(ITS#5917) slapd crashes with assertion failed and SIGABRT - openldap-bugs

2 Feb 2009


      Full_Name: Guido Landi
Version: 2.3.43
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.246.126.62)
Hello,
I'm using OpenLDAP 2.3.43 with ldap backend as a proxy to Active Directory for
users autentication on linux(gentoo).
OpenLDAP keep on crashing  while testing it through the nss_ldap module using
the "id" unix command. It often crashes for an assertion failed(that i can
easily reproduce) but sometimes with a segmentation fault or a glibc error
related to free()(heap corruption?).
I found as a workaround that if I set the maximum threads number to 2 it works
just fine.
I'm using glibc-2.6.1 with NPTL and I have compiled OpenLDAP with gcc-4.1.2 and
3.4.6.
Here is my slapd.conf, ldap.conf(used by the nss_ldap module) and some
backtraces.
####
slapd.conf
####
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/local.schema
modulepath      /usr/lib/openldap/openldap
moduleload      rwm
overlay         rwm
rwm-map         attribute       cn sAMAccountName
database        ldap
suffix          "dc=mydomain,dc=it"
rootdn          "ou=CV Utenti,dc=mydomain,dc=it"
lastmod         off
uri             ldaps://mydc.mydomain.it/
rebind-as-user
chase-referrals YES
index   objectClass eq,sub
index uidNumber,gidNumber                       eq
index memberUid                                 eq
index       sAMAccountName eq,subinitial
#concurrency 0
#threads 2
TLSCACertificateFile /etc/openldap/ssl/cacert.pem
TLSCertificateFile /etc/openldap/ssl/server.pem
TLSCertificateKeyFile /etc/openldap/ssl/server.key
TLSCipherSuite  ALL
TLSCRLCheck none
TLSReqCert none
TLSVerifyClient never
####
ldap.conf
####
uri     ldaps://ldap-proxy.mydomain.it
port    636
base    OU=mygroup,dc=mydomain,dc=it
scope   sub
binddn  CN=myaccount,DC=mydomain,DC=it
bindpw  password
bind_policy soft
ldap_version 3
#nss_schema rfc2307bis
#debug 1000
REFERRALS no
pam_login_attribute     cn
pam_filter              objectClass=user
pam_password            ad
pam_groupdn             CN=UNIX Admins,DC=mydomain,DC=it
#pam_groupdn            CN=UNIX-USERS,DC=mydomain,DC=it
pam_member_attribute    member
nss_base_passwd         OU=Users,DC=mydomain,DC=it
nss_base_shadow         OU=Users,DC=mydomain,DC=it
nss_base_group          DC=mydomain,DC=it?(objectClass=group)
nss_map_objectclass     posixAccount    user
nss_map_objectclass     shadowAccount   user
nss_map_attribute      uid             uid
nss_map_attribute       uniqueMember    member
#nss_map_attribute       uniqueMember    msSFU30PosixMemberOf
nss_map_attribute       userPassword    unixUserPassword
nss_map_attribute       homeDirectory   unixHomeDirectory
nss_map_attribute       loginShell      loginShell
nss_map_attribute       gecos           name
nss_map_objectclass     posixGroup      group
nss_reconnect_tries 4
nss_reconnect_sleeptime 1
#nss_reconnect_maxsleeptime 16
nss_reconnect_maxconntries 6
#nss_initgroups backlink
#nss_max_group_depth 100
ssl yes
####
backtraces
####
put_simple_filter: "member=cn=certsvc_dcom_access,cn=users,dc=mydomain,dc=it"
ldap_send_initial_request
ldap_send_server_request
ldap_back_retry: conn 0x826a628 refcnt=2 unable to retry.
slapd: bind.c:157: ldap_back_conn_delete: Assertion `!(*(&((lc))->lc_lcflags) &
(((0x00000020U))))' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb722eb90 (LWP 25435)]
0xb7b711c7 in raise () from /lib/libc.so.6
(gdb) bt
#0  0xb7b711c7 in raise () from /lib/libc.so.6
#1  0xb7b72998 in abort () from /lib/libc.so.6
#2  0xb7b6a7e5 in __assert_fail () from /lib/libc.so.6
#3  0x081147d8 in ldap_back_conn_delete ()
#4  0x081150e1 in ?? ()
#5  0x08217930 in ?? ()
#6  0x0826a628 in ?? ()
#7  0xb722cde8 in ?? ()
#8  0x081166f5 in ldap_back_release_conn_lock ()
Backtrace stopped: frame did not save the PC
ber_flush: 104 bytes to sd 11
ldap_result ld 0x825dfb0 msgid 5
ldap_chkResponseList ld 0x825dfb0 msgid 5 all 0
ldap_chkResponseList returns ld 0x825dfb0 NULL
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb692db90 (LWP 25728)]
0xb7b711c7 in raise () from /lib/libc.so.6
(gdb) bt
#0  0xb7b711c7 in raise () from /lib/libc.so.6
#1  0xb7b72998 in abort () from /lib/libc.so.6
#2  0xb7b6a7e5 in __assert_fail () from /lib/libc.so.6
#3  0xb7f8da8c in ber_flush () from /usr/lib/liblber-2.3.so.0
#4  0xb7fb9005 in ldap_int_flush_request () from /usr/lib/libldap_r-2.3.so.0
#5  0xb7fb94da in ldap_send_server_request () from /usr/lib/libldap_r-2.3.so.0
#6  0xb7fb8fa9 in ldap_send_initial_request () from /usr/lib/libldap_r-2.3.so.0
#7  0xb7fa8188 in ldap_search_ext () from /usr/lib/libldap_r-2.3.so.0
#8  0x080f6eb0 in ldap_back_search ()
#9  0x08079a9f in fe_op_search ()
#10 0x080df1fa in overlay_op_walk ()
#11 0x080df3b1 in ?? ()
#12 0x082968d0 in ?? ()
#13 0xb692d18c in ?? ()
#14 0x00000002 in ?? ()
#15 0x08217190 in ?? ()
#16 0x00000000 in ?? ()
put_simple_filter: "member=cn=unix admins,ou=cv acl,dc=mydomain,dc=it"
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
slapd: io.c:210: ber_flush: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )'
failed.
** ld 0xb560f238 Response Queue:
   Empty
ldap_chkResponseList ld 0xb560f238 msgid 5 all 0
ldap_chkResponseList returns ld 0xb560f238 NULL
ldap_int_select
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb722eb90 (LWP 29674)]
---Type <return> to continue, or q <return> to quit---
0xb7b711c7 in raise () from /lib/libc.so.6
(gdb) bt
#0  0xb7b711c7 in raise () from /lib/libc.so.6
#1  0xb7b72998 in abort () from /lib/libc.so.6
#2  0xb7b6a7e5 in __assert_fail () from /lib/libc.so.6
#3  0xb7f8da70 in ber_flush () from /usr/lib/liblber-2.3.so.0
#4  0xb7fb9005 in ldap_int_flush_request () from /usr/lib/libldap_r-2.3.so.0
#5  0xb7fb94da in ldap_send_server_request () from /usr/lib/libldap_r-2.3.so.0
#6  0xb7fb8fa9 in ldap_send_initial_request () from /usr/lib/libldap_r-2.3.so.0
#7  0xb7fa8188 in ldap_search_ext () from /usr/lib/libldap_r-2.3.so.0
#8  0x080f6e10 in ldap_back_search ()
#9  0x08079a97 in fe_op_search ()
#10 0x080df15a in overlay_op_walk ()
#11 0x080df311 in over_op_func ()
#12 0x080df395 in over_op_search ()
#13 0x08079549 in do_search ()
#14 0x0807677a in connection_operation ()
#15 0xb7fa30a9 in ldap_int_thread_pool_wrapper () from
/usr/lib/libldap_r-2.3.so.0
#16 0xb7e5a013 in start_thread () from /lib/libpthread.so.0
#17 0xb7c0948e in clone () from /lib/libc.so.6