Bug#1040382: slapd: debian12 ships with slapd-2.5.13+dfsg-5 which crashes (segfault in dynlist.la).
Bernhard Übelacker
bernhardu at mailbox.org
Tue Apr 2 21:32:26 BST 2024
On Wed, 24 Jan 2024 15:07:46 +0100 wouldsmina <wouldsmina at gmail.com> wrote:
> 2024-01-24T09:38:16.810558+01:00 ldap kernel: [ 1553.168747] slapd[13335]: segfault at 0 ip 00007fc2370b49c1 sp 00007fbd359fc0c0 error 4 in dynlist-2.5.so.0.1.8[7fc2370b1000+6000] likely on CPU 1 (core 0, socket 2)
> 2024-01-24T09:38:16.810568+01:00 ldap kernel: [ 1553.168761] Code: 48 29 d0 48 89 d7 48 89 c1 31 c0 83 c1 6c c1 e9 03 f3 48 ab 48 8b 84 24 10 02 00 00 4c 89 ef c7 84 24 a0 00 00 00 03 00 00 00 <48> 8b 00 ff 50 78 44 39 73 64 74 09 45 84 e4 0f 85 22 03 00 00 48
Hello,
I tried to get back to the source line of this dmesg output, maybe it is of any help.
It points to:
dynlist_search at ../../../../../servers/slapd/overlays/dynlist.c:1817
1817 (void)o.o_bd->be_search( &o, &r );
This is the same line shown in the attachment of the upstream bug report.
Attached file shows how I got to this line.
Kind regards,
Bernhard
-------------- next part --------------
slapd[13335]: segfault at 0 ip 00007fc2370b49c1 sp 00007fbd359fc0c0 error 4 in dynlist-2.5.so.0.1.8[7fc2370b1000+6000] likely on CPU 1 (core 0, socket 2)
Code: 48 29 d0 48 89 d7 48 89 c1 31 c0 83 c1 6c c1 e9 03 f3 48 ab 48 8b 84 24 10 02 00 00 4c 89 ef c7 84 24 a0 00 00 00 03 00 00 00 <48> 8b 00 ff 50 78 44 39 73 64 74 09 45 84 e4 0f 85 22 03 00 00 48
https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
error 4 == 0b00000100
bit 0 == 0: no page found
bit 1 == 0: read access
bit 2 == 1: user-mode access
echo -n "find /b ..., ..., 0x" && \
echo "48 29 d0 48 89 d7 48 89 c1 31 c0 83 c1 6c c1 e9 03 f3 48 ab 48 8b 84 24 10 02 00 00 4c 89 ef c7 84 24 a0 00 00 00 03 00 00 00 <48> 8b 00 ff 50 78 44 39 73 64 74 09 45 84 e4 0f 85 22 03 00 00 48" \
| sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0x48, 0x29, 0xd0, 0x48, 0x89, 0xd7, 0x48, 0x89, 0xc1, 0x31, 0xc0, 0x83, 0xc1, 0x6c, 0xc1, 0xe9, 0x03, 0xf3, 0x48, 0xab, 0x48, 0x8b, 0x84, 0x24, 0x10, 0x02, 0x00, 0x00, 0x4c, 0x89, 0xef, 0xc7, 0x84, 0x24, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x00, 0xff, 0x50, 0x78, 0x44, 0x39, 0x73, 0x64, 0x74, 0x09, 0x45, 0x84, 0xe4, 0x0f, 0x85, 0x22, 0x03, 0x00, 0x00, 0x48
# 2024-04-02 stable/bookworm amd64 qemu VM
apt install gdb slapd slapd-dbgsym
mkdir /home/benutzer/source/slapd/orig -p
cd /home/benutzer/source/slapd/orig
apt source slapd
gdb -q
set width 0
set pagination off
file /usr/sbin/slapd
tb main
run
call dlopen("/usr/lib/ldap/dynlist-2.5.so.0.1.8",0x102)
pipe info target | grep "\.text"
find /b 0x00007ffff74874a0, 0x00007ffff748ccaa, 0x48, 0x29, 0xd0, 0x48, 0x89, 0xd7, 0x48, 0x89, 0xc1, 0x31, 0xc0, 0x83, 0xc1, 0x6c, 0xc1, 0xe9, 0x03, 0xf3, 0x48, 0xab, 0x48, 0x8b, 0x84, 0x24, 0x10, 0x02, 0x00, 0x00, 0x4c, 0x89, 0xef, 0xc7, 0x84, 0x24, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x00, 0xff, 0x50, 0x78, 0x44, 0x39, 0x73, 0x64, 0x74, 0x09, 0x45, 0x84, 0xe4, 0x0f, 0x85, 0x22, 0x03, 0x00, 0x00, 0x48
b * (0x7ffff748a997 + 42)
info b
disassemble /r 0x7ffff748a997, 0x7ffff748a997 + 62
directory /home/benutzer/source/slapd/orig/openldap-2.5.13+dfsg/servers/slapd/overlays
benutzer at debian:~$ gdb -q
(gdb) set width 0
(gdb) set pagination off
(gdb) file /usr/sbin/slapd
Reading symbols from /usr/sbin/slapd...
Reading symbols from /usr/lib/debug/.build-id/40/63a68f1de0ddfe5b5d68cb4f6869587bda460a.debug...
(gdb) tb main
Temporary breakpoint 1 at 0x20b50: file ../../../../servers/slapd/main.c, line 408.
(gdb) run
Starting program: /usr/sbin/slapd
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Temporary breakpoint 1, main (argc=1, argv=0x7fffffffe4d8) at ../../../../servers/slapd/main.c:408
408 ../../../../servers/slapd/main.c: Datei oder Verzeichnis nicht gefunden.
(gdb) call dlopen("/usr/lib/ldap/dynlist-2.5.so.0.1.8",0x102)
$1 = (void *) 0x5555557231f0
(gdb) pipe info target | grep "\.text"
0x0000555555574aa0 - 0x00005555556375c4 is .text
0x00007ffff7fcc060 - 0x00007ffff7ff0d51 is .text in /lib64/ld-linux-x86-64.so.2
0x00007ffff7fc96b0 - 0x00007ffff7fc9ced is .text in system-supplied DSO at 0x7ffff7fc9000
0x00007ffff7f72260 - 0x00007ffff7fa8f06 is .text in /lib/x86_64-linux-gnu/libldap-2.5.so.0
0x00007ffff7f53670 - 0x00007ffff7f5a22a is .text in /lib/x86_64-linux-gnu/liblber-2.5.so.0
0x00007ffff7f365b0 - 0x00007ffff7f47005 is .text in /lib/x86_64-linux-gnu/libsasl2.so.2
0x00007ffff7ef9040 - 0x00007ffff7f0e33c is .text in /lib/x86_64-linux-gnu/libcrypt.so.1
0x00007ffff7edf010 - 0x00007ffff7eeefdd is .text in /lib/x86_64-linux-gnu/libslapi-2.5.so.0
0x00007ffff7ecb490 - 0x00007ffff7ecf5e6 is .text in /lib/x86_64-linux-gnu/libltdl.so.7
0x00007ffff7ec06e0 - 0x00007ffff7ec415e is .text in /lib/x86_64-linux-gnu/libwrap.so.0
0x00007ffff7d02380 - 0x00007ffff7e55f2d is .text in /lib/x86_64-linux-gnu/libc.so.6
0x00007ffff7a3aac0 - 0x00007ffff7b69520 is .text in /lib/x86_64-linux-gnu/libgnutls.so.30
0x00007ffff7cc6980 - 0x00007ffff7cd25ce is .text in /lib/x86_64-linux-gnu/libnsl.so.2
0x00007ffff78f78a0 - 0x00007ffff798f07c is .text in /lib/x86_64-linux-gnu/libp11-kit.so.0
0x00007ffff7c903d0 - 0x00007ffff7c96f6e is .text in /lib/x86_64-linux-gnu/libidn2.so.0
0x00007ffff7729000 - 0x00007ffff7767cf6 is .text in /lib/x86_64-linux-gnu/libunistring.so.2
0x00007ffff7c7c390 - 0x00007ffff7c87c4f is .text in /lib/x86_64-linux-gnu/libtasn1.so.6
0x00007ffff7c38ca0 - 0x00007ffff7c5e468 is .text in /lib/x86_64-linux-gnu/libnettle.so.8
0x00007ffff76d6f00 - 0x00007ffff76e8cc1 is .text in /lib/x86_64-linux-gnu/libhogweed.so.6
0x00007ffff7658640 - 0x00007ffff76b32c0 is .text in /lib/x86_64-linux-gnu/libgmp.so.10
0x00007ffff7627160 - 0x00007ffff7640e58 is .text in /lib/x86_64-linux-gnu/libtirpc.so.3
0x00007ffff7c1f2e0 - 0x00007ffff7c2491e is .text in /lib/x86_64-linux-gnu/libffi.so.8
0x00007ffff75d9540 - 0x00007ffff760cf8e is .text in /lib/x86_64-linux-gnu/libgssapi_krb5.so.2
0x00007ffff75177d0 - 0x00007ffff7573f4f is .text in /lib/x86_64-linux-gnu/libkrb5.so.3
0x00007ffff74c74a0 - 0x00007ffff74e0ccb is .text in /lib/x86_64-linux-gnu/libk5crypto.so.3
0x00007ffff74bf280 - 0x00007ffff74bfda9 is .text in /lib/x86_64-linux-gnu/libcom_err.so.2
0x00007ffff74b2630 - 0x00007ffff74b7d7f is .text in /lib/x86_64-linux-gnu/libkrb5support.so.0
0x00007ffff74aa270 - 0x00007ffff74ab289 is .text in /lib/x86_64-linux-gnu/libkeyutils.so.1
0x00007ffff749a370 - 0x00007ffff74a1f25 is .text in /lib/x86_64-linux-gnu/libresolv.so.2
0x00007ffff74874a0 - 0x00007ffff748ccaa is .text in /usr/lib/ldap/dynlist-2.5.so.0.1.8
(gdb) find /b 0x00007ffff74874a0, 0x00007ffff748ccaa, 0x48, 0x29, 0xd0, 0x48, 0x89, 0xd7, 0x48, 0x89, 0xc1, 0x31, 0xc0, 0x83, 0xc1, 0x6c, 0xc1, 0xe9, 0x03, 0xf3, 0x48, 0xab, 0x48, 0x8b, 0x84, 0x24, 0x10, 0x02, 0x00, 0x00, 0x4c, 0x89, 0xef, 0xc7, 0x84, 0x24, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x00, 0xff, 0x50, 0x78, 0x44, 0x39, 0x73, 0x64, 0x74, 0x09, 0x45, 0x84, 0xe4, 0x0f, 0x85, 0x22, 0x03, 0x00, 0x00, 0x48
0x7ffff748a997 <dynlist_search+599>
1 pattern found.
(gdb) b * (0x7ffff748a997 + 42)
Breakpoint 2 at 0x7ffff748a9c1: file ../../../../../servers/slapd/overlays/dynlist.c, line 1817.
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff748a9c1 in dynlist_search at ../../../../../servers/slapd/overlays/dynlist.c:1817
(gdb) disassemble /r 0x7ffff748a997, 0x7ffff748a997 + 62
Dump of assembler code from 0x7ffff748a997 to 0x7ffff748a9d5:
0x00007ffff748a997 <dynlist_search+599>: 48 29 d0 sub %rdx,%rax
0x00007ffff748a99a <dynlist_search+602>: 48 89 d7 mov %rdx,%rdi
0x00007ffff748a99d <dynlist_search+605>: 48 89 c1 mov %rax,%rcx
0x00007ffff748a9a0 <dynlist_search+608>: 31 c0 xor %eax,%eax
0x00007ffff748a9a2 <dynlist_search+610>: 83 c1 6c add $0x6c,%ecx
0x00007ffff748a9a5 <dynlist_search+613>: c1 e9 03 shr $0x3,%ecx
0x00007ffff748a9a8 <dynlist_search+616>: f3 48 ab rep stos %rax,%es:(%rdi)
0x00007ffff748a9ab <dynlist_search+619>: 48 8b 84 24 10 02 00 00 mov 0x210(%rsp),%rax
0x00007ffff748a9b3 <dynlist_search+627>: 4c 89 ef mov %r13,%rdi
0x00007ffff748a9b6 <dynlist_search+630>: c7 84 24 a0 00 00 00 03 00 00 00 movl $0x3,0xa0(%rsp)
0x00007ffff748a9c1 <dynlist_search+641>: 48 8b 00 mov (%rax),%rax
0x00007ffff748a9c4 <dynlist_search+644>: ff 50 78 call *0x78(%rax)
0x00007ffff748a9c7 <dynlist_search+647>: 44 39 73 64 cmp %r14d,0x64(%rbx)
0x00007ffff748a9cb <dynlist_search+651>: 74 09 je 0x7ffff748a9d6 <dynlist_search+662>
0x00007ffff748a9cd <dynlist_search+653>: 45 84 e4 test %r12b,%r12b
0x00007ffff748a9d0 <dynlist_search+656>: 0f 85 22 03 00 00 jne 0x7ffff748acf8 <dynlist_search+1464>
End of assembler dump.
(gdb) directory /home/benutzer/source/slapd/orig/openldap-2.5.13+dfsg/servers/slapd/overlays
Source directories searched: /home/benutzer/source/slapd/orig/openldap-2.5.13+dfsg/servers/slapd/overlays:$cdir:$cwd
(gdb) list dynlist.c:1817
1812 an[0].an_desc = dli->dli_ad;
1813 an[0].an_name = dli->dli_ad->ad_cname;
1814 found = ds->ds_found;
1815 {
1816 SlapReply r = { REP_SEARCH };
1817 (void)o.o_bd->be_search( &o, &r );
1818 }
1819 if ( found != ds->ds_found && nested )
1820 dynlist_nestlink( op, ds );
1821 }
(gdb)
More information about the Pkg-openldap-devel
mailing list