daveh@coreng.com.au wrote:
Full_Name: Dave Horsfall Version: 2.4.7 + ITS #5291 patch OS: FreeBSD 6.2 URL: http://www.horsfall.org/slapd-crash/ Submission from: (NULL) (192.65.182.30)
We have a custom client called LGET (which is not much more than a fancy output formatter based on the example code kicking around somewhere; I can provide the source, but there's no way that it will compile anywhere but here) that reliably crashes SLAPD when doing a search on "cn=Monitor".
Example:
lget -h localhost -b cn=monitor '(objectClass=*)' '*' (May need to do this several times; it will crash eventually) lget: Can't contact LDAP server
slapd.log:
Jan 8 10:37:33 mippet slapd[59883]: conn=14 fd=66 ACCEPT from IP=127.0.0.1:52984 (IP=0.0.0.0:389) Jan 8 10:37:33 mippet slapd[59883]: conn=14 op=0 SRCH base="cn=monitor" scope=2 deref=0 filter="(objectClass=*)" Jan 8 10:37:33 mippet slapd[59883]: conn=14 op=0 SRCH attr=* +
Looking at the logs, it appears that it's also requesting '+'.
This is sometimes followed by e.g.:
Jan 8 10:39:29 mippet slapd[83101]: ch_malloc of 1195801456 bytes failed
Although the debug shows traffic on the wire the client only shows a few blank lines (but that's not really relevant).
Debug output in "debug.out.gz", and GDB output in "gdb.out".
I couldn't reproduce with a test (mostly unloaded) slapd. Since back-monitor dynamically builds the results based on the activity of slapd, the root cause could be related to the type of activity your slapd is doing (e.g. active connections, running operations and so).
I don't have a FreeBSD at hand right now, could you post a "thread apply all bt" from gdb? I might need to ask for further core inspection with gdb.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------