[Pkg-sssd-devel] Bug#839087: 'su Debian-exim' causes sssd (LDAP) to segfault
Anthony DeRobertis
aderobertis at metrics.net
Wed Sep 28 18:20:44 UTC 2016
Package: sssd-common
Version: 1.13.4-3
Severity: important
File: /usr/lib/x86_64-linux-gnu/sssd/sssd_be
Running a su to Debian-exim causes sssd to crash. Same with any other
system (non-LDAP) user.
Here is a backtract from systemd-coredump:
Sep 28 14:00:04 Toma systemd-coredump[12419]: Process 12375 (sssd_be) of
user 0 dumped core.
Stack trace of thread 12375:
#0 0x00007f47d9ff12e4 sysdb_attrs_get_el_ext (libsss_util.so)
#1 0x00007f47d37de9d6 sdap_attrs_get_sid_str (libsss_ldap_common.so)
#2 0x00007f47d37eb4a8 sdap_save_user (libsss_ldap_common.so)
#3 0x00007f47d37fca37 sdap_get_initgr_user (libsss_ldap_common.so)
#4 0x00007f47d37e6058 generic_ext_search_handler (libsss_ldap_common.so)
#5 0x00007f47d37e8538 sdap_get_generic_op_finished (libsss_ldap_common.so)
#6 0x00007f47d37e6fbd sdap_process_message (libsss_ldap_common.so)
#7 0x00007f47dc22db13 n/a (libtevent.so.0)
#8 0x00007f47dc22c057 n/a (libtevent.so.0)
#9 0x00007f47dc22824d _tevent_loop_once (libtevent.so.0)
#10 0x00007f47dc2283eb tevent_common_loop_wait (libtevent.so.0)
#11 0x00007f47dc22bff7 n/a (libtevent.so.0)
#12 0x00007f47da01d5c3 server_loop (libsss_util.so)
#13 0x00000000004064c2 main (sssd_be)
#14 0x00007f47d9648700 __libc_start_main (libc.so.6)
#15 0x0000000000406549 _start (sssd_be)
Here is back tracing a different time it crashed in gdb from the
generated core file:
Script started on Wed 28 Sep 2016 02:02:49 PM EDT
GNU gdb (Debian 7.11.1-2) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/x86_64-linux-gnu/sssd/sssd_be...Reading
symbols from
/usr/lib/debug/.build-id/66/6b38d665518968815d2d9d928c80452a48afb4.debug...done.
done.
[New LWP 2528]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain
metrics.net --uid 0 --gid 0 --d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 sysdb_attrs_get_el_ext (attrs=attrs at entry=0x0,
name=name at entry=0x7f149683ac6c "objectSID", alloc=alloc at entry=true,
el=el at entry=0x7ffff83f9268)
at ../src/db/sysdb.c:326
326 for (i = 0; i < attrs->num; i++) {
(gdb) bt full
#0 sysdb_attrs_get_el_ext (attrs=attrs at entry=0x0,
name=name at entry=0x7f149683ac6c "objectSID", alloc=alloc at entry=true,
el=el at entry=0x7ffff83f9268)
at ../src/db/sysdb.c:326
e = 0x0
i = 0
#1 0x00007f149d00645d in sysdb_attrs_get_el (attrs=attrs at entry=0x0,
name=name at entry=0x7f149683ac6c "objectSID", el=el at entry=0x7ffff83f9268)
at ../src/db/sysdb.c:360
No locals.
#2 0x00007f14967f39d6 in sdap_attrs_get_sid_str
(mem_ctx=mem_ctx at entry=0x21e00b0, idmap_ctx=0x21cf590,
sysdb_attrs=sysdb_attrs at entry=0x0, sid_attr=0x7f149683ac6c
"objectSID", _sid_str=_sid_str at entry=0x7ffff83f9358) at
../src/providers/ldap/ldap_common.c:897
ret = <optimized out>
err = <optimized out>
el = 0x7f149f02b9ce <_talloc_zero+286>
sid_str = 0x10 <error: Cannot access memory at address 0x10>
__FUNCTION__ = "sdap_attrs_get_sid_str"
#3 0x00007f14968004a8 in sdap_save_user (memctx=memctx at entry=0x21feae0,
opts=0x21c8c90, dom=0x21c2730, attrs=0x0,
_usn_value=_usn_value at entry=0x0, now=now at entry=0) at
../src/providers/ldap/sdap_async_users.c:160
el = 0x7f1496e00f1c <ltdb_index_transaction_start+44>
ret = <optimized out>
user_name = 0x0
fullname = 0x0
pwd = <optimized out>
gecos = <optimized out>
homedir = <optimized out>
shell = <optimized out>
orig_dn = 0x0
uid = 0
gid = 0
user_attrs = 0x21e0120
upn = 0x0
i = <optimized out>
cache_timeout = <optimized out>
usn_value = 0x0
missing = 0x0
tmpctx = 0x21e00b0
use_id_mapping = <optimized out>
sid_str = 0x21c0bc0 "\340\317\032\002"
subdomain = <optimized out>
__FUNCTION__ = "sdap_save_user"
#4 0x00007f1496811a37 in sdap_get_initgr_user (subreq=0x0) at
../src/providers/ldap/sdap_async_initgroups.c:2896
req = 0x21fe950
state = 0x21feae0
usr_attrs = 0x219c020
count = 0
ret = 0
sret = <optimized out>
orig_dn = 0x21fedb0 ""
cname = 0x7f149683e978 "../src/providers/ldap/sdap_async.c:1646"
in_transaction = true
__FUNCTION__ = "sdap_get_initgr_user"
#5 0x00007f14967fb058 in generic_ext_search_handler (subreq=0x0,
opts=<optimized out>) at ../src/providers/ldap/sdap_async.c:1668
req = 0x21fedb0
ret = <optimized out>
ref_count = 0
i = <optimized out>
refs = 0x0
#6 0x00007f14967fd538 in sdap_get_generic_op_finished (op=<optimized
out>, reply=<optimized out>, error=<optimized out>, pvt=<optimized out>)
at ../src/providers/ldap/sdap_async.c:1561
req = 0x21fe200
state = 0x21fe390
errmsg = 0x0
refs = 0x0
result = 0
ret = <optimized out>
lret = <optimized out>
total_count = 0
---Type <return> to continue, or q <return> to quit---
cookie = {bv_len = 35583168, bv_val = 0x21f1bb0 "\a"}
returned_controls = 0x0
page_control = <optimized out>
__FUNCTION__ = "sdap_get_generic_op_finished"
#7 0x00007f14967fbfbd in sdap_process_message (ev=<optimized out>,
sh=<optimized out>, msg=0x2190f10) at ../src/providers/ldap/sdap_async.c:352
msgtype = 101
ret = 0
reply = 0x21f1bb0
op = 0x21ef4c0
msgid = <optimized out>
#8 sdap_process_result (ev=<optimized out>, pvt=<optimized out>) at
../src/providers/ldap/sdap_async.c:196
sh = <optimized out>
no_timeout = {tv_sec = 0, tv_usec = 0}
te = <optimized out>
msg = 0x2190f10
ret = 101
__FUNCTION__ = "sdap_process_result"
#9 0x00007f149f24192d in tevent_common_loop_timer_delay () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#10 0x00007f149f24295a in ?? () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#11 0x00007f149f241057 in ?? () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#12 0x00007f149f23d24d in _tevent_loop_once () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#13 0x00007f149f23d3eb in tevent_common_loop_wait () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#14 0x00007f149f240ff7 in ?? () from
/usr/lib/x86_64-linux-gnu/libtevent.so.0
No symbol table info available.
#15 0x00007f149d0325c3 in server_loop (main_ctx=0x21a3000) at
../src/util/server.c:673
No locals.
#16 0x00000000004064c2 in main (argc=8, argv=<optimized out>) at
../src/providers/data_provider_be.c:2994
opt = <optimized out>
pc = <optimized out>
be_domain = 0x217ef80 "metrics.net"
srv_name = <optimized out>
main_ctx = 0x21a3000
confdb_path = <optimized out>
ret = <optimized out>
uid = 0
gid = 0
long_options = {{longName = 0x0, shortName = 0 '\000', argInfo
= 4, arg = 0x62a980 <poptHelpOptions>, val = 0, descrip =
0x41b38a "Help options:", argDescrip = 0x0}, {longName = 0x41b398
"debug-level", shortName = 100 'd', argInfo = 2, arg =
0x62aa68 <debug_level>, val = 0, descrip = 0x41b3a4 "Debug level",
argDescrip = 0x0}, {longName = 0x41b3b0 "debug-to-files", shortName =
102 'f', argInfo = 0, arg = 0x62a944 <debug_to_file>, val = 0,
descrip = 0x41cd28 "Send the debug output to files instead of
stderr", argDescrip = 0x0}, {longName = 0x41b3bf "debug-to-stderr",
shortName = 0 '\000', argInfo = 1073741824, arg = 0x62a940
<debug_to_stderr>, val = 0, descrip = 0x41cd60 "Send the debug output to
stderr directly.", argDescrip = 0x0}, {longName = 0x41b3cf
"debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x62aa48
<debug_timestamps>, val = 0, descrip = 0x41b3e0 "Add debug timestamps",
argDescrip = 0x0}, {longName = 0x41b3f5 "debug-microseconds", shortName
= 0 '\000', argInfo = 2, arg = 0x62aa50 <debug_microseconds>, val = 0,
descrip = 0x41cd90 "Show timestamps with microseconds", argDescrip =
0x0}, {longName = 0x41b408 "uid", shortName = 0 '\000', argInfo
= 2, arg = 0x7ffff83f96b8, val = 0, descrip = 0x41cdb8 "The user ID to
run the server as", argDescrip = 0x0}, {
longName = 0x41b40c "gid", shortName = 0 '\000', argInfo =
2, arg = 0x7ffff83f96bc, val = 0, descrip = 0x41cde0 "The
group ID to run the server as", argDescrip = 0x0}, {longName = 0x41d923
"domain", shortName = 0 '\000', argInfo = 1, arg =
0x7ffff83f96c0, val = 0, descrip = 0x41ce08 "Domain of the information
provider (mandatory)", argDescrip = 0x0}, {
longName = 0x0, shortName = 0 '\000', argInfo = 0, arg =
0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
__FUNCTION__ = "main"
(gdb) (gdb) (gdb) down 16
#0 sysdb_attrs_get_el_ext (attrs=attrs at entry=0x0,
name=name at entry=0x7f149683ac6c "objectSID", alloc=alloc at entry=true,
el=el at entry=0x7ffff83f9268)
at ../src/db/sysdb.c:326
326 for (i = 0; i < attrs->num; i++) {
(gdb) up
#1 0x00007f149d00645d in sysdb_attrs_get_el (attrs=attrs at entry=0x0,
name=name at entry=0x7f149683ac6c "objectSID", el=el at entry=0x7ffff83f9268)
at ../src/db/sysdb.c:360
360 return sysdb_attrs_get_el_ext(attrs, name, true, el);
(gdb) p attrs
$1 = (struct sysdb_attrs *) 0x0
(gdb) up
#2 0x00007f14967f39d6 in sdap_attrs_get_sid_str
(mem_ctx=mem_ctx at entry=0x21e00b0, idmap_ctx=0x21cf590,
sysdb_attrs=sysdb_attrs at entry=0x0, sid_attr=0x7f149683ac6c
"objectSID", _sid_str=_sid_str at entry=0x7ffff83f9358) at
../src/providers/ldap/ldap_common.c:897
897 ret = sysdb_attrs_get_el(sysdb_attrs, sid_attr, &el);
(gdb) p sysdb_attrs
$2 = (struct sysdb_attrs *) 0x0
(gdb) up
#3 0x00007f14968004a8 in sdap_save_user (memctx=memctx at entry=0x21feae0,
opts=0x21c8c90, dom=0x21c2730, attrs=0x0,
_usn_value=_usn_value at entry=0x0, now=now at entry=0) at
../src/providers/ldap/sdap_async_users.c:160
160 ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs,
(gdb) p attrs
$3 = (struct sysdb_attrs *) 0x0
(gdb) up
#4 0x00007f1496811a37 in sdap_get_initgr_user (subreq=0x0) at
../src/providers/ldap/sdap_async_initgroups.c:2896
2896 ret = sdap_save_user(state, state->opts, state->dom,
state->orig_user,
(gdb) p *state
$4 = {ev = 0x21a1c30, sysdb = 0x21ac220, opts = 0x21c8c90, dom =
0x21c2730, sdom = 0x21c8d70, sh = 0x21e0c70, id_ctx = 0x21d04a0, conn =
0x21d0530, name = 0x21ebce0 "Debian-exim", grp_attrs = 0x21ef190,
user_attrs = 0x21ef260, user_base_filter = 0x219c280
"(&(uid=Debian-exim)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))",
filter = 0x21ef400
"(&(uid=Debian-exim)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))",
timeout = 6, orig_user = 0x0, user_base_iter = 1, user_search_bases =
0x21ca090, use_id_mapping = false}
(gdb) p state->orig_user
$5 = (struct sysdb_attrs *) 0x0
(gdb) l
2891 }
2892 in_transaction = true;
2893
2894 DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n");
2895
2896 ret = sdap_save_user(state, state->opts, state->dom,
state->orig_user,
2897 NULL, 0);
2898 if (ret) {
2899 goto fail;
2900 }
(gdb) quit
/var/log/sssd fails to contain anything useful (almost entirely empty
files), but I haven't tried turning up the log level.
Script done on Wed 28 Sep 2016 02:03:50 PM EDT
-- System Information:
Debian Release: stretch/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sssd-common depends on:
ii adduser 3.115
ii init-system-helpers 1.45
ii libbasicobjects0 0.6.0-1
ii libc-ares2 1.11.0-1
ii libc6 2.23-5
ii libcollection4 0.6.0-1
ii libcomerr2 1.43.1-1
ii libdbus-1-3 1.10.10-1
ii libdhash1 0.6.0-1
ii libglib2.0-0 2.49.6-1
ii libini-config5 0.6.0-1
ii libk5crypto3 1.14.3+dfsg-2
ii libkeyutils1 1.5.9-9
ii libkrb5-3 1.14.3+dfsg-2
ii libldap-2.4-2 2.4.42+dfsg-2+b2
ii libldb1 2:1.1.26-1
ii libnfsidmap2 0.25-5
ii libnl-3-200 3.2.27-1
ii libnl-route-3-200 3.2.27-1
ii libnspr4 2:4.12-2
ii libnss3 2:3.25-1
ii libpam0g 1.1.8-3.3
ii libpcre3 2:8.39-2
ii libpopt0 1.16-10
ii libref-array1 0.6.0-1
ii libselinux1 2.5-3
ii libsemanage1 2.5-1
ii libsss-idmap0 1.13.4-3
ii libsss-nss-idmap0 1.13.4-3
ii libsystemd0 231-4
ii libtalloc2 2.1.7-1
ii libtdb1 1.3.9-1
ii libtevent0 0.9.28-1
ii python 2.7.11-2
ii python-sss 1.13.4-3
Versions of packages sssd-common recommends:
ii bind9-host 1:9.10.3.dfsg.P4-10.1
ii libnss-sss 1.13.4-3
ii libpam-sss 1.13.4-3
ii libsss-sudo 1.13.4-3
Versions of packages sssd-common suggests:
pn apparmor <none>
ii sssd-tools 1.13.4-3
-- no debconf information
More information about the Pkg-sssd-devel
mailing list