Bug 1930538

Summary: [abrt] [faf] sssd: tevent_common_insert_timer(): /usr/libexec/sssd/sssd_be killed by 11
Product: Red Hat Enterprise Linux 8 Reporter: Steeve Goveas <sgoveas>
Component: libteventAssignee: Andreas Schneider <asn>
Status: CLOSED INSUFFICIENT_DATA QA Contact: sssd-qe <sssd-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: aboscatt, asn, atikhono, dkarpele, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/2afcb732a314b0ad387528c67f6b06fb734b2998/
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-13 19:57:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
coredump and other files none

Description Steeve Goveas 2021-02-19 05:47:08 UTC 
Created attachment 1757992 [details]
coredump and other files

This bug has been created based on an anonymous crash report requested by the package maintainer.

Report URL: http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/2afcb732a314b0ad387528c67f6b06fb734b2998/

http://faf.lab.eng.brq.redhat.com/faf/reports/20492/
Comment 1 Alexey Tikhonov 2021-04-20 14:54:32 UTC 
#0  0x000003ff8538c97a in tevent_common_insert_timer (ev=0x2aa2526e7d0, te=0x2aa252bd540, optimize_zero=<optimized out>) at ../../tevent_timed.c:219
#1  0x000003ff8538cade in tevent_common_add_timer_internal (ev=0x2aa2526e7d0, mem_ctx=<optimized out>, next_event=..., handler=<optimized out>, 
    private_data=private_data@entry=0x2aa252bab30, handler_name=0x3ff854ae962 "sbus_dispatch", 
    location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119", optimize_zero=true) at ../../tevent_timed.c:254
#2  0x000003ff8538ccc8 in tevent_common_add_timer_v2 (ev=<optimized out>, mem_ctx=<optimized out>, 
    next_event=<error reading variable: value has been optimized out>, handler=<optimized out>, private_data=0x2aa252bab30, 
    handler_name=0x3ff854ae962 "sbus_dispatch", location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119") at ../../tevent_timed.c:296
#3  0x000003ff85386b32 in _tevent_add_timer (ev=<optimized out>, mem_ctx=mem_ctx@entry=0x2aa252bab30, 
    next_event=<error reading variable: value has been optimized out>, handler=handler@entry=0x3ff85496ff0 <sbus_dispatch>, 
    private_data=private_data@entry=0x2aa252bab30, handler_name=0x3ff854ae962 "sbus_dispatch", 
    location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119") at ../../tevent.c:639
#4  0x000003ff85496f64 in sbus_dispatch_schedule (conn=0x2aa252bab30, usecs=<optimized out>) at src/sbus/connection/sbus_dispatcher.c:119
119	    te = tevent_add_timer(conn->ev, conn, tv, sbus_dispatch, conn);
#5  0x000003ff85298cca in _dbus_connection_send_and_unlock () from /lib64/libdbus-1.so.3
#6  0x000003ff85497d10 in sbus_reply (reply=0x2aa25350cf0, conn=<optimized out>) at src/sbus/connection/sbus_send.c:216
#7  sbus_reply (conn=<optimized out>, reply=0x2aa25350cf0) at src/sbus/connection/sbus_send.c:208
#8  0x000003ff854a70b8 in sbus_issue_request_done (subreq=0x0) at src/sbus/router/sbus_router_handler.c:150
#9  0x000003ff854a3ce4 in sbus_request_notify_success (table=<optimized out>, key=<optimized out>, req=req@entry=0x2aa25336a30, 
    messages_fn=messages_fn@entry=0x3ff854a3800 <sbus_request_messages>, reply=reply@entry=0x2aa25350cf0) at src/sbus/request/sbus_request.c:284
#10 0x000003ff854a3d8a in sbus_incoming_request_done (subreq=0x0) at src/sbus/request/sbus_request.c:539
#11 0x000003ff8538cf34 in tevent_common_invoke_timer_handler (te=te@entry=0x2aa25312da0, current_time=..., removed=removed@entry=0x0)
    at ../../tevent_timed.c:370


(gdb) frame
#0  0x000003ff8538c97a in tevent_common_insert_timer (ev=0x2aa2526e7d0, te=0x2aa252bd540, optimize_zero=<optimized out>) at ../../tevent_timed.c:219
219		DLIST_ADD_AFTER(ev->timer_events, te, prev_te);


(gdb) p te
$11 = (struct tevent_timer *) 0x2aa252bd540

(gdb) p te->next
$10 = (struct tevent_timer *) 0x800002aa252e8850
  -- this ^^ value is from prev_te->next (prev_te == 0x2aa25356d90)

(gdb) p *(te->next)
Cannot access memory at address 0x800002aa252e8850
Comment 2 Alexey Tikhonov 2021-04-20 15:14:43 UTC 
http://faf.lab.eng.brq.redhat.com/faf/reports/16520 might be similar.
Comment 4 Andreas Schneider 2021-08-04 09:27:03 UTC 
Can you please report this upstream?
Comment 5 Alexey Tikhonov 2021-10-11 18:52:41 UTC 
https://bugzilla.samba.org/show_bug.cgi?id=14860