Issue 7926 - modifying olcListenerThreads crashes slapd
Summary: modifying olcListenerThreads crashes slapd
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.39
Hardware: All All
: --- normal
Target Milestone: 2.5.0
Assignee: OpenLDAP project
URL:
Keywords:
: 9340 (view as issue list)
Depends on:
Blocks:
 
Reported: 2014-08-25 20:53 UTC by Quanah Gibson-Mount
Modified: 2021-01-21 22:44 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Quanah Gibson-Mount 2014-08-25 20:53:22 UTC 
Full_Name: Quanah Gibson-Mount
Version: 2.4.39
OS: Linux 3.13
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.58.125)


After modifying olcListenerThreads for a running slapd, the process died and I
had to restart ldap.  Going to see if cores were enabled.
Comment 1 Quanah Gibson-Mount 2014-08-25 22:30:40 UTC 
--On Monday, August 25, 2014 9:53 PM +0000 quanah@openldap.org wrote:

> Full_Name: Quanah Gibson-Mount
> Version: 2.4.39
> OS: Linux 3.13
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.58.125)
>
>
> After modifying olcListenerThreads for a running slapd, the process died
> and I had to restart ldap.  Going to see if cores were enabled.
>

Trivial to reproduce:

(gdb) cont
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f963ca41700 (LWP 12048)]
0x0000000000432279 in slapd_clr_read (s=13, wake=0) at daemon.c:981
981     daemon.c: No such file or directory.
        in daemon.c

Thread 6 (Thread 0x7f963ca41700 (LWP 12048)):
#0  0x0000000000432279 in slapd_clr_read (s=13, wake=0) at daemon.c:981
        rc = 1
        id = 1
#1  0x000000000043ab9c in connection_read_activate (s=13) at 
connection.c:1285
        rc = 62
#2  0x0000000000436ddb in slapd_daemon_task (ptr=0x1ba1d28) at daemon.c:2769
        rc = 1
        fd = 13
        w = 0
        r = 1
        ns = 1
        at = 0
        nfds = 18
        revents = 0x1c40000
        tvp = 0x0
        cat = {tv_sec = 0, tv_usec = 0}
        i = 0
        nwriters = 0
        now = 1409005820
        tv = {tv_sec = 0, tv_usec = 0}
        tdelta = 1
        rtask = 0x0
        l = 2
        last_idle_check = 1408061664
        ebadf = 0
        tid = 0
#3  0x0000003e130079d1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x0000003e12ce8b5d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 5 (Thread 0x7f963c240700 (LWP 12052)):
#0  0x0000003e1300b5bc in pthread_cond_wait@@GLIBC_2.3.2 () from 
/lib64/libpthread.so.0
No symbol table info available.
#1  0x00007fa28ef29787 in ldap_pvt_thread_cond_wait (cond=0x1bdc038, 
mutex=0x1bdc010) at thr_posix.c:277
No locals.
#2  0x00007fa28ef27fa2 in ldap_int_thread_pool_wrapper (xpool=0x1bdc000) at 
tpool.c:927
        pq = 0x1bdc000
        pool = 0x1da0180
        task = 0x0
        work_list = 0x1bdc070
        ctx = {ltu_pq = 0x1bdc000, ltu_id = 140283230816000, ltu_key = 
{{ltk_key = 0x43a106, ltk_data = 0x1da4e00, ltk_free = 0x439f4a 
<conn_counter_destroy>}, {ltk_key = 0x4ad967,
              ltk_data = 0x3d9c2c0, ltk_free = 0x4ad78c 
<slap_sl_mem_destroy>}, {ltk_key = 0x455375, ltk_data = 0x20a03c0, ltk_free 
= 0x4552c8 <slap_op_q_destroy>}, {
              ltk_key = 0x7fa28b554533, ltk_data = 0x419e000, ltk_free = 
0x7fa28b554510 <search_stack_free>}, {ltk_key = 0x7fa28b5515ab, ltk_data = 
0x3e9e000,
              ltk_free = 0x7fa28b551563 <scope_chunk_free>}, {ltk_key = 
0x1bdd6c0, ltk_data = 0x1fe2200, ltk_free = 0x7fa28b55f195 
<mdb_reader_free>}, {ltk_key = 0x0,
              ltk_data = 0x9106400, ltk_free = 0}, {ltk_key = 0x0, ltk_data 
= 0x0, ltk_free = 0} <repeats 25 times>}}
        kctx = 0x0
        i = 32
        keyslot = 380
        hash = 3641033084
        pool_lock = 0
        freeme = 0
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3  0x0000003e130079d1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x0000003e12ce8b5d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 4 (Thread 0x7f963ba3f700 (LWP 12183)):
#0  0x0000003e1300b5bc in pthread_cond_wait@@GLIBC_2.3.2 () from 
/lib64/libpthread.so.0
No symbol table info available.
#1  0x00007fa28ef29787 in ldap_pvt_thread_cond_wait (cond=0x1bdc038, 
mutex=0x1bdc010) at thr_posix.c:277
No locals.
#2  0x00007fa28ef27fa2 in ldap_int_thread_pool_wrapper (xpool=0x1bdc000) at 
tpool.c:927
        pq = 0x1bdc000
        pool = 0x1da0180
        task = 0x0
        work_list = 0x1bdc070
        ctx = {ltu_pq = 0x1bdc000, ltu_id = 140283222423296, ltu_key = 
{{ltk_key = 0x43a106, ltk_data = 0x1da4700, ltk_free = 0x439f4a 
<conn_counter_destroy>}, {ltk_key = 0x4ad967,
              ltk_data = 0x3d9c9c0, ltk_free = 0x4ad78c 
<slap_sl_mem_destroy>}, {ltk_key = 0x1bdd6c0, ltk_data = 0x52dc000, 
ltk_free = 0x7fa28b55f195 <mdb_reader_free>}, {
              ltk_key = 0x7fa28b554533, ltk_data = 0x55e6000, ltk_free = 
0x7fa28b554510 <search_stack_free>}, {ltk_key = 0x7fa28b5515ab, ltk_data = 
0x52e6000,
              ltk_free = 0x7fa28b551563 <scope_chunk_free>}, {ltk_key = 
0x455375, ltk_data = 0x237b840, ltk_free = 0x4552c8 <slap_op_q_destroy>}, 
{ltk_key = 0x0, ltk_data = 0x66ed600,
              ltk_free = 0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} 
<repeats 25 times>}}
        kctx = 0x0
        i = 32
        keyslot = 138
        hash = 3676775562
        pool_lock = 0
        freeme = 0
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3  0x0000003e130079d1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x0000003e12ce8b5d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 3 (Thread 0x7f963b23e700 (LWP 24606)):
#0  0x0000003e1300b5bc in pthread_cond_wait@@GLIBC_2.3.2 () from 
/lib64/libpthread.so.0
No symbol table info available.
#1  0x00007fa28ef29787 in ldap_pvt_thread_cond_wait (cond=0x1bdc038, 
mutex=0x1bdc010) at thr_posix.c:277
No locals.
#2  0x00007fa28ef27fa2 in ldap_int_thread_pool_wrapper (xpool=0x1bdc000) at 
tpool.c:927
        pq = 0x1bdc000
        pool = 0x1da0180
        task = 0x0
        work_list = 0x1bdc070
        ctx = {ltu_pq = 0x1bdc000, ltu_id = 140283214030592, ltu_key = 
{{ltk_key = 0x43a106, ltk_data = 0x2155100, ltk_free = 0x439f4a 
<conn_counter_destroy>}, {ltk_key = 0x4ad967,
              ltk_data = 0x66d6b40, ltk_free = 0x4ad78c 
<slap_sl_mem_destroy>}, {ltk_key = 0x455375, ltk_data = 0x2379a40, ltk_free 
= 0x4552c8 <slap_op_q_destroy>}, {ltk_key = 0x1bdd6c0,
              ltk_data = 0x6a60000, ltk_free = 0x7fa28b55f195 
<mdb_reader_free>}, {ltk_key = 0x7fa28b554533, ltk_data = 0x6d6e000, 
ltk_free = 0x7fa28b554510 <search_stack_free>}, {
              ltk_key = 0x7fa28b5515ab, ltk_data = 0x6a6e000, ltk_free = 
0x7fa28b551563 <scope_chunk_free>}, {ltk_key = 0x0, ltk_data = 0x9108800, 
ltk_free = 0}, {ltk_key = 0x0,
              ltk_data = 0x0, ltk_free = 0} <repeats 25 times>}}
        kctx = 0x0
        i = 32
        keyslot = 250
        hash = 907520250
        pool_lock = 0
        freeme = 0
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3  0x0000003e130079d1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x0000003e12ce8b5d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 2 (Thread 0x7f963aa3d700 (LWP 24607)):
#0  0x0000003e1300b5bc in pthread_cond_wait@@GLIBC_2.3.2 () from 
/lib64/libpthread.so.0
No symbol table info available.
#1  0x00007fa28ef29787 in ldap_pvt_thread_cond_wait (cond=0x1bdc038, 
mutex=0x1bdc010) at thr_posix.c:277
No locals.
#2  0x00007fa28ef27fa2 in ldap_int_thread_pool_wrapper (xpool=0x1bdc000) at 
tpool.c:927
        pq = 0x1bdc000
        pool = 0x1da0180
        task = 0x0
        work_list = 0x1bdc070
        ctx = {ltu_pq = 0x1bdc000, ltu_id = 140283205637888, ltu_key = 
{{ltk_key = 0x43a106, ltk_data = 0x2154f00, ltk_free = 0x439f4a 
<conn_counter_destroy>}, {ltk_key = 0x4ad967,
              ltk_data = 0x66d6b80, ltk_free = 0x4ad78c 
<slap_sl_mem_destroy>}, {ltk_key = 0x455375, ltk_data = 0x66c6000, ltk_free 
= 0x4552c8 <slap_op_q_destroy>}, {ltk_key = 0x1bdd6c0,
              ltk_data = 0x6a61a00, ltk_free = 0x7fa28b55f195 
<mdb_reader_free>}, {ltk_key = 0x7fa28b554533, ltk_data = 0x806e000, 
ltk_free = 0x7fa28b554510 <search_stack_free>}, {
              ltk_key = 0x7fa28b5515ab, ltk_data = 0x7d6e000, ltk_free = 
0x7fa28b551563 <scope_chunk_free>}, {ltk_key = 0x0, ltk_data = 0x9108800, 
ltk_free = 0}, {ltk_key = 0x0,
              ltk_data = 0x0, ltk_free = 0} <repeats 25 times>}}
        kctx = 0x0
        i = 32
        keyslot = 41
        hash = 1003389993
        pool_lock = 0
        freeme = 0
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3  0x0000003e130079d1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x0000003e12ce8b5d in clone () from /lib64/libc.so.6
No symbol table info available.

Thread 1 (Thread 0x7fa28e26a720 (LWP 12047)):
#0  0x0000003e1300822d in pthread_join () from /lib64/libpthread.so.0
No symbol table info available.
#1  0x00007fa28ef296c8 in ldap_pvt_thread_join (thread=140283239208704, 
thread_return=0x0) at thr_posix.c:197
No locals.
#2  0x0000000000437587 in slapd_daemon () at daemon.c:2907
        i = 0
        rc = 0
#3  0x0000000000414afb in main (argc=9, argv=0x7fff33ea3258) at main.c:1012
        i = 9
        no_detach = 0
        rc = 0
        urls = 0x1bb0000 "ldap://zre-ldap003.eng.zimbra.com:389 ldapi:///"
        username = 0x1ba0010 "root"
        groupname = 0x0
        sandbox = 0x0
        syslogUser = 128
        pid = 0
        waitfds = {9, 10}
        g_argc = 9
        g_argv = 0x7fff33ea3258
        configfile = 0x0
        configdir = 0x1ba4020 "/opt/zimbra/data/ldap/config"
        serverName = 0x7fff33ea4d76 "slapd"
        serverMode = 1
        scp = 0x0
        scp_entry = 0x0
        debug_unknowns = 0x0
        syslog_unknowns = 0x0
        serverNamePrefix = 0x4f19c8 ""
        l = 5182640
        slapd_pid_file_unlink = 1
        slapd_args_file_unlink = 1
        firstopt = 0
        __PRETTY_FUNCTION__ = "main"
(gdb)


--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Comment 2 Quanah Gibson-Mount 2017-04-12 16:37:37 UTC 
moved from Incoming to Software Bugs
Comment 3 Quanah Gibson-Mount 2020-08-18 22:30:51 UTC 
Commits: 
  • 2f94318f 
by Howard Chu at 2020-08-18T22:00:58+01:00 
ITS#7926 support multiple config cleanup functions per op

Prep for main changes


  • 9d2f1530 
by Howard Chu at 2020-08-18T22:37:50+01:00 
ITS#7926 dynamic changes to olcListenerThreads

Reallocates sockets from old to new listener threads
Comment 4 Quanah Gibson-Mount 2021-01-21 22:44:23 UTC 
*** Issue 9340 has been marked as a duplicate of this issue. ***