#3454 sssd-kcm crashes with multiple parallel requests
Closed: duplicate 2 years ago Opened 2 years ago by lslebodn.

Testing of ticket https://pagure.io/SSSD/sssd/issue/3372 revealed another crash in sssd.

==00:00:07:37.734 30982== Invalid read of size 8
==00:00:07:37.734 30982==    at 0x997820C: tevent_req_finish (tevent_req.c:150)
==00:00:07:37.734 30982==    by 0x122366: kcm_op_queue_entry_destructor (kcmsrv_op_queue.c:146)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x99783FF: tevent_req_received (tevent_req.c:255)
==00:00:07:37.734 30982==    by 0x9978438: tevent_req_destructor (tevent_req.c:107)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x12B301: responder_idle_handler (responder_common.c:378)
==00:00:07:37.734 30982==    by 0x997BC96: tevent_common_loop_timer_delay (tevent_timed.c:369)
==00:00:07:37.734 30982==    by 0x997CCA8: epoll_event_loop_once (tevent_epoll.c:915)
==00:00:07:37.734 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.734 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.734 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.734 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.734 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.734 30982==    by 0x1115A9: main (kcm.c:313)
==00:00:07:37.734 30982==  Address 0x15e903f8 is 248 bytes inside a block of size 773 free'd
==00:00:07:37.734 30982==    at 0x4C2ACDD: free (vg_replace_malloc.c:530)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_internal (talloc.c:1148)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B84AB5: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x99783FF: tevent_req_received (tevent_req.c:255)
==00:00:07:37.734 30982==    by 0x9978438: tevent_req_destructor (tevent_req.c:107)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1078)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B8529F: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_children_internal (talloc.c:1593)
==00:00:07:37.734 30982==    by 0x9B849F6: _tc_free_internal (talloc.c:1104)
==00:00:07:37.734 30982==    by 0x12B301: responder_idle_handler (responder_common.c:378)
==00:00:07:37.734 30982==    by 0x997BC96: tevent_common_loop_timer_delay (tevent_timed.c:369)
==00:00:07:37.734 30982==    by 0x997CCA8: epoll_event_loop_once (tevent_epoll.c:915)
==00:00:07:37.734 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.734 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.734 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.734 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.734 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.734 30982==    by 0x1115A9: main (kcm.c:313)
==00:00:07:37.734 30982==  Block was alloc'd at
==00:00:07:37.734 30982==    at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==00:00:07:37.734 30982==    by 0x9B8884C: __talloc_with_prefix (talloc.c:698)
==00:00:07:37.734 30982==    by 0x9B8884C: _talloc_pool (talloc.c:752)
==00:00:07:37.734 30982==    by 0x9B8884C: _talloc_pooled_object (talloc.c:820)
==00:00:07:37.734 30982==    by 0x997810F: _tevent_req_create (tevent_req.c:73)
==00:00:07:37.735 30982==    by 0x122514: kcm_op_queue_send (kcmsrv_op_queue.c:242)
==00:00:07:37.735 30982==    by 0x121EF5: kcm_cmd_send (kcmsrv_ops.c:162)
==00:00:07:37.735 30982==    by 0x112363: kcm_cmd_dispatch (kcmsrv_cmd.c:364)
==00:00:07:37.735 30982==    by 0x112363: kcm_recv (kcmsrv_cmd.c:512)
==00:00:07:37.735 30982==    by 0x112363: kcm_fd_handler (kcmsrv_cmd.c:600)
==00:00:07:37.735 30982==    by 0x997CEDA: epoll_event_loop (tevent_epoll.c:728)
==00:00:07:37.735 30982==    by 0x997CEDA: epoll_event_loop_once (tevent_epoll.c:930)
==00:00:07:37.735 30982==    by 0x997B2A6: std_event_loop_once (tevent_standard.c:114)
==00:00:07:37.735 30982==    by 0x99770CC: _tevent_loop_once (tevent.c:721)
==00:00:07:37.735 30982==    by 0x99772FA: tevent_common_loop_wait (tevent.c:844)
==00:00:07:37.735 30982==    by 0x997B246: std_event_loop_wait (tevent_standard.c:145)
==00:00:07:37.735 30982==    by 0x5C1FB32: server_loop (server.c:718)
==00:00:07:37.735 30982==    by 0x1115A9: main (kcm.c:313)

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.4

2 years ago

Metadata Update from @lslebodn:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.15.4)

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4481

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata