[Date Prev][Date Next] [Chronological] [Thread] [Top]
(ITS#6033) Segmentation fault - somewhere below syncprov_matchops / test_filter

To: openldap-its@OpenLDAP.org
Subject: (ITS#6033) Segmentation fault - somewhere below syncprov_matchops / test_filter
From: oskar@deckle.co.za
Date: Wed, 25 Mar 2009 17:31:09 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Oskar Pearson
Version: 2.4.15
OS: Ubuntu hardy
URL: ftp://ftp.openldap.org/incoming/slapd-configs-qualica-1.tar.gz
Submission from: (NULL) (94.194.140.71)


Openldap 2.4.15 (with no patches) was self-compiled with no patches
(CFLAGS="-ggdb3 -O0" ./configure), linked against standard OS libraries (ubuntu
hardy) for BDB etc. BDB is 4.6.21-6ubuntu1. Kernel is 2.6.24-19-server, libc is
libc6-i686/2.7-10ubuntu3.

I do not have a debug log of this crash as it occurred on a live server, which
is too busy for that level of logging. I also do not have a replaceable example.
I have core dumps and can print out whatever is necessary there - I appreciate
your time and help.

If I've missed some important info, please let me know and I'll rectify asap.

System overview:

We have a master server which replicates to > 100 machines for Samba purposes
across ADSL lines with a VPN. These lines are quite busy, so replication writes
may be slow across the network, which may have implications for locks.

Config files are included at the url below.

The specific crash was in thread 1. Other threads are included in a full
backtrace below.

gdb --core=../core.24122 --directory=servers/slapd/
--directory=servers/slapd/overlays  servers/slapd/slapd
#0  0x080c0e82 in is_ad_subtype (sub=0x0, super=0x8294e08) at ad.c:502
502             for ( a = sub->ad_type; a; a=a->sat_sup ) {
Thread 1 (process 24208):
#0  0x080c0e82 in is_ad_subtype (sub=0x0, super=0x8294e08) at ad.c:502
#1  0x0807a6da in attrs_find (a=0xa2d39fa4, desc=0x8294e08) at attr.c:645
#2  0x080964dd in test_presence_filter (op=0x9e6f1b08, e=0x83277f4,
desc=0x8294e08) at filterentry.c:848
#3  0x080951ce in test_filter (op=0x9e6f1b08, e=0x83277f4, f=0x9ae022a8) at
filterentry.c:108
#4  0x0815efdf in syncprov_matchops (op=0x83455c8, opc=0x9cfed214, saveit=1) at
syncprov.c:1251
#5  0x08160fd9 in syncprov_op_mod (op=0x83455c8, rs=0x9e6f3100) at
syncprov.c:1905
#6  0x080f1396 in overlay_op_walk (op=0x83455c8, rs=0x9e6f3100, which=op_modify,
oi=0x82d19c8, on=0x82d1ac8) at backover.c:659
#7  0x080f161e in over_op_func (op=0x83455c8, rs=0x9e6f3100, which=op_modify) at
backover.c:721
#8  0x080f1706 in over_op_modify (op=0x83455c8, rs=0x9e6f3100) at
backover.c:755
#9  0x0808c802 in fe_op_modify (op=0x83455c8, rs=0x9e6f3100) at modify.c:301
#10 0x0808c115 in do_modify (op=0x83455c8, rs=0x9e6f3100) at modify.c:175
#11 0x0806e7c2 in connection_operation (ctx=0x9e6f31f0, arg_v=0x83455c8) at
connection.c:1097
#12 0x0806ec9c in connection_read_thread (ctx=0x9e6f31f0, argv=0x39) at
connection.c:1223
#13 0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#14 0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

(gdb) p sub
$15 = (AttributeDescription *) 0x0
(gdb) up
#1  0x0807a6da in attrs_find (a=0xa2d39fa4, desc=0x8294e08) at attr.c:645
645                     if ( is_ad_subtype( a->a_desc, desc ) ) {
(gdb) p *a
$24 = {a_desc = 0x0, a_vals = 0x0, a_nvals = 0x0, a_numvals = 0, a_flags = 0,
a_next = 0xa2d39d1c}
(gdb) p *desc
$32 = {ad_next = 0x0, ad_type = 0x8294d30, ad_cname = {bv_len = 11, bv_val =
0x8294ca8 "objectClass"}, ad_tags = {bv_len = 0, bv_val = 0x0}, ad_flags = 0}
(gdb) p *op
$33 = {o_hdr = 0x9e6f18e8, o_tag = 99, o_time = 1236840350, o_tincr = 0, o_bd =
0x82b5af8, o_req_dn = {bv_len = 18, 
    bv_val = 0x9ae0360e "dc=HIDDEN-gw,dc=com"}, o_req_ndn = {bv_len = 18, bv_val
= 0x9ae03621 "dc=HIDDEN-gw,dc=com"}, o_request = {oq_add = {
      rs_modlist = 0x2, rs_e = 0x0}, oq_bind = {rb_method = 2, rb_cred = {bv_len
= 0, bv_val = 0xffffffff <Address 0xffffffff out of bounds>}, rb_edn = {
        bv_len = 4294967295, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len =
2598384824, bv_val = 0x9ae022a8 "\207"}}, oq_compare = {rs_ava = 0x2}, 
    oq_modify = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = 0 '\0'},
rs_increment = -1}, oq_modrdn = {rs_mods = {rs_modlist = 0x2, 
        rs_no_opattrs = 0 '\0'}, rs_deleteoldrdn = -1, rs_newrdn = {bv_len =
4294967295, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, 
        bv_val = 0x9ae034b8 "\t"}, rs_newSup = 0x9ae022a8, rs_nnewSup = 0xf},
oq_search = {rs_scope = 2, rs_deref = 0, rs_slimit = -1, rs_tlimit = -1, 
      rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x9ae034b8, rs_filter =
0x9ae022a8, rs_filterstr = {bv_len = 15, 
        bv_val = 0x9ae03634 "(objectClass=*)"}}, oq_abandon = {rs_msgid = 2},
oq_cancel = {rs_msgid = 2}, oq_extended = {rs_reqoid = {bv_len = 2, 
        bv_val = 0x0}, rs_flags = -1, rs_reqdata = 0xffffffff}, oq_pwdexop =
{rs_extended = {rs_reqoid = {bv_len = 2, bv_val = 0x0}, rs_flags = -1, 
        rs_reqdata = 0xffffffff}, rs_old = {bv_len = 0, bv_val = 0x0}, rs_new =
{bv_len = 2598384824, bv_val = 0x9ae022a8 "\207"}, rs_mods = 0xf, 
      rs_modtail = 0x9ae03634}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0,
o_do_not_cache = 1 '\001', o_is_auth_check = 0 '\0', 
  o_dont_replicate = 0 '\0', o_acl_priv = ACL_NONE, o_nocaching = 0 '\0',
o_delete_glue_parent = 0 '\0', o_no_schema_check = 0 '\0', 
  o_no_subordinate_glue = 0 '\0', o_ctrlflag = '\0' <repeats 31 times>,
o_controls = 0x0, o_authz = {sai_method = 128, sai_mech = {bv_len = 0, 
      bv_val = 0x0}, sai_dn = {bv_len = 27, bv_val = 0x9ae035f2
"cn=admin,dc=HIDDEN-gw,dc=com"}, sai_ndn = {bv_len = 27, 
      bv_val = 0x9ae035f2 "cn=admin,dc=HIDDEN-gw,dc=com"}, sai_ssf = 0,
sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, 
  o_res_ber = 0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val
= 0x0}, o_private = 0x0, o_extra = {slh_first = 0x9cfed24c}, o_next = {
    stqe_next = 0x0}}
(gdb) p *e
$34 = {e_id = 0, e_name = {bv_len = 39, bv_val = 0x0}, e_nname = {bv_len = 39,
bv_val = 0x0}, e_attrs = 0x0, e_ocflags = 0, e_bv = {bv_len = 0, 
    bv_val = 0x0}, e_private = 0x83277a4}
(gdb) p *desc
$35 = {ad_next = 0x0, ad_type = 0x8294d30, ad_cname = {bv_len = 11, bv_val =
0x8294ca8 "objectClass"}, ad_tags = {bv_len = 0, bv_val = 0x0}, ad_flags = 0}


--- full backtrace follows:
thread apply all bt

Thread 10 (process 24122):
#0  0xb7ee8410 in __kernel_vsyscall ()
#1  0xb7da2775 in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x0817ba95 in ldap_pvt_thread_join (thread=2730691472, thread_return=0x0) at
thr_posix.c:197
#3  0x0806ba57 in slapd_daemon () at daemon.c:2665
#4  0x0804e8c7 in main (argc=1, argv=0xbffcccc4) at main.c:948

Thread 9 (process 24127):
#0  0xb7ee8410 in __kernel_vsyscall ()
#1  0xb7b71676 in epoll_wait () from /lib/tls/i686/cmov/libc.so.6
#2  0x0806abee in slapd_daemon_task (ptr=0x0) at daemon.c:2291
#3  0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#4  0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 8 (process 24128):
#0  0xb7ee8410 in __kernel_vsyscall ()
#1  0xb7da5aa5 in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x0817bb2a in ldap_pvt_thread_cond_wait (cond=0xb79af8f0, mutex=0xb79af8d8)
at thr_posix.c:277
#3  0x08081eac in send_ldap_ber (conn=0xb79af7e0, ber=0xa202db8c) at
result.c:217
#4  0x08085b20 in slap_send_search_entry (op=0xa202de38, rs=0xa202dcdc) at
result.c:1246
#5  0x0815dbcb in syncprov_sendresp (op=0xa202de38, opc=0xa202ddb8,
so=0xa1bb3490, e=0xa202dde8, mode=2) at syncprov.c:825
#6  0x0815df12 in syncprov_qplay (op=0xa202de38, rtask=0x9ae030b8) at
syncprov.c:896
#7  0x0815e1a7 in syncprov_qtask (ctx=0xa202e1f0, arg=0x9ae030b8) at
syncprov.c:959
#8  0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#9  0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 7 (process 24169):
#0  0xb7ee8410 in __kernel_vsyscall ()
#1  0xb7da5aa5 in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x0817bb2a in ldap_pvt_thread_cond_wait (cond=0xb79b6958, mutex=0xb79b6940)
at thr_posix.c:277
#3  0x08081eac in send_ldap_ber (conn=0xb79b6848, ber=0xa1afeb8c) at
result.c:217
#4  0x08085b20 in slap_send_search_entry (op=0xa1afee38, rs=0xa1afecdc) at
result.c:1246
#5  0x0815dbcb in syncprov_sendresp (op=0xa1afee38, opc=0xa1afedb8,
so=0x8a0deb0, e=0xa1afede8, mode=2) at syncprov.c:825
#6  0x0815df12 in syncprov_qplay (op=0xa1afee38, rtask=0x8a12e20) at
syncprov.c:896
#7  0x0815e1a7 in syncprov_qtask (ctx=0xa1aff1f0, arg=0x8a12e20) at
syncprov.c:959
#8  0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#9  0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (process 24209):
#0  0xb7ee8410 in __kernel_vsyscall ()
#1  0xb7da5aa5 in pthread_cond_wait@@GLIBC_2.3.2 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x0817bb2a in ldap_pvt_thread_cond_wait (cond=0xb79b28a0, mutex=0xb79b2888)
at thr_posix.c:277
#3  0x08081eac in send_ldap_ber (conn=0xb79b2790, ber=0x9d9efb8c) at
result.c:217
#4  0x08085b20 in slap_send_search_entry (op=0x9d9efe38, rs=0x9d9efcdc) at
result.c:1246
#5  0x0815dbcb in syncprov_sendresp (op=0x9d9efe38, opc=0x9d9efdb8,
so=0x8a01da0, e=0x9d9efde8, mode=2) at syncprov.c:825
#6  0x0815df12 in syncprov_qplay (op=0x9d9efe38, rtask=0x9ad957e0) at
syncprov.c:896
#7  0x0815e1a7 in syncprov_qtask (ctx=0x9d9f01f0, arg=0x9ad957e0) at
syncprov.c:959
#8  0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#9  0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (process 24210):
#0  0xb7b0d9bc in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7e7e6cd in __db_retcopy () from /usr/lib/libdb-4.6.so
#2  0xb7e7e80b in __db_ret () from /usr/lib/libdb-4.6.so
#3  0xb7e6126b in __dbc_get () from /usr/lib/libdb-4.6.so
#4  0xb7e6a04b in __dbc_get_pp () from /usr/lib/libdb-4.6.so
#5  0x0814fd28 in hdb_id2entry (be=0x9d5edefc, tid=0xa1b11180, id=2355,
e=0x9d52d958) at id2entry.c:151
#6  0x081431e9 in hdb_cache_find_id (op=0x9d5edc24, tid=0xa1b11180, id=2355,
eip=0x9d5edaf8, flag=2, lock=0x9d5eda90) at cache.c:923
#7  0x081158a5 in hdb_search (op=0x9d5edc24, rs=0x9d5edb78) at search.c:705
#8  0x08160364 in syncprov_playlog (op=0xa1b0a300, rs=0x9d5ef100, sl=0x82d1c50,
srs=0x9c6eb264, ctxcsn=0x9c6eb31c, numcsns=1, sids=0x9c6eb364)
    at syncprov.c:1592
#9  0x08162893 in syncprov_op_search (op=0xa1b0a300, rs=0x9d5ef100) at
syncprov.c:2348
#10 0x080f1396 in overlay_op_walk (op=0xa1b0a300, rs=0x9d5ef100,
which=op_search, oi=0x82d19c8, on=0x82d1ac8) at backover.c:659
#11 0x080f161e in over_op_func (op=0xa1b0a300, rs=0x9d5ef100, which=op_search)
at backover.c:721
#12 0x080f16c2 in over_op_search (op=0xa1b0a300, rs=0x9d5ef100) at
backover.c:743
#13 0x08072169 in fe_op_search (op=0xa1b0a300, rs=0x9d5ef100) at search.c:366
#14 0x08071adc in do_search (op=0xa1b0a300, rs=0x9d5ef100) at search.c:217
#15 0x0806e7c2 in connection_operation (ctx=0x9d5ef1f0, arg_v=0xa1b0a300) at
connection.c:1097
#16 0x0806ec9c in connection_read_thread (ctx=0x9d5ef1f0, argv=0x1d) at
connection.c:1223
#17 0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#18 0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#19 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (process 24208):
#0  0x080c0e82 in is_ad_subtype (sub=0x0, super=0x8294e08) at ad.c:502
#1  0x0807a6da in attrs_find (a=0xa2d39fa4, desc=0x8294e08) at attr.c:645
#2  0x080964dd in test_presence_filter (op=0x9e6f1b08, e=0x83277f4,
desc=0x8294e08) at filterentry.c:848
#3  0x080951ce in test_filter (op=0x9e6f1b08, e=0x83277f4, f=0x9ae022a8) at
filterentry.c:108
#4  0x0815efdf in syncprov_matchops (op=0x83455c8, opc=0x9cfed214, saveit=1) at
syncprov.c:1251
#5  0x08160fd9 in syncprov_op_mod (op=0x83455c8, rs=0x9e6f3100) at
syncprov.c:1905
#6  0x080f1396 in overlay_op_walk (op=0x83455c8, rs=0x9e6f3100, which=op_modify,
oi=0x82d19c8, on=0x82d1ac8) at backover.c:659
#7  0x080f161e in over_op_func (op=0x83455c8, rs=0x9e6f3100, which=op_modify) at
backover.c:721
#8  0x080f1706 in over_op_modify (op=0x83455c8, rs=0x9e6f3100) at
backover.c:755
#9  0x0808c802 in fe_op_modify (op=0x83455c8, rs=0x9e6f3100) at modify.c:301
#10 0x0808c115 in do_modify (op=0x83455c8, rs=0x9e6f3100) at modify.c:175
#11 0x0806e7c2 in connection_operation (ctx=0x9e6f31f0, arg_v=0x83455c8) at
connection.c:1097
#12 0x0806ec9c in connection_read_thread (ctx=0x9e6f31f0, argv=0x39) at
connection.c:1223
#13 0x0817a99b in ldap_int_thread_pool_wrapper (xpool=0x829baf0) at tpool.c:663
#14 0xb7da14fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb7b70e5e in clone () from /lib/tls/i686/cmov/libc.so.6


Thanks for your time,

Oskar
Prev by Date: Re: (ITS#6032) lap_add: Invalid DN syntax (34) additional info: invalid DN
Next by Date: (ITS#6034) Assert failure - connection_state_closing / send_ldap_ber / slap_send_search_entry / syncprov_sendresp
Index(es):
- Chronological
- Thread