[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6657) back-sql segfault in backsql_search
Full_Name: David Schmitt
Version: 2.4.23-5
OS: Debian squeeze
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.170.188.2)
I'm seeing reproducible but inconsistent segfaults from within back-sql:
#0 slap_sl_free (ptr=0x9cc440, ctx=0x98e270) at
/home/devel/openldap/trunk/servers/slapd/sl_malloc.c:490
p = 0xffffffee009bc130
tmpp = <value optimized out>
#1 0x00007ffff35f7877 in backsql_free_entryID (id=0x7ffff139d678, freeit=0,
ctx=0x98e270) at /home/devel/openldap/trunk/servers/slapd/back-sql/entry-id.c:84
next = 0x0
__PRETTY_FUNCTION__ = "backsql_free_entryID"
#2 0x00007ffff35f0ad8 in backsql_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/back-sql/search.c:2552
dbh = 0x965590
sres = <value optimized out>
user_entry = {e_id = 0, e_name = {bv_len = 0, bv_val = 0x0}, e_nname =
{bv_len = 0, bv_val = 0x0}, e_attrs = 0x0, e_ocflags = 0, e_bv = {bv_len = 0,
bv_val = 0x0},
e_private = 0x0}
base_entry = {e_id = 0, e_name = {bv_len = 0, bv_val = 0x0}, e_nname =
{bv_len = 0, bv_val = 0x0}, e_attrs = 0x0, e_ocflags = 0, e_bv = {bv_len = 0,
bv_val = 0x0},
e_private = 0x0}
manageDSAit = 0
stoptime = 1285164120
bsi = {bsi_op = 0x98b500, bsi_rs = 0x7ffff139ea40, bsi_flags = 1,
bsi_base_ndn = 0x98b538, bsi_use_subtree_shortcut = 0, bsi_base_id = {eid_id =
1, eid_keyval = 1,
eid_oc_id = 1, eid_oc = 0x98bb50, eid_dn = {bv_len = 0, bv_val =
0x0}, eid_ndn = {bv_len = 18, bv_val = 0x9cc440 "ou=samba,ou=uni-ak"}, eid_next
= 0x0},
bsi_scope = 2, bsi_filter = 0x9bbf98, bsi_stoptime = 1285164120,
bsi_id_list = 0x0, bsi_id_listtail = 0x7ffff139d6d8, bsi_c_eid =
0x7ffff139d678,
bsi_n_candidates = -2, bsi_status = 0, bsi_oc = 0x98b3f0, bsi_sel =
{bb_val = {bv_len = 0, bv_val = 0x0}, bb_len = 0}, bsi_from = {bb_val = {bv_len
= 0,
bv_val = 0x0}, bb_len = 0}, bsi_join_where = {bb_val = {bv_len =
0, bv_val = 0x0}, bb_len = 0}, bsi_flt_where = {bb_val = {bv_len = 0, bv_val =
0x0},
bb_len = 0}, bsi_filter_oc = 0x0, bsi_dbh = 0x965590, bsi_attrs =
0x0, bsi_e = 0x0}
eid = <value optimized out>
lastid = 0
#3 0x00000000004355c9 in fe_op_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/search.c:366
bd = 0x7347e0
#4 0x0000000000435ddc in do_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/search.c:217
base = {bv_len = 18, bv_val = 0x9ac727 "ou=samba,ou=uni-ak"}
siz = 0
i = 140737240492960
#5 0x0000000000433479 in connection_operation (ctx=0x7ffff139eba0, arg_v=<value
optimized out>) at /home/devel/openldap/trunk/servers/slapd/connection.c:1109
rc = <value optimized out>
cancel = <value optimized out>
op = 0x98b500
rs = {sr_type = REP_RESULT, sr_tag = 101, sr_msgid = 2, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{sru_search = {
r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0,
r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0},
sru_extended = {
r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0}
tag = 99
opidx = SLAP_OP_SEARCH
conn = 0x7ffff7f3b690
memctx = 0x98e270
memctx_null = 0x0
__PRETTY_FUNCTION__ = "connection_operation"
#6 0x0000000000433c65 in connection_read_thread (ctx=<value optimized out>,
argv=<value optimized out>) at
/home/devel/openldap/trunk/servers/slapd/connection.c:1245
s = 14
I've configured back-sql with suffix 'ou=uni-ak' and am searching for
'(&(cn=p0002001)(objectclass=sambasamaccount))' (which doesn't return results)
within
'ou=samba,ou=uni-ak', which exists and has ~10k items in the whole tree.
The segfault happens on the second such ldapsearch in the slapd's lifetime.
Using a filter that returns multiple entries
'(&(cn=x0004291)(objectclass=sambasamaccount))', back-sql segfaults already
within the first query:
#0 slap_sl_free (ptr=0x9dd7f8, ctx=0x98e270) at
/home/devel/openldap/trunk/servers/slapd/sl_malloc.c:490
p = 0xffffffc9009cc582
tmpp = <value optimized out>
#1 0x00007ffff35f7896 in backsql_free_entryID (id=0x9dd7f8, freeit=1,
ctx=0x98e270) at /home/devel/openldap/trunk/servers/slapd/back-sql/entry-id.c:101
next = 0x0
__PRETTY_FUNCTION__ = "backsql_free_entryID"
#2 0x00007ffff35f0ee7 in backsql_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/back-sql/search.c:2223
dbh = 0x965590
sres = <value optimized out>
user_entry = {e_id = 0, e_name = {bv_len = 0, bv_val = 0x0}, e_nname =
{bv_len = 0, bv_val = 0x0}, e_attrs = 0x0, e_ocflags = 0, e_bv = {bv_len = 0,
bv_val = 0x0},
e_private = 0x0}
base_entry = {e_id = 1, e_name = {bv_len = 18, bv_val = 0x9cc468
"ou=samba,ou=uni-ak"}, e_nname = {bv_len = 18, bv_val = 0x9cc490
"ou=samba,ou=uni-ak"},
e_attrs = 0x82e7b8, e_ocflags = 256, e_bv = {bv_len = 0, bv_val =
0x0}, e_private = 0x0}
manageDSAit = 0
stoptime = 1285164373
bsi = {bsi_op = 0x98b500, bsi_rs = 0x7ffff139ea40, bsi_flags = 1,
bsi_base_ndn = 0x98b538, bsi_use_subtree_shortcut = 0, bsi_base_id = {eid_id =
1, eid_keyval = 1,
eid_oc_id = 1, eid_oc = 0x98bb50, eid_dn = {bv_len = 18, bv_val =
0x9cc3d8 "ou=samba,ou=uni-ak"}, eid_ndn = {bv_len = 18, bv_val = 0x9cc440
"ou=samba,ou=uni-ak"},
eid_next = 0x0}, bsi_scope = 2, bsi_filter = 0x9bbf98, bsi_stoptime
= 1285164373, bsi_id_list = 0x9dcc18, bsi_id_listtail = 0x9dd838, bsi_c_eid =
0x9dd7f8,
bsi_n_candidates = -5, bsi_status = 0, bsi_oc = 0x993690, bsi_sel =
{bb_val = {bv_len = 0, bv_val = 0x0}, bb_len = 0}, bsi_from = {bb_val = {bv_len
= 0,
bv_val = 0x0}, bb_len = 0}, bsi_join_where = {bb_val = {bv_len =
0, bv_val = 0x0}, bb_len = 0}, bsi_flt_where = {bb_val = {bv_len = 0, bv_val =
0x0},
bb_len = 0}, bsi_filter_oc = 0x0, bsi_dbh = 0x965590, bsi_attrs =
0x0, bsi_e = 0x7ffff139d890}
eid = 0x9dd7f8
lastid = 0
#3 0x00000000004355c9 in fe_op_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/search.c:366
bd = 0x7347e0
#4 0x0000000000435ddc in do_search (op=0x98b500, rs=0x7ffff139ea40) at
/home/devel/openldap/trunk/servers/slapd/search.c:217
base = {bv_len = 18, bv_val = 0x9ac727 "ou=samba,ou=uni-ak"}
siz = 0
i = 140737240492960
#5 0x0000000000433479 in connection_operation (ctx=0x7ffff139eba0, arg_v=<value
optimized out>) at /home/devel/openldap/trunk/servers/slapd/connection.c:1109
rc = <value optimized out>
cancel = <value optimized out>
op = 0x98b500
rs = {sr_type = REP_SEARCH, sr_tag = 0, sr_msgid = 0, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{sru_search = {r_entry = 0x0,
r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0,
r_nentries = 3, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended =
{r_rspoid = 0x0,
r_rspdata = 0x0}}, sr_flags = 1}
tag = 99
opidx = SLAP_OP_SEARCH
conn = 0x7ffff7f3b690
memctx = 0x98e270
memctx_null = 0x0
__PRETTY_FUNCTION__ = "connection_operation"
#6 0x0000000000433c65 in connection_read_thread (ctx=<value optimized out>,
argv=<value optimized out>) at
/home/devel/openldap/trunk/servers/slapd/connection.c:1245
s = 14
A third query for a different mapped object class doesn't lead to a segfault at
all (within the 15 tries I tested).
I would not exclude an error in the schema mapping, but I'd prefer an error
message instead of a segfault ;-)
Thanks for your time and work,
David