[Date Prev][Date Next] [Chronological] [Thread] [Top]

Finally using 2.2.13! A segfault problem... gdb output included (ITS#3227)



Full_Name: John Borwick
Version: 2.2.13
OS: Red Hat Workstation 3
URL: http://www.wfu.edu/~borwicjh/examples/openldap-2.2.13-segfault/
Submission from: (NULL) (152.17.53.226)


First, thanks very much for OpenLDAP!  2.2 seems really fast!

I'm running openldap 2.2.13 with BDB 4.2.52.  Both BDB patches have been
applied, along with some crazy patches from Red Hat.  Maybe that's a problem, I
don't know.

After hitting the "o=WFU,c=US" backend (which rewrites to
"ou=Users,dc=wfu,dc=edu") maybe 10000 times, as fast as possible, the server
segfaults.

Here's a running count of the number of LDAP connections and the "backtrace
full" output.  Some symbols are missing; please let me know if this isn't enough
data.  We *did* compile with "--enable-ldap" and "--enable-rewrite".

Please see the URL http://www.wfu.edu/~borwicjh/examples/openldap-2.2.13-segfault/
for information on how to replicate.

Thank you very much!
John

-=-=- while true; do lsof -i :389 | wc -l; sleep 2; done
      0
      2
      2
    129
    264
    663
   1015
   1017
   1017
   1017
   1017
   1017
   1017
   1017
   1017
   1017
   1017
   1017
    990
    683
    731
   1017
   1017
   1017
   1017
   1017
   1017
    926
    632
    319
    382
    293
    350
    350
    350
    350
    350
    350
    350
      0
      0
      0

-=-=- gdb servers/slapd/slapd core -=-=-
#0  0x00000001 in ?? ()
No symbol table info available.
#1  <signal handler called>
No symbol table info available.
#2  0xb75ebc32 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
No symbol table info available.
#3  0xb737c8eb in __write_nocancel () from /lib/tls/libpthread.so.0
No symbol table info available.
#4  0x08108f95 in sb_stream_write (sbiod=0x81ef5b0, buf=0x8fb39950, len=94) at
sockbuf.c:549
No locals.
#5  0x08109835 in sb_debug_write (sbiod=0x81ef5c8, buf=0x8fb39950, len=94) at
sockbuf.c:846
        ret = -1884291056
#6  0x08108eb1 in ber_int_sb_write (sb=0x81ec6d8, buf=0x8fb39950, len=94) at
sockbuf.c:433
        ret = -1884291056
#7  0x08105a9e in ber_flush (sb=0x81ec6d8, ber=0x8fb4ec90, freeit=0) at
io.c:243
        towrite = 94
        rc = -1800410192
#8  0x080f0c54 in ldap_int_flush_request (ld=0x81eda20, lr=0x8fb4ed08) at
request.c:166
        lc = (LDAPConn *) 0x81ef510
#9  0x080f0fad in ldap_send_server_request (ld=0x81eda20, ber=0x8fb4ec90,
msgid=13991, parentreq=0x0, srvlist=0x0, lc=0x81ef510, bind=0x0) at
request.c:294
        lr = (LDAPRequest *) 0x8fb4ed08
        incparent = 0
        rc = 0
#10 0x080f0bf7 in ldap_send_initial_request (ld=0x81eda20, msgtype=99,
dn=0x8fb97ad8 "ou=Users,dc=wfu,dc=edu", ber=0x8fb4ec90, msgid=13991) at
request.c:147
        servers = (LDAPURLDesc *) 0x0
        rc = 136239648
#11 0x080e2011 in ldap_search_ext (ld=0x81eda20, base=0x8fb97ad8
"ou=Users,dc=wfu,dc=edu", scope=2, filter=0x8b78cb00
"(|(cn=sue*)(mail=sue*)(sn=sue*))", attrs=0x0,
    attrsonly=0, sctrls=0x0, cctrls=0x0, timeout=0x94afd7a0, sizelimit=500,
msgidp=0x94afd790) at search.c:110
        rc = 0
        ber = (BerElement *) 0x8fb4ec90
        timelimit = 3600
        id = 13991
#12 0x080b342a in ldap_back_search (op=0x8b3992c0, rs=0x94afe870) at
search.c:143
        li = (struct ldapinfo *) 0x819a9b8
        lc = (struct ldapconn *) 0x81ee408
        tv = {tv_sec = 3600, tv_usec = 0}
        res = (LDAPMessage *) 0x8099845
        e = (LDAPMessage *) 0x94afd7c8
        rc = 0
        msgid = -1959161152
        match = {bv_len = 0, bv_val = 0x0}
        mapped_attrs = (char **) 0x0
        mbase = {bv_len = 22, bv_val = 0x8fb97ad8 "ou=Users,dc=wfu,dc=edu"}
        mfilter = {bv_len = 32, bv_val = 0x8b78cb00
"(|(cn=sue*)(mail=sue*)(sn=sue*))"}
        dontfreetext = 0
        dc = {rwmap = 0x819a9f4, conn = 0x96a9fc88, ctx = 0x8124e53
"searchBase", rs = 0x94afe870}
#13 0x0805cbab in do_search (op=0x8b3992c0, rs=0x94afe870) at search.c:400
        base = {bv_len = 10, bv_val = 0x86506e47 "o=WFU,c=US"}
        siz = 0
        off = 0
        i = 0
        manageDSAit = 0
        be_manageDSAit = 0
#14 0x0805a551 in connection_operation (ctx=0x94afe900, arg_v=0x8b3992c0) at
connection.c:1042
        rc = -1025
        op = (Operation *) 0x8b3992c0
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_sasl
= {
      r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0},
sru_search = {r_entry = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}},
sr_flags = 0}
        tag = 99
        oldtag = 99
        conn = (Connection *) 0x96a9fc88
        memctx = (void *) 0x8206058
        memctx_null = (void *) 0x0
        memsiz = 1048576
#15 0x080de3b6 in ldap_int_thread_pool_wrapper (xpool=0x8154fb8) at tpool.c:467
        pool = (struct ldap_int_thread_pool_s *) 0x8154fb8
        ctx = (ldap_int_thread_ctx_t *) 0x865f94b8
        ltc_key = {{ltk_key = 0x8097a48, ltk_data = 0x8206058, ltk_free =
0x8097a18 <sl_mem_destroy>}, {ltk_key = 0x81e4018, ltk_data = 0x13f,
    ltk_free = 0x80bc6d0 <bdb_locker_id_free>}, {ltk_key = 0x80af37d, ltk_data =
0x890fe008, ltk_free = 0x80af365 <search_stack_free>}, {ltk_key = 0x0,
    ltk_data = 0x0, ltk_free = 0} <repeats 29 times>}
        tid = 2494557104
        i = 734
        keyslot = 734
        hash = 734
#16 0xb7377dac in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#17 0xb7316a8a in clone () from /lib/tls/libc.so.6
No symbol table info available.