[Date Prev][Date Next] [Chronological] [Thread] [Top]
(ITS#6201) Double free in syncprov

To: openldap-its@OpenLDAP.org
Subject: (ITS#6201) Double free in syncprov
From: alister.winfield@sns.bskyb.com
Date: Wed, 8 Jul 2009 16:59:21 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Alister Winfield
Version: 2.4.16
OS: Debian Lenny
URL: 
Submission from: (NULL) (90.207.245.9)


I'm testing 2.4.16 and have stumbled across a problem.

compiled: 
	openldap2.4.16
	db4.7.25

Imported ~2,500,000 entries then selected 80000 random entries from the
ou=<n>,ou=radiusUsers,dc=sky,dc=com trees and started making lots of deletes.
WIthout a slave active I haven't 'yet' seen any crashes. With an active syncrepl
slave, however, I get the following crash at random points (unfortunately it can
take many 1000's of updates to trigger this which takes a while.


(gdb) c
Continuing.
[New Thread 0x471f8950 (LWP 20035)]
[New Thread 0x479f9950 (LWP 20036)]

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x439f1950 (LWP 19973)]
0x00007fe0426a6ed5 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007fe0426a6ed5 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fe0426a83f3 in *__GI_abort () at abort.c:88
#2  0x00007fe0426e33a8 in __libc_message (do_abort=2, fmt=0x7fe0427925f0 "***
glibc detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00007fe0426e8948 in malloc_printerr (action=2, str=0x7fe0427926d8 "double
free or corruption (out)", ptr=<value optimized out>) at malloc.c:5891
#4  0x00007fe0426eaa56 in *__GI___libc_free (mem=0x7fe042788fa0) at
malloc.c:3626
#5  0x00007fe040750801 in syncprov_search_cleanup (op=0x7fdce01eb4a0,
rs=0x439f0d30) at ../../../../openldap-2.4.16/servers/slapd/overlays/syncprov.c:2024
#6  0x00000000004415c0 in ?? ()
#7  0x00000000004440a9 in ?? ()
#8  0x0000000000444cf5 in slap_send_ldap_result ()
#9  0x00007fe040753713 in syncprov_op_search (op=0x7fdce01eb4a0, rs=0x439f0d30)
at ../../../../openldap-2.4.16/servers/slapd/overlays/syncprov.c:2437
#10 0x000000000049629a in overlay_op_walk ()
#11 0x0000000000496d93 in ?? ()
#12 0x0000000000494c10 in ?? ()
#13 0x000000000049629a in overlay_op_walk ()
#14 0x0000000000496d93 in ?? ()
#15 0x0000000000434581 in fe_op_search ()
#16 0x0000000000434d7c in do_search ()
#17 0x00000000004323d6 in ?? ()
#18 0x00007fe044da566a in ldap_int_thread_pool_wrapper (xpool=<value optimized
out>) at ../../../openldap-2.4.16/libraries/libldap_r/tpool.c:663
#19 0x00007fe0443b2fc7 in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#20 0x00007fe0427445ad in clone () from /usr/lib/debug/libc.so.6
#21 0x0000000000000000 in ?? ()
(gdb) 



slapd.conf


#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /data/ldap-2.4.16/etc/ldap/schema/core.schema
include         /data/ldap-2.4.16/etc/ldap/schema/cosine.schema
include         /data/ldap-2.4.16/etc/ldap/schema/nis.schema
include         /data/ldap-2.4.16/etc/ldap/schema/inetorgperson.schema
include         /data/ldap-2.4.16/etc/ldap/schema/sky.schema


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

loglevel 0
concurrency 512
threads   1024
tool-threads 128
idletimeout 5

pidfile         /data/ldap-2.4.16/var/run/slapd.pid
argsfile        /data/ldap-2.4.16/var/run/slapd.args

# Load dynamic backend modules:
modulepath      /data/ldap-2.4.16/libexec/ldap
#moduleload     back_bdb.la
moduleload      back_hdb.la
moduleload      syncprov.la
moduleload      accesslog.la

#######################################################################
# BDB database definitions
#######################################################################

access to *
        by dn.base="cn=admin,dc=test" read
        by * break

database        hdb
suffix cn=accesslog
directory /bigdata/ldap-2.4.16-splitdb/accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited


# RADIUS DB-0 ACCESSLOG DB
database        hdb

suffix cn=accesslog0
directory /bigdata/ldap-2.4.16-splitdb/accesslog0
rootdn cn=accesslog0
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
cachesize 100000
dncachesize 100000
idlcachesize 500000

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited

# RADIUS DB-0
database        hdb
subordinate
suffix          "ou=0,ou=radiusUsers,dc=test"
directory       /bigdata/ldap-2.4.16-splitdb/radiusUsers/0
rootdn          "cn=admin,dc=test"
cachesize 400000
dncachesize 400000
idlcachesize 800000

# Indices to maintain
index   objectClass     eq
index   entryUUID       eq
index   entryCSN,contextCSN     eq
index   cn              eq,sub,pres

overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 40000

overlay accesslog
logdb cn=accesslog0
logops writes
logsuccess TRUE
logpurge 00+20:00 17+12:00

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited

# -------------------------------------------------------
# RADIUS DB-1 ACCESSLOG DB
# -------------------------------------------------------
database        hdb

suffix cn=accesslog1
directory /bigdata/ldap-2.4.16-splitdb/accesslog1
rootdn cn=accesslog1
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
cachesize 100000
dncachesize 100000
idlcachesize 500000

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited


# RADIUS DB-1
database        hdb
subordinate
suffix          "ou=1,ou=radiusUsers,dc=test"
rootdn          "cn=admin,dc=test"
directory       /bigdata/ldap-2.4.16-splitdb/radiusUsers/1
cachesize 400000
dncachesize 400000
idlcachesize 800000

# Indices to maintain
index   objectClass     eq
index   entryUUID       eq
index   entryCSN,contextCSN     eq
index   cn              eq,sub,pres

overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 40000

overlay accesslog
logdb cn=accesslog1
logops writes
logsuccess TRUE
logpurge 00+20:00 17+12:00

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited

# -------------------------------------------------------
# RADIUS DB-2 ACCESSLOG DB
# -------------------------------------------------------
database        hdb

suffix cn=accesslog2
directory /bigdata/ldap-2.4.16-splitdb/accesslog2
rootdn cn=accesslog2
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
cachesize 100000
dncachesize 100000
idlcachesize 500000

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited


# RADIUS DB-2
database        hdb
subordinate
suffix          "ou=2,ou=radiusUsers,dc=test"
rootdn          "cn=admin,dc=test"
directory       /bigdata/ldap-2.4.16-splitdb/radiusUsers/2
cachesize 400000
dncachesize 400000
idlcachesize 800000

# Indices to maintain
index   objectClass     eq
index   entryUUID       eq
index   entryCSN,contextCSN     eq
index   cn              eq,sub,pres

overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 40000

overlay accesslog
logdb cn=accesslog2
logops writes
logsuccess TRUE
logpurge 00+20:00 17+12:00

limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited

...
... Repeated up until ou=7,ou=radiusUsers,dc=test.


# ----------
# ROOT DB
# ----------

database        hdb
suffix          "dc=test"
rootdn          "cn=admin,dc=test"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          password
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /bigdata/ldap-2.4.16-splitdb/root

cachesize 1000000
dncachesize 5000000
idlcachesize 8000000

# Indices to maintain
index   objectClass     eq
index   entryUUID       eq
index   entryCSN,contextCSN     eq
index   cn              eq,sub,pres

overlay glue
overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 40000

overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 00+20:00 17+12:00


limits dn.exact="cn=admin,dc=test" time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited
Prev by Date: (ITS#6200) slapd crashes under load w/ syncrepl
Next by Date: Re: (ITS#6200) slapd crashes under load w/ syncrepl
Index(es):
- Chronological
- Thread