[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#8012) SIGSEGV while disconnect/abandon

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8012) SIGSEGV while disconnect/abandon
From: leo@yuriev.ru
Date: Mon, 29 Dec 2014 08:47:41 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)
(gdb) info local
on = <optimised out>
si = 0x23b33f0
so = 0x7f14b444cd30
soprev = 0x7f14e02dc9b0

(gdb) p *so->s_op->o_hdr
Cannot access memory at address 0x3932323134313032

(gdb) p *si
$1 = {si_ops = 0x7f14e949ed60, si_contextdn = {bv_len = 7, bv_val = 
0x2389e10 "dc=ldap"}, si_ctxcsn = 0x2640e60, si_sids = 0x243a6c0, 
si_numcsns = 4, si_chkops = 1, si_chktime = 60, si_numops = 0,
   si_nopres = 0, si_usehint = 1, si_active = 2, si_dirty = 0, 
si_chklast = 1419822205, si_mods = 0x7f14bcead650, si_logs = 0x0, 
si_csn_rwlock = {__data = {__lock = 0, __nr_readers = 0,
       __readers_wakeup = 5312, __writer_wakeup = 9078, 
__nr_readers_queued = 0, __nr_writers_queued = 0, __writer = 0, __shared 
= 0, __pad1 = 0, __pad2 = 0, __flags = 0},
     __size = "\000\000\000\000\000\000\000\000\300\024\000\000v#", 
'\000' <repeats 41 times>, __align = 0}, si_ops_mutex = {__data = 
{__lock = 1, __count = 0, __owner = 30051, __nusers = 1, __kind = 0,
       __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 
0x0}}, __size = "\001\000\000\000\000\000\000\000cu\000\000\001", '\000' 
<repeats 26 times>, __align = 1}, si_mods_mutex = {__data = {
       __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, 
__spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, 
__size = '\000' <repeats 39 times>, __align = 0},
   si_resp_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, 
__nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 
0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>,
     __align = 0}}

(gdb) p *so
$2 = {s_next = 0x0, s_base = {bv_len = 15, bv_val = 0x7f14b4964180 
"dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14b0a12d30, s_rid = 4, s_sid = 
1, s_filterstr = {bv_len = 15,
     bv_val = 0x7f14b4000b18 "\300\f"}, s_flags = 17, s_inuse = 1, s_res 
= 0x7f14d19ff780, s_restail = 0x7f14c818b090, s_mutex = {__data = 
{__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
       __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 
0x0}}, __size = '\000' <repeats 39 times>, __align = 0}}

(gdb) p *so->s_op
$3 = {o_hdr = 0x3932323134313032, o_tag = 25385731496096560, o_time = 
8029759185026510703, o_tincr = 37, o_bd = 0x3932323134313032, o_req_dn = 
{bv_len = 25385731496096560,
     bv_val = 0x20 <Address 0x20 out of bounds>}, o_req_ndn = {bv_len = 
37, bv_val = 0x7061646c3d6364 <Address 0x7061646c3d6364 out of bounds>}, 
o_request = {oq_add = {rs_modlist = 0x6f6f6f6f6f6f6f6f,
       rs_e = 0x6f6f6f6f6f6f6f6f}, oq_bind = {rb_method = 1869573999, 
rb_cred = {bv_len = 8029759185026510703, bv_val = 0x25 <Address 0x25 out 
of bounds>}, rb_edn = {bv_len = 4121411795907850290,
         bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of 
bounds>}, rb_ssf = 32, rb_mech = {bv_len = 53, bv_val = 0x6 <Address 0x6 
out of bounds>}}, oq_compare = {rs_ava = 0x6f6f6f6f6f6f6f6f},
     oq_modify = {rs_mods = {rs_modlist = 0x6f6f6f6f6f6f6f6f, 
rs_no_opattrs = 111 'o'}, rs_increment = 37}, oq_modrdn = {rs_mods = 
{rs_modlist = 0x6f6f6f6f6f6f6f6f, rs_no_opattrs = 111 'o'},
       rs_deleteoldrdn = 37, rs_newrdn = {bv_len = 4121411795907850290, 
bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of bounds>}, 
rs_nnewrdn = {bv_len = 32,
         bv_val = 0x35 <Address 0x35 out of bounds>}, rs_newSup = 0x6, 
rs_nnewSup = 0x7f14b01bc820}, oq_search = {rs_scope = 1869573999, 
rs_deref = 1869573999, rs_slimit = 1869573999,
       rs_tlimit = 1869573999, rs_limit = 0x25, rs_attrsonly = 
875638834, rs_attrs = 0x5a303034303330, rs_filter = 0x20, rs_filterstr = 
{bv_len = 53, bv_val = 0x6 <Address 0x6 out of bounds>}},
     oq_abandon = {rs_msgid = 1869573999}, oq_cancel = {rs_msgid = 
1869573999}, oq_extended = {rs_reqoid = {bv_len = 8029759185026510703,
         bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out of 
bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, oq_pwdexop = 
{rs_extended = {rs_reqoid = {bv_len = 8029759185026510703,
           bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out 
of bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, rs_old = 
{bv_len = 25385731496096560,
         bv_val = 0x20 <Address 0x20 out of bounds>}, rs_new = {bv_len = 
53, bv_val = 0x6 <Address 0x6 out of bounds>}, rs_mods = 0x7f14b01bc820, 
rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0,
   o_groups = 0x6f6f6f6f6f6f6f6f, o_do_not_cache = 53 '5', 
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = 
ACL_NONE, o_nocaching = 36 '$', o_delete_glue_parent = 0 '\000',
   o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', 
o_ctrlflag = "\000\000\000\000ã\033\260\024\177", '\000' <repeats 18 
times>, "oooo", o_controls = 0x25, o_authz = {
     sai_method = 3751589900465327636, sai_mech = {bv_len = 
1617057180469906565, bv_val = 0x0}, sai_dn = {bv_len = 53, bv_val = 0xf 
<Address 0xf out of bounds>}, sai_ndn = {bv_len = 139726839426656,
       bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 
48, sai_sasl_ssf = 0}, o_ber = 0x25, o_res_ber = 0x3932323134313032, 
o_callback = 0x5a303034303330, o_ctrls = 0x6f6f6f6f6f007972,
   o_csn = {bv_len = 37, bv_val = 0x3932323134313032 <Address 
0x3932323134313032 out of bounds>}, o_private = 0x5a303034303330, 
o_extra = {slh_first = 0x7972}, o_next = {stqe_next = 0x35}}

(gdb) p *op
$4 = {o_hdr = 0x7f14efffe820, o_tag = 80, o_time = 0, o_tincr = 0, o_bd 
= 0x7f14efffe5d0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = 
{bv_len = 0, bv_val = 0x0}, o_request = {oq_add = {
       rs_modlist = 0x3, rs_e = 0x0}, oq_bind = {rb_method = 3, rb_cred 
= {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, 
rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {
       rs_ava = 0x3}, oq_modify = {rs_mods = {rs_modlist = 0x3, 
rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = {rs_mods = 
{rs_modlist = 0x3, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0,
       rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, 
bv_val = 0x0}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope 
= 3, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0,
       rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 
0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid 
= 3}, oq_cancel = {rs_msgid = 3}, oq_extended = {rs_reqoid = {
         bv_len = 3, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, 
oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 3, bv_val = 0x0}, 
rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0,
         bv_val = 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 
0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, 
o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000',
   o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 
'\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', 
o_no_subordinate_glue = 0 '\000',
   o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz = 
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len 
= 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0},
     sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 
0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x7f14efffe5a0, o_ctrls = 
0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0,
   o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}}

(gdb) p *soprev
$5 = {s_next = 0x7f14b444cd30, s_base = {bv_len = 15, bv_val = 
0x7f14e063fb20 "dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14e0260c70, 
s_rid = 4, s_sid = 2, s_filterstr = {bv_len = 15,
     bv_val = 0x7f14e0000b18 "\300\f"}, s_flags = 2, s_inuse = 1, s_res 
= 0x0, s_restail = 0x0, s_mutex = {__data = {__lock = 0, __count = 0, 
__owner = 0, __nusers = 0, __kind = 0, __spins = 0,
       __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = 
'\000' <repeats 39 times>, __align = 0}}

(gdb) p op->o_hdr
$6 = (Opheader *) 0x7f14efffe820
(gdb) p *op->o_hdr
$7 = {oh_opid = 0, oh_connid = 15472, oh_conn = 0x7f15178fe390, oh_msgid 
= 0, oh_protocol = 0, oh_tid = 0, oh_threadctx = 0x0, oh_tmpmemctx = 
0x0, oh_tmpmfuncs = 0x0, oh_counters = 0x0,
   oh_log_prefix = '\000' <repeats 255 times>}

(gdb) p *op->o_hdr->oh_conn
$8 = {c_struct_state = SLAP_C_USED, c_conn_state = SLAP_C_CLOSING, 
c_conn_idx = 298, c_sd = 298, c_close_reason = 0x538d20 <conn_lost_str> 
"connection lost", c_mutex = {__data = {__lock = 1, __count = 0,
       __owner = 30051, __nusers = 1, __kind = 0, __spins = 0, __elision 
= 0, __list = {__prev = 0x0, __next = 0x0}}, __size = 
"\001\000\000\000\000\000\000\000cu\000\000\001", '\000' <repeats 26 
times>,
     __align = 1}, c_sb = 0x7f14d43369e0, c_starttime = 1419822255, 
c_activitytime = 1419822255, c_connid = 15472, c_peer_domain = {bv_len = 
7, bv_val = 0x7f14d495fdc0 "unknown"}, c_peer_name = {
     bv_len = 18, bv_val = 0x7f14d495be10 "IP=127.0.0.1:52784"}, 
c_listener = 0x231d210, c_sasl_bind_mech = {bv_len = 0, bv_val = 0x0}, 
c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = {
     bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x2388eb0, 
c_authz_cookie = 0x0, c_authz = {sai_method = 128, sai_mech = {bv_len = 
0, bv_val = 0x0}, sai_dn = {bv_len = 7,
       bv_val = 0x7f14a8adeef0 "dc=ldap"}, sai_ndn = {bv_len = 7, bv_val 
= 0x7f14a8c3e860 "dc=ldap"}, sai_ssf = 0, sai_transport_ssf = 0, 
sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 3, c_ops = {
     stqh_first = 0x7f14c13dfa50, stqh_last = 0x7f14c13dfbb8}, 
c_pending_ops = {stqh_first = 0x0, stqh_last = 0x7f15178fe4b8}, 
c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
       __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = 
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, 
__align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0,
       __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 
0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 
times>, __align = 0}, c_write2_mutex = {__data = {__lock = 0,
       __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, 
__elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' 
<repeats 39 times>, __align = 0}, c_write2_cv = {__data = {
       __lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, 
__woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, 
__size = '\000' <repeats 47 times>, __align = 0},
   c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000', 
c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_is_tls = 
0 '\000', c_needs_tls_accept = 0 '\000', c_sasl_layers = 0 '\000',
   c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0, 
c_sasl_extra = 0x0, c_sasl_bindop = 0x0, c_pagedresults_state = {ps_be = 
0x0, ps_size = 0, ps_count = 0, ps_cookie = 0,
     ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 3, 
c_n_ops_executing = 1, c_n_ops_pending = 0, c_n_ops_completed = 2, 
c_n_get = 3, c_n_read = 3, c_n_write = 0, c_extensions = 0x0,
   c_clientfunc = 0x0, c_clientarg = 0x0, c_send_ldap_result = 0x435340 
<slap_send_ldap_result>, c_send_search_entry = 0x435d80 
<slap_send_search_entry>,
   c_send_search_reference = 0x437270 <slap_send_search_reference>, 
c_send_ldap_extended = 0x435a50 <slap_send_ldap_extended>, 
c_send_ldap_intermediate = 0x435bf0 <slap_send_ldap_intermediate>}
Prev by Date: (ITS#8012) SIGSEGV while disconnect/abandon
Next by Date: Re: (ITS#8012) SIGSEGV while disconnect/abandon
Index(es):
- Chronological
- Thread