:29:24.841769164Z net/http.(*ServeMux).ServeHTTP(0x1cfffe0, {0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z net/http/server.go:2424 +0x149 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/server/headers.WithRestoreAuthorizationHeader.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z github.com/openshift/oauth-server/pkg/server/headers/oauthbasic.go:27 +0x10f 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x0, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackCompleted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:103 +0x1a5 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0xc000495080, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.WithAuthorization.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/authorization.go:64 +0x47d 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x3185628, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackStarted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:79 +0x178 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x3133b60, {0x7fe1300490c0, 0xc000496ad8}, 0x3) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.WithMaxInFlightLimit.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/maxinflight.go:187 +0x29d 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x0, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackCompleted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:103 +0x1a5 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0xc000816000, {0x7fe1300490c0, 0xc000496ad8}, 0xc00078dd40) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.WithImpersonation.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/impersonation.go:50 +0x21c 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x3185628, {0x7fe1300490c0, 0xc000496ad8}, 0x1) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackStarted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:79 +0x178 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x0, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackCompleted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:103 +0x1a5 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x3185628, {0x7fe1300490c0, 0xc000496ad8}, 0x1) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackStarted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:79 +0x178 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x0, {0x7fe1300490c0, 0xc000496ad8}, 0x0) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackCompleted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:103 +0x1a5 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fdb8, {0x7fe1300490c0, 0xc000496ad8}, 0x1f58c98) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.withAuthentication.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1f00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/authentication.go:80 +0x83c 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fd80, {0x7fe1300490c0, 0xc000496ad8}, 0x20e49b8) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filterlatency.trackStarted.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1d00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filterlatency/filterlatency.go:88 +0x46b 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0xc0011138c0, {0x7fe1300490c0, 0xc000496ad8}, 0xc000924601) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.WithCORS.func1({0x7fe1300490c0, 0xc000496ad8}, 0xc000ab1d00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/cors.go:75 +0x10b 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0xc0010c0671, {0x7fe1300490c0, 0xc000496ad8}, 0xc0003b0728) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP.func1() 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/timeout.go:108 +0x99 2022-01-09T14:29:24.841769164Z created by k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/timeout.go:94 +0x2d1 2022-01-09T14:29:24.841769164Z 2022-01-09T14:29:24.841769164Z goroutine 1039 [running]: 2022-01-09T14:29:24.841769164Z k8s.io/apimachinery/pkg/util/runtime.logPanic({0x1a52be0, 0xc00099b230}) 2022-01-09T14:29:24.841769164Z k8s.io/apimachinery.2/pkg/util/runtime/runtime.go:74 +0x85 2022-01-09T14:29:24.841769164Z k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0xc000496bb8, 0x1, 0x16be186}) 2022-01-09T14:29:24.841769164Z k8s.io/apimachinery.2/pkg/util/runtime/runtime.go:48 +0x75 2022-01-09T14:29:24.841769164Z panic({0x1a52be0, 0xc00099b230}) 2022-01-09T14:29:24.841769164Z runtime/panic.go:1038 +0x215 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP(0xc0004957a0, {0x2125870, 0xc0003a1000}, 0xdf8475800) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/timeout.go:114 +0x452 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.withRequestDeadline.func1({0x2125870, 0xc0003a1000}, 0xc000ab1c00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/request_deadline.go:101 +0x494 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0xc00094b805, {0x2125870, 0xc0003a1000}, 0xc00113edd8) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/filters.WithWaitGroup.func1({0x2125870, 0xc0003a1000}, 0xc000ab1c00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/filters/waitgroup.go:59 +0x174 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fdb8, {0x2125870, 0xc0003a1000}, 0x20e49b8) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.WithWarningRecorder.func1({0x2125870, 0xc0003a1000}, 0xc000ab1b00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/warning.go:35 +0x2bb 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x1cfffe0, {0x2125870, 0xc0003a1000}, 0xd) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.WithCacheControl.func1({0x2125870, 0xc0003a1000}, 0x0) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/cachecontrol.go:31 +0x126 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fdb8, {0x2125870, 0xc0003a1000}, 0x20e49b8) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/server/httplog.WithLogging.func1({0x2126020, 0xc0002d5340}, 0xc000ab1a00) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/server/httplog/httplog.go:103 +0x524 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fdb8, {0x2126020, 0xc0002d5340}, 0x20e49b8) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.WithRequestInfo.func1({0x2126020, 0xc0002d5340}, 0xc000ab1900) 2022-01-09T14:29:24.841769164Z k8s.io/apiserver.2/pkg/endpoints/filters/requestinfo.go:39 +0x316 2022-01-09T14:29:24.841769164Z net/http.HandlerFunc.ServeHTTP(0x212fdb8, {0x2126020, 0xc0002d5340}, 0xc000320810) 2022-01-09T14:29:24.841769164Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841769164Z k8s.io/apiserver/pkg/endpoints/filters.withRequestReceivedTimestampWithClock.func1({0x2126020, 0xc0002d5340}, 0xc000ab1800) 2022-01-09T14:29:24.841914393Z k8s.io/apiserver.2/pkg/endpoints/filters/request_received_time.go:38 +0x27e 2022-01-09T14:29:24.841914393Z net/http.HandlerFunc.ServeHTTP(0x4195ec, {0x2126020, 0xc0002d5340}, 0xc0003206e0) 2022-01-09T14:29:24.841914393Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841914393Z k8s.io/apiserver/pkg/server/filters.withPanicRecovery.func1({0x2126020, 0xc0002d5340}, 0xc00139b490) 2022-01-09T14:29:24.841914393Z k8s.io/apiserver.2/pkg/server/filters/wrap.go:74 +0xba 2022-01-09T14:29:24.841914393Z net/http.HandlerFunc.ServeHTTP(0x1c68c80, {0x2126020, 0xc0002d5340}, 0x8) 2022-01-09T14:29:24.841914393Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841914393Z k8s.io/apiserver/pkg/endpoints/filters.withAuditID.func1({0x2126020, 0xc0002d5340}, 0xc000ab1700) 2022-01-09T14:29:24.841914393Z k8s.io/apiserver.2/pkg/endpoints/filters/with_auditid.go:66 +0x40d 2022-01-09T14:29:24.841914393Z net/http.HandlerFunc.ServeHTTP(0x1cfffe0, {0x2126020, 0xc0002d5340}, 0xd) 2022-01-09T14:29:24.841914393Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841914393Z github.com/openshift/oauth-server/pkg/server/headers.WithPreserveAuthorizationHeader.func1({0x2126020, 0xc0002d5340}, 0xc000ab1700) 2022-01-09T14:29:24.841914393Z github.com/openshift/oauth-server/pkg/server/headers/oauthbasic.go:16 +0xe8 2022-01-09T14:29:24.841914393Z net/http.HandlerFunc.ServeHTTP(0xc0006319f8, {0x2126020, 0xc0002d5340}, 0xf) 2022-01-09T14:29:24.841914393Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841914393Z github.com/openshift/oauth-server/pkg/server/headers.WithStandardHeaders.func1({0x2126020, 0xc0002d5340}, 0xc000631af8) 2022-01-09T14:29:24.841914393Z github.com/openshift/oauth-server/pkg/server/headers/headers.go:30 +0x18f 2022-01-09T14:29:24.841914393Z net/http.HandlerFunc.ServeHTTP(0xc0002eddd0, {0x2126020, 0xc0002d5340}, 0x10000c00099ab40) 2022-01-09T14:29:24.841914393Z net/http/server.go:2046 +0x2f 2022-01-09T14:29:24.841914393Z k8s.io/apiserver/pkg/server.(*APIServerHandler).ServeHTTP(0xc0003f0a22, {0x2126020, 0xc0002d5340}, 0x46ce2e) 2022-01-09T14:29:24.841914393Z k8s.io/apiserver.2/pkg/server/handler.go:189 +0x2b 2022-01-09T14:29:24.841914393Z net/http.serverHandler.ServeHTTP({0xc001380360}, {0x2126020, 0xc0002d5340}, 0xc000ab1700) 2022-01-09T14:29:24.841914393Z net/http/server.go:2878 +0x43b 2022-01-09T14:29:24.841914393Z net/http.(*conn).serve(0xc0007ddae0, {0x212fdb8, 0xc000a98060}) 2022-01-09T14:29:24.841914393Z net/http/server.go:1929 +0xb08 2022-01-09T14:29:24.841914393Z created by net/http.(*Server).Serve 2022-01-09T14:29:24.841914393Z net/http/server.go:3033 +0x4e8 2022-01-09T14:29:24.841914393Z E0109 14:29:24.841700 1 wrap.go:58] "apiserver panic'd" method="GET" URI="/oauth2callback/keycloak-oidc?state=Y3NyZj1yeEdrNFRkMTFFVGhCVlVkSVVWa1VGR2pYdDIyS3VBa3VQVmw1UTdxREJnJnRoZW49JTJGb2F1dGglMkZhdXRob3JpemUlM0ZjbGllbnRfaWQlM0Rjb25zb2xlJTI2aWRwJTNEa2V5Y2xvYWstb2lkYyUyNnJlZGlyZWN0X3VyaSUzRGh0dHBzJTI1M0ElMjUyRiUyNTJGY29uc29sZS1vcGVuc2hpZnQtY29uc29sZS5hcHBzLnh4aWEtamFuOC4wMTA4LTd4bS5xZS5yaGNsb3VkLmNvbSUyNTJGYXV0aCUyNTJGY2FsbGJhY2slMjZyZXNwb25zZV90eXBlJTNEY29kZSUyNnNjb3BlJTNEdXNlciUyNTNBZnVsbCUyNnN0YXRlJTNEZTdkYzA5ZWY%3D&session_state=72ca4d08-44d2-46e6-8ed8-5c517908d233&code=a934e61e-2e81-431e-8b7c-6d5a4658313e.72ca4d08-44d2-46e6-8ed8-5c517908d233.eb06731f-c4b1-4c7a-8752-6027cdd50f3e" audit-ID="6e9c0acb-d3a4-4834-ada8-363ce13292a3" Expected results: 5. Login should succeed. Additional info: In below situations, login can succeed. A. If no step 1, the step 5 login can succeed, i.e. the group membership sync works. B. If step 1 adds "oc adm groups add-users group1 people1", the step 5 login can also succeed.
Verified in 4.10.0-0.nightly-2022-01-14-015144 with original steps, no panic now, login can succeed, and 'oc get group group1 -o yaml' is added one single annotation 'oauth.openshift.io/idp.keycloak-oidc: synced'. Further test: after removing people1 from group1 in the IdP side, log in again successfully, then 'oc get group' shows the manually created group1 being empty is not removed, and the user is not shown in the group. Everything is fine.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056