Bug 56868 – slapd crashes with segfault error 4 in libc-2.28.so

Bug 56868 - slapd crashes with segfault error 4 in libc-2.28.so


Summary:	slapd crashes with segfault error 4 in libc-2.28.so

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 major (vote)
Target Milestone:	UCS 5.0-6-errata
Assigned To:	Arvid Requate
QA Contact:	Florian Best

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-11-23 11:50 CET by Wolfgang Bayrhof
Modified:	2024-01-12 08:52 CET (History)
CC List:	4 users (show)

See Also:	43732 46862
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.171
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023110221000385
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Bayrhof

2023-11-23 11:50:33 CET

The crash occurs sporadically on more than one dc with UCS 5.0-5 errata857 in the same environment. After the crash the slapd must be restarted. 

This can be found in the syslog:

kernel: [395685.642153] slapd[1134]: segfault at 65640042005d ip 00007ff928034b7d sp 00007ff812ffc100 error 4 in libc-2.28.so[7ff927fd2000+147000]
kernel: [395685.642174] Code: 89 ee 48 89 df 5b 5d e9 11 fd ff ff 90 53 48 83 ec 10 48 8b 05 8c 53 13 00 48 8b 00 48 85 c0 0f 85 88 00 00 00 48 85 ff 74 73 <48> 8b 47 f8 48 8d 77 f0 a8 02 75 37 48 8b 15 e8 51 13 00 64 48 83
systemd[1]: slapd.service: Main process exited, code=killed, status=11/SEGV
systemd[1]: slapd.service: Failed with result 'signal'.

Comment 1 Florian Best

2023-11-23 12:26:58 CET

We need more information:
Please let a core dump be created and then at least give us a backtrace ("thread apply all bt" command in gdb, best with LDAP *-dbg packages installed).
A USI is helpful as well.
Is the ppolicy overlay module activated?
Are any cool solutions installed?
which apps are installed? "univention-app info"

Comment 2 Arvid Requate

2023-11-29 11:15:07 CET

Backtrace of all threads is attached to the ticket.

The core dump occurs in a code path that involves a call to "_gss_ntlm_acquire_cred" and the client
appears t be a Microsoft Windows client.

I analyzed the backtrace again and found that three of the threads show the usage of "GSS-SPNEGO"
as SASL mech (maybe as default). Felix research for Bug 43732 may help here to avoid this code path.
So I recommended that the customer checks if the issue persists after adjusting the following:

echo "mech_list: EXTERNAL gssapi DIGEST-MD5 CRAM-MD5 LOGIN SAML PLAIN" \
    >> /etc/ldap/sasl2/slapd.conf
systemctl restart slapd.server

Comment 3 Wolfgang Bayrhof

2023-12-28 17:08:11 CET

The customer informed us that there have been no more crashes since adding the mech_list.

Comment 4 Arvid Requate

2024-01-02 13:50:22 CET

2678fa4ad6 | New UCR variable ldap/server/sasl/mech_list

Package built

Package: univention-management-console
Version: 12.0.32-3
Branch: ucs_5.0-0
Scope: errata5.0-6

Comment 5 Florian Best

2024-01-03 17:44:49 CET

OK: SASL server mechanisms are configurable via UCRv ldap/server/sasl/mech_list
OK: change of default removes NTLM and GSS-SPNEGO:
# ldapsearch -LLLx -b '' -s base supportedSASLMechanisms                                                                                                                                                                        
dn:
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
# univention-upgrade
# systemctl restart slapd.service
# ldapsearch -LLLx -b '' -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

OK: NTLM: Not provided by slapd at all.
OK: GSS-SPNEGO (Simple and Protected GSS-API Negotiation): causes the above error, chosen by windows client where we don't have the control over the clients chose.
We don't specify anything preferred SASL_MECH in our client conf /etc/ldap/ldap.conf.
OK: Code review
OK: no slapd restart during/after the upgrade. Change will apply with the next restart.
REOPEN: No advisory YAML exists.

Comment 6 Florian Best

2024-01-03 17:56:45 CET

Maybe related: Bug #46862

Comment 7 Arvid Requate

2024-01-04 10:23:23 CET

Sorry, the advisory was still sitting on my notebook, now I checked it in: 

19e47afed2 | Advisory

Comment 8 Florian Best

2024-01-04 10:49:17 CET

OK: Advisory

Comment 9 Mirac Erdemiroglu

2024-01-12 08:52:08 CET

Bug is fixed with Erratum 914
https://errata.software-univention.de/#/?erratum=5.0x914