Bug 1158005
| Summary: | OpenLDAP crash in NSS shutdown handling | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Hisanobu Okuda <hokuda> | ||||||
| Component: | openldap | Assignee: | Matus Honek <mhonek> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Patrik Kis <pkis> | ||||||
| Severity: | unspecified | Docs Contact: | Milan Navratil <mnavrati> | ||||||
| Priority: | unspecified | ||||||||
| Version: | 7.0 | CC: | ebenes, hokuda, jorton, jsynacek, mhonek, pkis | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: |
The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation.
|
Story Points: | --- | ||||||
| Clone Of: | |||||||||
| : | 1373222 (view as bug list) | Environment: | |||||||
| Last Closed: | 2015-11-19 08:52:35 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1205796, 1373222 | ||||||||
| Attachments: |
|
||||||||
Found the nssShutdownList.funcs[1].func points a wrong address.
(gdb) up
#1 0x00007f09ffac2774 in nss_ShutdownShutdownList () at nssinit.c:1049
1049 nssinit.c: No such file or directory.
(gdb) print nssShutdownList.peakFuncs
$1 = 2
(gdb) print nssShutdownList.funcs[0]
$2 = {
func = 0x7f0a000189a0 <ssl_ShutdownLocks>, <<=== this is OK.
appData = 0x0
}
(gdb) print nssShutdownList.funcs[1]
$3 = {
func = 0x7f09fc9736f0, <<============= WRONG!
appData = 0x0
}
(gdb)
But I have no idea to find the root cause why the wrong pointer is stored.
Please supply steps to reproduce, package versions, etc, per the standard bugzilla template. Created attachment 951337 [details]
installed-rpms
Created attachment 1013854 [details]
patch v1
The commit below modifies the patch for this bug, so that correct __atribute__ ((destructor)) ordering is used. Incorrect destructor ordering was discovered as a regression reported in bug #1231228. http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=a0cc331d5f354b4aef0669977e164dce3b117463 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2131.html |
Description of problem: httpd 2.4 reported segfault in nss_ShutdownShutdownList. The back trace is :- Program terminated with signal 11, Segmentation fault. #0 0x00007f09fc9736f0 in ?? () (gdb) bt #0 0x00007f09fc9736f0 in ?? () #1 0x00007f09ffac2774 in nss_ShutdownShutdownList () at nssinit.c:1049 #2 nss_Shutdown () at nssinit.c:1077 #3 0x00007f09ffac2a53 in NSS_ShutdownContext (context=0x7f0a12717f90) at nssinit.c:1214 #4 0x00007f0a006d1616 in Curl_nss_cleanup () at nss.c:980 #5 0x00007f0a006c8e59 in Curl_ssl_cleanup () at sslgen.c:189 #6 0x00007f0a006ba9a5 in curl_global_cleanup () at easy.c:322 #7 0x00007f0a009059b8 in zm_shutdown_curl (type=<optimized out>, module_number=28) at /usr/src/debug/php-5.4.16/ext/curl/interface.c:959 #8 0x00007f0a01ece297 in module_destructor (module=0x7f0a12107190) at /usr/src/debug/php-5.4.16/Zend/zend_API.c:2297 #9 0x00007f0a01ed3595 in zend_hash_apply_deleter (ht=ht@entry=0x7f0a022c7220 <module_registry>, p=0x7f0a12107130) at /usr/src/debug/php-5.4.16/Zend/zend_hash.c:650 #10 0x00007f0a01ed4dc8 in zend_hash_graceful_reverse_destroy (ht=0x7f0a022c7220 <module_registry>) at /usr/src/debug/php-5.4.16/Zend/zend_hash.c:687 #11 0x00007f0a01eccadc in zend_destroy_modules () at /usr/src/debug/php-5.4.16/Zend/zend_API.c:1832 #12 0x00007f0a01ec67ae in zend_shutdown () at /usr/src/debug/php-5.4.16/Zend/zend.c:820 #13 0x00007f0a01e6755b in php_module_shutdown () at /usr/src/debug/php-5.4.16/main/main.c:2367 #14 0x00007f0a01e67619 in php_module_shutdown_wrapper (sapi_globals=<optimized out>) at /usr/src/debug/php-5.4.16/main/main.c:2335 #15 0x00007f0a01f73231 in php_apache_child_shutdown (tmp=<optimized out>) at /usr/src/debug/php-5.4.16/sapi/apache2handler/sapi_apache2.c:398 #16 0x00007f0a0ecc71ae in run_cleanups (cref=<optimized out>) at memory/unix/apr_pools.c:2352 #17 apr_pool_destroy (pool=0x7f0a12337048) at memory/unix/apr_pools.c:814 #18 0x00007f0a0596f21e in clean_child_exit (code=code@entry=0) at prefork.c:218 #19 0x00007f0a0596f6c7 in child_main (child_num_arg=child_num_arg@entry=15) at prefork.c:725 #20 0x00007f0a0596fa26 in make_child (s=0x7f0a11f90348, slot=15) at prefork.c:800 #21 0x00007f0a059706be in perform_idle_server_maintenance (p=<optimized out>) at prefork.c:902 #22 prefork_run (_pconf=<optimized out>, plog=<optimized out>, s=<optimized out>) at prefork.c:1090 #23 0x00007f0a0fff30fe in ap_run_mpm (pconf=0x7f0a11f65138, plog=0x7f0a11f92358, s=0x7f0a11f90348) at mpm_common.c:96 #24 0x00007f0a0ffec726 in main (argc=2, argv=0x7fff152a8158) at main.c:777 (gdb) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: