[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8950) segfault with TXN+accesslog

To: openldap-its@OpenLDAP.org
Subject: (ITS#8950) segfault with TXN+accesslog
From: ondra@openldap.org
Date: Wed, 02 Jan 2019 13:26:21 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ondrej Kuznik
Version: master
OS: Linux
URL: 
Submission from: (NULL) (82.10.24.68)


Trying to reproduce a potential lockup between TXN support and accesslog, I have
instead come across a segfault in TXN handling.

With the following config:

database mdb
suffix cn=log
directory ./log

database mdb
suffix cn=test
directory ./db

overlay accesslog
logdb cn=log
logops writes

Make sure cn=test entry exists and issue ldapmodify -E '!txn=commit' with
dn: cn=test
changetype: modify

slapd segfaults with the following picked up by valgrind:
==10599== Invalid read of size 8
==10599==    at 0x509ACD: txn_end_extop (txn.c:243)
==10599==    by 0x49A7D9: fe_extended (extended.c:222)
==10599==    by 0x49A505: do_extended (extended.c:177)
==10599==    by 0x44F36D: connection_operation (connection.c:1169)
==10599==    by 0x44D52F: connection_read_thread (connection.c:1326)
==10599==    by 0x485869E: ldap_int_thread_pool_wrapper (tpool.c:1048)
==10599==    by 0x6886FA2: start_thread (pthread_create.c:486)
==10599==    by 0x699988E: clone (clone.S:95)
==10599==  Address 0xa552330 is on thread 3's stack
==10599==  4112 bytes below stack pointer
==10599==
==10599== Invalid read of size 8
==10599==    at 0x509AD0: txn_end_extop (txn.c:243)
==10599==    by 0x49A7D9: fe_extended (extended.c:222)
==10599==    by 0x49A505: do_extended (extended.c:177)
==10599==    by 0x44F36D: connection_operation (connection.c:1169)
==10599==    by 0x44D52F: connection_read_thread (connection.c:1326)
==10599==    by 0x485869E: ldap_int_thread_pool_wrapper (tpool.c:1048)
==10599==    by 0x6886FA2: start_thread (pthread_create.c:486)
==10599==    by 0x699988E: clone (clone.S:95)
==10599==  Address 0x20333d706f203108 is not stack'd, malloc'd or (recently)
free'd
==10599==
==10599==
==10599== Process terminating with default action of signal 11 (SIGSEGV)
==10599==  General Protection Fault
==10599==    at 0x509AD0: txn_end_extop (txn.c:243)
==10599==    by 0x49A7D9: fe_extended (extended.c:222)
==10599==    by 0x49A505: do_extended (extended.c:177)
==10599==    by 0x44F36D: connection_operation (connection.c:1169)
==10599==    by 0x44D52F: connection_read_thread (connection.c:1326)
==10599==    by 0x485869E: ldap_int_thread_pool_wrapper (tpool.c:1048)
==10599==    by 0x6886FA2: start_thread (pthread_create.c:486)
==10599==    by 0x699988E: clone (clone.S:95)

I doesn't seem to happen without accesslog configured.

Prev by Date: (ITS#8949) slapd crashes when adding first olcPlugin value
Next by Date: (ITS#8951) Replication stalls
Index(es):
- Chronological
- Thread