Bug 1930538 - [abrt] [faf] sssd: tevent_common_insert_timer(): /usr/libexec/sssd/sssd_be killed by 11
Summary: [abrt] [faf] sssd: tevent_common_insert_timer(): /usr/libexec/sssd/sssd_be ki...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: libtevent
Version: 8.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Andreas Schneider
QA Contact: sssd-qe
URL: http://faf.lab.eng.brq.redhat.com/faf...
Depends On:
TreeView+ depends on / blocked
Reported: 2021-02-19 05:47 UTC by Steeve Goveas
Modified: 2021-12-08 12:29 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
coredump and other files (768.29 KB, application/gzip)
2021-02-19 05:47 UTC, Steeve Goveas
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SSSD-4082 0 None None None 2021-12-08 12:29:51 UTC
Samba Project 14860 0 None None None 2021-10-11 18:52:41 UTC

Description Steeve Goveas 2021-02-19 05:47:08 UTC
Created attachment 1757992 [details]
coredump and other files

This bug has been created based on an anonymous crash report requested by the package maintainer.

Report URL: http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/2afcb732a314b0ad387528c67f6b06fb734b2998/


Comment 1 Alexey Tikhonov 2021-04-20 14:54:32 UTC
#0  0x000003ff8538c97a in tevent_common_insert_timer (ev=0x2aa2526e7d0, te=0x2aa252bd540, optimize_zero=<optimized out>) at ../../tevent_timed.c:219
#1  0x000003ff8538cade in tevent_common_add_timer_internal (ev=0x2aa2526e7d0, mem_ctx=<optimized out>, next_event=..., handler=<optimized out>, 
    private_data=private_data@entry=0x2aa252bab30, handler_name=0x3ff854ae962 "sbus_dispatch", 
    location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119", optimize_zero=true) at ../../tevent_timed.c:254
#2  0x000003ff8538ccc8 in tevent_common_add_timer_v2 (ev=<optimized out>, mem_ctx=<optimized out>, 
    next_event=<error reading variable: value has been optimized out>, handler=<optimized out>, private_data=0x2aa252bab30, 
    handler_name=0x3ff854ae962 "sbus_dispatch", location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119") at ../../tevent_timed.c:296
#3  0x000003ff85386b32 in _tevent_add_timer (ev=<optimized out>, mem_ctx=mem_ctx@entry=0x2aa252bab30, 
    next_event=<error reading variable: value has been optimized out>, handler=handler@entry=0x3ff85496ff0 <sbus_dispatch>, 
    private_data=private_data@entry=0x2aa252bab30, handler_name=0x3ff854ae962 "sbus_dispatch", 
    location=0x3ff854ae938 "src/sbus/connection/sbus_dispatcher.c:119") at ../../tevent.c:639
#4  0x000003ff85496f64 in sbus_dispatch_schedule (conn=0x2aa252bab30, usecs=<optimized out>) at src/sbus/connection/sbus_dispatcher.c:119
119	    te = tevent_add_timer(conn->ev, conn, tv, sbus_dispatch, conn);
#5  0x000003ff85298cca in _dbus_connection_send_and_unlock () from /lib64/libdbus-1.so.3
#6  0x000003ff85497d10 in sbus_reply (reply=0x2aa25350cf0, conn=<optimized out>) at src/sbus/connection/sbus_send.c:216
#7  sbus_reply (conn=<optimized out>, reply=0x2aa25350cf0) at src/sbus/connection/sbus_send.c:208
#8  0x000003ff854a70b8 in sbus_issue_request_done (subreq=0x0) at src/sbus/router/sbus_router_handler.c:150
#9  0x000003ff854a3ce4 in sbus_request_notify_success (table=<optimized out>, key=<optimized out>, req=req@entry=0x2aa25336a30, 
    messages_fn=messages_fn@entry=0x3ff854a3800 <sbus_request_messages>, reply=reply@entry=0x2aa25350cf0) at src/sbus/request/sbus_request.c:284
#10 0x000003ff854a3d8a in sbus_incoming_request_done (subreq=0x0) at src/sbus/request/sbus_request.c:539
#11 0x000003ff8538cf34 in tevent_common_invoke_timer_handler (te=te@entry=0x2aa25312da0, current_time=..., removed=removed@entry=0x0)
    at ../../tevent_timed.c:370

(gdb) frame
#0  0x000003ff8538c97a in tevent_common_insert_timer (ev=0x2aa2526e7d0, te=0x2aa252bd540, optimize_zero=<optimized out>) at ../../tevent_timed.c:219
219		DLIST_ADD_AFTER(ev->timer_events, te, prev_te);

(gdb) p te
$11 = (struct tevent_timer *) 0x2aa252bd540

(gdb) p te->next
$10 = (struct tevent_timer *) 0x800002aa252e8850
  -- this ^^ value is from prev_te->next (prev_te == 0x2aa25356d90)

(gdb) p *(te->next)
Cannot access memory at address 0x800002aa252e8850

Comment 2 Alexey Tikhonov 2021-04-20 15:14:43 UTC
http://faf.lab.eng.brq.redhat.com/faf/reports/16520 might be similar.

Comment 4 Andreas Schneider 2021-08-04 09:27:03 UTC
Can you please report this upstream?

Comment 5 Alexey Tikhonov 2021-10-11 18:52:41 UTC

Note You need to log in before you can comment on or make changes to this bug.