Red Hat Bugzilla – Bug 1567042
ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired
Last modified: 2018-10-30 06:14:09 EDT
#0 0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80) at ldap/servers/slapd/conntable.c:268 268 c->c_prev->c_next = c->c_next; (gdb) p *c->c_prev Cannot access memory at address 0x0 (gdb) where #0 0x000055d551a11a7a in connection_table_move_connection_out_of_active_list (ct=0x55d555c7efc0, c=c@entry=0x55d555cd8a80) at ldap/servers/slapd/conntable.c:268 #1 0x000055d551a13ff3 in ns_handle_closure_nomutex (c=c@entry=0x55d555cd8a80) at ldap/servers/slapd/daemon.c:1639 #2 0x000055d551a14052 in ns_handle_closure (job=0x55d5562214a0) at ldap/servers/slapd/daemon.c:1666 #3 0x00007f5c56f89c89 in work_job_execute (job=0x55d5562214a0) at src/nunc-stans/ns/ns_thrpool.c:291 #4 0x00007f5c56f8abe3 in event_cb (fd=<optimized out>, event=<optimized out>, arg=<optimized out>) at src/nunc-stans/ns/ns_event_fw_event.c:118 #5 0x00007f5c53fdea14 in event_base_loop () at /lib64/libevent-2.0.so.5 #6 0x00007f5c56f8aeae in ns_event_fw_loop (ns_event_fw_ctx=<optimized out>) at src/nunc-stans/ns/ns_event_fw_event.c:308 #7 0x00007f5c56f89ac9 in event_loop_thread_func (arg=0x55d5547c4c00) at src/nunc-stans/ns/ns_thrpool.c:581 #8 0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0 #9 0x00007f5c53afbb3d in clone () at /lib64/libc.so.6 This is hte only other active thread: Thread 56 (Thread 0x7f5c1b167700 (LWP 30209)): #0 0x00007f5c53aecc7d in write () at /lib64/libc.so.6 #1 0x00007f5c53a77053 in _IO_new_file_write () at /lib64/libc.so.6 #2 0x00007f5c53a778f0 in __GI__IO_file_xsputn () at /lib64/libc.so.6 #3 0x00007f5c53a6bdeb in fputs () at /lib64/libc.so.6 #4 0x00007f5c56cc961a in fprintf (__fmt=0x7f5c56d3a4ec "%s", __stream=<optimized out>) at /usr/include/bits/stdio2.h:97 #5 0x00007f5c56cc961a in vslapd_log_error (fp=fp@entry=0x0, sev_level=sev_level@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap=ap@entry=0x7f5c1b166ac8, locked=locked@entry=1) at ldap/servers/slapd/log.c:2386 #6 0x00007f5c56cd0198 in slapd_log_error_proc_internal (sev_level=sev_level@entry=22, subsystem=0x55d551a26caf "connection_dispatch_operation", fmt=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n", ap_err=ap_err@entry=0x7f5c1b166ac8, ap_file=ap_file@entry=0x7f5c1b166ae0) at ldap/servers/slapd/log.c:2203 #7 0x00007f5c56ccc6ff in slapi_log_error (loglevel=loglevel@entry=22, subsystem=subsystem@entry=0x55d551a26caf "connection_dispatch_operation", fmt=fmt@entry=0x55d551a26910 "Failed to set TCP_CORK on connection %lu\n") at ldap/servers/slapd/log.c:2425 #8 0x000055d551a1156c in connection_dispatch_operation (pb=0x55d55486dd40, op=0x55d5563f1500, conn=0x55d555cd8a80) at ldap/servers/slapd/connection.c:643 #9 0x000055d551a1156c in connection_threadmain () at ldap/servers/slapd/connection.c:1781 #10 0x00007f5c54aaec8b in _pt_root () at /lib64/libnspr4.so #11 0x00007f5c5444edd5 in start_thread () at /lib64/libpthread.so.0 #12 0x00007f5c53afbb3d in clone () at /lib64/libc.so.6
Looks like the connection was already released and cleaned up (connection_release_nolock(c) & connection_cleanup(c)), but nunc-stans still has a reference to it in its queue.
Build tested: 389-ds-base-1.3.8.4-12.el7.x86_64 I haven't encountered crash at shutdown with NS enabled (it's disabled by default) in our acceptance testing, hence marking as VERIFIED, SanityOnly.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3127