fedora-infrastructure

Clone
Source Code
GIT

#10714 pagure crash in oidc https auth on src/pkgs
Closed: Upstream 2 years ago by kevin. Opened 2 years ago by kevin.

Closed: Upstream
Reopen Issue

I'm getting a 502 trying to push some changes to git on src.fedoraproject.org.

git push
fatal: unable to access 'https://src.fedoraproject.org/rpms/xfdesktop.git/': The requested URL return
ed error: 502

This is from a segfault:

[Sun May 22 23:31:12.480635 2022] [core:notice] [pid 1156:tid 140288479111488] AH00052: child pid 89434 exit signal Segmentation fault (11)

I got a gdb trace: 

#0  0x0000000000000000 in ?? ()
#1  0x00007f9763607019 in jv_nomem_handler () from target:/lib64/libjq.so.1
#2  0x00007f976360010d in jq_compile_args () from target:/lib64/libjq.so.1
#3  0x00007f9763f10b6d in oidc_authz_match_claims_expr ()
   from target:/etc/httpd/modules/mod_auth_openidc.so
#4  0x00007f9763f10fbf in oidc_authz_worker24 () from target:/etc/httpd/modules/mod_auth_openidc.so
#5  0x00007f9763f38eaa in oidc_authz_checker () from target:/etc/httpd/modules/mod_auth_openidc.so
#6  0x00007f977019bd61 in apply_authz_sections () from target:/etc/httpd/modules/mod_authz_core.so
#7  0x00007f977019be45 in apply_authz_sections () from target:/etc/httpd/modules/mod_authz_core.so
#8  0x00007f977019c11a in authorize_user_core () from target:/etc/httpd/modules/mod_authz_core.so
#9  0x0000562340ed92e8 in ap_run_auth_checker ()
#10 0x0000562340edb8bc in ap_process_request_internal ()
#11 0x0000562340efa840 in ap_process_async_request ()
#12 0x0000562340ef6ce0 in ap_process_http_connection ()
#13 0x0000562340eed0c8 in ap_run_process_connection ()
#14 0x00007f97687a5a47 in process_socket () from target:/etc/httpd/modules/mod_mpm_event.so
#15 0x00007f97687a63ea in worker_thread () from target:/etc/httpd/modules/mod_mpm_event.so
#16 0x00007f9773a851cf in start_thread () from target:/lib64/libpthread.so.0
#17 0x00007f97734edd83 in clone () from target:/lib64/libc.so.6

Downgrading to mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64 looks like it might work around the issue.

If so, we need to file a rhel bug on it to get it fixed.

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
2 years ago

Metadata Update from @zlopez:
- Issue tagged with: Needs investigation
2 years ago

I'm affected by the same issue, the issue appeared between 2022-05-15 and 2022-05-25 if it helps somehow (can't track it more exactly due to my vacation).

ok. I looked more into this.

It definitely seems caused by the new jq version. I was thinking it wasn't before, but you need to actually restart httpd when you downgrade. Just reloading keeps the old module in place.

I've downgraded src/pkgs to the old version and filed https://bugzilla.redhat.com/show_bug.cgi?id=2092160 on jq in rhel8.6.

Metadata Update from @kevin:
- Issue close_status updated to: Upstream
- Issue status updated to: Closed (was: Open)
2 years ago

Login to comment on this ticket.

Metadata
None

Needs investigation

None
None
Waiting on Assignee
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.