h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: master, 7c6b599de6d7c0e10aa8bf6920ca07d94605e8c2
> OS: Linux amd64
> URL:
> Submission from: (NULL) (129.240.203.186)
> Submitted by: hallvard
>
>
> id2entry.c:mdb_opinfo_get() renews a txn which is in use. It gets
> EINVAL, which it does not catch. Caught by this patch and test064:

Fixed now in master. I've left this assert in place as well, it obviously 
Should Never Happen.
>
> index 84de09d..a247974 100644
> --- a/servers/slapd/back-mdb/id2entry.c
> +++ b/servers/slapd/back-mdb/id2entry.c
> @@ -507,3 +507,4 @@ mdb_opinfo_get( Operation *op, struct mdb_info *mdb, int
> rdonly, mdb_op_info **m
>   	if ( renew ) {
> -		mdb_txn_renew( moi->moi_txn );
> +		rc = mdb_txn_renew( moi->moi_txn );
> +		assert(rc == MDB_SUCCESS);
>   	}
>
> Core file in ada:/home/hallvard/openldap.g/tests/core.
>
>
>
> #2  0x00007ff6a1609301 in *__GI___assert_fail (assertion=0x601014 "rc == 0",
> file=<value optimized out>, line=509,
>      function=0x601141 "mdb_opinfo_get") at assert.c:81
> #3  0x0000000000515db1 in mdb_opinfo_get (op=0x7ff69e411130, mdb=0x7ff6a2a02010,
> rdonly=1, moip=0x7ff69e280d08)
>      at id2entry.c:509
> #4  0x00000000004f2bed in mdb_search (op=0x7ff69e411130, rs=0x7ff69e4112a0) at
> search.c:343
> #5  0x00000000004c4f08 in overlay_op_walk (op=0x7ff69e411130, rs=0x7ff69e4112a0,
> which=op_search, oi=0x15b30e0, on=0x0)
>      at backover.c:691
> #6  0x00000000004c511f in over_op_func (op=0x7ff69e411130, rs=0x7ff69e4112a0,
> which=op_search) at backover.c:743
> #7  0x00000000004c5207 in over_op_search (op=0x7ff69e411130, rs=0x7ff69e4112a0)
> at backover.c:770
> #8  0x000000000052a197 in constraint_violation (c=0x15dc620, bv=0x1af6f90,
> op=0x17c8cf0) at constraint.c:666
> #9  0x000000000052a82a in constraint_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
> constraint.c:812
> #10 0x00000000004c4e69 in overlay_op_walk (op=0x17c8cf0, rs=0x7ff69e411a60,
> which=op_add, oi=0x15b30e0, on=0x15b32c0)
>      at backover.c:681
> #11 0x00000000004c511f in over_op_func (op=0x17c8cf0, rs=0x7ff69e411a60,
> which=op_add) at backover.c:743
> #12 0x00000000004c52af in over_op_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
> backover.c:794
> #13 0x000000000043aa44 in fe_op_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
> add.c:334
> #14 0x000000000043a341 in do_add (op=0x17c8cf0, rs=0x7ff69e411a60) at add.c:194
> #15 0x0000000000430da3 in connection_operation (ctx=0x7ff69e411b90,
> arg_v=0x17c8cf0) at connection.c:1155
> #16 0x0000000000431344 in connection_read_thread (ctx=0x7ff69e411b90, argv=0xb)
> at connection.c:1291
> #17 0x00000000005953c5 in ldap_int_thread_pool_wrapper (xpool=0x1543920) at
> tpool.c:688
>
>
> (gdb) frame 3
> #3  0x0000000000515db1 in mdb_opinfo_get (op=0x7ff69e411130, mdb=0x7ff6a2a02010,
> rdonly=1, moip=0x7ff69e280d08)
>      at id2entry.c:509
> 509			assert(rc == MDB_SUCCESS);
> (gdb) info locals
> rc = 22
> renew = 1
> data = 0x1af36b0
> ctx = 0x7ff69e411b90
> moi = 0x7ff69e280d10
> oex = 0x0
> __PRETTY_FUNCTION__ = "mdb_opinfo_get"
> (gdb) p *moi
> $1 = {moi_oe = {oe_next = {sle_next = 0x7ff69e411850}, oe_key = 0x7ff6a2a02010},
> moi_txn = 0x1af36b0, moi_ref = 0,
>    moi_flag = 1 '\001'}
> (gdb) p *moi->moi_txn
> $2 = {mt_parent = 0x0, mt_child = 0x0, mt_next_pgno = 31, mt_txnid = 51, mt_env
> = 0x17c0920, mt_free_pgs = 0x0,
>    mt_u = {dirty_list = 0x7ff6a2bd5080, reader = 0x7ff6a2bd5080}, mt_dbxs =
> 0x17baa80, mt_dbs = 0x1af3718,
>    mt_cursors = 0x0, mt_dbflags = 0x1af4f78 "\b\b\n\b\b\b\n\n\n\n\n", mt_numdbs =
> 11, mt_flags = 1, mt_dirty_room = 0,
>    mt_toggle = 1}
>
> The EINVAL was returned because mt_dbxs != NULL.
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

changed notes
changed state Open to Test
moved from Incoming to Software Bugs

fixed in master
fixed in RE25
fixed in RE24

changed notes
changed state Test to Closed