Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1366266 - /usr/libexec/sssd/sssd_pam: Program terminated with signal 11, Segmentation fault
Summary: /usr/libexec/sssd/sssd_pam: Program terminated with signal 11, Segmentation f...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Steeve Goveas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-11 12:24 UTC by Sudhir Menon
Modified: 2016-11-04 07:20 UTC (History)
8 users (show)

Fixed In Version: sssd-1.14.0-16.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 07:20:22 UTC


Attachments (Terms of Use)
backtrace (deleted)
2016-08-11 12:27 UTC, Sudhir Menon
no flags Details
coredump (deleted)
2016-08-11 12:29 UTC, Sudhir Menon
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2476 normal SHIPPED_LIVE sssd bug fix and enhancement update 2016-11-03 14:08:11 UTC

Description Sudhir Menon 2016-08-11 12:24:00 UTC
Description of problem: /usr/libexec/sssd/sssd_pam: Program terminated with signal 11, Segmentation fault


Version-Release number of selected component (if applicable):
sssd-common-1.14.0-15.el7.x86_64
python-sssdconfig-1.14.0-15.el7.noarch
sssd-krb5-1.14.0-15.el7.x86_64
sssd-common-pac-1.14.0-15.el7.x86_64
sssd-ldap-1.14.0-15.el7.x86_64
sssd-client-1.14.0-15.el7.x86_64
sssd-ad-1.14.0-15.el7.x86_64
sssd-proxy-1.14.0-15.el7.x86_64
sssd-debuginfo-1.14.0-15.el7.x86_64
sssd-1.14.0-15.el7.x86_64
sssd-ipa-1.14.0-15.el7.x86_64
sssd-krb5-common-1.14.0-15.el7.x86_64

How reproducible: Once

Steps to Reproduce:
Somewhere while verifying bz1301300.
But couldn't reproduce or confirm the steps.
Logging the bug as per discussion with Jakub to keep a track.

Actual results:
dmesg show segfault.


Expected results: 
Fix the crash.

Additional info: Attaching the logs and traceback file.

Comment 1 Sudhir Menon 2016-08-11 12:27:50 UTC
Created attachment 1190048 [details]
backtrace

Comment 2 Sudhir Menon 2016-08-11 12:29:47 UTC
Created attachment 1190049 [details]
coredump

Comment 4 Sudhir Menon 2016-08-11 12:36:13 UTC
===Some contents of the file in the traceback folder==

cat crash_function 
ldb_msg_find_element

cat cmdline 
/usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files

cat exploitable 
Likely crash reason: Jump to an invalid address
Exploitable rating (0-9 scale): 6

cat kernel 
3.10.0-489.el7.x86_64

cat reason 
sssd_pam killed by SIGSEGV

[System Logs]:
Aug 10 17:52:04 master.testrelm.test kernel: sssd_pam[22349]: segfault at 8 ip 00007f7c991e27a9 sp 00007fffa73e6880 error 4 in libldb.so.1.1.26[7f7c991d5000+2d000]
Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core
[User Logs]:
Aug 10 17:52:04 master.testrelm.test abrt-hook-ccpp[22477]: Process 22349 (sssd_pam) of user 0 killed by SIGSEGV - dumping core

Comment 5 Lukas Slebodnik 2016-08-11 13:42:38 UTC
According to coredump, we crashed because we did not check
the return value of sysdb_search_user_by_upn

(gdb) l 1540
1535            if (preq->pd->name_is_upn) {
1536                ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
1537
1538                /* Since sysdb_search_user_by_upn() searches the whole cache we
1539                 * have to set the domain so that it matches the result. */
1540                sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
1541                if (sysdb_name == NULL) {
1542                    DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
1543                    return EINVAL;
1544                }

It's already fixed in upstream https://git.fedorahosted.org/cgit/sssd.git/commit/?id=5cda8428d23266aaaf4d7cddba50311202365c16

and it is fixed in sssd-1.14.0-16

Comment 6 Jakub Hrozek 2016-08-12 07:10:45 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3132

Comment 7 Jakub Hrozek 2016-08-12 07:13:40 UTC
Hi Sudhir, Lukas is right and this bug is fixed in the recent build. Can you please try it out?

In the meantime it would be nice to get qa_ack as well so we can add this bug to the errata.

Comment 8 Sudhir Menon 2016-08-12 07:33:38 UTC
Jakub,

I did install the latest build of sssd-1.14.0-18.el7.x86_64 along with ipa-server-4.4.0-7.el7.x86_64 and i don't see a crash yet.

But I would like to keep the machine running for the day before marking this as VERIFIED.

Comment 10 Sudhir Menon 2016-08-17 17:41:00 UTC
Segfault message is not seen anymore. Verified on RHEL7.3 using

sssd-1.14.0-18.el7.x86_64
ipa-server-4.4.0-7.el7.x86_64

Comment 12 errata-xmlrpc 2016-11-04 07:20:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html


Note You need to log in before you can comment on or make changes to this bug.