[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5586) SLAPD crashing with SIGABRT in connection.c on Solaris - reference through nil pointer



Thanks.

Howard Chu wrote:
> dbb@st-andrews.ac.uk wrote:
>> Just an update, still present in 2.4.11, backtrace below. Still can't
>> work out why it's happening,
>> it's something in the way that sendmail uses ldap and not the actual
>> queries that cause the crash.
>>
>> I can replay the connections and searches to the server, and I've used
>> Suns ldap load testing software
>> to load up the server way over what we ever see and I can't replicate
>> the SIGABRT or crash it in any
>> other way.
>>
>> Any help appreciated.
>
> In frame 5
>     print *index
>     print connections[*index]
/usr/local/SUNWspro/bin/dbx 
/source/openldap-2.4.11/servers/slapd/.libs/slapd 
./slapd-2.4.11-core-6-8-08
For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.6' in 
your .dbxrc
Reading slapd
core file header read successfully
Reading ld.so.1
Reading libldap_r-2.4.so.2.1.0
Reading liblber-2.4.so.2.1.0
Reading libltdl.so.3.1.5
Reading libdb-4.2.so
Reading libicuuc.so.3
Reading libicudata.so.3
Reading libsasl2.so.2.0.22
Reading libdl.so.1
Reading libssl.so.0.9.8
Reading libcrypto.so.0.9.8
Reading libresolv.so.2
Reading libgen.so.1
Reading libnsl.so.1
Reading libsocket.so.1
Reading libc.so.1
Reading libgcc_s.so.1
Reading libgcc_s.so.1
Reading libpthread.so.1
Reading libm.so.2
Reading libCrun.so.1
Reading libc_psr.so.1
t@2 (l@2) terminated by signal ABRT (Abort)
0xfe2c0f90: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xfe2c0fa0
Current function is connection_next
  871                   assert( connections[*index].c_conn_state == 
SLAP_C_INVALID );
(dbx) threads
      t@1  a  l@1   ?()   LWP suspended in  __lwp_wait()
o>    t@2  a  l@2   slapd_daemon_task()   signal SIGABRT in  __lwp_kill()
      t@3  a  l@3   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@4  a  l@4   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@5  a  l@5   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@6  a  l@6   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@7  a  l@7   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@8  a  l@8   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@9  a  l@9   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
     t@10  a l@10   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
     t@11  a l@11   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
     t@12  a l@12   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
(dbx) thread t@2
t@2 (l@2) stopped in __lwp_kill at 0xfe2c0f90
0xfe2c0f90: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xfe2c0fa0
(dbx) where
current thread: t@2
  [1] __lwp_kill(0x0, 0x6, 0x0, 0x6, 0xfc00, 0x0), at 0xfe2c0f90
  [2] raise(0x6, 0x0, 0xfe2a4a98, 0xffffffff, 0xfe2e8284, 0x6), at 
0xfe25fd78
  [3] abort(0xfdfff3f0, 0x1, 0xfe2e9288, 0xa83f0, 0xfe2eb298, 0x0), at 
0xfe23ff98
  [4] __assert(0x1a1808, 0x1a183c, 0x367, 0x0, 0xa810c, 0x1d7b80), at 
0xfe2401d4
=>[5] connection_next(c = (nil), index = 0xfdfff6d4), line 871 in 
"connection.c"
  [6] connections_timeout_idle(now = 1217978957), line 225 in "connection.c"
  [7] slapd_daemon_task(ptr = (nil)), line 2152 in "daemon.c"
(dbx) print *index
*index = 33
(dbx) print connections[*index]
connections[*index] = {
    c_struct_state           = 2
    c_conn_state             = 1
    c_conn_idx               = 33
    c_sd                     = 33
    c_close_reason           = 0x1a11bc "?"
    c_mutex                  = {
        __pthread_mutex_flags = {
            __pthread_mutex_flag1   = 4U
            __pthread_mutex_flag2   = '\0'
            __pthread_mutex_ceiling = '\0'
            __pthread_mutex_type    = 0
            __pthread_mutex_magic   = 19800U
        }
        __pthread_mutex_lock  = {
            __pthread_mutex_lock64  = {
                __pthread_mutex_pad = ""
            }
            __pthread_mutex_lock32  = {
                __pthread_ownerpid = 0
                __pthread_lockword = 0
            }
            __pthread_mutex_owner64 = 0
        }
        __pthread_mutex_data  = 0
    }
    c_sb                     = 0x45fbd0
    c_starttime              = 1217978957
    c_activitytime           = 1217978957
    c_connid                 = 436161U
    c_peer_domain            = {
        bv_len = 7U
        bv_val = 0x48fda0 "unknown"
    }
    c_peer_name              = {
        bv_len = 22U
        bv_val = 0x4b34b8 "IP=138.251.30.31:34746"
    }
    c_listener               = 0x23ea28
    c_sasl_bind_mech         = {
        bv_len = 0
        bv_val = (nil)
    }
    c_sasl_dn                = {
        bv_len = 0
        bv_val = (nil)
    }
    c_sasl_authz_dn          = {
        bv_len = 0
        bv_val = (nil)
    }
    c_authz_backend          = (nil)
    c_authz_cookie           = (nil)
    c_authz                  = {
        sai_method        = 128U
        sai_mech          = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_dn            = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_ndn           = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_ssf           = 0
        sai_transport_ssf = 0
        sai_tls_ssf       = 0
        sai_sasl_ssf      = 0
    }
    c_protocol               = 0
    c_ops                    = {
        stqh_first = (nil)
        stqh_last  = 0x2c2664
    }
    c_pending_ops            = {
        stqh_first = (nil)
        stqh_last  = 0x2c266c
    }
    c_write_mutex            = {
        __pthread_mutex_flags = {
            __pthread_mutex_flag1   = 4U
            __pthread_mutex_flag2   = '\0'
            __pthread_mutex_ceiling = '\0'
            __pthread_mutex_type    = 0
            __pthread_mutex_magic   = 19800U
        }
        __pthread_mutex_lock  = {
            __pthread_mutex_lock64  = {
                __pthread_mutex_pad = ""
            }
            __pthread_mutex_lock32  = {
                __pthread_ownerpid = 0
                __pthread_lockword = 0
            }
            __pthread_mutex_owner64 = 0
        }
        __pthread_mutex_data  = 0
    }
    c_write_cv               = {
        __pthread_cond_flags = {
            __pthread_cond_flag  = ""
            __pthread_cond_type  = 0
            __pthread_cond_magic = 17238U
        }
        __pthread_cond_data  = 0
    }
    c_currentber             = (nil)
    c_sasl_bind_in_progress  = '\0'
    c_writewaiter            = '\0'
    c_is_tls                 = '\0'
    c_needs_tls_accept       = '\0'
    c_sasl_layers            = '\0'
    c_sasl_done              = '\0'
    c_sasl_authctx           = 0x4252d8
    c_sasl_sockctx           = (nil)
    c_sasl_extra             = 0x43a298
    c_sasl_bindop            = (nil)
    c_pagedresults_state     = {
        ps_be        = (nil)
        ps_size      = 0
        ps_count     = 0
        ps_cookie    = 0
        ps_cookieval = {
            bv_len = 0
            bv_val = (nil)
        }
    }
    c_n_ops_received         = 0
    c_n_ops_executing        = 0
    c_n_ops_pending          = 0
    c_n_ops_completed        = 0
    c_n_get                  = 0
    c_n_read                 = 0
    c_n_write                = 0
    c_extensions             = (nil)
    c_clientfunc             = (nil)
    c_clientarg              = (nil)
    c_send_ldap_result       = 0x67ac8 = &slap_send_ldap_result()
    c_send_search_entry      = 0x68c40 = &slap_send_search_entry()
    c_send_search_reference  = 0x6b320 = &slap_send_search_reference()
    c_send_ldap_extended     = 0x685e8 = &slap_send_ldap_extended()
    c_send_ldap_intermediate = 0x68968 = &slap_send_ldap_intermediate()
}
(dbx)


A second example in case useful

/usr/local/SUNWspro/bin/dbx 
/source/openldap-2.4.11/servers/slapd/.libs/slapd 
./slapd-2.4.11-core-1300-4-8-08
For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.6' in 
your .dbxrc
Reading slapd
core file header read successfully
Reading ld.so.1
Reading libldap_r-2.4.so.2.1.0
Reading liblber-2.4.so.2.1.0
Reading libltdl.so.3.1.5
Reading libdb-4.2.so
Reading libicuuc.so.3
Reading libicudata.so.3
Reading libsasl2.so.2.0.22
Reading libdl.so.1
Reading libssl.so.0.9.8
Reading libcrypto.so.0.9.8
Reading libresolv.so.2
Reading libgen.so.1
Reading libnsl.so.1
Reading libsocket.so.1
Reading libc.so.1
Reading libgcc_s.so.1
Reading libgcc_s.so.1
Reading libpthread.so.1
Reading libm.so.2
Reading libCrun.so.1
Reading libc_psr.so.1
t@2 (l@2) terminated by signal ABRT (Abort)
0xfe2c0f90: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xfe2c0fa0
Current function is connection_next
  871                   assert( connections[*index].c_conn_state == 
SLAP_C_INVALID );
(dbx) where
current thread: t@2
  [1] __lwp_kill(0x0, 0x6, 0x0, 0x6, 0xfc00, 0x0), at 0xfe2c0f90
  [2] raise(0x6, 0x0, 0xfe2a4a98, 0xffffffff, 0xfe2e8284, 0x6), at 
0xfe25fd78
  [3] abort(0xfdfff3f0, 0x1, 0xfe2e9288, 0xa83f0, 0xfe2eb298, 0x0), at 
0xfe23ff98
  [4] __assert(0x1a1808, 0x1a183c, 0x367, 0x0, 0xa810c, 0x1d7b80), at 
0xfe2401d4
=>[5] connection_next(c = (nil), index = 0xfdfff6d4), line 871 in 
"connection.c"
  [6] connections_timeout_idle(now = 1217851229), line 225 in "connection.c"
  [7] slapd_daemon_task(ptr = (nil)), line 2152 in "daemon.c"
(dbx) threads
      t@1  a  l@1   ?()   LWP suspended in  __lwp_wait()
o>    t@2  a  l@2   slapd_daemon_task()   signal SIGABRT in  __lwp_kill()
      t@3  a  l@3   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@4  a  l@4   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@5  a  l@5   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
      t@6  a  l@6   ldap_int_thread_pool_wrapper()   sleep on 0x258570  
in  __lwp_park()
(dbx) print *index
*index = 21
(dbx) print connections[*index]
connections[*index] = {
    c_struct_state           = 2
    c_conn_state             = 1
    c_conn_idx               = 21
    c_sd                     = 21
    c_close_reason           = 0x1a11bc "?"
    c_mutex                  = {
        __pthread_mutex_flags = {
            __pthread_mutex_flag1   = 4U
            __pthread_mutex_flag2   = '\0'
            __pthread_mutex_ceiling = '\0'
            __pthread_mutex_type    = 0
            __pthread_mutex_magic   = 19800U
        }
        __pthread_mutex_lock  = {
            __pthread_mutex_lock64  = {
                __pthread_mutex_pad = ""
            }
            __pthread_mutex_lock32  = {
                __pthread_ownerpid = 0
                __pthread_lockword = 0
            }
            __pthread_mutex_owner64 = 0
        }
        __pthread_mutex_data  = 0
    }
    c_sb                     = 0x435300
    c_starttime              = 1217851229
    c_activitytime           = 1217851229
    c_connid                 = 6825U
    c_peer_domain            = {
        bv_len = 7U
        bv_val = 0x419470 "unknown"
    }
    c_peer_name              = {
        bv_len = 22U
        bv_val = 0x413908 "IP=138.251.30.32:40070"
    }
    c_listener               = 0x23ea28
    c_sasl_bind_mech         = {
        bv_len = 0
        bv_val = (nil)
    }
    c_sasl_dn                = {
        bv_len = 0
        bv_val = (nil)
    }
    c_sasl_authz_dn          = {
        bv_len = 0
        bv_val = (nil)
    }
    c_authz_backend          = (nil)
    c_authz_cookie           = (nil)
    c_authz                  = {
        sai_method        = 128U
        sai_mech          = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_dn            = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_ndn           = {
            bv_len = 0
            bv_val = (nil)
        }
        sai_ssf           = 0
        sai_transport_ssf = 0
        sai_tls_ssf       = 0
        sai_sasl_ssf      = 0
    }
    c_protocol               = 0
    c_ops                    = {
        stqh_first = (nil)
        stqh_last  = 0x2c16a4
    }
    c_pending_ops            = {
        stqh_first = (nil)
        stqh_last  = 0x2c16ac
    }
    c_write_mutex            = {
        __pthread_mutex_flags = {
            __pthread_mutex_flag1   = 4U
            __pthread_mutex_flag2   = '\0'
            __pthread_mutex_ceiling = '\0'
            __pthread_mutex_type    = 0
            __pthread_mutex_magic   = 19800U
        }
        __pthread_mutex_lock  = {
            __pthread_mutex_lock64  = {
                __pthread_mutex_pad = ""
            }
            __pthread_mutex_lock32  = {
                __pthread_ownerpid = 0
                __pthread_lockword = 0
            }
            __pthread_mutex_owner64 = 0
        }
        __pthread_mutex_data  = 0
    }
    c_write_cv               = {
        __pthread_cond_flags = {
            __pthread_cond_flag  = ""
            __pthread_cond_type  = 0
            __pthread_cond_magic = 17238U
        }
        __pthread_cond_data  = 0
    }
    c_currentber             = (nil)
    c_sasl_bind_in_progress  = '\0'
    c_writewaiter            = '\0'
    c_is_tls                 = '\0'
    c_needs_tls_accept       = '\0'
    c_sasl_layers            = '\0'
    c_sasl_done              = '\0'
    c_sasl_authctx           = 0x426680
    c_sasl_sockctx           = (nil)
    c_sasl_extra             = 0x4346a8
    c_sasl_bindop            = (nil)
    c_pagedresults_state     = {
        ps_be        = (nil)
        ps_size      = 0
        ps_count     = 0
        ps_cookie    = 0
        ps_cookieval = {
            bv_len = 0
            bv_val = (nil)
        }
    }
    c_n_ops_received         = 0
    c_n_ops_executing        = 0
    c_n_ops_pending          = 0
    c_n_ops_completed        = 0
    c_n_get                  = 0
    c_n_read                 = 0
    c_n_write                = 0
    c_extensions             = (nil)
    c_clientfunc             = (nil)
    c_clientarg              = (nil)
    c_send_ldap_result       = 0x67ac8 = &slap_send_ldap_result()
    c_send_search_entry      = 0x68c40 = &slap_send_search_entry()
    c_send_search_reference  = 0x6b320 = &slap_send_search_reference()
    c_send_ldap_extended     = 0x685e8 = &slap_send_ldap_extended()
    c_send_ldap_intermediate = 0x68968 = &slap_send_ldap_intermediate()
}



-- 
The University of St Andrews is a charity registered in Scotland : No SC013532