Univention Bugzilla – Full Text Bug Listing |
Summary: | slapd: Bus error | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | LDAP | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | best, brodersen, damrose, gulden, hahn, requate |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://en.wikipedia.org/wiki/Bus_error | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 4: Minor Usability: Impairs usability in secondary scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.137 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: |
data.mdb
bt full log strchrlen.patch |
Description
Felix Botner
2019-07-03 09:20:24 CEST
(In reply to Felix Botner from comment #0) > Jul 02 23:47:37 master091 slapd[17634]: Starting ldap server(s): slapd > ...failed. > Jul 02 23:47:37 master091 slapd[17634]: Bus error > Jul 02 23:47:37 master091 slapd[17634]: . SIGBUS is caused by unaligned memory access, most often caused by memory corruption. This might be a hardware defect, but more probably some corrupt data structure containing pointers. Without a core dump or access to an affected sytem there is nothing we can do. Again: UCS-4.4-1 AutotestJoin s4,master 29 @ 2019-08-06 Again in last nights tests: http://jenkins.knut.univention.de:8080/job/UCS-4.4/job/UCS-4.4-2/job/AutotestJoin/SambaVersion=no-samba,Systemrolle=member/ws/test/master/syslog (In reply to Erik Damrose from comment #3) > Again in last nights tests: > http://jenkins.knut.univention.de:8080/job/UCS-4.4/job/UCS-4.4-2/job/ > AutotestJoin/SambaVersion=no-samba,Systemrolle=member/ws/test/master/syslog Here is a forever stored version: https://bepasty.knut.univention.de/HxxUxCUw/+inline and again http://jenkins.knut.univention.de:8080/view/Seed%20Jobs/job/UCS-4.4/job/UCS-4.4-2/job/ADConnectorMultiEnv/Version=w2k12-german/ws/test/journalctl.log/*view*/ As we no longer remove the kvm instances if the setup fails, we may be able to investigate the situation on the live system (only KVM). Is there anything we should do in our test setups (activate core dumps? install dbg-symbols)? (In reply to Felix Botner from comment #6) > Is there anything we should do in our test setups (activate core dumps? > install dbg-symbols)? Yes, activate core dumps and save one. Created attachment 10230 [details]
data.mdb
And again. And with the attached database file (data.mdb) the problem can be reproduced, just by starting slapcat.
with dbg:
$ gdb slapcat
bt
#0 0x00005555555d0dc4 in strchrlen (len=<synthetic pointer>, ch=59 ';', end=0x7fff6bd62000 <error: Cannot access memory at address 0x7fff6bd62000>,
beg=0x7fff6bd61ff5 "entry-de-de"<error: Cannot access memory at address 0x7fff6bd62000>) at ../../../../servers/slapd/ad.c:148
#1 slap_bv2ad (bv=bv@entry=0x7fffffffdbe0, ad=ad@entry=0x7fffffffdbb8, text=text@entry=0x7fffffffdbb0) at ../../../../servers/slapd/ad.c:224
#2 0x00007fffee70e043 in mdb_ad_read (mdb=mdb@entry=0x555555a58240, txn=<optimized out>) at ../../../../../servers/slapd/back-mdb/attr.c:573
#3 0x00007fffee6fe4ad in mdb_db_open (be=0x7fffffffdd90, cr=0x7fffffffdf80) at ../../../../../servers/slapd/back-mdb/init.c:263
#4 0x00005555555fa601 in over_db_open (be=<optimized out>, cr=0x7fffffffdf80) at ../../../../servers/slapd/backover.c:149
#5 0x000055555559a317 in backend_startup_one (be=be@entry=0x555555a580a0, cr=cr@entry=0x7fffffffdf80) at ../../../../servers/slapd/backend.c:224
#6 0x000055555559a4cb in backend_startup (be=be@entry=0x555555a580a0) at ../../../../servers/slapd/backend.c:278
#7 0x00005555555bc0e1 in slap_startup (be=0x555555a580a0) at ../../../../servers/slapd/init.c:219
#8 0x00005555555ffc84 in slap_tool_init (progname=progname@entry=0x55555561d2c1 "slapcat", tool=tool@entry=2, argc=<optimized out>, argv=<optimized out>) at ../../../../servers/slapd/slapcommon.c:908
#9 0x00005555555fec90 in slapcat (argc=<optimized out>, argv=<optimized out>) at ../../../../servers/slapd/slapcat.c:53
#10 0x0000555555570867 in main (argc=1, argv=0x7fffffffe568) at ../../../../servers/slapd/main.c:410
Created attachment 10231 [details]
bt full log
Created attachment 10232 [details]
strchrlen.patch
Arvid already analyzed the problem and proposed a patch.
openldap-2.4.45+dfsg/servers/slapd/ad.c
static char *strchrlen(
const char *beg,
const char *end,
const char ch,
int *len )
{
const char *p;
for( p=beg; *p && p < end; p++ ) {
(gdb) print p
$1 = 0x7fff6bd62000 <error: Cannot access memory at address 0x7fff6bd62000>
(gdb) print *p
Cannot access memory at address 0x7fff6bd62000
(gdb) print end
$2 = 0x7fff6bd62000 <error: Cannot access memory at address 0x7fff6bd62000>
This "*p" is a bit optimistic, should be p < end and then *p.
- for( p=beg; *p && p < end; p++ ) {
+ for( p=beg; p < end && *p; p++ ) {
On my test machine, slapd/slapcat works fine with proposed patch.
The last line in the binary file is DMPropertyValueNotEditableO�univentionUDMPropertyCLIName �univentionUDMPropertyObjectClass�univentionUDMPropertyMultivalueuniventionUDMPropertyVersion$~univentionUDMPropertyLongDescription}univentionUDMPropertySyntax;|univentionUDMPropertyTranslationLongDescription;entry-de-de{univentionUDMPropertyModule%zuniventionUDMPropertyShortDescription<yuniventionUDMPropertyTranslationShortDescription;entry-de-de so this attribute univentionUDMPropertyTranslationShortDescription;entry-de-de name is the last thing in the database. Given that the mdb file is mapped into the memory, there is nothing after univentionUDMPropertyTranslationShortDescription;entry-de-de and strchrlen() fails. r18742 | 2.4.45+dfsg-1~bpo9+1-errata4.4-2/90_bug49780_slapd_bus_error.quilt 3cd5b4f0ed | Advisory OK - patch OK - slapd works with attached database file OK - yaml The OpenLDAP project switched from ITS to bugzilla, fortunately the IDs seem to have been preserved: https://bugs.openldap.org/show_bug.cgi?id=9128 |