Quanah Gibson-Mount wrote:
--On June 19, 2007 10:19:15 PM +0000 gao@schrodinger.com wrote:
Program received signal SIGABRT, Aborted. [Switching to Thread -1249219696 (LWP 7710)] 0xbfffe402 in __kernel_vsyscall () (gdb) bt full # 0 0xbfffe402 in __kernel_vsyscall () No symbol table info available. # 1 0xb7a8d429 in raise () from /lib/libc.so.6 No symbol table info available. # 2 0xb7a8e9d1 in abort () from /lib/libc.so.6 No symbol table info available. # 3 0xb7a86e51 in __assert_fail () from /lib/libc.so.6 No symbol table info available. # 4 0x080809c5 in send_ldap_response () No symbol table info available. # 5 0x0000000a in ?? () No symbol table info available. # 6 0x08150731 in ?? () No symbol table info available. # 7 0x08150731 in ?? () No symbol table info available. # 8 0xb58a61b4 in ?? () No symbol table info available. # 9 0xb58a5cac in ?? () No symbol table info available. # 10 0x00000000 in ?? () No symbol table info available.
Fairly worthless. You need to compile with -g and not strip the binary.
Alright, I believe I am getting closer with this:
==================================================================================== # gdb /tmp/debug/usr/lib/openldap/slapd GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run -d 0 -u ldap -g ldap -h 'ldap:// ldaps://' Starting program: /tmp/debug/usr/lib/openldap/slapd -d 0 -u ldap -g ldap -h 'ldap:// ldaps://' [Thread debugging using libthread_db enabled] [New Thread -1213049168 (LWP 28621)] [New Thread -1240032368 (LWP 28624)] [New Thread -1248425072 (LWP 28625)] [New Thread -1256817776 (LWP 28626)] slapd: result.c:364: send_ldap_response: Assertion `rs->sr_err != 0x0a' failed.
Program received signal SIGABRT, Aborted. [Switching to Thread -1248425072 (LWP 28625)] 0xbfffe402 in __kernel_vsyscall () (gdb) bt full #0 0xbfffe402 in __kernel_vsyscall () No symbol table info available. #1 0xb7b4f429 in raise () from /lib/libc.so.6 No symbol table info available. #2 0xb7b509d1 in abort () from /lib/libc.so.6 No symbol table info available. #3 0xb7b48e51 in __assert_fail () from /lib/libc.so.6 No symbol table info available. #4 0x080809c5 in send_ldap_response (op=0x827c760, rs=0xb59681b4) at result.c:364 berbuf = { buffer = "\002\000\001\000\000\000\000\000????\000\000\000\000\000\000\000\000\Pv?\Pv?8`v?<`v?\000\000\000\000H\212&\b", '\0' <repeats 211 times>, ialign = 65538, lalign = 65538, falign = 9.18382988e-41, dalign = 3.2380074297143616e-319, palign = 0x10002 <Address 0x10002 out of bounds>} ber = (BerElement *) 0xb5967a18 rc = <value optimized out> bytes = <value optimized out> __PRETTY_FUNCTION__ = "send_ldap_response" #5 0x08080caf in slap_send_ldap_extended (op=0x827c760, rs=0xb59681b4) at result.c:630 No locals. #6 0x080fa450 in ldap_chain_response (op=0x827c760, rs=0xb59681b4) ---Type <return> to continue, or q <return> to quit--- at chain.c:920 db = {bd_info = 0x820dc60, be_ctrls = "\000\001\001\001\000\000\001\000\001\000\001\001\001\000\001", '\0' <repeats 17 times>, "\001", be_flags = 37122, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x820e308, be_nsuffix = 0x820e240, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = { bv_len = 34, bv_val = 0x820e6d8 "cn=ldapadmin,dc=example,dc=com"}, be_rootndn = {bv_len = 34, bv_val = 0x820e718 "cn=ldapadmin,dc=example,dc=com"}, be_rootpw = { bv_len = 38, bv_val = 0x820e740 "{SSHA}f5kiigYucjOHoM0r9zDuwW0GjxVa9y1h"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 3000, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x81e2650, be_dfltaccess = ACL_READ, be_replica = 0x0, be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x8211100, be_pending_csn_list = 0x8259318, be_pcl_mutex = { __data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, { __spins = 0, __list = {__next = 0x0}}}, __size = '\0' <repeats 23 times>, __align = 0}, be_pcl_mutexp = 0x820e400, be_syncinfo = 0x8210fa0, be_pb = 0x0, be_cf_ocs = 0x81841e0, be_private = 0x820e438, be_next = {stqe_next = 0x0}} ---Type <return> to continue, or q <return> to quit--- lb = {lb_status = LDAP_CH_NONE, lb_lc = 0x820dd60, lb_op_f = 0, lb_depth = 0} sc = (slap_callback *) 0xb596811c sc2 = {sc_next = 0x0, sc_response = 0x80fa782 <ldap_chain_cb_response>, sc_cleanup = 0, sc_private = 0xb5967cbc} rc = 80 text = 0x0 matched = 0x0 ref = (BerVarray) 0x8279b18 sr_err = 10 sr_type = REP_EXTENDED #7 0x080c73e5 in over_back_response (op=0x827c760, rs=0xb59681b4) at backover.c:236 on = (slap_overinst *) 0x820dc60 rc = 0 be = (BackendDB *) 0x820e330 db = {bd_info = 0x820dc60, be_ctrls = "\000\001\001\001\000\000\001\000\001\000\001\001\001\000\001", '\0' <repeats 17 times>, "\001", be_flags = 37122, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x820e308, be_nsuffix = 0x820e240, be_schemadn = {bv_len = 0, ---Type <return> to continue, or q <return> to quit--- bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = { bv_len = 34, bv_val = 0x820e6d8 "cn=ldapadmin,dc=example,dc=com"}, be_rootndn = {bv_len = 34, bv_val = 0x820e718 "cn=ldapadmin,dc=example,dc=com"}, be_rootpw = { bv_len = 38, bv_val = 0x820e740 "{SSHA}f5kiigYucjOHoM0r9zDuwW0GjxVa9y1h"}, be_max_deref_depth = 15, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 3000, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x81e2650, be_dfltaccess = ACL_READ, be_replica = 0x0, be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x8211100, be_pending_csn_list = 0x8259318, be_pcl_mutex = { __data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, { __spins = 0, __list = {__next = 0x0}}}, __size = '\0' <repeats 23 times>, __align = 0}, be_pcl_mutexp = 0x820e400, be_syncinfo = 0x8210fa0, be_pb = 0x0, be_cf_ocs = 0x81841e0, be_private = 0x820e438, be_next = {stqe_next = 0x0}} #8 0x080803ee in send_ldap_response (op=0x827c760, rs=0xb59681b4) at result.c:303 sc = (slap_callback *) 0xb596811c sc_prev = (slap_callback **) 0xb5967f48 sc_next = (slap_callback *) 0x0 berbuf = { buffer = "\035\000\000\000\000\000\000\000????\000\000\000\000????\006-\v\bh?'\b?~\226?\030\223%\b\000\000\000\000\000\000\000\000\b\021!\b", '\0' <repeats 13---Type <return> to continue, or q <return> to quit--- times>, "? \bh?'\b\030\233'\b\020?'\b8? \b\000\000\000\000\034\201\226?us\f\b", '\0' <repeats 28 times>, "`?'\b?\201\226?h?'\b\n\000\000\000|?'\b\204?'\b`?'\bC\025\n\b<Pv?H\212&\b\000\000\000\000????\205?\023\b", '\0' <repeats 24 times>, "?\201\226?\234?'\b\224?'\b", '\0' <repeats 16 times>, "\027\000\000\000??'\b\001\000\000\000d\201\226?\000"..., ialign = 29, lalign = 29, falign = 4.06376555e-44, dalign = 1.432790372939615e-322, palign = 0x1d <Address 0x1d out of bounds>} ber = <value optimized out> rc = -1024 bytes = <value optimized out> __PRETTY_FUNCTION__ = "send_ldap_response" #9 0x08080caf in slap_send_ldap_extended (op=0x827c760, rs=0xb59681b4) at result.c:630 No locals. #10 0x0809ff84 in fe_extended (op=0x827c760, rs=0xb59681b4) at extended.c:230 bd = (BackendDB *) 0xb596801c ext = (struct extop_list *) 0x81af248 #11 0x080c74d0 in overlay_op_walk (op=0x827c760, rs=0xb59681b4, which=op_extended, oi=0x820db60, on=0x820dc60) at backover.c:508 sc_next = <value optimized out> rc = 32768 #12 0x080c783b in over_op_func (op=0x827c760, rs=0xb59681b4, which=op_extended) at backover.c:560 oi = (slap_overinfo *) 0x820db60 ---Type <return> to continue, or q <return> to quit--- on = (slap_overinst *) 0x820dc60 be = (BackendDB *) 0x8188200 db = {bd_info = 0x8188100, be_ctrls = "\000", '\001' <repeats 13 times>, '\0' <repeats 18 times>, be_flags = 769, be_restrictops = 0, be_requires = 0, be_ssf_set = { sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x81dec78, be_nsuffix = 0x81deca0, be_schemadn = {bv_len = 12, bv_val = 0x8211140 "cn=Subschema"}, be_schemandn = {bv_len = 12, bv_val = 0x8210f00 "cn=subschema"}, be_rootdn = {bv_len = 0, bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0}, be_rootpw = { bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit = { lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x81e2650, be_dfltaccess = ACL_READ, be_replica = 0x0, be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, __nusers = 0, {__spins = 0, __list = {__next = 0x0}}}, __size = '\0' <repeats 23 times>, __align = 0}, be_pcl_mutexp = 0x0, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x81826c4, be_private = 0x0, be_next = {stqe_next = 0x81dfff0}} cb = {sc_next = 0x0, sc_response = 0x80c7375 <over_back_response>, ---Type <return> to continue, or q <return> to quit--- sc_cleanup = 0, sc_private = 0x820db60} rc = 0 __PRETTY_FUNCTION__ = "over_op_func" #13 0x080a04b8 in do_extended (op=0x827c760, rs=0xb59681b4) at extended.c:180 reqdata = {bv_len = 22, bv_val = 0x827c9d8 "0\024\201\bpiThid6i"} len = 22 #14 0x0806f701 in connection_operation (ctx=0xb5968238, arg_v=0x827c760) at connection.c:1133 curelm = <value optimized out> rc = <value optimized out> rs = {sr_type = REP_EXTENDED, sr_tag = 120, sr_msgid = 2, sr_err = 10, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = { sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}, sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}}, sr_flags = 32} tag = 119 opidx = SLAP_OP_EXTENDED conn = (Connection *) 0xb616b598 memctx = (void *) 0x8268a48 memctx_null = (void *) 0x0 __PRETTY_FUNCTION__ = "connection_operation" #15 0xb7f83bb1 in ?? () from /usr/lib/libldap_r-2.3.so.0 No symbol table info available. ---Type <return> to continue, or q <return> to quit--- #16 0xb5968238 in ?? () No symbol table info available. #17 0x0827c760 in ?? () No symbol table info available. #18 0xb7fb0024 in ?? () from /usr/lib/libldap_r-2.3.so.0 No symbol table info available. #19 0xb5968238 in ?? () No symbol table info available. #20 0xb7fb0020 in ?? () from /usr/lib/libldap_r-2.3.so.0 No symbol table info available. #21 0x081cb96c in ?? () No symbol table info available. #22 0x081cb954 in ?? () No symbol table info available. #23 0x00000000 in ?? () No symbol table info available. ============================================================================================
The coredump is generated when running following against one consumer slapd daemon:
ldappasswd -v -H ldap://ldap2.example.com -D "uid=lee,ou=people,dc=example,dc=com" -W -S -x -A
slapd is compiled with "-g" option.
One strange thing is that if slapd is compiled with "-ggdb", then the problem disappears. I am going to run some more tests with "-ggdb" to make sure that's the case.
If you need further information, please let me know.
Simon
-
gao@schrodinger.com