Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Created attachment 1146944 [details] edited stack trace from sf 01569043 customer core.4315 with 389-ds-base-1.2.11.15-72 Description of problem: this is a follow up to 1316869 - ns-slapd general protection ip:7f570c56afd5 sp:7f56dc7edce0 error:0 in libc-2.12.so after the 1.2.11.15-72 errata, we till have a crash: #0 0x00007f3932d59625 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f3932d5ae05 in abort () at abort.c:92 #2 0x00007f3932d97537 in __libc_message (do_abort=2, fmt=0x7f3932e7f8c0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #3 0x00007f3932d9cf4e in malloc_printerr (action=3, str=0x7f3932e7fc50 "double free or corruption (!prev)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6350 #4 0x00007f3932d9fcf0 in _int_free (av=0x7f38f0000020, p=0x7f38f08f53f0, have_lock=0) at malloc.c:4836 #5 0x00007f39352b5556 in slapi_ch_free (ptr=0x7f39161f77c0) at ldap/servers/slapd/ch_malloc.c:363 #6 0x00007f392b922b3c in id2entry_add_ext (be=0x23b2b20, e=0x7f38f0272d10, txn=<value optimized out>, encrypt=<value optimized out>, cache_res=0x7f39161f79cc) at ldap/servers/slapd/back-ldbm/id2entry.c:140 #7 0x00007f392b9522a4 in ldbm_back_modify (pb=0x4156e70) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:638 #8 0x00007f39352f0031 in op_shared_modify (pb=<value optimized out>, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1066 #9 0x00007f39352f131e in do_modify (pb=0x4156e70) at ldap/servers/slapd/modify.c:408 #10 0x00000000004146d4 in connection_dispatch_operation () at ldap/servers/slapd/connection.c:594 #11 connection_threadmain () at ldap/servers/slapd/connection.c:2360 #12 0x00007f393371fa83 in PR_JoinThread (thred=0x10db) at ../../../nspr/pr/src/pthreads/ptthread.c:577 #13 0x0000000000000000 in ?? () (gdb) the full back trace is attached to this report. a test VM can be accessed internally with the customer provided core file. Version-Release number of selected component (if applicable): 1.2.11.15-72 How reproducible: N/A, took days to happen in the customer environment Steps to Reproduce: 1. not clear yet 2. 3. Actual results: Expected results: Additional info: Thread 1 (Thread 0x7f39161fc700 (LWP 4330)): #0 0x00007f3932d59625 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = 0 pid = <value optimized out> selftid = <value optimized out> #1 0x00007f3932d5ae05 in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x7f39161f6d38, sa_sigaction = 0x7f39161f6d38}, sa_mask = {__val = {139883161021728, 139883686977112, 16, 139883643915369, 1, 139883642596271, 5, 139883643919024, 3, 139883161021726, 2, 139883643915395, 1, 139883643922126, 3, 139883161021732}}, sa_flags = 12, sa_restorer = 0x7f3932e7e6d2} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f3932d97537 in __libc_message (do_abort=2, fmt=0x7f3932e7f8c0 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7f39161f76a0, reg_save_area = 0x7f39161f75b0}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7f39161f76a0, reg_save_area = 0x7f39161f75b0}} fd = 2 on_2 = <value optimized out> list = <value optimized out> nlist = <value optimized out> cp = <value optimized out> written = <value optimized out> #3 0x00007f3932d9cf4e in malloc_printerr (action=3, str=0x7f3932e7fc50 "double free or corruption (!prev)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6350 buf = "00007f38f08f5400" cp = <value optimized out> #4 0x00007f3932d9fcf0 in _int_free (av=0x7f38f0000020, p=0x7f38f08f53f0, have_lock=0) at malloc.c:4836 size = <value optimized out> fb = <value optimized out> nextchunk = <value optimized out> nextsize = <value optimized out> nextinuse = <value optimized out> prevsize = <value optimized out> bck = <value optimized out> fwd = <value optimized out> errstr = <value optimized out> locked = <value optimized out> #5 0x00007f39352b5556 in slapi_ch_free (ptr=0x7f39161f77c0) at ldap/servers/slapd/ch_malloc.c:363 No locals. #6 0x00007f392b922b3c in id2entry_add_ext (be=0x23b2b20, e=0x7f38f0272d10, txn=<value optimized out>, encrypt=<value optimized out>, cache_res=0x7f39161f79cc) at ldap/servers/slapd/back-ldbm/id2entry.c:140 inst = 0x23b2c00 db = 0x2429ae0 db_txn = <value optimized out> data = {data = 0x7f38f08f5400, size = 1618188, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0} key = {data = 0x7f39161f7830, size = 4, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0} len = 1618187 rc = 0 temp_id = "\000\000\001\252" encrypted_entry = 0x0 entrydn = 0x0 #7 0x00007f392b9522a4 in ldbm_back_modify (pb=0x4156e70) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:638 cache_rc = 0 new_mod_count = <value optimized out> be = 0x23b2b20 inst = 0x23b2c00 li = 0x224cdf0 e = 0x2d7edb0 ec = 0x7f38f0272d10 original_entry = 0x7f38f10f4fc0 tmpentry = 0x0 postentry = 0x0 mods = 0x7f38f0003240 mods_original = 0x7f38f0273040 smods = {mods = 0x7f38f0003240, num_elements = 2, num_mods = 1, iterator = 0, free_mods = 0} txn = {back_txn_txn = 0x7f38f1595c40} parent_txn = 0x0 ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0} ruv_c_init = 0 retval = 0 msg = <value optimized out> errbuf = 0x0 retry_count = <value optimized out> disk_full = 0 ldap_result_code = 0 ldap_result_message = 0x0 rc = 0 operation = 0x4157180 dblock_acquired = 1 addr = 0x4157258 is_fixup_operation = 0 is_ruv = 0 opcsn = <value optimized out> repl_op = 8 opreturn = 0 mod_count = 1 #8 0x00007f39352f0031 in op_shared_modify (pb=<value optimized out>, pw_change=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1066 ...snip...