https://bugs.openldap.org/show_bug.cgi?id=9626
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to carlos.velasco from comment #3)
(In reply to Howard Chu from comment #2)
(In reply to carlos.velasco from comment #1)
It seems ids get corrupted.
Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f2a32a4109f in mdb_midl_append_list (idp=0x7f29f8041b13, app=0x25fa538) at midl.c:175 175 if (ids[0] + app[0] >= ids[-1]) { [Current thread is 1 (Thread 0x7f2a09ffb640 (LWP 204177))] (gdb) bt #0 0x00007f2a32a4109f in mdb_midl_append_list (idp=0x7f29f8041b13, app=0x25fa538) at midl.c:175 #1 0x00007f2a32a325bf in mdb_txn_commit (txn=0xf9bda0) at mdb.c:3485
In frame 1 can you get the output for: info locals print *txn print *parent
(gdb) f 1 #1 0x00007f2a32a325bf in mdb_txn_commit (txn=0xf9bda0) at mdb.c:3485 3485 rc = mdb_midl_append_list(&parent->mt_free_pgs, txn->mt_free_pgs); (gdb) info locals parent = 0x7f29f8041aeb lp = 0x7f2a09ff9120 dst = 0x7f2a09ff90e0 pspill = 0x7f2a09ff90b0 y = 167743792 len = 0 src = 0x40009000d0006 x = 32554 ps_len = 32554 rc = 32554 i = 167743728 end_mode = 2097201 env = 0x1fd9d40 __func__ = "mdb_txn_commit" (gdb) p *txn $1 = {mt_parent = 0x7f29f8041aeb, mt_child = 0x0, mt_next_pgno = 255, mt_txnid = 47589, mt_env = 0x1fd9d40, mt_free_pgs = 0x25fa538, mt_loose_pgs = 0x0, mt_loose_count = 0, mt_spill_pgs = 0x0, mt_u = { dirty_list = 0x26fa540, reader = 0x26fa540}, mt_dbxs = 0x1fd9e40, mt_dbs = 0xf9be28, mt_dbiseqs = 0xf9be98, mt_cursors = 0xf9be88, mt_dbflags = 0xf9bea0 "\b\030", mt_numdbs = 2, mt_flags = 524288, mt_dirty_room = 131067} (gdb) p *parent $2 = {mt_parent = 0x9b99d10000000000, mt_child = 0x8d000007f2e0a, mt_next_pgno = 3276218095827364344, mt_txnid = 7814437141411426150, mt_env = 0x7c6465646f636e65, mt_free_pgs = 0x7069746c756d7c20, mt_loose_pgs = 0x6d726f662f747261, mt_loose_count = 1952539693, mt_spill_pgs = 0x72617069746c756d, mt_u = {dirty_list = 0x6574616c65722f74, reader = 0x6574616c65722f74}, mt_dbxs = 0x747865747c207c64, mt_dbs = 0x617c207c6c6d782f, mt_dbiseqs = 0x69746163696c7070, mt_cursors = 0x207c6c6d782f6e6f, mt_dbflags = 0x6163696c7070617c <error: Cannot access memory at address 0x6163696c7070617c>, mt_numdbs = 1852795252, mt_flags = 1634693935, mt_dirty_room = 1836591984} (gdb)
Does your code actually use nested transactions?
I don't know, the code is from modsecurity: https://github.com/SpiderLabs/ModSecurity
The txn->mt_parent pointer is clearly invalid. Most likely some other code overwrote it, probably in ModSecurity. This is extremely unlikely to be an actual LMDB bug.