[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4136) test036-meta-concurrency: line 188: 1342 Segmentation fault



[On AMD64]

I'm seeing different different types of errors; many occur in the
targets of the slapd-meta database; valgrind reports:

>==============================================================
        add: mail
                one value, length 21
conn=7 op=2 MOD dn="cn=Barbara Jensen,ou=Information Technology
Division,ou=People,dc=example,dc=com"
conn=7 op=2 MOD attr=mail
bdb_dn2entry("cn=barbara jensen,ou=information technology
division,ou=people,dc=example,dc=com")
bdb_modify: cn=Barbara Jensen,ou=Information Technology
Division,ou=People,dc=example,dc=com
==27446==
==27446== Thread 5:
==27446== Invalid read of size 8
==27446==    at 0x513158: equality_candidates (filterindex.c:628)
==27446==    by 0x51158E: bdb_filter_candidates (filterindex.c:139)
==27446==    by 0x512A6F: list_candidates (filterindex.c:506)
==27446==    by 0x511A72: bdb_filter_candidates (filterindex.c:189)
==27446==    by 0x512A6F: list_candidates (filterindex.c:506)
==27446==    by 0x5119D2: bdb_filter_candidates (filterindex.c:183)
==27446==    by 0x4CA86B: search_candidates (search.c:1141)
==27446==    by 0x4C938D: bdb_search (search.c:594)
==27446==    by 0x44AFB4: fe_op_search (search.c:349)
==27446==    by 0x44AAA7: do_search (search.c:219)
==27446==  Address 0x188 is not stack'd, malloc'd or (recently) free'd
==27446==
==27446== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==27446==  Access not within mapped region at address 0x188
==27446==    at 0x513158: equality_candidates (filterindex.c:628)
==27446==    by 0x51158E: bdb_filter_candidates (filterindex.c:139)
==27446==    by 0x512A6F: list_candidates (filterindex.c:506)
==27446==    by 0x511A72: bdb_filter_candidates (filterindex.c:189)
==27446==    by 0x512A6F: list_candidates (filterindex.c:506)
==27446==    by 0x5119D2: bdb_filter_candidates (filterindex.c:183)
==27446==    by 0x4CA86B: search_candidates (search.c:1141)
==27446==    by 0x4C938D: bdb_search (search.c:594)
==27446==    by 0x44AFB4: fe_op_search (search.c:349)
==27446==    by 0x44AAA7: do_search (search.c:219)
==27446==
<==============================================================

>==============================================================
do_bind: version=3 dn="cn=manager,dc=example,dc=com" method=128
conn=16 op=0 BIND dn="cn=manager,dc=example,dc=com" method=128
==> bdb_bind: dn: cn=manager,dc=example,dc=com
conn=16 op=0 BIND dn="cn=Manager,dc=example,dc=com" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=manager,dc=example,dc=com" to
"cn=Manager,dc=example,dc=com"
send_ldap_result: conn=16 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 18
conn=16 op=0 RESULT tag=97 err=0 text=
==27600==
==27600== Thread 14:
==27600== Invalid read of size 8
==27600==    at 0x4CA1CC: bdb_search (search.c:948)
==27600==    by 0x44AFB4: fe_op_search (search.c:349)
==27600==    by 0x44AAA7: do_search (search.c:219)
==27600==    by 0x447A03: connection_operation (connection.c:1309)
==27600==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27600==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27600==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27600==  Address 0x250 is not stack'd, malloc'd or (recently) free'd
==27600==
==27600== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==27600==  Access not within mapped region at address 0x250
==27600==    at 0x4CA1CC: bdb_search (search.c:948)
==27600==    by 0x44AFB4: fe_op_search (search.c:349)
==27600==    by 0x44AAA7: do_search (search.c:219)
==27600==    by 0x447A03: connection_operation (connection.c:1309)
==27600==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27600==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27600==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
<==============================================================
1<==============================================================
>==============================================================
conn=2 op=6 DISCONNECT tag=120 err=2 text=decoding error
==27849==
==27849== Thread 9:
==27849== Invalid free() / delete / delete[]
==27849==    at 0x11B1BA2D: free (vg_replace_malloc.c:235)
==27849==    by 0x5EF5AB: ber_memfree_x (memory.c:154)
==27849==    by 0x4A4C46: slap_sl_free (sl_malloc.c:438)
==27849==    by 0x44AAD1: do_search (search.c:223)
==27849==    by 0x447A03: connection_operation (connection.c:1309)
==27849==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27849==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27849==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27849==  Address 0x1C28A288 is 600 bytes inside a block of size
1048576 alloc'd
==27849==    at 0x11B1AED6: malloc (vg_replace_malloc.c:149)
==27849==    by 0x5EF6DD: ber_memalloc_x (memory.c:234)
==27849==    by 0x466E21: ch_malloc (ch_malloc.c:54)
==27849==    by 0x4A3C3C: slap_sl_mem_create (sl_malloc.c:121)
==27849==    by 0x447871: connection_operation (connection.c:1250)
==27849==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27849==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27849==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27849==
==27849== Invalid free() / delete / delete[]
==27849==    at 0x11B1BA2D: free (vg_replace_malloc.c:235)
==27849==    by 0x5EF5AB: ber_memfree_x (memory.c:154)
==27849==    by 0x4A4C46: slap_sl_free (sl_malloc.c:438)
==27849==    by 0x44AAF8: do_search (search.c:226)
==27849==    by 0x447A03: connection_operation (connection.c:1309)
==27849==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27849==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27849==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27849==  Address 0x1C28A2E8 is 696 bytes inside a block of size
1048576 alloc'd
==27849==    at 0x11B1AED6: malloc (vg_replace_malloc.c:149)
==27849==    by 0x5EF6DD: ber_memalloc_x (memory.c:234)
==27849==    by 0x466E21: ch_malloc (ch_malloc.c:54)
==27849==    by 0x4A3C3C: slap_sl_mem_create (sl_malloc.c:121)
==27849==    by 0x447871: connection_operation (connection.c:1250)
==27849==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27849==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27849==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
<==============================================================

None of them occurs within the slapd-meta process.  My question is: why
does this happen only when used in conjunction with the slapd-meta (or
slapd-ldap) backends?

The last error type I noticed also occurs in the slapd-meta DSA, but it
only occurs at shutdown, so it is not responsible of the SIGSEGV, but
rather occurs as a consequence of terminating the test __after__ the
SIGSEGV occurred in one of the target servers.

>==============================================================
daemon: shutdown requested and initiated.
==27863== Thread 5:
==27863== Invalid read of size 4
==27863==    at 0x44277A: slap_listener (daemon.c:1306)
==27863==    by 0x44328F: slap_listener_thread (daemon.c:1547)
==27863==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27863==  Address 0x12F73E78 is 48 bytes inside a block of size 184
free'd
==27863==    at 0x11B1BA2D: free (vg_replace_malloc.c:235)
==27863==    by 0x5EF5AB: ber_memfree_x (memory.c:154)
==27863==    by 0x467150: ch_free (ch_malloc.c:139)
==27863==    by 0x4426E1: close_listeners (daemon.c:1264)
==27863==    by 0x444C15: slapd_daemon_task (daemon.c:2171)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27863==
==27863== Invalid write of size 4
==27863==    at 0x44278C: slap_listener (daemon.c:1312)
==27863==    by 0x44328F: slap_listener_thread (daemon.c:1547)
==27863==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27863==  Address 0x12F73E74 is 44 bytes inside a block of size 184
free'd
==27863==    at 0x11B1BA2D: free (vg_replace_malloc.c:235)
==27863==    by 0x5EF5AB: ber_memfree_x (memory.c:154)
==27863==    by 0x467150: ch_free (ch_malloc.c:139)
==27863==    by 0x4426E1: close_listeners (daemon.c:1264)
==27863==    by 0x444C15: slapd_daemon_task (daemon.c:2171)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27863==
==27863== Invalid read of size 4
==27863==    at 0x442858: slap_listener (daemon.c:1335)
==27863==    by 0x44328F: slap_listener_thread (daemon.c:1547)
==27863==    by 0x5BD94C: ldap_int_thread_pool_wrapper (tpool.c:615)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
==27863==  Address 0x12F73E78 is 48 bytes inside a block of size 184
free'd
==27863==    at 0x11B1BA2D: free (vg_replace_malloc.c:235)
==27863==    by 0x5EF5AB: ber_memfree_x (memory.c:154)
==27863==    by 0x467150: ch_free (ch_malloc.c:139)
==27863==    by 0x4426E1: close_listeners (daemon.c:1264)
==27863==    by 0x444C15: slapd_daemon_task (daemon.c:2171)
==27863==    by 0x125640A9: start_thread
(in /lib64/tls/libpthread-2.3.4.so)
==27863==    by 0x12739B42: clone (in /lib64/tls/libc-2.3.4.so)
connection_closing: readying conn=2 sd=12 for close
connection_close: conn=2 sd=12
<==============================================================

I have no clue right now; I suspect something related to the connection
handling yet, as that portion of code has been heavily changed recently.

p.

On Wed, 2005-11-02 at 19:15 +0000, michael@stroeder.com wrote:
> Full_Name: Michael Ströder
> Version: HEAD
> OS: SuSE Linux 10.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.124.28.81)
> 
> 
> PID=1722 - Modrdn(50): entry="cn=James A Jones 2,ou=Information Technology
> Division,ou=People,o=Example,c=US".
> PID=1724 - Modify(50): entry="cn=ITD Staff,ou=Groups,o=Example,c=US".
> PID=1620 - Search(500): base="ou=people,o=Example,c=US", filter="cn=James A
> Jones 1".
> PID=1715 - Read(1000): entry="ou=Alumni Association, ou=People,
> o=Example,c=US".
> PID=1725 - Add/Delete(50): entry="cn=James A Jones 5,o=Example,c=US".
> ldap_add: Internal (implementation specific) error (80)
>  PID=1527 - Add/Delete done (80).
> ldap_modify: Internal (implementation specific) error (80)
>  PID=1526 - Modify done (80).
> ldap_modrdn: Internal (implementation specific) error (80)
>  PID=1524 - Modrdn done (80).
> ldap_modrdn: Internal (implementation specific) error (80)
>  PID=1574 - Modrdn done (80).
> PID=1818 - Search(500): base="o=Example,c=US", filter="cn=James*".
> PID=1826 - Read(1000): entry="ou=Meta,o=Example,c=US".
> ldap_search: Internal (implementation specific) error (80)
>  PID=1510 - Search done (80).
> ldap_add: Internal (implementation specific) error (80)
>  PID=1578 - Add/Delete done (80).
> ldap_modify: Internal (implementation specific) error (80)
>  PID=1576 - Modify done (80).
> ldap_read: No such object (32)
> ldap_read: Internal (implementation specific) error (80)
>  PID=1630 - Read done (80).
> ldap_bind: Server is unavailable (52)
> stopping: child exited with status 1
> ./scripts/test036-meta-concurrency: line 188:  1342 Segmentation fault     
> $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >$LOG1 2>&1
> 
> 



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497