Hide Forgot
Created attachment 1146944 [details] edited stack trace from sf 01569043 customer core.4315 with 389-ds-base-1.2.11.15-72 Description of problem: this is a follow up to 1316869 - ns-slapd general protection ip:7f570c56afd5 sp:7f56dc7edce0 error:0 in libc-2.12.so after the 1.2.11.15-72 errata, we till have a crash: #0 0x00007f3932d59625 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f3932d5ae05 in abort () at abort.c:92 #2 0x00007f3932d97537 in __libc_message (do_abort=2, fmt=0x7f3932e7f8c0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #3 0x00007f3932d9cf4e in malloc_printerr (action=3, str=0x7f3932e7fc50 "double free or corruption (!prev)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6350 #4 0x00007f3932d9fcf0 in _int_free (av=0x7f38f0000020, p=0x7f38f08f53f0, have_lock=0) at malloc.c:4836 #5 0x00007f39352b5556 in slapi_ch_free (ptr=0x7f39161f77c0) at ldap/servers/slapd/ch_malloc.c:363 #6 0x00007f392b922b3c in id2entry_add_ext (be=0x23b2b20, e=0x7f38f0272d10, txn=<value optimized out>, encrypt=<value optimized out>, cache_res=0x7f39161f79cc) at ldap/servers/slapd/back-ldbm/id2entry.c:140 #7 0x00007f392b9522a4 in ldbm_back_modify (pb=0x4156e70) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:638 #8 0x00007f39352f0031 in op_shared_modify (pb=<value optimized out>, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1066 #9 0x00007f39352f131e in do_modify (pb=0x4156e70) at ldap/servers/slapd/modify.c:408 #10 0x00000000004146d4 in connection_dispatch_operation () at ldap/servers/slapd/connection.c:594 #11 connection_threadmain () at ldap/servers/slapd/connection.c:2360 #12 0x00007f393371fa83 in PR_JoinThread (thred=0x10db) at ../../../nspr/pr/src/pthreads/ptthread.c:577 #13 0x0000000000000000 in ?? () (gdb) the full back trace is attached to this report. a test VM can be accessed internally with the customer provided core file. Version-Release number of selected component (if applicable): 1.2.11.15-72 How reproducible: N/A, took days to happen in the customer environment Steps to Reproduce: 1. not clear yet 2. 3. Actual results: Expected results: Additional info: Thread 1 (Thread 0x7f39161fc700 (LWP 4330)): #0 0x00007f3932d59625 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = 0 pid = <value optimized out> selftid = <value optimized out> #1 0x00007f3932d5ae05 in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x7f39161f6d38, sa_sigaction = 0x7f39161f6d38}, sa_mask = {__val = {139883161021728, 139883686977112, 16, 139883643915369, 1, 139883642596271, 5, 139883643919024, 3, 139883161021726, 2, 139883643915395, 1, 139883643922126, 3, 139883161021732}}, sa_flags = 12, sa_restorer = 0x7f3932e7e6d2} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f3932d97537 in __libc_message (do_abort=2, fmt=0x7f3932e7f8c0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7f39161f76a0, reg_save_area = 0x7f39161f75b0}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7f39161f76a0, reg_save_area = 0x7f39161f75b0}} fd = 2 on_2 = <value optimized out> list = <value optimized out> nlist = <value optimized out> cp = <value optimized out> written = <value optimized out> #3 0x00007f3932d9cf4e in malloc_printerr (action=3, str=0x7f3932e7fc50 "double free or corruption (!prev)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6350 buf = "00007f38f08f5400" cp = <value optimized out> #4 0x00007f3932d9fcf0 in _int_free (av=0x7f38f0000020, p=0x7f38f08f53f0, have_lock=0) at malloc.c:4836 size = <value optimized out> fb = <value optimized out> nextchunk = <value optimized out> nextsize = <value optimized out> nextinuse = <value optimized out> prevsize = <value optimized out> bck = <value optimized out> fwd = <value optimized out> errstr = <value optimized out> locked = <value optimized out> #5 0x00007f39352b5556 in slapi_ch_free (ptr=0x7f39161f77c0) at ldap/servers/slapd/ch_malloc.c:363 No locals. #6 0x00007f392b922b3c in id2entry_add_ext (be=0x23b2b20, e=0x7f38f0272d10, txn=<value optimized out>, encrypt=<value optimized out>, cache_res=0x7f39161f79cc) at ldap/servers/slapd/back-ldbm/id2entry.c:140 inst = 0x23b2c00 db = 0x2429ae0 db_txn = <value optimized out> data = {data = 0x7f38f08f5400, size = 1618188, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0} key = {data = 0x7f39161f7830, size = 4, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0} len = 1618187 rc = 0 temp_id = "\000\000\001\252" encrypted_entry = 0x0 entrydn = 0x0 #7 0x00007f392b9522a4 in ldbm_back_modify (pb=0x4156e70) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:638 cache_rc = 0 new_mod_count = <value optimized out> be = 0x23b2b20 inst = 0x23b2c00 li = 0x224cdf0 e = 0x2d7edb0 ec = 0x7f38f0272d10 original_entry = 0x7f38f10f4fc0 tmpentry = 0x0 postentry = 0x0 mods = 0x7f38f0003240 mods_original = 0x7f38f0273040 smods = {mods = 0x7f38f0003240, num_elements = 2, num_mods = 1, iterator = 0, free_mods = 0} txn = {back_txn_txn = 0x7f38f1595c40} parent_txn = 0x0 ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0} ruv_c_init = 0 retval = 0 msg = <value optimized out> errbuf = 0x0 retry_count = <value optimized out> disk_full = 0 ldap_result_code = 0 ldap_result_message = 0x0 rc = 0 operation = 0x4157180 dblock_acquired = 1 addr = 0x4157258 is_fixup_operation = 0 is_ruv = 0 opcsn = <value optimized out> repl_op = 8 opreturn = 0 mod_count = 1 #8 0x00007f39352f0031 in op_shared_modify (pb=<value optimized out>, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1066 ...snip...
closing bz 1326938 as dup of bz 1316869 *** This bug has been marked as a duplicate of bug 1316869 ***