Issue #3454: sssd-kcm crashes with multiple parallel requests - sssd

SSSD / sssd

#3454 sssd-kcm crashes with multiple parallel requests

Closed: duplicate 6 years ago Opened 6 years ago by lslebodn.

Testing of ticket https://pagure.io/SSSD/sssd/issue/3372 revealed another crash in sssd.

==00:00:07:37.734 30982== Invalid read of size 8
==00:00:07:37.734 30982==    at 0x997820C: tevent_req_finish (tevent_req.c:150)
==00:00:07:37.734 30982==    by 0x122366: kcm_op_queue_entry_destructor (kcmsrv_op_queue.c:146)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x99783FF: tevent_req_received (tevent_req.c:255)
==00:00:07:37.734 30982==    by 0x9978438: tevent_req_destructor (tevent_req.c:107)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x12B301: responder_idle_handler (responder_common.c:378)
==00:00:07:37.734 30982==    by 0x997BC96: tevent_common_loop_timer_delay (tevent_timed.c:369)
==00:00:07:37.734 30982==    by 0x997CCA8: epoll_event_loop_once (tevent_epoll.c:915)
==00:00:07:37.734 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.734 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.734 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.734 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.734 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.734 30982==    by 0x1115A9: main (kcm.c:313)
==00:00:07:37.734 30982==  Address 0x15e903f8 is 248 bytes inside a block of size 773 free'd
==00:00:07:37.734 30982==    at 0x4C2ACDD: free (vg_replace_malloc.c:530)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_internal (talloc.c:1148)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x99783FF: tevent_req_received (tevent_req.c:255)
==00:00:07:37.734 30982==    by 0x9978438: tevent_req_destructor (tevent_req.c:107)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x12B301: responder_idle_handler (responder_common.c:378)
==00:00:07:37.734 30982==    by 0x997BC96: tevent_common_loop_timer_delay (tevent_timed.c:369)
==00:00:07:37.734 30982==    by 0x997CCA8: epoll_event_loop_once (tevent_epoll.c:915)
==00:00:07:37.734 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.734 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.734 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.734 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.734 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.734 30982==    by 0x1115A9: main (kcm.c:313)
==00:00:07:37.734 30982==  Block was alloc'd at
==00:00:07:37.734 30982==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==00:00:07:37.734 30982==    by 0x9B8884C: __talloc_with_prefix (talloc.c:698)
==00:00:07:37.734 30982==    by 0x9B8884C: _talloc_pool (talloc.c:752)
==00:00:07:37.734 30982==    by 0x9B8884C: _talloc_pooled_object (talloc.c:820)
==00:00:07:37.734 30982==    by 0x997810F: _tevent_req_create (tevent_req.c:73)
==00:00:07:37.735 30982==    by 0x122514: kcm_op_queue_send (kcmsrv_op_queue.c:242)
==00:00:07:37.735 30982==    by 0x121EF5: kcm_cmd_send (kcmsrv_ops.c:162)
==00:00:07:37.735 30982==    by 0x112363: kcm_cmd_dispatch (kcmsrv_cmd.c:364)
==00:00:07:37.735 30982==    by 0x112363: kcm_recv (kcmsrv_cmd.c:512)
==00:00:07:37.735 30982==    by 0x112363: kcm_fd_handler (kcmsrv_cmd.c:600)
==00:00:07:37.735 30982==    by 0x997CEDA: epoll_event_loop (tevent_epoll.c:728)
==00:00:07:37.735 30982==    by 0x997CEDA: epoll_event_loop_once (tevent_epoll.c:930)
==00:00:07:37.735 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.735 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.735 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.735 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.735 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.735 30982==    by 0x1115A9: main (kcm.c:313)

lslebodn commented 6 years ago

We will need to link it to downstream.
Check downstream comments https://bugzilla.redhat.com/show_bug.cgi?id=1446302#c11
and https://bugzilla.redhat.com/show_bug.cgi?id=1446302#c26

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.4

6 years ago

Metadata Update from @lslebodn:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

6 years ago

lslebodn commented 6 years ago

Closed as a duplicate of https://pagure.io/SSSD/sssd/issue/3470

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.15.4)

6 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4481

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

SSSD 1.16.1

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3454 sssd-kcm crashes with multiple parallel requests Closed: duplicate 6 years ago Opened 6 years ago by lslebodn.

Metadata

#3454 sssd-kcm crashes with multiple parallel requests

Closed: duplicate 6 years ago Opened 6 years ago by lslebodn.