Bug 56868 - slapd crashes with segfault error 4 in libc-2.28.so
slapd crashes with segfault error 4 in libc-2.28.so
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 5.0
Other Linux
: P5 major (vote)
: UCS 5.0-6-errata
Assigned To: Arvid Requate
Florian Best
Depends on:
  Show dependency treegraph
Reported: 2023-11-23 11:50 CET by Wolfgang Bayrhof
Modified: 2024-01-12 08:52 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023110221000385
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Bayrhof univentionstaff 2023-11-23 11:50:33 CET
The crash occurs sporadically on more than one dc with UCS 5.0-5 errata857 in the same environment. After the crash the slapd must be restarted. 

This can be found in the syslog:

kernel: [395685.642153] slapd[1134]: segfault at 65640042005d ip 00007ff928034b7d sp 00007ff812ffc100 error 4 in libc-2.28.so[7ff927fd2000+147000]
kernel: [395685.642174] Code: 89 ee 48 89 df 5b 5d e9 11 fd ff ff 90 53 48 83 ec 10 48 8b 05 8c 53 13 00 48 8b 00 48 85 c0 0f 85 88 00 00 00 48 85 ff 74 73 <48> 8b 47 f8 48 8d 77 f0 a8 02 75 37 48 8b 15 e8 51 13 00 64 48 83
systemd[1]: slapd.service: Main process exited, code=killed, status=11/SEGV
systemd[1]: slapd.service: Failed with result 'signal'.
Comment 1 Florian Best univentionstaff 2023-11-23 12:26:58 CET
We need more information:
Please let a core dump be created and then at least give us a backtrace ("thread apply all bt" command in gdb, best with LDAP *-dbg packages installed).
A USI is helpful as well.
Is the ppolicy overlay module activated?
Are any cool solutions installed?
which apps are installed? "univention-app info"
Comment 2 Arvid Requate univentionstaff 2023-11-29 11:15:07 CET
Backtrace of all threads is attached to the ticket.

The core dump occurs in a code path that involves a call to "_gss_ntlm_acquire_cred" and the client
appears t be a Microsoft Windows client.

I analyzed the backtrace again and found that three of the threads show the usage of "GSS-SPNEGO"
as SASL mech (maybe as default). Felix research for Bug 43732 may help here to avoid this code path.
So I recommended that the customer checks if the issue persists after adjusting the following:

echo "mech_list: EXTERNAL gssapi DIGEST-MD5 CRAM-MD5 LOGIN SAML PLAIN" \
    >> /etc/ldap/sasl2/slapd.conf
systemctl restart slapd.server
Comment 3 Wolfgang Bayrhof univentionstaff 2023-12-28 17:08:11 CET
The customer informed us that there have been no more crashes since adding the mech_list.
Comment 4 Arvid Requate univentionstaff 2024-01-02 13:50:22 CET
2678fa4ad6 | New UCR variable ldap/server/sasl/mech_list

Package built

Package: univention-management-console
Version: 12.0.32-3
Branch: ucs_5.0-0
Scope: errata5.0-6
Comment 5 Florian Best univentionstaff 2024-01-03 17:44:49 CET
OK: SASL server mechanisms are configurable via UCRv ldap/server/sasl/mech_list
OK: change of default removes NTLM and GSS-SPNEGO:
# ldapsearch -LLLx -b '' -s base supportedSASLMechanisms                                                                                                                                                                        
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
# univention-upgrade
# systemctl restart slapd.service
# ldapsearch -LLLx -b '' -s base supportedSASLMechanisms
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

OK: NTLM: Not provided by slapd at all.
OK: GSS-SPNEGO (Simple and Protected GSS-API Negotiation): causes the above error, chosen by windows client where we don't have the control over the clients chose.
We don't specify anything preferred SASL_MECH in our client conf /etc/ldap/ldap.conf.
OK: Code review
OK: no slapd restart during/after the upgrade. Change will apply with the next restart.
REOPEN: No advisory YAML exists.
Comment 6 Florian Best univentionstaff 2024-01-03 17:56:45 CET
Maybe related: Bug #46862
Comment 7 Arvid Requate univentionstaff 2024-01-04 10:23:23 CET
Sorry, the advisory was still sitting on my notebook, now I checked it in: 

19e47afed2 | Advisory
Comment 8 Florian Best univentionstaff 2024-01-04 10:49:17 CET
OK: Advisory
Comment 9 Mirac Erdemiroglu univentionstaff 2024-01-12 08:52:08 CET
Bug is fixed with Erratum 914