test062 segfault with back-mdb

This doesn't occur with back-bdb/hdb, and it doesn't happen if I insert a sleep after the ldapsearch to see if slapd is running, before the modification to cn=config is done.

Thread 3 "lt-slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fae46748700 (LWP 11239)] 0x00007fae4553abab in syncprov_free_syncop (so=0x7fae3c102cc0, unlink=1) at syncprov.c:811 811 for ( sop = &so->s_si->si_ops; *sop; sop = &(*sop)->s_next ) {

Here's the full backtrace:

Thread 4 (Thread 0x7fae45f47700 (LWP 11240)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 No locals. #1 0x00007fae4b48af69 in ldap_pvt_thread_cond_wait (cond=0x2529138, mutex=0x2529110) at thr_posix.c:281 No locals. #2 0x00007fae4b4896e5 in ldap_int_thread_pool_wrapper (xpool=0x2529100) at tpool.c:945 pq = 0x2529100 pool = 0x2529000 task = 0x0 work_list = 0x2529170 ctx = {ltu_pq = 0x2529100, ltu_id = 140386474686208, ltu_key = {{ltk_key = 0x440674 <conn_counter_init+224>, ltk_data = 0x7fae3c000db0, ltk_free = 0x4404c5 <conn_counter_destroy+224>}, {ltk_key = 0x4bc7fd <slap_sl_mem_create+197>, ltk_data = 0x7fae3c000ec0, ltk_free = 0x4bc621 <slap_sl_mem_destroy+224>}, { ltk_key = 0x45d2c1 <slap_op_free+224>, ltk_data = 0x7fae3c000950, ltk_free = 0x45d212 <slap_op_free+49>}, {ltk_key = 0x0, ltk_data = 0x7fae38108550, ltk_free = 0x0}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28 times>}} kctx = 0x0 i = 32 keyslot = 349 hash = 3903429981 pool_lock = 0 freeme = 0 __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #3 0x00007fae4ae496ba in start_thread (arg=0x7fae45f47700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fae45f47700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386474686208, 8789157664068107475, 0, 140386491460639, 140386474686912, 0, -8744345895670219565, -8744361424428172077}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007fae4a23f82d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 No locals.

Thread 3 (Thread 0x7fae46748700 (LWP 11239)): #0 0x00007fae4553abab in syncprov_free_syncop (so=0x7fae3c102cc0, unlink=1) at syncprov.c:811 sop = 0x6f637d307b3d6573 sr = 0x0 srnext = 0x240907c38f1c2800 ga = 0x0 gnext = 0x7fae46747960 #1 0x00007fae4553b6ec in syncprov_qtask (ctx=0x7fae46747c30, arg=0x7fae3c102cc0) at syncprov.c:1005 so = 0x7fae3c102cc0 opbuf = {ob_op = {o_hdr = 0x7fae46747960, o_tag = 99, o_time = 1492715516, o_tincr = 0, o_tusec = 0, o_qtime = {tv_sec = 0, tv_usec = 0}, o_bd = 0x7fae46747650, o_req_dn = { bv_len = 9, bv_val = 0x7fae3c103032 "cn=config"}, o_req_ndn = {bv_len = 9, bv_val = 0x7fae3c10303c "cn=config"}, o_request = {oq_add = {rs_modlist = 0x2, rs_e = 0xffffffffffffffff}, oq_bind = {rb_method = 2, rb_cred = {bv_len = 18446744073709551615, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, rb_ssf = 1007690928, rb_mech = {bv_len = 15, bv_val = 0x7fae3c103046 "(objectClass=*)"}}, oq_compare = {rs_ava = 0x2}, oq_modify = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = -1 '\377'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = -1 '\377'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = { bv_len = 140386308727984, bv_val = 0xf <error: Cannot access memory at address 0xf>}, rs_newSup = 0x7fae3c103046, rs_nnewSup = 0x0}, oq_search = {rs_scope = 2, rs_deref = 0, rs_slimit = -1, rs_tlimit = -1, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x7fae3c1024b0, rs_filterstr = {bv_len = 15, bv_val = 0x7fae3c103046 "(objectClass=*)"}}, oq_abandon = {rs_msgid = 2}, oq_cancel = {rs_msgid = 2}, oq_extended = {rs_reqoid = {bv_len = 2, bv_val = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = { bv_len = 2, bv_val = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val = 0x7fae3c1024b0 "\207"}, rs_new = {bv_len = 15, bv_val = 0x7fae3c103046 "(objectClass=*)"}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 1 '\001', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' <repeats 20 times>, "\001\000\000\000\000\000\000\000\000\000\000", o_controls = 0x7fae46747aa8, o_authz = {sai_method = 128, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 9, bv_val = 0x7fae3c103028 "cn=config"}, sai_ndn = {bv_len = 9, bv_val = 0x7fae3c103028 "cn=config"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra = { slh_first = 0x0}, o_next = {stqe_next = 0x0}}, ob_hdr = {oh_opid = 1, oh_connid = 1003, oh_conn = 0x257ad10, oh_msgid = 2, oh_protocol = 3, oh_tid = 140386474686208, oh_threadctx = 0x7fae46747c30, oh_tmpmemctx = 0x7fae38002bb0, oh_tmpmfuncs = 0x773b20 <slap_sl_mfuncs>, oh_counters = 0x7fae3c000db0, oh_log_prefix = "conn=1003 op=1", '\000' <repeats 241 times>}, ob_controls = {0x0 <repeats 32 times>}} op = 0x7fae467477e0 be = {bd_info = 0x76eec0 <slap_binfo>, bd_self = 0x254c6c0, be_ctrls = '\000' <repeats 15 times>, "\001", '\000' <repeats 16 times>, "\001", be_flags = 131328, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x254c8c0, be_nsuffix = 0x254c910, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = { bv_len = 9, bv_val = 0x254c860 "cn=config"}, be_rootndn = {bv_len = 9, bv_val = 0x254c880 "cn=config"}, be_rootpw = {bv_len = 8, bv_val = 0x254cad0 "yE1UpCg5"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x2633600, be_dfltaccess = ACL_NONE, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x26335e0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x0, be_private = 0x774880 <cfBackInfo>, be_next = { stqe_next = 0x0}} rc = 0 #2 0x00007fae4b4897f9 in ldap_int_thread_pool_wrapper (xpool=0x2529100) at tpool.c:963 pq = 0x2529100 pool = 0x2529000 task = 0x7fae400008c0 work_list = 0x2529170 ctx = {ltu_pq = 0x2529100, ltu_id = 140386483078912, ltu_key = {{ltk_key = 0x440674 <conn_counter_init+224>, ltk_data = 0x7fae38002aa0, ltk_free = 0x4404c5 <conn_counter_destroy+224>}, {ltk_key = 0x4bc7fd <slap_sl_mem_create+197>, ltk_data = 0x7fae38002bb0, ltk_free = 0x4bc621 <slap_sl_mem_destroy+224>}, { ltk_key = 0x45d2c1 <slap_op_free+224>, ltk_data = 0x7fae38002670, ltk_free = 0x45d212 <slap_op_free+49>}, {ltk_key = 0x0, ltk_data = 0x7fae3c101040, ltk_free = 0x0}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 28 times>}} kctx = 0x0 i = 32 keyslot = 494 hash = 3805260270 pool_lock = 0 freeme = 0 __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #3 0x00007fae4ae496ba in start_thread (arg=0x7fae46748700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fae46748700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386483078912, 8789157664068107475, 0, 140386491460639, 140386483079616, 0, -8744353591714743085, -8744361424428172077}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007fae4a23f82d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 No locals.

Thread 2 (Thread 0x7fae46f49700 (LWP 11211)): #0 0x00007fae4a23fe23 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x000000000043c6ac in slapd_daemon_task (ptr=0x2737b40) at daemon.c:2527 err = 4 ns = 1 at = 0 nfds = 2 revents = 0x24fccc0 tvp = 0x0 cat = {tv_sec = 0, tv_usec = 0} i = 1 nwriters = 0 now = 1492715518 tv = {tv_sec = 0, tv_usec = 0} tdelta = 1 rtask = 0x0 l = 1 last_idle_check = 1492715506 ebadf = 0 tid = 0 #2 0x00007fae4ae496ba in start_thread (arg=0x7fae46f49700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fae46f49700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140386491471616, 8789157664068107475, 0, 140720937019743, 140386491472320, 0, -8744352491666244397, -8744361424428172077}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #3 0x00007fae4a23f82d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 No locals.

Thread 1 (Thread 0x7fae4b8f8700 (LWP 11196)): #0 0x00007fae4ae4a98d in pthread_join (threadid=140386491471616, thread_return=0x0) at pthread_join.c:90 __tid = 17259 _buffer = {__routine = 0x7fae4ae4a8b0 <cleanup>, __arg = 0x7fae46f49d28, __canceltype = 0, __prev = 0x0} oldtype = 0 pd = 0x7fae46f49700 self = 0x7fae4b8f8700 result = 0 #1 0x00007fae4b48aeaa in ldap_pvt_thread_join (thread=140386491471616, thread_return=0x0) at thr_posix.c:201 No locals. #2 0x000000000043d949 in slap_sig_wake (sig=0) at daemon.c:3012 save_errno = 0 #3 0x0000000000415e5f in main (argc=8, argv=0x7ffc2576ac68) at main.c:1058 i = -1 no_detach = 1 rc = -12 urls = 0x24f80b0 "ldap://localhost:9011/" username = 0x0 groupname = 0x0 sandbox = 0x0 syslogUser = 160 pid = 16711680 waitfds = {5294400, 0} g_argc = 8 g_argv = 0x7ffc2576ac68 configfile = 0x0 configdir = 0x24f8090 "./slapd.d" serverName = 0x7ffc2576b51a "lt-slapd" serverMode = 1 scp = 0x0 scp_entry = 0x0 debug_unknowns = 0x0 syslog_unknowns = 0x0 serverNamePrefix = 0x50ce18 "" l = 0 slapd_pid_file_unlink = 0 slapd_args_file_unlink = 0 firstopt = 0 __PRETTY_FUNCTION__ = "\000\000\000\000"

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com