[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3684) ldapadd and ldapsearch cause slapd segfault



Unfortunately OpenLDAP wouldn't segfault when compiled with CFLAGS="-g",
instead it just hung there, with the client attached, so I could only
get DB-4.2.52 compiled with debugging.

As you can (and have) guessed, I'm a little outside my sphere here, and
whilst I'd like to help the project, I'm getting out of my depth. I
shall endeavour to update my skills.

Hope this helps,

So we start slapd in GDB:

$ gdb /path/to/slapd
run -d -1

<snipped slapd startup and initial ldap connection>

>From another shell on the server run ldapsearch:

[root@ldap-pnb openldap-data]# ldapsearch -w foo -x -b 'o=foo' -D
'cn=root'

When openldap not compiled with CFLAGS="-g", it immediately returns
thus:

ldap_result: Can't contact LDAP server (-1)

as slapd has segfaulted.

Here is the GDB trace of slapd -d-1 :

<init startup snipped>

slapd startup: initiated.
backend_startup_one: starting "cn=config"
backend_startup_one: starting ""
bdb_db_open: 
bdb_db_open: dbenv_open(/drbd/opt23/var/openldap-data)
unique_open: overlay initialized
=> bdb_entry_get: ndn: ""
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("")
entry_decode: ""
<= entry_decode()
=> bdb_entry_get: found entry: ""
bdb_entry_get: rc=0
=> bdb_search
=> access_allowed: search access to "" "entry" requested
<= root access granted
=> access_allowed: search access granted by write(=mwrscxd)
search_candidates: base="" (0x00000000) scope=2
=> bdb_dn2idl("")
=> bdb_filter_candidates
        AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
        GE
=> bdb_inequality_candidates (entryCSN)
=> key_read
bdb_idl_fetch_key: 
<= bdb_index_read 1 candidates
=> key_read
bdb_idl_fetch_key: 
<= bdb_index_read: failed (-30990)
<= bdb_inequality_candidates: id=1, first=426955, last=426955
<= bdb_filter_candidates: id=1 first=426955 last=426955
<= bdb_list_candidates: id=1 first=426955 last=426955
<= bdb_filter_candidates: id=1 first=426955 last=426955
bdb_search_candidates: id=1 first=426955 last=426955
entry_decode: "dc=net"
<= entry_decode(dc=net)
=> bdb_dn2id("dc=net")
<= bdb_dn2id: got id=0x000683cb
=> test_filter
    GE
=> access_allowed: search access to "dc=net" "entryCSN" requested
<= root access granted
=> access_allowed: search access granted by write(=mwrscxd)
<= test_filter 6
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=0 matched="" text=""
slapd starting
[New Thread 1082132832 (LWP 5239)]
daemon: added 8r
daemon: added 10r
daemon: added 11r
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 16
ldap_pvt_gethostbyname_a: host=ldap-pnb.sal.your-domain.com, r=0
conn=0 fd=16 ACCEPT from IP=127.0.0.1:44491 (IP=0.0.0.0:389)
daemon: added 16r
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 16r
daemon: read activity on 16
connection_get(16)
connection_get(16): got connid=0
connection_read(16): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 16 02 01 01 60 11 02
0....`..          
ldap_read: want=16, got=16
  0000:  01 03 04 07 63 6e 3d 72  6f 6f 74 80 03 66 6f
6f   ....cn=root..foo  
ber_get_next: tag 0x30 len 22 contents:
ber_dump: buf=0x00776db0 ptr=0x00776db0 end=0x00776dc6 len=22
  0000:  02 01 01 60 11 02 01 03  04 07 63 6e 3d 72 6f
6f   ...`......cn=roo  
  0010:  74 80 03 66 6f 6f
t..foo            
[New Thread 1090525536 (LWP 5241)]
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 16 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x00776db0 ptr=0x00776db3 end=0x00776dc6 len=19
  0000:  60 11 02 01 03 04 07 63  6e 3d 72 6f 6f 74 80 03
`......cn=root..  
  0010:  66 6f 6f
foo               
ber_scanf fmt (m}) ber:
ber_dump: buf=0x00776db0 ptr=0x00776dc1 end=0x00776dc6 len=5
  0000:  00 03 66 6f 6f                                     ..foo
>>> dnPrettyNormal: <cn=root>
=> ldap_bv2dn(cn=root,0)
ldap_err2string
<= ldap_bv2dn(cn=root)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=root)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=root)=0 Success
<<< dnPrettyNormal: <cn=root>, <cn=root>
do_bind: version=3 dn="cn=root" method=128
conn=0 op=0 BIND dn="cn=root" method=128
==> bdb_bind: dn: cn=root
bdb_dn2entry("cn=root")
=> bdb_dn2id("cn=root")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1090525536 (LWP 5241)]
0x00002aaaaab6c966 in __lock_put_nolock (dbenv=0x771e30,
lock=0x41000a80, runp=0x41000a00, flags=0)
at ../dist/../lock/lock.c:1144
1144            if (lock->gen != lockp->gen) {

(gdb) bt full
#0  0x00002aaaaab6c966 in __lock_put_nolock (dbenv=0x771e30,
lock=0x41000a80, runp=0x41000a00, flags=0)
at ../dist/../lock/lock.c:1144
        lockp = (struct __db_lock *) 0x2aab00701a90
        region = (DB_LOCKREGION *) 0x2aaabf7a2f18
        lt = (DB_LOCKTAB *) 0x772440
        ret = 0
#1  0x00002aaaaab6c887 in __lock_put (dbenv=0x771e30, lock=0x41000a80)
at ../dist/../lock/lock.c:1108
        lt = (DB_LOCKTAB *) 0x772440
        ret = 0
        run_dd = 11
#2  0x00002aaaaab6c7d9 in __lock_put_pp (dbenv=0x771e30,
lock=0x41000a80) at ../dist/../lock/lock.c:1082
        rep_check = 0
        ret = 1090522608
#3  0x00000000004825bc in ?? ()
No symbol table info available.
#4  0x000000000045d3a4 in ?? ()
No symbol table info available.
#5  0x000000000042e3c9 in ?? ()
No symbol table info available.
#6  0x000000000042ddf5 in ?? ()
No symbol table info available.
#7  0x0000000000416fb8 in ?? ()
No symbol table info available.
#8  0x00000000004c87d8 in ?? ()
No symbol table info available.
#9  0x000000356ae060aa in start_thread ()
from /lib64/tls/libpthread.so.0
No symbol table info available.
#10 0x000000356a1c53d3 in clone () from /lib64/tls/libc.so.6
No symbol table info available.
#11 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) thread apply all bt

Thread 3 (Thread 1090525536 (LWP 5241)):
#0  0x00002aaaaab6c966 in __lock_put_nolock (dbenv=0x771e30,
lock=0x41000a80, runp=0x41000a00, flags=0)
at ../dist/../lock/lock.c:1144
#1  0x00002aaaaab6c887 in __lock_put (dbenv=0x771e30, lock=0x41000a80)
at ../dist/../lock/lock.c:1108
#2  0x00002aaaaab6c7d9 in __lock_put_pp (dbenv=0x771e30,
lock=0x41000a80) at ../dist/../lock/lock.c:1082
#3  0x00000000004825bc in ?? ()
#4  0x000000000045d3a4 in ?? ()
#5  0x000000000042e3c9 in ?? ()
#6  0x000000000042ddf5 in ?? ()
#7  0x0000000000416fb8 in ?? ()
#8  0x00000000004c87d8 in ?? ()
#9  0x000000356ae060aa in start_thread ()
from /lib64/tls/libpthread.so.0
#10 0x000000356a1c53d3 in clone () from /lib64/tls/libc.so.6
#11 0x0000000000000000 in ?? ()

Thread 2 (Thread 1082132832 (LWP 5239)):
#0  0x000000356a1be496 in __select_nocancel () from /lib64/tls/libc.so.6
#1  0x0000000000413889 in ?? ()
#2  0x000000356ae060aa in start_thread ()
from /lib64/tls/libpthread.so.0
#3  0x000000356a1c53d3 in clone () from /lib64/tls/libc.so.6
#4  0x0000000000000000 in ?? ()

Thread 1 (Thread 46912498335968 (LWP 5236)):
#0  0x000000356ae06f2b in pthread_join ()
from /lib64/tls/libpthread.so.0
#1  0x0000000000414c23 in ?? ()
#2  0x00000000004073d8 in ?? ()
#3  0x000000356a11c4bb in __libc_start_main () from /lib64/tls/libc.so.6
#4  0x000000000040662a in ?? ()
#5  0x00007ffffffff958 in ?? ()
#6  0x000000000000001c in ?? ()
#7  0x0000000000000003 in ?? ()
#8  0x00007ffffffffb71 in ?? ()
#9  0x00007ffffffffb8b in ?? ()
#10 0x00007ffffffffb8e in ?? ()
#11 0x0000000000000000 in ?? ()
0x00002aaaaab6c966      1144            if (lock->gen != lockp->gen) {
(gdb)   


At this point, we have to perform the following steps in the ldap data
directory:

$ db_recover -v
$ rm -fr alock