[email protected] wrote: > Full_Name: Jan Synacek > Version: master > OS: Linux - Fedora 18 > URL: > http://jsynacek.fedorapeople.org/openldap/slaptest/0001-Fix-segfault-in-slaptest.patch > Submission from: (NULL) (209.132.186.34) > > > Consider the following configuration: > http://jsynacek.fedorapeople.org/openldap/slaptest/slapd-segfault.conf > > When an overlay is specified after the 'database monitor', slaptest segfaults. > I'm not sure whether such configuration makes much sense, however I think that > slaptest shouldn't segfault. > > To reproduce, use the above config and run: > slapd -Tt -f slapd-segfault.conf -F /path/to/a/dir
Unable to reproduce any of this. No crash, and no uninit'd memory references in valgrind. I think something is corrupted in your source or build tree. > > Backtrace: > #0 0x0000003385009b70 in pthread_mutex_lock () from > /usr/lib64/libpthread.so.0 > #1 0x00007ffff7da524d in ldap_pvt_thread_mutex_lock (mutex=0x25) at > thr_posix.c:296 > #2 0x00000000005574b9 in monitor_cache_get (mi=0x1d, ndn=0x7fffffffde30, > ep=0x7fffffffde28) at cache.c:161 > #3 0x000000000051a10d in monitor_back_unregister_entry_attrs > (ndn_in=0x908230, > target_a=0x0, target_cb=0xa70030, > nbase=0x0, scope=0, filter=0x0) at init.c:1520 > #4 0x000000000051a5b0 in monitor_back_unregister_entry_callback > (ndn=0x908230, > cb=0xa70030, nbase=0x0, scope=0, > filter=0x0) at init.c:1632 > #5 0x00000000004f6f19 in bdb_monitor_db_close (be=0x907d70) at monitor.c:500 > #6 0x00000000004ef0b4 in bdb_db_close (be=0x907d70, cr=0x0) at init.c:595 > #7 0x0000000000454ad5 in backend_shutdown (be=0x907d70) at backend.c:383 > #8 0x00000000004814a9 in slap_shutdown (be=0x0) at init.c:232 > #9 0x00000000004de90d in slap_tool_destroy () at slapcommon.c:936 > #10 0x00000000004e0435 in slaptest (argc=6, argv=0x7fffffffe228) at > slaptest.c:116 > #11 0x000000000041a9f5 in main (argc=6, argv=0x7fffffffe228) at main.c:665 > > Notice the corrupt 'mi' pointer in frame #2. > > The segfault does not always appear, so here is the corresponding valgrind > output: > ==6751== Memcheck, a memory error detector > ==6751== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. > ==6751== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info > ==6751== Command: > /home/jsynacek/work/2-upstream/openldap-git/servers/slapd/.libs/lt-slapd > -Tt -f slapd-segfault.conf -F ./testconf > ==6751== > 51c1a34e bdb_db_open: database "dc=example,dc=com": unclean shutdown detected; > attempting recovery. > 51c1a34e bdb_db_open: warning - no DB_CONFIG file found in directory > /var/lib/ldap: (2). > Expect poor performance for suffix "dc=example,dc=com". > 51c1a34e bdb_db_open: database "dc=example,dc=com": recovery skipped in > read-only mode. Run manual recovery if errors are encountered. > config file testing succeeded > ==6751== Conditional jump or move depends on uninitialised value(s) > ==6751== at 0x519E9D: monitor_back_unregister_entry_attrs (init.c:1473) > ==6751== by 0x51A5AF: monitor_back_unregister_entry_callback (init.c:1632) > ==6751== by 0x4F6F18: bdb_monitor_db_close (monitor.c:500) > ==6751== by 0x4EF0B3: bdb_db_close (init.c:595) > ==6751== by 0x454AD4: backend_shutdown (backend.c:383) > ==6751== by 0x4814A8: slap_shutdown (init.c:232) > ==6751== by 0x4DE90C: slap_tool_destroy (slapcommon.c:936) > ==6751== by 0x4E0434: slaptest (slaptest.c:116) > ==6751== by 0x41A9F4: main (main.c:665) > ==6751== > ==6751== Conditional jump or move depends on uninitialised value(s) > ==6751== at 0x5573EA: monitor_cache_get (cache.c:150) > ==6751== by 0x51A10C: monitor_back_unregister_entry_attrs (init.c:1520) > ==6751== by 0x51A5AF: monitor_back_unregister_entry_callback (init.c:1632) > ==6751== by 0x4F6F18: bdb_monitor_db_close (monitor.c:500) > ==6751== by 0x4EF0B3: bdb_db_close (init.c:595) > ==6751== by 0x454AD4: backend_shutdown (backend.c:383) > ==6751== by 0x4814A8: slap_shutdown (init.c:232) > ==6751== by 0x4DE90C: slap_tool_destroy (slapcommon.c:936) > ==6751== by 0x4E0434: slaptest (slaptest.c:116) > ==6751== by 0x41A9F4: main (main.c:665) > ==6751== > ==6751== Use of uninitialised value of size 8 > ==6751== at 0x3385009B70: pthread_mutex_lock (in > /usr/lib64/libpthread-2.16.so) > ==6751== by 0x4C2524C: ldap_pvt_thread_mutex_lock (thr_posix.c:296) > ==6751== by 0x5574B8: monitor_cache_get (cache.c:161) > ==6751== by 0x51A10C: monitor_back_unregister_entry_attrs (init.c:1520) > ==6751== by 0x51A5AF: monitor_back_unregister_entry_callback (init.c:1632) > ==6751== by 0x4F6F18: bdb_monitor_db_close (monitor.c:500) > ==6751== by 0x4EF0B3: bdb_db_close (init.c:595) > ==6751== by 0x454AD4: backend_shutdown (backend.c:383) > ==6751== by 0x4814A8: slap_shutdown (init.c:232) > ==6751== by 0x4DE90C: slap_tool_destroy (slapcommon.c:936) > ==6751== by 0x4E0434: slaptest (slaptest.c:116) > ==6751== by 0x41A9F4: main (main.c:665) > ==6751== > ==6751== Invalid read of size 4 > ==6751== at 0x3385009B70: pthread_mutex_lock (in > /usr/lib64/libpthread-2.16.so) > ==6751== by 0x4C2524C: ldap_pvt_thread_mutex_lock (thr_posix.c:296) > ==6751== by 0x5574B8: monitor_cache_get (cache.c:161) > ==6751== by 0x51A10C: monitor_back_unregister_entry_attrs (init.c:1520) > ==6751== by 0x51A5AF: monitor_back_unregister_entry_callback (init.c:1632) > ==6751== by 0x4F6F18: bdb_monitor_db_close (monitor.c:500) > ==6751== by 0x4EF0B3: bdb_db_close (init.c:595) > ==6751== by 0x454AD4: backend_shutdown (backend.c:383) > ==6751== by 0x4814A8: slap_shutdown (init.c:232) > ==6751== by 0x4DE90C: slap_tool_destroy (slapcommon.c:936) > ==6751== by 0x4E0434: slaptest (slaptest.c:116) > ==6751== by 0x41A9F4: main (main.c:665) > ==6751== Address 0x37 is not stack'd, malloc'd or (recently) free'd > ==6751== > ==6751== > ==6751== Process terminating with default action of signal 11 (SIGSEGV) > ==6751== Access not within mapped region at address 0x37 > ==6751== at 0x3385009B70: pthread_mutex_lock (in > /usr/lib64/libpthread-2.16.so) > ==6751== by 0x4C2524C: ldap_pvt_thread_mutex_lock (thr_posix.c:296) > ==6751== by 0x5574B8: monitor_cache_get (cache.c:161) > ==6751== by 0x51A10C: monitor_back_unregister_entry_attrs (init.c:1520) > ==6751== by 0x51A5AF: monitor_back_unregister_entry_callback (init.c:1632) > ==6751== by 0x4F6F18: bdb_monitor_db_close (monitor.c:500) > ==6751== by 0x4EF0B3: bdb_db_close (init.c:595) > ==6751== by 0x454AD4: backend_shutdown (backend.c:383) > ==6751== by 0x4814A8: slap_shutdown (init.c:232) > ==6751== by 0x4DE90C: slap_tool_destroy (slapcommon.c:936) > ==6751== by 0x4E0434: slaptest (slaptest.c:116) > ==6751== by 0x41A9F4: main (main.c:665) > ==6751== If you believe this happened as a result of a stack > ==6751== overflow in your program's main thread (unlikely but > ==6751== possible), you can try to increase the size of the > ==6751== main thread stack using the --main-stacksize= flag. > ==6751== The main thread stack size used in this run was 8388608. > ==6751== > ==6751== HEAP SUMMARY: > ==6751== in use at exit: 1,784,260 bytes in 10,532 blocks > ==6751== total heap usage: 20,806 allocs, 10,274 frees, 4,333,045 bytes > allocated > ==6751== > ==6751== LEAK SUMMARY: > ==6751== definitely lost: 16 bytes in 1 blocks > ==6751== indirectly lost: 0 bytes in 0 blocks > ==6751== possibly lost: 0 bytes in 0 blocks > ==6751== still reachable: 1,784,244 bytes in 10,531 blocks > ==6751== suppressed: 0 bytes in 0 blocks > ==6751== Rerun with --leak-check=full to see details of leaked memory > ==6751== > ==6751== For counts of detected and suppressed errors, rerun with: -v > ==6751== Use --track-origins=yes to see where uninitialised values come from > ==6751== ERROR SUMMARY: 11 errors from 9 contexts (suppressed: 2 from 2) > > I'm not sure if my patch is correct. I feel it's more like a workaround, so > feel > free to modify it if that's the case. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
