ipadb.so should not crash
segfault at 1c ip 00007f1b7b2b2d29 sp 00007fffd3132430 error 4 in ipadb.so[7f1b7b2ab000+18000]
1. 2. 3.
crashes
should not crash
ipa-server-4.6.5-11.el7_7.4.x86_64 ipa-client-4.6.5-11.el7_7.4.x86_64 389-ds-base-1.3.9.1-13.el7_7.x86_64 pki-ca-10.5.16-6.el7_7.noarch krb5-server-1.15.1-37.el7_7.2.x86_64
these seem to be the last log entries before the crash
Apr 30 16:13:57 ipa-1.example.com krb5kdc3136: TGS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 172.21.58.188: ISSUE: authtime 1588256037, etypes {rep=18 tkt=18 ses=18}, host/foreman-3.example.com@EXAMPLE.COM for ldap/ipa-1.example.com@EXAMPLE.COM Apr 30 16:13:57 ipa-1.example.com krb5kdc3136: closing down fd 10 Apr 30 16:15:26 ipa-1.example.com krb5kdc3135: worker 3136 exited with status 139
Please look for a core dump, install the relevant debuginfo and obtain a stack trace from the core.
here are the two back traces, from the two core files:
(gdb) bt #0 0x00007f1b7b2b2d29 in maybe_require_preauth.isra.4 () from /usr/lib64/krb5/plugins/kdb/ipadb.so #1 0x00007f1b7b2b2e98 in ipadb_fetch_tktpolicy () from /usr/lib64/krb5/plugins/kdb/ipadb.so #2 0x00007f1b7b2b5285 in ipadb_get_principal () from /usr/lib64/krb5/plugins/kdb/ipadb.so #3 0x00007f1b83a2cb57 in krb5_db_get_principal (kcontext=0x560d29091790, search_for=0x560d291ac740, flags=8304, entry=entry@entry=0x560d291ad450) at kdb5.c:803 #4 0x0000560d28183254 in process_as_req (request=0x560d291c2ef0, req_pkt=0x560d2908cae8, from=0x560d291c2138, kdc_active_realm=0x560d29059ed0, vctx=0x560d29041cf0, respond=<optimized out>, arg=0x560d290a7dc0) at do_as_req.c:621 #5 0x0000560d28181d92 in dispatch (cb=0x560d2839f2c0 <shandle>, local_saddr=<optimized out>, from=0x560d291c2138, pkt=pkt@entry=0x560d2908cae8, is_tcp=is_tcp@entry=1, vctx=vctx@entry=0x560d29041cf0, respond=respond@entry=0x560d28195630 <process_tcp_response>, arg=arg@entry=0x560d2908ca60) at dispatch.c:227 #6 0x0000560d28195910 in process_tcp_connection_read (ctx=0x560d29041cf0, ev=0x560d290aa080) at net-server.c:1409 #7 0x00007f1b8223ccd8 in verto_fire () from /lib64/libverto.so.1 #8 0x00007f1b7a4ce3a3 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0 #9 0x00007f1b7a4d4527 in epoll_event_loop_once () from /lib64/libtevent.so.0 #10 0x00007f1b7a4d27b7 in std_event_loop_once () from /lib64/libtevent.so.0 #11 0x00007f1b7a4cdb5d in _tevent_loop_once () from /lib64/libtevent.so.0 #12 0x00007f1b8223c4af in verto_run () from /lib64/libverto.so.1 #13 0x0000560d28180ab6 in main (argc=5, argv=0x7fffd3132d68) at main.c:1072
(gdb) bt #0 0x00007f1b7b2b2d29 in maybe_require_preauth.isra.4 () from /usr/lib64/krb5/plugins/kdb/ipadb.so #1 0x00007f1b7b2b2e98 in ipadb_fetch_tktpolicy () from /usr/lib64/krb5/plugins/kdb/ipadb.so #2 0x00007f1b7b2b5285 in ipadb_get_principal () from /usr/lib64/krb5/plugins/kdb/ipadb.so #3 0x00007f1b83a2cb57 in krb5_db_get_principal (kcontext=0x560d29091790, search_for=search_for@entry=0x560d2908f060, flags=flags@entry=8208, entry=entry@entry=0x7fffd3132688) at kdb5.c:803 #4 0x0000560d28184561 in db_get_svc_princ (status=0x7fffd31326a8, server=0x7fffd3132688, flags=<optimized out>, princ=0x560d2908f060, ctx=<optimized out>) at do_tgs_req.c:1255 #5 search_sprinc (status=0x7fffd31326a8, server=0x7fffd3132688, flags=<optimized out>, req=0x560d2905a4e0, kdc_active_realm=0x560d29059ed0) at do_tgs_req.c:1279 #6 process_tgs_req (handle=handle@entry=0x560d2839f2c0 <shandle>, pkt=pkt@entry=0x560d291ca098, from=from@entry=0x560d29090518, response=response@entry=0x7fffd3132988) at do_tgs_req.c:254 #7 0x0000560d28181db3 in dispatch (cb=0x560d2839f2c0 <shandle>, local_saddr=<optimized out>, from=0x560d29090518, pkt=pkt@entry=0x560d291ca098, is_tcp=is_tcp@entry=1, vctx=vctx@entry=0x560d29041cf0, respond=respond@entry=0x560d28195630 <process_tcp_response>, arg=arg@entry=0x560d291ca010) at dispatch.c:217 #8 0x0000560d28195910 in process_tcp_connection_read (ctx=0x560d29041cf0, ev=0x560d29041fb0) at net-server.c:1409 #9 0x00007f1b8223ccd8 in verto_fire () from /lib64/libverto.so.1 #10 0x00007f1b7a4ce3a3 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0 #11 0x00007f1b7a4d4527 in epoll_event_loop_once () from /lib64/libtevent.so.0 #12 0x00007f1b7a4d27b7 in std_event_loop_once () from /lib64/libtevent.so.0 #13 0x00007f1b7a4cdb5d in _tevent_loop_once () from /lib64/libtevent.so.0 #14 0x00007f1b8223c4af in verto_run () from /lib64/libverto.so.1 #15 0x0000560d28180ab6 in main (argc=5, argv=0x7fffd3132d68) at main.c:1072
if needed, i can also provide the core files.
It looks like you are running RHEL 7.4 without fix 95f50d7
actually this is: Red Hat Enterprise Linux Server release 7.7 (Maipo)
with "krb5-server-1.15.1-37.el7_7.2.x86_64"
which from what i can tell by looking and the the yum repo, is the latest version of this package.
A fix for the NULL pointer deref is available in FreeIPA 4.6, 4.7, 4.8, and master. It was backported to RHEL 7.8 with 0019-Fix-NULL-pointer-dereference-in-maybe_require_preaut.patch as part of https://bugzilla.redhat.com/show_bug.cgi?id=1729638 . Please update to ipa-4.6.6-7 or newer.
0019-Fix-NULL-pointer-dereference-in-maybe_require_preaut.patch
Metadata Update from @cheimes: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1729638 - Issue set to the milestone: FreeIPA 4.6
RHEL 7.8 is GA since end of March 2020, https://access.redhat.com/announcements/4938281
ok, we will update to RHEL7.8
Metadata Update from @schlitzered: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.