[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: assertion failure in ber_free_buf() of io.c (ITS#2655)



I believe this bug was being caused by a double
free() of a malloc'd pointer in a custom back end.

ITS 2655 can be cleared.

Sorry for the noise.

Vic Abell

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of Vic Abell
> Sent: Thursday, July 17, 2003 9:03 AM
> To: openldap-bugs@OpenLDAP.org
> Subject: Re: assertion failure in ber_free_buf() of io.c (ITS#2655) 
> 
> 
> maxchern@yahoo.com wrote:
> >
> > Try disable referrals in slapd.conf (comment them out)
> > and see whether you run into this problem again.
> > The problem is that you got an invalid ber, referral
> > freeing is one of the place that invalid ber will
> > occur.
> 
> Thanks for the response.
> 
> No referrals were enabled in slapd.conf when the crash
> occurred.  The only clue that I can add is that load on
> slapd had grown high enough to cause an increase in the
> thread pool from the starting 4 entries to 8.  That
> suggests that a new connection might have tried to use a
> ninth thread and exposed a bug in thread pool management.
> (That's only my guess.)
> 
> Vic Abell
> 
> --- abe@purdue.edu wrote:
> > Full_Name: Victor A. Abell
> > Version: 2.1.21
> > OS: Solaris 8
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (128.210.177.112)
> > 
> > 
> > OpenLDAP 2.1.21 has crashed once in the four days
> > since it was put into
> > production.  The crash occurred at an assert() at
> > line 161 of the
> > ber_free_buf() function of the
> > libraries/liblber/io.c translation unit.
> > 
> > The core file stack trace says:
> > 
> > Current function is ber_free_buf
> >   161           assert( LBER_VALID( ber ) );
> > (dbx 1) where
> > current thread: t@13
> >   [1] __sigprocmask(0x0, 0xfa001540, 0x0, 0x0, 0x0,
> > 0x0), at 0xfef29ab8
> >   [2] _resetsig(0xfef2c340, 0x0, 0x0, 0xfa001d78,
> > 0xfef3e000, 0x0), at
> > 0xfef1e50
> > c
> >   [3] _sigon(0xfa001d78, 0xfef45980, 0x6,
> > 0xfa001614, 0xfa001d78, 0xfef9155d),
> > a
> > t 0xfef1dcac
> >   [4] _thrp_kill(0x0, 0xd, 0x6, 0xfef3e000, 0xd,
> > 0xff03c4a0), at 0xfef20cc0
> >   [5] raise(0x6, 0x0, 0x0, 0xffffffff, 0x1e6550,
> > 0x0), at 0xfefcb190
> >   [6] abort(0xff03801c, 0xfa001768, 0x39,
> > 0x7efefeff, 0x81010100, 0xff00), at
> > 0x
> > fefb57bc
> >   [7] _assert(0x1af5c8, 0x1af5dc, 0xa1, 0x1af5dc,
> > 0x0, 0x1d3e48), at 0xfefb5a60
> > =>[8] ber_free_buf(ber = 0x2a23d0), line 161 in
> > "io.c"
> >   [9] ber_free(ber = 0x2a23d0, freebuf = 1), line
> > 187 in "io.c"
> >   [10] slap_op_free(op = 0x2a30b8), line 48 in
> > "operation.c"
> >   [11] connection_operation(ctx = 0x2ac520, arg_v =
> > 0x2a30b8), line 1060 in
> > "con
> > nection.c"
> >   [12] ldap_int_thread_pool_wrapper(xpool =
> > 0x1eb408), line 426 in "tpool.c"
> > 
> > The ber pointer used by ber_free_buf() derefences
> > to:
> > 
> > *ber = {
> >     ber_opts    = {
> >         lbo_valid    = 49
> >         lbo_options  = 5136U
> >         lbo_debug    = 0;
> >         lbo_meminuse = 2497312
> >     }
> >     ber_tag     = 119U
> >     ber_len     = 2848856U
> >     ber_usertag = 0
> >     ber_buf     = 0x2f8300 ""
> >     ber_ptr     = 0x2fd4bc ""
> >     ber_end     = 0x2fd4bc ""
> >     ber_sos     = (nil)
> >     ber_rwptr   = 0x2a23c8 ""
> > }
> > 
> > The ber_valid (ber->ber_opts.lbo_valid) value, 49,
> > is clearly invalid.
> > 
> > I have discovered a similar issuereport, but in a
> > different io.c function,
> > in Incoming/2633.  It, too, applies to OpenDLAP
> > 2.1.21 on Solaris 8.
> > 
> > Any suggestions on further core analysis, available
> > patches, etc., would
> > be most welcome.
> > 
> > Vic Abell
>