RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1420269 - slapd crashes when modifying olcDbConfig attribute.
Summary: slapd crashes when modifying olcDbConfig attribute.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openldap
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Matus Honek
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-08 10:16 UTC by German Parente
Modified: 2020-03-11 15:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-02 14:30:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenLDAP ITS 8387 0 None None None 2017-02-08 14:27:09 UTC

Description German Parente 2017-02-08 10:16:30 UTC 
Description of problem:

We have this issue in a customer case:

operation:
=========================================
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcDbConfig
olcDbConfig: set_cachesize 0 1073741824 1
olcDbConfig: set_lg_regionmax 1048576
olcDbConfig: set_lg_max 10485760
olcDbConfig: set_lg_bsize 2097152
olcDbConfig: set_lk_max_lockers 3000
olcDbConfig: set_lk_max_locks 3000
olcDbConfig: set_lk_max_objects 3000
=========================================

/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f <former file>

server crashes with this stacktrace:

============================================
Core was generated by `/usr/sbin/slapd -u ldap -h ldap:/// ldapi:/// ldaps:///'.
Program terminated with signal 11, Segmentation fault.
#0  __txn_abort_pp (txn=0x7f747830d030) at ../../src/txn/txn.c:1016
1016		rep_check = IS_ENV_REPLICATED(env) &&
(gdb) thread apply all bt full

Thread 6 (Thread 0x7f74d03e8740 (LWP 40719)):
#0  0x00007f74cf260ef7 in pthread_join (threadid=140138430068480, thread_return=thread_return@entry=0x0) at pthread_join.c:92
        _tid = 40721
        _buffer = {__routine = 0x7f74cf260e30 <cleanup>, __arg = 0x7f748557fd28, __canceltype = 8388608, __prev = 0x0}
        oldtype = 0
        pd = 0x7f748557f700
        self = 0x7f74d03e8740
        result = 0
#1  0x00007f74cff986d5 in ldap_pvt_thread_join (thread=<optimized out>, thread_return=thread_return@entry=0x0) at thr_posix.c:197
No locals.
#2  0x00007f74d0442d91 in slapd_daemon () at daemon.c:2929
        i = 0
        rc = <optimized out>
#3  0x00007f74d0429b12 in main (argc=<optimized out>, argv=0x7fffc3e83fd8) at main.c:1016
        i = <optimized out>
        no_detach = 0
        rc = 0
        urls = 0x7f74d19190b0 "ldap:/// ldapi:/// ldaps:///"
        username = <optimized out>
        groupname = 0x0
        sandbox = 0x0
        syslogUser = 160
        pid = <optimized out>
        waitfds = {12, 13}
        g_argc = <optimized out>
        g_argv = 0x7fffc3e83fd8
        configfile = 0x0
        configdir = 0x0
        serverName = <optimized out>
        scp = <optimized out>
        scp_entry = <optimized out>
        debug_unknowns = 0x0
        syslog_unknowns = 0x0
        serverNamePrefix = <synthetic pointer>
        l = <optimized out>
        slapd_pid_file_unlink = 1
        slapd_args_file_unlink = 1
        firstopt = <optimized out>
        __PRETTY_FUNCTION__ = "main"

Thread 5 (Thread 0x7f747e57e700 (LWP 40724)):
#0  _Unwind_ForcedUnwind (exc=0x7f747e57ed70, stop=stop@entry=0x7f74cf265e50 <unwind_stop>, stop_argument=0x7f747e57df30) at ../../../libgcc/unwind.inc:197
        this_context = {reg = {0x0, 0x7f74d194ac90, 0x7f74cbca8e20 <__gcc_personality_v0>, 0x7f74ce75d015 <do_dlsym+69>, 0x2, 0x0, 0x7f747e57e6f8, 0x7f74d01eeff4 <_dl_catch_error+100>, 0x7f747e57e6f8, 0x7f747e57dae0, 0x7f747e57daf0, 
            0x7f747e57dad0, 0x7f74ce75cfd0 <do_dlsym>, 0x7f747e57db00, 0x0, 0x0, 0x7f74d07c7c44 <ldap_syslog>, 0x0}, cfa = 0x7f747e57da78, ra = 0x7f747412ba10, lsda = 0xbd6bd7a0778f99a5, bases = {
            tbase = 0x7f74cbca6de0 <_Unwind_Resume>, dbase = 0x7f74cbca6d00 <_Unwind_ForcedUnwind>, func = 0x0}, flags = 140139709115536, version = 13648928993943984549, args_size = 13649249423669041573, 
          by_value = "\320\333W~t\177\000\000\000\000\000\000\000\000\000\000\220\254"}
        cur_context = {reg = {0x38f, 0x7f74d01ee5b6 <_dl_fixup+230>, 0x7f7400000005, 0x0, 0x200000000, 0x7f74ce63aa00, 0x7f747412ba10, 0x38f, 0x7f74d194acc0, 0x7f74d01f50c0 <_dl_runtime_resolve+80>, 0x0, 0x0, 0x0, 0x7f747401bbb0, 
            0x7f747412ba10, 0x7f74ce75d119 <__GI___libc_dlsym+73>, 0x0, 0x7f747411bf90}, cfa = 0x0, ra = 0xffffffffffffffff, lsda = 0x0, bases = {tbase = 0x7f74cf268ddd, dbase = 0x7f747412ba10, func = 0x7f74cf268e16}, 
          flags = 140138140318224, version = 140139611914568, args_size = 47, by_value = "\333z&\317t\177\000\000\060\337W~t\177\000\000\230\254"}
        code = <optimized out>
#1  0x00007f74cf265fd0 in __GI___pthread_unwind (buf=<optimized out>) at unwind.c:129
        ibuf = <optimized out>
        self = <optimized out>
#2  0x00007f74cf260dd5 in __do_cancel () at pthreadP.h:264
No locals.
#3  __pthread_exit (value=value@entry=0x0) at pthread_exit.c:29
No locals.
#4  0x00007f74cff986c9 in ldap_pvt_thread_exit (retval=retval@entry=0x0) at thr_posix.c:186
---Type <return> to continue, or q <return> to quit---
No locals.
#5  0x00007f74cff980be in ldap_int_thread_pool_wrapper (xpool=0x7f74d194ac90) at tpool.c:713
        pool = 0x7f74d194ac90
        task = 0x0
        work_list = <optimized out>
        ctx = {ltu_id = 140138312623872, ltu_key = {{ltk_key = 0x0, ltk_data = 0x7f747401b190, ltk_free = 0x7f74d0443ea0 <conn_counter_destroy>}, {ltk_key = 0x0, ltk_data = 0x7f747401b750, 
              ltk_free = 0x7f74d049e380 <slap_sl_mem_destroy>}, {ltk_key = 0x0, ltk_data = 0x7f747401bbc0, ltk_free = 0x7f74d045a4f0 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x7f74d045a4f0 <slap_op_q_destroy>}, {
              ltk_key = 0x0, ltk_data = 0x7f74700027a0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 27 times>}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#6  0x00007f74cf25fdc5 in start_thread (arg=0x7f747e57e700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f747e57e700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140138312623872, 4864521145699768741, 0, 140138312624576, 140138312623872, 140139690753092, -4797815079815898715, -4797496342855968347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 
              0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#7  0x00007f74ce72273d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 4 (Thread 0x7f748557f700 (LWP 40721)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f74cff97783 in ldap_pvt_thread_pool_destroy (tpool=tpool@entry=0x7f74d081c720 <connection_pool>, run_pending=run_pending@entry=1) at tpool.c:585
        pool = 0x7f74d194ac90
        pptr = <optimized out>
        task = <optimized out>
#2  0x00007f74d0440ca8 in slapd_daemon_task (ptr=<optimized out>) at daemon.c:2848
        l = <optimized out>
        last_idle_check = 1485293672
        ebadf = 0
        tid = 0
#3  0x00007f74cf25fdc5 in start_thread (arg=0x7f748557f700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f748557f700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140138430068480, 4864521145699768741, 0, 140138430069184, 140138430068480, 34, -4797658949701625435, -4797496342855968347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
            data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#4  0x00007f74ce72273d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 3 (Thread 0x7f747dd7d700 (LWP 40725)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f74cff9800b in ldap_int_thread_pool_wrapper (xpool=0x7f74d194ac90) at tpool.c:675
        pool = 0x7f74d194ac90
        task = 0x0
        work_list = <optimized out>
        ctx = {ltu_id = 140138304231168, ltu_key = {{ltk_key = 0x7f74d0443dc0 <conn_counter_init>, ltk_data = 0x7f746801bda0, ltk_free = 0x7f74d0443ea0 <conn_counter_destroy>}, {ltk_key = 0x7f74d049e4c0 <slap_sl_mem_init>, 
              ltk_data = 0x7f746801beb0, ltk_free = 0x7f74d049e380 <slap_sl_mem_destroy>}, {ltk_key = 0x7f74d045a590 <slap_op_free>, ltk_data = 0x7f746801c060, ltk_free = 0x7f74d045a4f0 <slap_op_q_destroy>}, {ltk_key = 0x0, 
---Type <return> to continue, or q <return> to quit---
              ltk_data = 0x0, ltk_free = 0x0} <repeats 29 times>}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#2  0x00007f74cf25fdc5 in start_thread (arg=0x7f747dd7d700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f747dd7d700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140138304231168, 4864521145699768741, 0, 140138304231872, 140138304231168, 140139690753092, -4797816178790655579, -4797496342855968347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 
              0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#3  0x00007f74ce72273d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 2 (Thread 0x7f747effe700 (LWP 40723)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f74cff9800b in ldap_int_thread_pool_wrapper (xpool=0x7f74d194ac90) at tpool.c:675
        pool = 0x7f74d194ac90
        task = 0x0
        work_list = <optimized out>
        ctx = {ltu_id = 140138323633920, ltu_key = {{ltk_key = 0x7f74d0443dc0 <conn_counter_init>, ltk_data = 0x7f747001eb50, ltk_free = 0x7f74d0443ea0 <conn_counter_destroy>}, {ltk_key = 0x7f74d049e4c0 <slap_sl_mem_init>, 
              ltk_data = 0x7f747001f110, ltk_free = 0x7f74d049e380 <slap_sl_mem_destroy>}, {ltk_key = 0x7f74d1bc3d80, ltk_data = 0x7f747001e8f0, ltk_free = 0x7f74d0511e00 <bdb_reader_free>}, {ltk_key = 0x7f74d045a590 <slap_op_free>, 
              ltk_data = 0x7f747001fd50, ltk_free = 0x7f74d045a4f0 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28 times>}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#2  0x00007f74cf25fdc5 in start_thread (arg=0x7f747effe700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f747effe700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140138323633920, 4864521145699768741, 0, 140138323634624, 140138323633920, 140139690753092, -4797813774145840731, -4797496342855968347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 
              0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#3  0x00007f74ce72273d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 1 (Thread 0x7f7484d7e700 (LWP 40722)):
#0  __txn_abort_pp (txn=0x7f747830d030) at ../../src/txn/txn.c:1016
        ip = 0x95
        env = 0x10a02010063736f
        rep_check = <optimized out>
        ret = <optimized out>
        t_ret = <optimized out>
#1  0x00007f74cff97e1f in ldap_pvt_thread_pool_context_reset (vctx=vctx@entry=0x7f7484d7dbd0) at tpool.c:1012
        ctx = 0x7f7484d7dbd0
        i = 3
#2  0x00007f74cff98040 in ldap_int_thread_pool_wrapper (xpool=0x7f74d194ac90) at tpool.c:699
        pool = 0x7f74d194ac90
        task = 0x0
        work_list = <optimized out>
---Type <return> to continue, or q <return> to quit---
        ctx = {ltu_id = 140138421675776, ltu_key = {{ltk_key = 0x7f74d0443dc0 <conn_counter_init>, ltk_data = 0x7f747863bb90, ltk_free = 0x7f74d0443ea0 <conn_counter_destroy>}, {ltk_key = 0x7f74d049e4c0 <slap_sl_mem_init>, 
              ltk_data = 0x7f7478628370, ltk_free = 0x7f74d049e380 <slap_sl_mem_destroy>}, {ltk_key = 0x7f74d045a590 <slap_op_free>, ltk_data = 0x7f74782cbdc0, ltk_free = 0x7f74d045a4f0 <slap_op_q_destroy>}, {ltk_key = 0x7f74d1bc3d80, 
              ltk_data = 0x7f747830d030, ltk_free = 0x7f74d0511e00 <bdb_reader_free>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28 times>}}
        kctx = <optimized out>
        keyslot = <optimized out>
        hash = <optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3  0x00007f74cf25fdc5 in start_thread (arg=0x7f7484d7e700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f7484d7e700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140138421675776, 4864521145699768741, 0, 140138421676480, 140138421675776, 140139690753092, -4797660048676382299, -4797496342855968347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 
              0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#4  0x00007f74ce72273d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
=======================================================


Version-Release number of selected component (if applicable):

openldap-servers-2.4.40-13.el7.x86_64 


How reproducible: we have not reproduced it locally.
Note You need to log in before you can comment on or make changes to this bug.