[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5022) ldappasswd crash consumer slapd with some loglevels
Quanah Gibson-Mount wrote:
>
>
> --On June 19, 2007 10:19:15 PM +0000 gao@schrodinger.com wrote:
>> Program received signal SIGABRT, Aborted.
>> [Switching to Thread -1249219696 (LWP 7710)]
>> 0xbfffe402 in __kernel_vsyscall ()
>> (gdb) bt full
>> # 0 0xbfffe402 in __kernel_vsyscall ()
>> No symbol table info available.
>> # 1 0xb7a8d429 in raise () from /lib/libc.so.6
>> No symbol table info available.
>> # 2 0xb7a8e9d1 in abort () from /lib/libc.so.6
>> No symbol table info available.
>> # 3 0xb7a86e51 in __assert_fail () from /lib/libc.so.6
>> No symbol table info available.
>> # 4 0x080809c5 in send_ldap_response ()
>> No symbol table info available.
>> # 5 0x0000000a in ?? ()
>> No symbol table info available.
>> # 6 0x08150731 in ?? ()
>> No symbol table info available.
>> # 7 0x08150731 in ?? ()
>> No symbol table info available.
>> # 8 0xb58a61b4 in ?? ()
>> No symbol table info available.
>> # 9 0xb58a5cac in ?? ()
>> No symbol table info available.
>> # 10 0x00000000 in ?? ()
>> No symbol table info available.
>
>
> Fairly worthless. You need to compile with -g and not strip the binary.
Alright, I believe I am getting closer with this:
====================================================================================
# gdb /tmp/debug/usr/lib/openldap/slapd
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run -d 0 -u ldap -g ldap -h 'ldap:// ldaps://'
Starting program: /tmp/debug/usr/lib/openldap/slapd -d 0 -u ldap -g ldap
-h 'ldap:// ldaps://'
[Thread debugging using libthread_db enabled]
[New Thread -1213049168 (LWP 28621)]
[New Thread -1240032368 (LWP 28624)]
[New Thread -1248425072 (LWP 28625)]
[New Thread -1256817776 (LWP 28626)]
slapd: result.c:364: send_ldap_response: Assertion `rs->sr_err != 0x0a'
failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread -1248425072 (LWP 28625)]
0xbfffe402 in __kernel_vsyscall ()
(gdb) bt full
#0 0xbfffe402 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7b4f429 in raise () from /lib/libc.so.6
No symbol table info available.
#2 0xb7b509d1 in abort () from /lib/libc.so.6
No symbol table info available.
#3 0xb7b48e51 in __assert_fail () from /lib/libc.so.6
No symbol table info available.
#4 0x080809c5 in send_ldap_response (op=0x827c760, rs=0xb59681b4)
at result.c:364
berbuf = {
buffer =
"\002\000\001\000\000\000\000\000????\000\000\000\000\000\000\000\000\\Pv?\\Pv?8`v?<`v?\000\000\000\000H\212&\b",
'\0' <repeats 211 times>,
ialign = 65538, lalign = 65538, falign = 9.18382988e-41,
dalign = 3.2380074297143616e-319,
palign = 0x10002 <Address 0x10002 out of bounds>}
ber = (BerElement *) 0xb5967a18
rc = <value optimized out>
bytes = <value optimized out>
__PRETTY_FUNCTION__ = "send_ldap_response"
#5 0x08080caf in slap_send_ldap_extended (op=0x827c760, rs=0xb59681b4)
at result.c:630
No locals.
#6 0x080fa450 in ldap_chain_response (op=0x827c760, rs=0xb59681b4)
---Type <return> to continue, or q <return> to quit---
at chain.c:920
db = {bd_info = 0x820dc60,
be_ctrls =
"\000\001\001\001\000\000\001\000\001\000\001\001\001\000\001", '\0'
<repeats 17 times>, "\001", be_flags = 37122, be_restrictops = 0,
be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0,
sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0,
sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0},
be_suffix = 0x820e308, be_nsuffix = 0x820e240, be_schemadn = {bv_len = 0,
bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {
bv_len = 34, bv_val = 0x820e6d8 "cn=ldapadmin,dc=example,dc=com"},
be_rootndn = {bv_len = 34,
bv_val = 0x820e718 "cn=ldapadmin,dc=example,dc=com"}, be_rootpw = {
bv_len = 38, bv_val = 0x820e740 "{SSHA}f5kiigYucjOHoM0r9zDuwW0GjxVa9y1h"},
be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0,
lms_s_soft = 3000, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0,
lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0,
be_acl = 0x81e2650, be_dfltaccess = ACL_READ, be_replica = 0x0,
be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0},
be_update_refs = 0x8211100, be_pending_csn_list = 0x8259318,
be_pcl_mutex = {
__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {
__spins = 0, __list = {__next = 0x0}}},
__size = '\0' <repeats 23 times>, __align = 0}, be_pcl_mutexp = 0x820e400,
be_syncinfo = 0x8210fa0, be_pb = 0x0, be_cf_ocs = 0x81841e0,
be_private = 0x820e438, be_next = {stqe_next = 0x0}}
---Type <return> to continue, or q <return> to quit---
lb = {lb_status = LDAP_CH_NONE, lb_lc = 0x820dd60, lb_op_f = 0,
lb_depth = 0}
sc = (slap_callback *) 0xb596811c
sc2 = {sc_next = 0x0,
sc_response = 0x80fa782 <ldap_chain_cb_response>, sc_cleanup = 0,
sc_private = 0xb5967cbc}
rc = 80
text = 0x0
matched = 0x0
ref = (BerVarray) 0x8279b18
sr_err = 10
sr_type = REP_EXTENDED
#7 0x080c73e5 in over_back_response (op=0x827c760, rs=0xb59681b4)
at backover.c:236
on = (slap_overinst *) 0x820dc60
rc = 0
be = (BackendDB *) 0x820e330
db = {bd_info = 0x820dc60,
be_ctrls =
"\000\001\001\001\000\000\001\000\001\000\001\001\001\000\001", '\0'
<repeats 17 times>, "\001", be_flags = 37122, be_restrictops = 0,
be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0,
sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0,
sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0},
be_suffix = 0x820e308, be_nsuffix = 0x820e240, be_schemadn = {bv_len = 0,
---Type <return> to continue, or q <return> to quit---
bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {
bv_len = 34, bv_val = 0x820e6d8 "cn=ldapadmin,dc=example,dc=com"},
be_rootndn = {bv_len = 34,
bv_val = 0x820e718 "cn=ldapadmin,dc=example,dc=com"}, be_rootpw = {
bv_len = 38, bv_val = 0x820e740 "{SSHA}f5kiigYucjOHoM0r9zDuwW0GjxVa9y1h"},
be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0,
lms_s_soft = 3000, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0,
lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0,
be_acl = 0x81e2650, be_dfltaccess = ACL_READ, be_replica = 0x0,
be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0},
be_update_refs = 0x8211100, be_pending_csn_list = 0x8259318,
be_pcl_mutex = {
__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {
__spins = 0, __list = {__next = 0x0}}},
__size = '\0' <repeats 23 times>, __align = 0}, be_pcl_mutexp = 0x820e400,
be_syncinfo = 0x8210fa0, be_pb = 0x0, be_cf_ocs = 0x81841e0,
be_private = 0x820e438, be_next = {stqe_next = 0x0}}
#8 0x080803ee in send_ldap_response (op=0x827c760, rs=0xb59681b4)
at result.c:303
sc = (slap_callback *) 0xb596811c
sc_prev = (slap_callback **) 0xb5967f48
sc_next = (slap_callback *) 0x0
berbuf = {
buffer =
"\035\000\000\000\000\000\000\000????\000\000\000\000????\006-\v\bh?'\b?~\226?\030\223%\b\000\000\000\000\000\000\000\000\b\021!\b",
'\0' <repeats 13---Type <return> to continue, or q <return> to quit---
times>, "? \bh?'\b\030\233'\b\020?'\b8?
\b\000\000\000\000\034\201\226?us\f\b", '\0' <repeats 28 times>,
"`?'\b?\201\226?h?'\b\n\000\000\000|?'\b\204?'\b`?'\bC\025\n\b<Pv?H\212&\b\000\000\000\000????\205?\023\b",
'\0' <repeats 24 times>, "?\201\226?\234?'\b\224?'\b", '\0' <repeats 16
times>, "\027\000\000\000??'\b\001\000\000\000d\201\226?\000"..., ialign
= 29, lalign = 29,
falign = 4.06376555e-44, dalign = 1.432790372939615e-322,
palign = 0x1d <Address 0x1d out of bounds>}
ber = <value optimized out>
rc = -1024
bytes = <value optimized out>
__PRETTY_FUNCTION__ = "send_ldap_response"
#9 0x08080caf in slap_send_ldap_extended (op=0x827c760, rs=0xb59681b4)
at result.c:630
No locals.
#10 0x0809ff84 in fe_extended (op=0x827c760, rs=0xb59681b4) at
extended.c:230
bd = (BackendDB *) 0xb596801c
ext = (struct extop_list *) 0x81af248
#11 0x080c74d0 in overlay_op_walk (op=0x827c760, rs=0xb59681b4,
which=op_extended, oi=0x820db60, on=0x820dc60) at backover.c:508
sc_next = <value optimized out>
rc = 32768
#12 0x080c783b in over_op_func (op=0x827c760, rs=0xb59681b4,
which=op_extended)
at backover.c:560
oi = (slap_overinfo *) 0x820db60
---Type <return> to continue, or q <return> to quit---
on = (slap_overinst *) 0x820dc60
be = (BackendDB *) 0x8188200
db = {bd_info = 0x8188100,
be_ctrls = "\000", '\001' <repeats 13 times>, '\0' <repeats 18 times>,
be_flags = 769, be_restrictops = 0, be_requires = 0, be_ssf_set = {
sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0,
sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0,
sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x81dec78,
be_nsuffix = 0x81deca0, be_schemadn = {bv_len = 12,
bv_val = 0x8211140 "cn=Subschema"}, be_schemandn = {bv_len = 12,
bv_val = 0x8210f00 "cn=subschema"}, be_rootdn = {bv_len = 0,
bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0}, be_rootpw = {
bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit = {
lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0,
lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0,
lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x81e2650,
be_dfltaccess = ACL_READ, be_replica = 0x0, be_replogfile = 0x0,
be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0,
be_pending_csn_list = 0x0, be_pcl_mutex = {__data = {__lock = 0,
__count = 0, __owner = 0, __kind = 0, __nusers = 0, {__spins = 0,
__list = {__next = 0x0}}}, __size = '\0' <repeats 23 times>,
__align = 0}, be_pcl_mutexp = 0x0, be_syncinfo = 0x0, be_pb = 0x0,
be_cf_ocs = 0x81826c4, be_private = 0x0, be_next = {stqe_next = 0x81dfff0}}
cb = {sc_next = 0x0, sc_response = 0x80c7375 <over_back_response>,
---Type <return> to continue, or q <return> to quit---
sc_cleanup = 0, sc_private = 0x820db60}
rc = 0
__PRETTY_FUNCTION__ = "over_op_func"
#13 0x080a04b8 in do_extended (op=0x827c760, rs=0xb59681b4) at
extended.c:180
reqdata = {bv_len = 22, bv_val = 0x827c9d8 "0\024\201\bpiThid6i"}
len = 22
#14 0x0806f701 in connection_operation (ctx=0xb5968238, arg_v=0x827c760)
at connection.c:1133
curelm = <value optimized out>
rc = <value optimized out>
rs = {sr_type = REP_EXTENDED, sr_tag = 120, sr_msgid = 2, sr_err = 10,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0,
r_rspdata = 0x0}, sru_search = {r_entry = 0x0, r_attr_flags = 0,
r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0,
r_v2ref = 0x0}}, sr_flags = 32}
tag = 119
opidx = SLAP_OP_EXTENDED
conn = (Connection *) 0xb616b598
memctx = (void *) 0x8268a48
memctx_null = (void *) 0x0
__PRETTY_FUNCTION__ = "connection_operation"
#15 0xb7f83bb1 in ?? () from /usr/lib/libldap_r-2.3.so.0
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#16 0xb5968238 in ?? ()
No symbol table info available.
#17 0x0827c760 in ?? ()
No symbol table info available.
#18 0xb7fb0024 in ?? () from /usr/lib/libldap_r-2.3.so.0
No symbol table info available.
#19 0xb5968238 in ?? ()
No symbol table info available.
#20 0xb7fb0020 in ?? () from /usr/lib/libldap_r-2.3.so.0
No symbol table info available.
#21 0x081cb96c in ?? ()
No symbol table info available.
#22 0x081cb954 in ?? ()
No symbol table info available.
#23 0x00000000 in ?? ()
No symbol table info available.
============================================================================================
The coredump is generated when running following against one consumer
slapd daemon:
ldappasswd -v -H ldap://ldap2.example.com -D
"uid=lee,ou=people,dc=example,dc=com" -W -S -x -A
slapd is compiled with "-g" option.
One strange thing is that if slapd is compiled with "-ggdb", then the
problem disappears. I am going to run some more tests with "-ggdb" to
make sure that's the case.
If you need further information, please let me know.
Simon