sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()

Bug #981125 reported by Jason Sharp on 2012-04-13
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Fix Released
sssd (Ubuntu)
Timo Aaltonen

Bug Description

Fixes a crash with LDAP nested groups.

[Test case]
not easy to describe.. use nested groups, and you might hit this

[Regression potential]
small, it's been on the upstream release for many moons now.

[Other info]

included upstream in 1.8.4 release


Ubuntu 12.04 Developement
  Installed: 1.8.2-0ubuntu1
  Candidate: 1.8.2-0ubuntu1
  Version table:
 *** 1.8.2-0ubuntu1 0
        500 http://apt/ubuntu/ precise/universe amd64 Packages
        500 http://apt/security/ precise/universe amd64 Packages
        100 /var/lib/dpkg/status

Apr 13 12:20:41 lup-jsharp01 kernel: [ 7881.505389] sssd_be[1001] general protection ip:7fbd3d714500 sp:7fff2461f358 error:0 in[7fbd3d711000+b000]

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: sssd 1.8.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu2
Architecture: amd64
Date: Fri Apr 13 12:20:41 2012
ExecutablePath: /usr/lib/sssd/sssd/sssd_be
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcCmdline: /usr/lib/sssd/sssd/sssd_be --domain drwholdings --debug-to-files
 PATH=(custom, no user)
 Segfault happened at: 0x7fbd3d714500 <_tevent_schedule_immediate>: mov (%rsi),%rax
 PC (0x7fbd3d714500) ok
 source "(%rsi)" (0x656863694d3d4e43) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: sssd
 _tevent_schedule_immediate () from /usr/lib/x86_64-linux-gnu/
 tevent_req_post () from /usr/lib/x86_64-linux-gnu/
 ?? () from /usr/lib/x86_64-linux-gnu/sssd/
 ?? () from /usr/lib/x86_64-linux-gnu/sssd/
 ?? () from /usr/lib/x86_64-linux-gnu/sssd/
Title: sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()
UpgradeStatus: Upgraded to precise on 2012-04-12 (0 days ago)

Jason Sharp (jsharp) wrote :

 _tevent_schedule_immediate (im=0x1687750, ev=0x656863694d3d4e43, handler=0x7fbd3d7155a0 <tevent_req_trigger>, private_data=0x1196170, handler_name=0x7fbd3d71905e "tevent_req_trigger", location=0x7fbd3d71904a "../tevent_req.c:174") at ../tevent.c:413
 tevent_req_post (req=0x1196170, ev=<optimized out>) at ../tevent_req.c:173
 sdap_nested_group_lookup_group (req=0x1196170) at ../src/providers/ldap/sdap_async_groups.c:2589
 sdap_nested_group_lookup_user (req=0x1196170, fn=0x7fbd349d3330 <sdap_nested_group_process_ldap_user>) at ../src/providers/ldap/sdap_async_groups.c:2490
 sdap_nested_group_process_noderef (req=0x1196170) at ../src/providers/ldap/sdap_async_groups.c:2460

Changed in sssd (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Timo Aaltonen (tjaalton) wrote :

thanks, sent it upstream

Changed in sssd (Ubuntu):
importance: Medium → High
status: New → Triaged
Changed in sssd:
status: Unknown → New
Timo Aaltonen (tjaalton) wrote :

fixed in git

visibility: private → public
Changed in sssd (Ubuntu):
status: Triaged → Fix Committed
Changed in sssd:
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package sssd - 1.8.3-0ubuntu1

sssd (1.8.3-0ubuntu1) quantal; urgency=low

  * Merge from Debian git, remaining changes:
    - control, rules: Drop libsemanage-dev from build-depends, it's not
      in main. Configure --with-semanage=no.

sssd (1.8.3-1) UNRELEASED; urgency=low

  * New upstream bugfix release 1.8.2.
    - Several fixes to case-insensitive domain functions
    - Fix for GSSAPI binds when the keytab contains unrelated
    - Fixed several segfaults
    - Workarounds added for LDAP servers with unreadable RootDSE
    - SSH knownhostproxy will no longer enter an infinite loop
      preventing login
    - The provided SYSV init script now starts SSSD earlier at startup
      and stops it later during shutdown
    - Assorted minor fixes for issues discovered by static analysis
  * New upstream bugfix release 1.8.3.
    - Numerous manpage and translation updates
    - LDAP: Handle situations where the RootDSE isn't available anonymously
    - LDAP: Fix regression for users using non-standard LDAP attributes for
      user information
  * control: Move the dependency of libsasl2-modules-gssapi-mit to
  * control: sssd works with Heimdal gssapi modules too, add
    libsasl2-modules-gssapi-mit as an option for the Recommends.
    (LP: #966146)
  * libpam-sss.pam-auth-update:
    - Drop the dependency to 128, since pam_sss should always be below
      pam_unix. (LP: #957486)
    - Drop 'use_authtok' from the password stack, since it only works when
      pam_cracklib is installed. This will allow password changes on the
      default install.
  * sssd.postrm: Try to remove /etc/sssd only if it exists.
    (Closes: #666226)
  * Add disabled by default Apparmor profile (LP: #933342)
    - debian/ load the profile during pre-start
    - add debian/apparmor-profile, install to /etc/apparmor.d
    - debian/rules: use dh_apparmor to install profile before sssd is
    - debian/control: sssd Suggests apparmor (>= 2.3)
    - debian/control: Add dh-apparmor to build-depends
    - debian/sssd.preinst: disable profile on clean install or upgrades
      from earlier than when we shipped the profile
  * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is
    identical across all archs. (Closes: #670019)
  * control: Add build-depends on libnl-dev to enable Netlink support.
  * control: Add build-depends on libkeyutil-dev to enable support for
    kernel keyring manipulation.
  * sssd.logrotate: Rotate logs weekly, keep four previous rotations.
    (Closes: #672984)
  * Pull patches from the stable branch to fix an issue that results in broken
    credential cache (LP: #985031)
    - patches/fix-upstream-1298.diff
      If canon'ing principals, write ccache with updated default principal
    - patches/fix-upstream-1297.diff
      Limit krb5_get_init_creds_keytab() to etypes in keytab
    - patches/fix-upstream-1330.diff
      KRB5: Avoid NULL-dereference with empty keytab
  * patches/fix-upstream-1343.diff
    - LDAP nested groups: Do not process callback with _post deep in the nested
      structure (LP: #981125)


Changed in sssd (Ubuntu):
status: Fix Committed → Fix Released
Timo Aaltonen (tjaalton) on 2012-05-24
Changed in sssd (Ubuntu Precise):
importance: Undecided → High
status: New → In Progress
assignee: nobody → Timo Aaltonen (tjaalton)
Timo Aaltonen (tjaalton) wrote :

Uploaded a new packagefor precise to

please test, it'll get SRU'd next.

Changed in sssd (Ubuntu Precise):
status: In Progress → Incomplete
Timo Aaltonen (tjaalton) on 2012-12-04
description: updated
Timo Aaltonen (tjaalton) on 2012-12-04
Changed in sssd (Ubuntu Precise):
status: Incomplete → In Progress

Hello Jason, or anyone else affected,

Accepted sssd into precise-proposed. The package will build now and be available at in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at . Thank you in advance!

Changed in sssd (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Timo Aaltonen (tjaalton) wrote :

I've gone ahead and marked it verification-done, since we inherited this from the new upstream release, and it's pretty hard to hit anyway..

tags: added: verification-done
removed: verification-needed
Timo Aaltonen (tjaalton) wrote :

This bug was fixed in the package sssd - 1.8.6-0ubuntu0.2

sssd (1.8.6-0ubuntu0.2) precise-proposed; urgency=low

  * rules: Really install the new pam-auth-update file for password
    changes. (LP: #1086272)
  * rules: Pass --datadir, so the path in autogenerated python files is
    correctly substituted. (LP: #1079938)

Changed in sssd (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.