[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8653) ber_flus2 assertion fail leads to a crash of slapd

To: openldap-its@OpenLDAP.org
Subject: (ITS#8653) ber_flus2 assertion fail leads to a crash of slapd
From: mail@artemil.de
Date: Mon, 15 May 2017 11:11:01 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: 
Version: 2.4.44
OS: centos 7, sles 12.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (91.224.226.197)


Hello,

we are trying to run openldap in a proxy mode to our AD as a virtual machine on
a VMWARE ESXi 5.5.

Unfortunately slapd crashes by receiving a SIGABRT very often, but not on every
request. But the issue can be reproduced easily by just typing several times the
"id corporateID" command. 
I reduced the configuration file to a minimum, - the issue remains. 

I'm running in to the same issue on SLES 12.2 with openldap 2.4.41 and also on a
CentOS 7 with openldap 2.4.44 from the "tlb project".

The crash happens, as far as i can determine, always in the ber_flush2 function
after a failed assert.

Here is the minimal config where the issue persists:

include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/etc/openldap/schema/nis.schema
include         /usr/local/openldap/etc/openldap/schema/misc.schema

pidfile         /usr/local/openldap/var/run/slapd.pid
argsfile        /usr/local/openldap/var/run/slapd.args

database                ldap
readonly                yes
protocol-version        3
rebind-as-user          yes
uri                     ldap://ldap.corp.de:389
suffix                  "DC=corp,DC=de"
rootdn                 
"DC=corp,DC=de?sub?&(memberof=CN=DMS-SSH-User,OU=administrative Gruppen\\,
Admin- und Dienstkonten,OU=Berechtigungen,DC=corp,DC=de)"
loglevel 256


Here comes the backtrace:
(gdb) bt
#0  0x00007ffff64281d7 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff64298c8 in __GI_abort () at abort.c:90
#2  0x00007ffff6421146 in __assert_fail_base (fmt=0x7ffff65723a8 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x649ab8 "(
(sb)->sb_opts.lbo_valid == 0x3 )",
    file=file@entry=0x649a21 "io.c", line=line@entry=224,
function=function@entry=0x649be6 <__PRETTY_FUNCTION__.6214> "ber_flush2") at
assert.c:92
#3  0x00007ffff64211f2 in __GI___assert_fail (assertion=assertion@entry=0x649ab8
"( (sb)->sb_opts.lbo_valid == 0x3 )", file=file@entry=0x649a21 "io.c",
line=line@entry=224,
    function=function@entry=0x649be6 <__PRETTY_FUNCTION__.6214> "ber_flush2") at
assert.c:101
#4  0x00000000005b95d8 in ber_flush2 (sb=0x7fffe40000d8, ber=0x7fffe4119d40,
freeit=freeit@entry=0) at io.c:224
#5  0x00000000005a3491 in ldap_int_flush_request (ld=ld@entry=0x7fffe8102800,
lr=lr@entry=0x7fffe410d570) at request.c:186
#6  0x00000000005a38fa in ldap_send_server_request (ld=ld@entry=0x7fffe8102800,
ber=ber@entry=0x7fffe4119d40, msgid=msgid@entry=134,
parentreq=parentreq@entry=0x0, srvlist=srvlist@entry=0x0,
    lc=0x7fffe4116f70, lc@entry=0x0, bind=bind@entry=0x0,
m_noconn=m_noconn@entry=0, m_res=m_res@entry=0) at request.c:408
#7  0x00000000005a3aa8 in ldap_send_initial_request (ld=ld@entry=0x7fffe8102800,
msgtype=msgtype@entry=99, dn=dn@entry=0x7fffe4002e48 "dc=corp,dc=de",
ber=0x7fffe4119d40, msgid=134)
    at request.c:169
#8  0x00000000005946e4 in ldap_pvt_search (ld=0x7fffe8102800,
base=0x7fffe4002e48 "dc=corp,dc=de", scope=2,
    filter=filter@entry=0x7fffe40031a8
"(&(objectClass=group)(gidNumber=20000)(&(OBJECTCATEGORY=group)(gidNumber=*)))",
attrs=attrs@entry=0x7fffe4003170, attrsonly=0, sctrls=0x0,
    cctrls=cctrls@entry=0x0, timeout=0x7ffff35d07f0, sizelimit=1, deref=0,
msgidp=msgidp@entry=0x7ffff35d07cc) at search.c:128
#9  0x00000000004c902d in ldap_back_search (op=0x7fffe40028e0, rs=<optimized
out>) at search.c:233
#10 0x0000000000442f41 in fe_op_search (op=0x7fffe40028e0, rs=0x7ffff35d19a0) at
search.c:402
#11 0x0000000000442926 in do_search (op=0x7fffe40028e0, rs=0x7ffff35d19a0) at
search.c:247
#12 0x00000000004407de in connection_operation (ctx=ctx@entry=0x7ffff35d1ad0,
arg_v=arg_v@entry=0x7fffe40028e0) at connection.c:1158
#13 0x0000000000440aba in connection_read_thread (ctx=0x7ffff35d1ad0, argv=0xd)
at connection.c:1294
#14 0x00000000005901c9 in ldap_int_thread_pool_wrapper (xpool=0x969360) at
tpool.c:696
#15 0x00007ffff7896dc5 in start_thread (arg=0x7ffff35d2700) at
pthread_create.c:308
#16 0x00007ffff64ea73d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Here is a full backtrace:
https://pastebin.com/Ya3F3WAW



Thank you!

Prev by Date: Re: (ITS#6798) Mutex starvation on two-level referral for SASL connection
Next by Date: (ITS#8654) Option for LDAP client to bind to a local address.
Index(es):
- Chronological
- Thread