[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7716) slapd crashes after search immediately followed by (abandon+) unbind
Full_Name: Michael Vishchers
Version: 2.4.23
OS: Red Hat Enterprise Linux Server release 6.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (178.15.66.50)
slapd, running as a proxy to rewrite incoming connections based on user dn for
later routing to different back ends, dies sporadically after receiving a
(network delayed) search request that is "immediately" followed by an (optional)
abandon request and an unbind request.
We suspect that the abandon or unbind code tries to clean up data structures
that belong to a not yet completely initialized search operation.
The problem can unfortunately not easily be reproduced. Last time we had to wait
at least two weeks before it appeared. It may be a timing problem between two or
more threads.
This is the stacktrace, core and other files could be provided if necessary.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f299c3e71bc in ?? ()
#0 0x00007f299c3e71bc in ?? ()
No symbol table info available.
#1 0x00007f2999bbd983 in rwm_op_rollback (op=0x7f2984002190, rs=<value
optimized out>, ros=0x7f298c003570) at
../../../../servers/slapd/overlays/rwm.c:107
__PRETTY_FUNCTION__ = "rwm_op_rollback"
#2 0x00007f2999bbe988 in rwm_op_search (op=0x7f2984002190, rs=0x7f2995bafaa0)
at ../../../../servers/slapd/overlays/rwm.c:984
on = 0x7f299fb95210
rwmap = 0x7f299fb94f70
rc = <value optimized out>
dc = {rwmap = 0x7f2984002190, conn = 0x7f298c003468, ctx = 0x12 <Address
0x12 out of bounds>, rs = 0x7f299e7963b0}
fstr = {bv_len = 0, bv_val = 0x0}
f = 0x0
an = 0x0
text = <value optimized out>
roc = 0x7f298c003550
#3 0x00007f299e7fe02a in overlay_op_walk (op=0x7f2984002190, rs=0x7f2995bafaa0,
which=op_search, oi=0x7f299fb95030, on=0x7f299fb95210) at
../../../servers/slapd/backover.c:659
func = 0x7f299fb95268
rc = 32768
#4 0x00007f299e8d29a1 in slapi_op_func (op=0x7f2984002190, rs=0x7f2995bafaa0)
at ../../../../servers/slapd/slapi/slapi_overlay.c:647
pb = 0x7f298c1051b0
which = op_search
opinfo = <value optimized out>
rc = <value optimized out>
oi = <value optimized out>
on = <value optimized out>
cb = {sc_next = 0x7f2995bae7e0, sc_response = 0x7f299e8d1fc0
<slapi_over_response>, sc_cleanup = 0x7f299e8d1ed0 <slapi_over_cleanup>,
sc_private = 0x7f298c1051b0}
internal_op = 0
preop_type = <value optimized out>
postop_type = 503
be = 0x7f2995bae800
#5 0x00007f299e7fe02a in overlay_op_walk (op=0x7f2984002190, rs=0x7f2995bafaa0,
which=op_search, oi=0x7f299fb95030, on=0x7f299fb9e8c0) at
../../../servers/slapd/backover.c:659
func = 0x7f299fb9e918
rc = 32768
#6 0x00007f299e7feb6b in over_op_func (op=0x7f2984002190, rs=<value optimized
out>, which=<value optimized out>) at ../../../servers/slapd/backover.c:721
oi = <value optimized out>
on = <value optimized out>
be = 0x7f299fb940b0
db = {bd_info = 0x7f299fb95210, bd_self = 0x7f299fb940b0, be_ctrls =
"\000", '\001' <repeats 17 times>, '\000' <repeats 14 times>, "\001", be_flags =
257, be_restrictops = 0, be_requires = 5, be_ssf_set = {sss_ssf = 0,
sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0,
sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0,
sss_simple_bind = 0}, be_suffix = 0x7f299fb94ed0, be_nsuffix = 0x7f299fb94f00,
be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val =
0x0}, be_rootdn = {bv_len = 0, bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val =
0x0}, be_rootpw = {bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 15,
be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard
= 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0},
be_limits = 0x0, be_acl = 0x0, be_dfltaccess = ACL_READ, be_update_ndn = {bv_len
= 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x7f299fc738f0,
be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000'
<repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x7f299fb9eaa0,
be_cf_ocs = 0x7f299eb6da00, be_private = 0x7f299fb94240, be_next = {stqe_next =
0x0}}
cb = {sc_next = 0x0, sc_response = 0x7f299e7fdd40 <over_back_response>,
sc_cleanup = 0, sc_private = 0x7f299fb95030}
sc = <value optimized out>
rc = 32768
__PRETTY_FUNCTION__ = "over_op_func"
#7 0x00007f299e794999 in fe_op_search (op=0x7f2984002190, rs=0x7f2995bafaa0) at
../../../servers/slapd/search.c:366
bd = 0x7f299eb72760
#8 0x00007f299e795177 in do_search (op=0x7f2984002190, rs=<value optimized
out>) at ../../../servers/slapd/search.c:217
base = {bv_len = 55, bv_val = 0x7f298c11fef9
"vfsid=491722472236,ou=subscriber,ou=mmo,c=de,o=vodafone"}
siz = 0
off = 0
i = <value optimized out>
#9 0x00007f299e7920f9 in connection_operation (ctx=0x7f2995bafb70,
arg_v=0x7f2984002190) at ../../../servers/slapd/connection.c:1109
rc = 80
cancel = <value optimized out>
op = 0x7f2984002190
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 80,
sr_matched = 0x0, sr_text = 0x7f2999bc4122 "Rewrite error", sr_ref = 0x0,
sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0,
r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0},
sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata =
0x0}}, sr_flags = 0}
tag = 99
opidx = SLAP_OP_SEARCH
conn = 0x7f2996db74d0
memctx = 0x7f298c002820
memctx_null = 0x0
memsiz = 1048576
__PRETTY_FUNCTION__ = "connection_operation"
#10 0x00007f299e892678 in ldap_int_thread_pool_wrapper (xpool=0x7f299fae9ae0) at
../../../libraries/libldap_r/tpool.c:685
pool = 0x7f299fae9ae0
task = 0x7f2988000a20
work_list = <value optimized out>
ctx = {ltu_id = 139816582448896, ltu_key = {{ltk_key = 0x7f299e790d50,
ltk_data = 0x7f298c002d40, ltk_free = 0x7f299e790e30 <conn_counter_destroy>},
{ltk_key = 0x7f299e7eaf70, ltk_data = 0x7f298c002820, ltk_free = 0x7f299e7eae50
<slap_sl_mem_destroy>}, {ltk_key = 0x7f299e7a6b70, ltk_data = 0x0, ltk_free =
0x7f299e7a6940 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free =
0} <repeats 29 times>}}
kctx = <value optimized out>
keyslot = <value optimized out>
hash = <value optimized out>
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#11 0x00007f299c91e7f1 in ?? ()
No symbol table info available.
#12 0x00007f2995bb0700 in ?? ()
No symbol table info available.
#13 0x0000000000000000 in ?? ()
No symbol table info available.