Full_Name: Pierangelo Masarati Version: re24 OS: CentOS 5.2 on i386 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.237.142.6) Submitted by: ando
While chasing referrals (-C) to non-responding hosts (see also ITS#5742, unrelated but same scenario), I got the following:
#0 0x0084b402 in __kernel_vsyscall () #1 0x00c9ad20 in raise () from /lib/libc.so.6 #2 0x00c9c631 in abort () from /lib/libc.so.6 #3 0x00c9416b in __assert_fail () from /lib/libc.so.6 #4 0x0807e58b in ber_sockbuf_ctrl (sb=0x0, opt=19658, arg=0x0) at sockbuf.c:88 #5 0x0805672a in try_read1msg (ld=0x90502a8, msgid=8, all=1, lcp=0xbf8957c8, result=0xbf895820) at result.c:1190 #6 0x08057952 in ldap_result (ld=0x90502a8, msgid=8, all=1, timeout=0xbf895810, result=0xbf895820) at result.c:402 #7 0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895904, use_ldsb=0, connect=1, bind=0xbf8958f0) at request.c:501 #8 0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905ab20, msgid=7, parentreq=0x90594d8, srvlist=0xbf895904, lc=0x0, bind=0xbf8958f0) at request.c:207 #9 0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, refs=0x905aa50, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895a1c) at request.c:1139 #10 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=6, all=1, lcp=0xbf895a88, result=0xbf895ae0) at result.c:729 #11 0x08057952 in ldap_result (ld=0x90502a8, msgid=6, all=1, timeout=0xbf895ad0, result=0xbf895ae0) at result.c:402 #12 0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895bc4, use_ldsb=0, connect=1, bind=0xbf895bb0) at request.c:501 #13 0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905b7f8, msgid=5, parentreq=0x90594d8, srvlist=0xbf895bc4, lc=0x0, bind=0xbf895bb0) at request.c:207 #14 0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, refs=0x905a8f0, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895cdc) at request.c:1139 #15 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=-1, all=0, lcp=0xbf895d48, result=0xbf895ff8) at result.c:729 #16 0x08057952 in ldap_result (ld=0x90502a8, msgid=-1, all=0, timeout=0x0, result=0xbf895ff8) at result.c:402 #17 0x0804b362 in dosearch (ld=0x90502a8, base=0x904f180 "dc=ericsson,dc=com", scope=2, filtpatt=0x0, value=0x10 <Address 0x10 out of bounds>, attrs=0x0, attrsonly=0, sctrls=0x0, cctrls=0x0, timeout=0x0, sizelimit=-1) at ldapsearch.c:1198 #18 0x0804d3ce in main (argc=Cannot access memory at address 0x4cca ) at ldapsearch.c:1031
Frame #4 clearly shows that ber_sockbuf_ctrl() is passed a null sb, which is lc->lconn_sb. I could not track, right now, where that pointer was zeroed out. I have binary and core available, if anything is needed. What I'm missing right now is time and connectivity (via ssh, and most of the time via http).
p.