[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd coredumps when samba-tng requests user list (ITS#1210)

Full_Name: Michael Torrie
Version: 2.0.11
OS: Linux 2.4.5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I've set up samba-tng to use ldap for user accounts.  In windows when you right
click on a file and go to security and try to change ownership (add to
security), windows begins scanning samba-tng (and thus ldap) for available users
and groups.  After scanning for quite a while (I have 2600 user records), slapd
just segfaults and dies.  Sometimes it coredumps.  I can send you the core dump.
 The trace is:
I compiled openldap without threads.

#0  0x4027cfb6 in chunk_free (ar_ptr=0x40325f00, p=0x852c2d0) at malloc.c:3142
#1  0x4027cd59 in __libc_free (mem=0x852c2d8) at malloc.c:3054
#2  0x080a8b4d in ber_memfree (p=0x852c2d8) at memory.c:156
#3  0x0806279b in ch_free (ptr=0x852c2d8) at ch_malloc.c:103
#4  0x080857fb in idl_free (idl=0x852c2d8) at idl.c:87
#5  0x0808410c in list_candidates (be=0x80ea7a8, flist=0xbfffc3b0, ftype=160)
    at filterindex.c:466
#6  0x0808321b in filter_candidates (be=0x80ea7a8, f=0xbfffc3c0)
    at filterindex.c:87
#7  0x0807bdef in search_candidates (be=0x80ea7a8, e=0x83581e8, 
    filter=0x82f4108, scope=2, deref=0, manageDSAit=0) at search.c:429
#8  0x0807b59f in ldbm_back_search (be=0x80ea7a8, conn=0x403ad180, 
    op=0x8395e70, base=0x83e2b30 "dc=cs,dc=byu,dc=edu", 
    nbase=0x859d110 "DC=CS,DC=BYU,DC=EDU", scope=2, deref=0, slimit=1, 
    tlimit=0, filter=0x82f4108, 
    filterstr=0x82b4eb0 "(&(objectClass=posixAccount)(uid=fmcquade))", 
    attrs=0x8305b08, attrsonly=0) at search.c:142
#9  0x0805420c in do_search (conn=0x403ad180, op=0x8395e70) at search.c:278
#10 0x08052bc8 in connection_operation (arg_v=0x82e6718) at connection.c:826
#11 0x0809059d in ldap_pvt_thread_pool_submit (pool=0x80ca9b8, 
    start_routine=0x8052940 <connection_operation>, arg=0x82e6718)
    at thr_stub.c:159
#12 0x0805383f in connection_op_activate (conn=0x403ad180, op=0x8395e70)
    at connection.c:1229
#13 0x08053523 in connection_input (conn=0x403ad180) at connection.c:1119
#14 0x080530d9 in connection_read (s=26) at connection.c:1014
#15 0x08050d0c in slapd_daemon_task (ptr=0x0) at daemon.c:1237
#16 0x0809045f in ldap_pvt_thread_create (thread=0xbffff958, detach=0, 
    start_routine=0x804f880 <slapd_daemon_task>, arg=0x0) at thr_stub.c:48
#17 0x08050f5d in slapd_daemon () at daemon.c:1300
#18 0x0804e051 in main (argc=6, argv=0xbffffa24) at main.c:432
#19 0x40219177 in __libc_start_main (main=0x804d9a0 <main>, argc=6, 
    ubp_av=0xbffffa24, init=0x804c9f8 <_init>, fini=0x80ad1c0 <_fini>, 
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffa1c)
    at ../sysdeps/generic/libc-start.c:129

This is a very serious bug.  I've compiled slapd with debugging turned on and
symbols in it and have been running it through the debugger.  With so many users
to search through, it's hard to track down the problem.  So far only samba-tng
can cause it to crash.  Searching with gq has no problems and ldap logins work
great.  Samba browsing works good too. It's just when samba-tng requests the
users and groups. 

Contact me for the actual core.