(ITS#6810) slapd crashes writing to bdb backend - openldap-bugs

28 Jan 2011


      Full_Name: Bruno HALEBLIAN
Version: 2.4.23
OS: RHEL 5.5/64 bits
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (92.243.12.111)
Hello,
I'm stuck with "random" slapd crashes, my slapd has been tested successfully in
read mode but since I run updates, I get several crashes a day, with no BDB
corruption (recover and restart OK) but I can't let this go to production
stage.
Here's the first core stack I caught, I'll send more if I meet different ones.
Thanks for your help.
kernel: slapd[13284]: segfault at 0000000000000008 rip 000000000052a377 rsp
0000000043fa5160 error 4
Program terminated with signal 11, Segmentation fault.
#0  0x000000000052a377 in syncprov_matchops (op=0x182cdb00, opc=0x182d04c8,
saveit=1)
    at syncprov.c:1309
1309                                    op2.ors_filter =
ss->s_op->ors_filter->f_and->f_next;
(gdb) where
#0  0x000000000052a377 in syncprov_matchops (op=0x182cdb00, opc=0x182d04c8,
saveit=1)
    at syncprov.c:1309
#1  0x000000000052a5e1 in syncprov_op_mod (op=0x182cdb00, rs=<value optimized
out>)
    at syncprov.c:2075
#2  0x000000000049757a in overlay_op_walk (op=0x182cdb00, rs=0x43fa6c70,
which=op_modify,
    oi=0x17b6e2f0, on=0x17b6e4d0) at backover.c:659
#3  0x0000000000497b47 in over_op_func (op=0x182cdb00, rs=0x43fa6c70,
which=op_modify)
    at backover.c:721
#4  0x000000000044c537 in fe_op_modify (op=0x182cdb00, rs=0x43fa6c70) at
modify.c:301
#5  0x000000000044cc92 in do_modify (op=0x182cdb00, rs=0x43fa6c70) at
modify.c:175
#6  0x0000000000435655 in connection_operation (ctx=0x43fa6dc0, arg_v=<value
optimized out>)
    at connection.c:1109
#7  0x0000000000435c2f in connection_read_thread (ctx=0x43fa6dc0, argv=<value
optimized out>)
    at connection.c:1245
#8  0x000000000054345c in ldap_int_thread_pool_wrapper (xpool=0x17af0350) at
tpool.c:685
#9  0x000000339360673d in start_thread () from /lib64/libpthread.so.0
#10 0x0000003392ed3d1d in removexattr () from /lib64/libc.so.6
#11 0x0000000000000000 in ?? ()
(gdb) list *0x000000000052a377
0x52a377 is in syncprov_matchops (syncprov.c:1309).
1304                            ldap_pvt_thread_mutex_lock( &ss->s_mutex );
1305                            if (ss->s_flags & PS_FIX_FILTER) {
1306                                    /* Skip the AND/GE clause that we stuck
on in front. We
1307                                       would lose deletes/mods that happen
during the refresh
1308                                       phase otherwise (ITS#6555) */
1309                                    op2.ors_filter =
ss->s_op->ors_filter->f_and->f_next;
1310                            }
1311                            ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
1312                            rc = test_filter( &op2, e, op2.ors_filter );
1313                    }