[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
test062 segfault with back-mdb
This doesn't occur with back-bdb/hdb, and it doesn't happen if I insert a
sleep after the ldapsearch to see if slapd is running, before the
modification to cn=config is done.
Thread 3 "lt-slapd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fae46748700 (LWP 11239)]
0x00007fae4553abab in syncprov_free_syncop (so=0x7fae3c102cc0, unlink=1) at
syncprov.c:811
811 for ( sop = &so->s_si->si_ops; *sop; sop =
&(*sop)->s_next ) {
Here's the full backtrace:
Thread 4 (Thread 0x7fae45f47700 (LWP 11240)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007fae4b48af69 in ldap_pvt_thread_cond_wait (cond=0x2529138,
mutex=0x2529110) at thr_posix.c:281
No locals.
#2 0x00007fae4b4896e5 in ldap_int_thread_pool_wrapper (xpool=0x2529100) at
tpool.c:945
pq = 0x2529100
pool = 0x2529000
task = 0x0
work_list = 0x2529170
ctx = {ltu_pq = 0x2529100, ltu_id = 140386474686208, ltu_key =
{{ltk_key = 0x440674 <conn_counter_init+224>, ltk_data = 0x7fae3c000db0,
ltk_free = 0x4404c5 <conn_counter_destroy+224>}, {ltk_key =
0x4bc7fd <slap_sl_mem_create+197>, ltk_data = 0x7fae3c000ec0, ltk_free =
0x4bc621 <slap_sl_mem_destroy+224>}, {
ltk_key = 0x45d2c1 <slap_op_free+224>, ltk_data =
0x7fae3c000950, ltk_free = 0x45d212 <slap_op_free+49>}, {ltk_key = 0x0,
ltk_data = 0x7fae38108550, ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28
times>}}
kctx = 0x0
i = 32
keyslot = 349
hash = 3903429981
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007fae4ae496ba in start_thread (arg=0x7fae45f47700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fae45f47700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386474686208,
8789157664068107475, 0, 140386491460639, 140386474686912, 0,
-8744345895670219565, -8744361424428172077},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#4 0x00007fae4a23f82d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 3 (Thread 0x7fae46748700 (LWP 11239)):
#0 0x00007fae4553abab in syncprov_free_syncop (so=0x7fae3c102cc0,
unlink=1) at syncprov.c:811
sop = 0x6f637d307b3d6573
sr = 0x0
srnext = 0x240907c38f1c2800
ga = 0x0
gnext = 0x7fae46747960
#1 0x00007fae4553b6ec in syncprov_qtask (ctx=0x7fae46747c30,
arg=0x7fae3c102cc0) at syncprov.c:1005
so = 0x7fae3c102cc0
opbuf = {ob_op = {o_hdr = 0x7fae46747960, o_tag = 99, o_time =
1492715516, o_tincr = 0, o_tusec = 0, o_qtime = {tv_sec = 0, tv_usec = 0},
o_bd = 0x7fae46747650, o_req_dn = {
bv_len = 9, bv_val = 0x7fae3c103032 "cn=config"}, o_req_ndn =
{bv_len = 9, bv_val = 0x7fae3c10303c "cn=config"}, o_request = {oq_add =
{rs_modlist = 0x2,
rs_e = 0xffffffffffffffff}, oq_bind = {rb_method = 2,
rb_cred = {bv_len = 18446744073709551615, bv_val = 0x0}, rb_edn = {bv_len =
0, bv_val = 0x0}, rb_ssf = 1007690928,
rb_mech = {bv_len = 15, bv_val = 0x7fae3c103046
"(objectClass=*)"}}, oq_compare = {rs_ava = 0x2}, oq_modify = {rs_mods =
{rs_modlist = 0x2, rs_no_opattrs = -1 '\377'},
rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist =
0x2, rs_no_opattrs = -1 '\377'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len =
0, bv_val = 0x0}, rs_nnewrdn = {
bv_len = 140386308727984, bv_val = 0xf <error: Cannot
access memory at address 0xf>}, rs_newSup = 0x7fae3c103046, rs_nnewSup =
0x0}, oq_search = {rs_scope = 2,
rs_deref = 0, rs_slimit = -1, rs_tlimit = -1, rs_limit =
0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x7fae3c1024b0,
rs_filterstr = {bv_len = 15,
bv_val = 0x7fae3c103046 "(objectClass=*)"}}, oq_abandon =
{rs_msgid = 2}, oq_cancel = {rs_msgid = 2}, oq_extended = {rs_reqoid =
{bv_len = 2,
bv_val = 0xffffffffffffffff <error: Cannot access memory
at address 0xffffffffffffffff>}, rs_flags = 0, rs_reqdata = 0x0},
oq_pwdexop = {rs_extended = {rs_reqoid = {
bv_len = 2, bv_val = 0xffffffffffffffff <error: Cannot
access memory at address 0xffffffffffffffff>}, rs_flags = 0, rs_reqdata =
0x0}, rs_old = {bv_len = 0,
bv_val = 0x7fae3c1024b0 "\207"}, rs_new = {bv_len = 15,
bv_val = 0x7fae3c103046 "(objectClass=*)"}, rs_mods = 0x0, rs_modtail =
0x0}}, o_abandon = 0, o_cancel = 0,
o_groups = 0x0, o_do_not_cache = 1 '\001', o_is_auth_check = 0
'\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0
'\000',
o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000',
o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 20 times>,
"\001\000\000\000\000\000\000\000\000\000\000", o_controls =
0x7fae46747aa8, o_authz = {sai_method = 128, sai_mech = {bv_len = 0,
bv_val = 0x0}, sai_dn = {bv_len = 9, bv_val =
0x7fae3c103028 "cn=config"}, sai_ndn = {bv_len = 9, bv_val = 0x7fae3c103028
"cn=config"}, sai_ssf = 0, sai_transport_ssf = 0,
sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber =
0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0},
o_private = 0x0, o_extra = {
slh_first = 0x0}, o_next = {stqe_next = 0x0}}, ob_hdr =
{oh_opid = 1, oh_connid = 1003, oh_conn = 0x257ad10, oh_msgid = 2,
oh_protocol = 3, oh_tid = 140386474686208,
oh_threadctx = 0x7fae46747c30, oh_tmpmemctx = 0x7fae38002bb0,
oh_tmpmfuncs = 0x773b20 <slap_sl_mfuncs>, oh_counters = 0x7fae3c000db0,
oh_log_prefix = "conn=1003 op=1", '\000' <repeats 241 times>},
ob_controls = {0x0 <repeats 32 times>}}
op = 0x7fae467477e0
be = {bd_info = 0x76eec0 <slap_binfo>, bd_self = 0x254c6c0,
be_ctrls = '\000' <repeats 15 times>, "\001", '\000' <repeats 16 times>,
"\001", be_flags = 131328, be_restrictops = 0,
be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0,
sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0,
sss_update_tls = 0, sss_update_sasl = 0,
sss_simple_bind = 0}, be_suffix = 0x254c8c0, be_nsuffix =
0x254c910, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len
= 0, bv_val = 0x0}, be_rootdn = {
bv_len = 9, bv_val = 0x254c860 "cn=config"}, be_rootndn =
{bv_len = 9, bv_val = 0x254c880 "cn=config"}, be_rootpw = {bv_len = 8,
bv_val = 0x254cad0 "yE1UpCg5"},
be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600,
lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1,
lms_s_pr = 0, lms_s_pr_hide = 0,
lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x2633600,
be_dfltaccess = ACL_NONE, be_extra_anlist = 0x0, be_update_ndn = {bv_len =
0, bv_val = 0x0}, be_update_refs = 0x0,
be_pending_csn_list = 0x26335e0, be_pcl_mutex = {__data = {__lock
= 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0,
__elision = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 39 times>, __align
= 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x0, be_private =
0x774880 <cfBackInfo>, be_next = {
stqe_next = 0x0}}
rc = 0
#2 0x00007fae4b4897f9 in ldap_int_thread_pool_wrapper (xpool=0x2529100) at
tpool.c:963
pq = 0x2529100
pool = 0x2529000
task = 0x7fae400008c0
work_list = 0x2529170
ctx = {ltu_pq = 0x2529100, ltu_id = 140386483078912, ltu_key =
{{ltk_key = 0x440674 <conn_counter_init+224>, ltk_data = 0x7fae38002aa0,
ltk_free = 0x4404c5 <conn_counter_destroy+224>}, {ltk_key =
0x4bc7fd <slap_sl_mem_create+197>, ltk_data = 0x7fae38002bb0, ltk_free =
0x4bc621 <slap_sl_mem_destroy+224>}, {
ltk_key = 0x45d2c1 <slap_op_free+224>, ltk_data =
0x7fae38002670, ltk_free = 0x45d212 <slap_op_free+49>}, {ltk_key = 0x0,
ltk_data = 0x7fae3c101040, ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28
times>}}
kctx = 0x0
i = 32
keyslot = 494
hash = 3805260270
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007fae4ae496ba in start_thread (arg=0x7fae46748700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fae46748700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386483078912,
8789157664068107475, 0, 140386491460639, 140386483079616, 0,
-8744353591714743085, -8744361424428172077},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#4 0x00007fae4a23f82d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 2 (Thread 0x7fae46f49700 (LWP 11211)):
#0 0x00007fae4a23fe23 in epoll_wait () at
../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x000000000043c6ac in slapd_daemon_task (ptr=0x2737b40) at daemon.c:2527
err = 4
ns = 1
at = 0
nfds = 2
revents = 0x24fccc0
tvp = 0x0
cat = {tv_sec = 0, tv_usec = 0}
i = 1
nwriters = 0
now = 1492715518
tv = {tv_sec = 0, tv_usec = 0}
tdelta = 1
rtask = 0x0
l = 1
last_idle_check = 1492715506
ebadf = 0
tid = 0
#2 0x00007fae4ae496ba in start_thread (arg=0x7fae46f49700) at
pthread_create.c:333
__res = <optimized out>
pd = 0x7fae46f49700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386491471616,
8789157664068107475, 0, 140720937019743, 140386491472320, 0,
-8744352491666244397, -8744361424428172077},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#3 0x00007fae4a23f82d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.
Thread 1 (Thread 0x7fae4b8f8700 (LWP 11196)):
#0 0x00007fae4ae4a98d in pthread_join (threadid=140386491471616,
thread_return=0x0) at pthread_join.c:90
__tid = 17259
_buffer = {__routine = 0x7fae4ae4a8b0 <cleanup>, __arg =
0x7fae46f49d28, __canceltype = 0, __prev = 0x0}
oldtype = 0
pd = 0x7fae46f49700
self = 0x7fae4b8f8700
result = 0
#1 0x00007fae4b48aeaa in ldap_pvt_thread_join (thread=140386491471616,
thread_return=0x0) at thr_posix.c:201
No locals.
#2 0x000000000043d949 in slap_sig_wake (sig=0) at daemon.c:3012
save_errno = 0
#3 0x0000000000415e5f in main (argc=8, argv=0x7ffc2576ac68) at main.c:1058
i = -1
no_detach = 1
rc = -12
urls = 0x24f80b0 "ldap://localhost:9011/";
username = 0x0
groupname = 0x0
sandbox = 0x0
syslogUser = 160
pid = 16711680
waitfds = {5294400, 0}
g_argc = 8
g_argv = 0x7ffc2576ac68
configfile = 0x0
configdir = 0x24f8090 "./slapd.d"
serverName = 0x7ffc2576b51a "lt-slapd"
serverMode = 1
scp = 0x0
scp_entry = 0x0
debug_unknowns = 0x0
syslog_unknowns = 0x0
serverNamePrefix = 0x50ce18 ""
l = 0
slapd_pid_file_unlink = 0
slapd_args_file_unlink = 0
firstopt = 0
__PRETTY_FUNCTION__ = "\000\000\000\000"
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>