Re: openldap-server exit on signal 6 on 11.1 (and not in 10.3)

[Dimitry Andric]

On 9 Feb 2018, at 09:33, joris dedieu  wrote:
> 
> Dear porters,
> 
> While moving from 10.3 to 11.1, I get an issue on openldap execution.
> slapd dies (pid 29087 (slapd), uid 389: exited on signal 6) on some
> complex but reproducible operations.
> 
> We worked around this bug by returning less elements from the request.
> While my dear colleges are trying to write a script to reproduce the
> issue, I investigate system side.
> 
> 
> In /var/log/messages, I got slapd[4909]: stack overflow detected; terminated
> 
> The only trace I get
> 
> #0  0x000801f7a71a in kill () from /lib/libc.so.7
> #1  0x000801f7a6d0 in __stack_chk_fail () from /lib/libc.so.7
> #2  0x000801f7a640 in __stack_chk_fail () from /lib/libc.so.7
> #3  0x004466e6 in do_modify ()
> #4  0x004308d5 in connection_assign_nextid ()
> #5  0x004300dd in connection_read_activate ()
> #6  0x000800956ffa in ldap_pvt_thread_pool_submit () from
> /usr/local/lib/libldap_r-2.4.so.2
> #7  0x000801c71bc5 in pthread_create () from /lib/libthr.so.3
> #8  0x in ?? ()
> 
> I suspect it's relative to -fstack-protector-strong  which is the
> default since FreeBSD 11.0. Do you think I should rebuild all the
> world this opion ?
> 
> I also thought on fdatasync
> 
> .if ${OSVERSION} < 1101000
> CFLAGS+=-DMDB_DSYNC=O_SYNC -Dfdatasync=fsync
> .endif
> 
> I'm currently investigating on this changes.
> 
> The issue disappear when slapd is compiled with debugging symbols
> (WITH_DEBUG=YES). As far as I understand, this only cause -g flag to
> be added to CFLAGS. Does WITH_DEBUG also disable some compiler
> optimization  ?

Yes, WITH_DEBUG unfortunately removes all -O options from the compiler
flags, making it sometimes hard to debug, if any crashes disappear. :)

Try applying the following patch to your ports tree, and rebuilding the port:

Index: Mk/bsd.port.mk
===
--- Mk/bsd.port.mk  (revision 461038)
+++ Mk/bsd.port.mk  (working copy)
@@ -1743,7 +1743,7 @@ MAKE_ENV+=DONTSTRIP=yes
 STRIP_CMD= ${TRUE}
 .endif
 DEBUG_FLAGS?=  -g
-CFLAGS:=   ${CFLAGS:N-O*:N-fno-strict*} ${DEBUG_FLAGS}
+CFLAGS:=   ${CFLAGS} ${DEBUG_FLAGS}
 .if defined(INSTALL_TARGET)
 INSTALL_TARGET:=   ${INSTALL_TARGET:S/^install-strip$/install/g}
 .endif

-Dimitry



signature.asc
Description: Message signed with OpenPGP

Re: openldap-server exit on signal 6 on 11.1 (and not in 10.3)

[Xin LI]

Hi,


On Fri, Feb 9, 2018 at 12:33 AM joris dedieu  wrote:

> Dear porters,
>
> While moving from 10.3 to 11.1, I get an issue on openldap execution.
> slapd dies (pid 29087 (slapd), uid 389: exited on signal 6) on some
> complex but reproducible operations.
>
> We worked around this bug by returning less elements from the request.
> While my dear colleges are trying to write a script to reproduce the
> issue, I investigate system side.
>
>
> In /var/log/messages, I got slapd[4909]: stack overflow detected;
> terminated
>
> The only trace I get
>
> #0  0x000801f7a71a in kill () from /lib/libc.so.7
> #1  0x000801f7a6d0 in __stack_chk_fail () from /lib/libc.so.7
> #2  0x000801f7a640 in __stack_chk_fail () from /lib/libc.so.7
> #3  0x004466e6 in do_modify ()
> #4  0x004308d5 in connection_assign_nextid ()
> #5  0x004300dd in connection_read_activate ()
> #6  0x000800956ffa in ldap_pvt_thread_pool_submit () from
> /usr/local/lib/libldap_r-2.4.so.2
> #7  0x000801c71bc5 in pthread_create () from /lib/libthr.so.3
> #8  0x in ?? ()
>

​I have never seen this on my own systems.


> I suspect it's relative to -fstack-protector-strong  which is the
> default since FreeBSD 11.0. Do you think I should rebuild all the
> world this opion ?
>

Is the slapd binary from 10.3 (still considered a bug in this case), or
have you rebuilt it?  If you have coredumps, please try to collect
additional information on do_modify() as this might indicate a security
issue as well.  Reporting this to upstream (openldap.org) would usually be
helpful if you believe it's an OpenLDAP bug.

Cheers,​



>
> I also thought on fdatasync
>
>  .if ${OSVERSION} < 1101000
> CFLAGS+=-DMDB_DSYNC=O_SYNC -Dfdatasync=fsync
> .endif
>
> I'm currently investigating on this changes.
>
> The issue disappear when slapd is compiled with debugging symbols
> (WITH_DEBUG=YES). As far as I understand, this only cause -g flag to
> be added to CFLAGS. Does WITH_DEBUG also disable some compiler
> optimization  ?
>
> Any thought on all this is welcomed
>
> Joris
>
>
> Openldap options :
> Name   : openldap-sasl-server
> Version: 2.4.45_4
> Installed on   : Thu Feb  8 16:16:45 2018 CET
> Origin : net/openldap24-server
> Architecture   : FreeBSD:11:amd64
> Prefix : /usr/local
> Categories : databases net
> Licenses   : OPENLDAP
> Maintainer : delp...@freebsd.org
> WWW: http://www.OpenLDAP.org/
> Comment: Open source LDAP server implementation
> Options:
> ACCESSLOG  : on
> ACI: off
> AUDITLOG   : off
> BDB: off
> COLLECT: off
> CONSTRAINT : off
> DDS: off
> DEBUG  : off
> DEREF  : off
> DNSSRV : off
> DYNACL : off
> DYNAMIC_BACKENDS: on
> DYNGROUP   : off
> DYNLIST: off
> FETCH  : off
> GSSAPI : on
> KQUEUE : off
> LASTBIND   : off
> LMPASSWD   : off
> MDB: on
> MEMBEROF   : off
> ODBC   : off
> OUTLOOK: off
> PASSWD : off
> PERL   : off
> PPOLICY: on
> PROXYCACHE : off
> REFINT : off
> RELAY  : off
> RETCODE: off
> RLOOKUPS   : off
> RWM: off
> SASL   : on
> SEQMOD : off
> SHA2   : off
> SHELL  : off
> SLAPI  : off
> SLP: off
> SMBPWD : off
> SOCK   : off
> SSSVLV : off
> SYNCPROV   : on
> TCP_WRAPPERS   : off
> TRANSLUCENT: off
> UNIQUE : off
> VALSORT: off
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"