1567042 – ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1567042 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired

Summary: ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Att...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	7.5
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	thierry bordaz
QA Contact:	RHDS QE
Docs Contact:
URL:
Whiteboard:
Depends On:	1517383
Blocks:	1580523
TreeView+	depends on / blocked

Reported:	2018-04-13 10:34 UTC by Viktor Ashirov
Modified:	2021-09-09 13:41 UTC (History)
CC List:	8 users (show)
Fixed In Version:	389-ds-base-1.3.8.2-1.el7
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:	1517383
Clones:	1580523 (view as bug list)
Environment:
Last Closed:	2018-10-30 10:13:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:3127	0	None	None	None	2018-10-30 10:14:08 UTC

Comment 2 mreynolds 2018-04-17 20:04:45 UTC

#0  0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80)
    at ldap/servers/slapd/conntable.c:268
268	    c->c_prev->c_next = c->c_next;

(gdb) p *c->c_prev
Cannot access memory at address 0x0

(gdb) where
#0  0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80)
    at ldap/servers/slapd/conntable.c:268
#1  0x000055d551a13ff3 in ns_handle_closure_nomutex (c=c@entry=0x55d555cd8a80) at ldap/servers/slapd/daemon.c:1639
#2  0x000055d551a14052 in ns_handle_closure (job=0x55d5562214a0) at ldap/servers/slapd/daemon.c:1666
#3  0x00007f5c56f89c89 in work_job_execute (job=0x55d5562214a0) at src/nunc-stans/ns/ns_thrpool.c:291
#4  0x00007f5c56f8abe3 in event_cb (fd=<optimized out>, event=<optimized out>, arg=<optimized out>)
    at src/nunc-stans/ns/ns_event_fw_event.c:118
#5  0x00007f5c53fdea14 in event_base_loop () at /lib64/libevent-2.0.so.5
#6  0x00007f5c56f8aeae in ns_event_fw_loop (ns_event_fw_ctx=<optimized out>) at src/nunc-stans/ns/ns_event_fw_event.c:308
#7  0x00007f5c56f89ac9 in event_loop_thread_func (arg=0x55d5547c4c00) at src/nunc-stans/ns/ns_thrpool.c:581
#8  0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0
#9  0x00007f5c53afbb3d in clone () at /lib64/libc.so.6


This is hte only other active thread:

Thread 56 (Thread 0x7f5c1b167700 (LWP 30209)):
#0  0x00007f5c53aecc7d in write () at /lib64/libc.so.6
#1  0x00007f5c53a77053 in _IO_new_file_write () at /lib64/libc.so.6
#2  0x00007f5c53a778f0 in __GI__IO_file_xsputn () at /lib64/libc.so.6
#3  0x00007f5c53a6bdeb in fputs () at /lib64/libc.so.6
#4  0x00007f5c56cc961a in fprintf (__fmt=0x7f5c56d3a4ec "%s", __stream=<optimized out>) at /usr/include/bits/stdio2.h:97
#5  0x00007f5c56cc961a in vslapd_log_error (fp=fp@entry=0x0, sev_level=sev_level@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap=ap@entry=0x7f5c1b166ac8, locked=locked@entry=1) at ldap/servers/slapd/log.c:2386
#6  0x00007f5c56cd0198 in slapd_log_error_proc_internal (sev_level=sev_level@entry=22, subsystem=0x55d551a26caf "connection_dispatch_operation", fmt=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap_err=ap_err@entry=0x7f5c1b166ac8, ap_file=ap_file@entry=0x7f5c1b166ae0) at ldap/servers/slapd/log.c:2203
#7  0x00007f5c56ccc6ff in slapi_log_error (loglevel=loglevel@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n") at ldap/servers/slapd/log.c:2425
#8  0x000055d551a1156c in connection_dispatch_operation (pb=0x55d55486dd40, op=0x55d5563f1500, conn=0x55d555cd8a80)
    at ldap/servers/slapd/connection.c:643
#9  0x000055d551a1156c in connection_threadmain () at ldap/servers/slapd/connection.c:1781
#10 0x00007f5c54aaec8b in _pt_root () at /lib64/libnspr4.so
#11 0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0
#12 0x00007f5c53afbb3d in clone () at /lib64/libc.so.6

Comment 3 mreynolds 2018-04-19 14:56:49 UTC

Looks like the connection was already released and cleaned up (connection_release_nolock(c) & connection_cleanup(c)), but nunc-stans still has a reference to it in its queue.

Comment 6 Viktor Ashirov 2018-08-30 13:34:57 UTC

Build tested: 389-ds-base-1.3.8.4-12.el7.x86_64

I haven't encountered crash at shutdown with NS enabled (it's disabled by default) in our acceptance testing, hence marking as VERIFIED, SanityOnly.

Comment 8 errata-xmlrpc 2018-10-30 10:13:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3127

Note You need to log in before you can comment on or make changes to this bug.