Bug 1567042 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired
Summary: ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Att...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.5
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: thierry bordaz
QA Contact: RHDS QE
URL:
Whiteboard:
Depends On: 1517383
Blocks: 1580523
TreeView+ depends on / blocked
 
Reported: 2018-04-13 10:34 UTC by Viktor Ashirov
Modified: 2018-10-30 10:14 UTC (History)
8 users (show)

Fixed In Version: 389-ds-base-1.3.8.2-1.el7
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of: 1517383
: 1580523 (view as bug list)
Environment:
Last Closed: 2018-10-30 10:13:34 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3127 None None None 2018-10-30 10:14:08 UTC

Comment 2 mreynolds 2018-04-17 20:04:45 UTC
#0  0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80)
    at ldap/servers/slapd/conntable.c:268
268	    c->c_prev->c_next = c->c_next;

(gdb) p *c->c_prev
Cannot access memory at address 0x0

(gdb) where
#0  0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80)
    at ldap/servers/slapd/conntable.c:268
#1  0x000055d551a13ff3 in ns_handle_closure_nomutex (c=c@entry=0x55d555cd8a80) at ldap/servers/slapd/daemon.c:1639
#2  0x000055d551a14052 in ns_handle_closure (job=0x55d5562214a0) at ldap/servers/slapd/daemon.c:1666
#3  0x00007f5c56f89c89 in work_job_execute (job=0x55d5562214a0) at src/nunc-stans/ns/ns_thrpool.c:291
#4  0x00007f5c56f8abe3 in event_cb (fd=<optimized out>, event=<optimized out>, arg=<optimized out>)
    at src/nunc-stans/ns/ns_event_fw_event.c:118
#5  0x00007f5c53fdea14 in event_base_loop () at /lib64/libevent-2.0.so.5
#6  0x00007f5c56f8aeae in ns_event_fw_loop (ns_event_fw_ctx=<optimized out>) at src/nunc-stans/ns/ns_event_fw_event.c:308
#7  0x00007f5c56f89ac9 in event_loop_thread_func (arg=0x55d5547c4c00) at src/nunc-stans/ns/ns_thrpool.c:581
#8  0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0
#9  0x00007f5c53afbb3d in clone () at /lib64/libc.so.6


This is hte only other active thread:

Thread 56 (Thread 0x7f5c1b167700 (LWP 30209)):
#0  0x00007f5c53aecc7d in write () at /lib64/libc.so.6
#1  0x00007f5c53a77053 in _IO_new_file_write () at /lib64/libc.so.6
#2  0x00007f5c53a778f0 in __GI__IO_file_xsputn () at /lib64/libc.so.6
#3  0x00007f5c53a6bdeb in fputs () at /lib64/libc.so.6
#4  0x00007f5c56cc961a in fprintf (__fmt=0x7f5c56d3a4ec "%s", __stream=<optimized out>) at /usr/include/bits/stdio2.h:97
#5  0x00007f5c56cc961a in vslapd_log_error (fp=fp@entry=0x0, sev_level=sev_level@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap=ap@entry=0x7f5c1b166ac8, locked=locked@entry=1) at ldap/servers/slapd/log.c:2386
#6  0x00007f5c56cd0198 in slapd_log_error_proc_internal (sev_level=sev_level@entry=22, subsystem=0x55d551a26caf "connection_dispatch_operation", fmt=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap_err=ap_err@entry=0x7f5c1b166ac8, ap_file=ap_file@entry=0x7f5c1b166ae0) at ldap/servers/slapd/log.c:2203
#7  0x00007f5c56ccc6ff in slapi_log_error (loglevel=loglevel@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n") at ldap/servers/slapd/log.c:2425
#8  0x000055d551a1156c in connection_dispatch_operation (pb=0x55d55486dd40, op=0x55d5563f1500, conn=0x55d555cd8a80)
    at ldap/servers/slapd/connection.c:643
#9  0x000055d551a1156c in connection_threadmain () at ldap/servers/slapd/connection.c:1781
#10 0x00007f5c54aaec8b in _pt_root () at /lib64/libnspr4.so
#11 0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0
#12 0x00007f5c53afbb3d in clone () at /lib64/libc.so.6

Comment 3 mreynolds 2018-04-19 14:56:49 UTC
Looks like the connection was already released and cleaned up (connection_release_nolock(c) & connection_cleanup(c)), but nunc-stans still has a reference to it in its queue.

Comment 6 Viktor Ashirov 2018-08-30 13:34:57 UTC
Build tested: 389-ds-base-1.3.8.4-12.el7.x86_64

I haven't encountered crash at shutdown with NS enabled (it's disabled by default) in our acceptance testing, hence marking as VERIFIED, SanityOnly.

Comment 8 errata-xmlrpc 2018-10-30 10:13:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3127


Note You need to log in before you can comment on or make changes to this bug.