Hide Forgot
I think it's premature to throw this at gcc right away. Can you try building slapd with -O2 -fwrapv -fno-strict-aliasing? If that helps, then it's likely a bug in the slapd code. If that doesn't help, try -O0. If -O0 helps, we'll need to bisect between -O2 and -O0 compiled objects the problematic one.
Adding " -O0 -fwrapv -fno-strict-aliasing" to CFLAGS still segfaults, only the backtrace is slightly different. Changing -O0 to -O2 doesn't seem to make any difference. (gdb) bt #0 0x0000000052e6a624 in 0000088e.plt_call.mmap@@GLIBC_2.3+0 () #1 0x0000000052e6aed4 in mdb_env_create (env=0xfffb6f50010) at ../../../../libraries/liblmdb/mdb.c:3662 #2 0x0000000052d4b5ac in mdb_db_open (be=0x5304fae0, cr=0xfffffffe9a4) at ../../../../servers/slapd/back-mdb/init.c:115 #3 0x0000000052c3f1e4 in backend_startup_one (be=0x5304fae0, cr=0xfffffffe9a4) at ../../../servers/slapd/backend.c:224 #4 0x0000000052c3f9d0 in backend_startup (be=0x5304fae0) at ../../../servers/slapd/backend.c:325 #5 0x0000000052c7dfa4 in slap_startup (be=0x0) at ../../../servers/slapd/init.c:219 #6 0x0000000052bf0d80 in main (argc=6, argv=0xffffffff128) at ../../../servers/slapd/main.c:991 Notice that the first frame is now mmap instead of calloc, but frame 1 is still the same line as before: (gdb) f 1 #1 0x0000000052e6aed4 in mdb_env_create (env=0xfffb6f50010) at ../../../../libraries/liblmdb/mdb.c:3662 3662 e = calloc(1, sizeof(MDB_env)); (gdb) f 0 #0 0x0000000052e6a624 in 0000088e.plt_call.mmap@@GLIBC_2.3+0 () (gdb) dissasemble Undefined command: "dissasemble". Try "help". (gdb) disassemble Dump of assembler code for function 0000088e.plt_call.mmap@@GLIBC_2.3+0: 0x0000000052e6a620 <+0>: std r2,40(r1) => 0x0000000052e6a624 <+4>: ld r11,-27024(r2) 0x0000000052e6a628 <+8>: mtctr r11 0x0000000052e6a62c <+12>: ld r2,-27016(r2) 0x0000000052e6a630 <+16>: cmpldi r2,0 0x0000000052e6a634 <+20>: bnectr+ 0x0000000052e6a638 <+24>: .long 0x47fff490 (gdb) f 1 #1 0x0000000052e6aed4 in mdb_env_create (env=0xfffb6f50010) at ../../../../libraries/liblmdb/mdb.c:3662 3662 e = calloc(1, sizeof(MDB_env)); (gdb) disassemble Dump of assembler code for function mdb_env_create: 0x0000000052e6aeb0 <+0>: mflr r0 0x0000000052e6aeb4 <+4>: std r0,16(r1) 0x0000000052e6aeb8 <+8>: std r31,-8(r1) 0x0000000052e6aebc <+12>: stdu r1,-144(r1) 0x0000000052e6aec0 <+16>: mr r31,r1 0x0000000052e6aec4 <+20>: std r3,192(r31) 0x0000000052e6aec8 <+24>: li r3,1 0x0000000052e6aecc <+28>: li r4,248 0x0000000052e6aed0 <+32>: bl 0x52e6a604 <0000088e.plt_call.calloc@@GLIBC_2.3+0> => 0x0000000052e6aed4 <+36>: ld r2,40(r1) 0x0000000052e6aed8 <+40>: mr r0,r3 0x0000000052e6aedc <+44>: std r0,120(r31) 0x0000000052e6aee0 <+48>: ld r0,120(r31) 0x0000000052e6aee4 <+52>: cmpdi cr7,r0,0 0x0000000052e6aee8 <+56>: bne cr7,0x52e6aef4 <mdb_env_create+68> 0x0000000052e6aeec <+60>: li r0,12 0x0000000052e6aef0 <+64>: b 0x52e6afb0 <mdb_env_create+256> 0x0000000052e6aef4 <+68>: ld r0,120(r31) 0x0000000052e6aef8 <+72>: li r9,126 0x0000000052e6aefc <+76>: mr r11,r0 0x0000000052e6af00 <+80>: stw r9,24(r11) 0x0000000052e6af04 <+84>: ld r0,120(r31) 0x0000000052e6af08 <+88>: li r9,2 0x0000000052e6af0c <+92>: mr r11,r0 0x0000000052e6af10 <+96>: stw r9,32(r11) 0x0000000052e6af14 <+100>: ld r0,120(r31) 0x0000000052e6af18 <+104>: mr r9,r0 0x0000000052e6af1c <+108>: lwz r0,32(r9) 0x0000000052e6af20 <+112>: clrldi r9,r0,32 0x0000000052e6af24 <+116>: ld r0,120(r31) 0x0000000052e6af28 <+120>: mr r11,r0 0x0000000052e6af2c <+124>: stw r9,36(r11) 0x0000000052e6af30 <+128>: ld r0,120(r31) 0x0000000052e6af34 <+132>: li r9,-1 0x0000000052e6af38 <+136>: mr r11,r0 0x0000000052e6af3c <+140>: stw r9,0(r11) 0x0000000052e6af40 <+144>: ld r0,120(r31) 0x0000000052e6af44 <+148>: li r9,-1 0x0000000052e6af48 <+152>: mr r11,r0 0x0000000052e6af4c <+156>: stw r9,4(r11) 0x0000000052e6af50 <+160>: ld r0,120(r31) 0x0000000052e6af54 <+164>: li r9,-1 0x0000000052e6af58 <+168>: mr r11,r0 0x0000000052e6af5c <+172>: stw r9,8(r11) 0x0000000052e6af60 <+176>: bl 0x52e6a578 <0000088e.plt_call.getpid@@GLIBC_2.3+0> 0x0000000052e6af64 <+180>: ld r2,40(r1) 0x0000000052e6af68 <+184>: mr r0,r3 0x0000000052e6af6c <+188>: mr r9,r0 0x0000000052e6af70 <+192>: ld r0,120(r31) 0x0000000052e6af74 <+196>: mr r11,r0 0x0000000052e6af78 <+200>: stw r9,40(r11) 0x0000000052e6af7c <+204>: li r3,30 ...
Assigning back to openldap. I reproduced this on the latest upstream version and it seems that one of the previous merges of liblmdb is to blame.
If it crashes on that instruction, than supposedly r2 (aka TOC register?) contains a bogus value? The TOC should be set in the caller of mdb_env_create, perhaps in the plt sequence for it, etc., depending on how it has been called.
I found out the source of the crash. The problem is, that the mdb_* functions use a gcc attribute that is defined like so: # define ESECT __attribute__ ((section("text_env"))) Then the functions are defined as, for example, "int ESECT mdb_env_create...". Simply removing the ESECT works. Note that I don't know why the attribute is used like that. Jakub, any idea why the attribute makes the code crash on ppc64?
(In reply to Jan Synacek from comment #10) > I found out the source of the crash. The problem is, that the mdb_* > functions use a gcc attribute that is defined like so: > > # define ESECT __attribute__ ((section("text_env"))) > > Then the functions are defined as, for example, "int ESECT > mdb_env_create...". Simply removing the ESECT works. Note that I don't know > why the attribute is used like that. > > Jakub, any idea why the attribute makes the code crash on ppc64? No, you'd need to provide small self-contained testcase so that it could be analyzed. Bet it was done to improve code locality or something similar.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1292.html