https://bugs.openldap.org/show_bug.cgi?id=10258
Issue ID: 10258 Summary: test050 failure: connection_close race? Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: ondra@mistotebe.net Target Milestone: ---
Created attachment 1032 --> https://bugs.openldap.org/attachment.cgi?id=1032&action=edit tail of slapd log
Running test050 repeatedly, the slapd managed to get itself into an apparent inconsistency in the connections structure. The logs suggest that there might be a race closing the connection. Unfortunately the sanitiser didn't initiate a core dump in this case.
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |ondra@mistotebe.net Keywords|needs_review | Target Milestone|--- |2.5.19
https://bugs.openldap.org/show_bug.cgi?id=10258
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- Correlating the logs with the code, this seems to be the sequence of events: - client sends an Unbind - slapd_daemon_task in thread A (0x7fc2738396c0) picks up fd=9 (conn=1004), calls slapd_clr_read and submits connection_read_thread to the queue - a worker thread B (0x7fc270c2c6c0) runs connection_read_thread->connection_read, reads one operation (unbind) queues it up in cri->op, then calls slapd_set_read - only the unbind was read, so it is immediately processed in the same worker thread B (B side of the race) - client closes the connection - slapd_daemon_task in thread A notices and picks up fd=9 again (A side of the race) - worker thread B wins the race and calls connection_closing resetting the epoll state - daemon A lost the race and will reach SLAP_EPOLL_SOCK_SET. Using invalid epoll state (which is now pointing to offset -1) it reaches memory that's not intended for this purpose (presumably not even allocated) and address sanitiser intervenes
https://bugs.openldap.org/show_bug.cgi?id=10258
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|ondra@mistotebe.net |hyc@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.19 |2.5.20
https://bugs.openldap.org/show_bug.cgi?id=10258
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.20 |2.6.11
https://bugs.openldap.org/show_bug.cgi?id=10258
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS
--- Comment #2 from Howard Chu hyc@openldap.org --- Based on your analysis, I have a proposed fix here https://git.openldap.org/openldap/openldap/-/merge_requests/816
Not sure how many iterations we'd need to convince ourselves it's fixed though.
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.11 |2.6.12
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.12 |2.6.13
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- head:
• ab4f4bcf by Howard Chu at 2026-01-13T18:15:29+00:00 ITS#10258 slapd: fix unbind/close race
• 159cea0b by Howard Chu at 2026-01-13T18:15:29+00:00 ITS#10258 daemon/epoll: fix check for active socket
RE26:
• 235b5482 by Howard Chu at 2026-02-13T01:14:22+00:00 ITS#10258 slapd: fix unbind/close race
• 8663313a by Howard Chu at 2026-02-13T01:14:29+00:00 ITS#10258 daemon/epoll: fix check for active socket
https://bugs.openldap.org/show_bug.cgi?id=10258
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org