Full_Name: Raymond S Brand Version: 60720f5d9cdc19092d0aad6b0a94e196e5525d1c OS: Debian Wheezy amd64 URL: Submission from: (NULL) (50.88.155.14) When run with the bdb, hdb, and mdb backends, test062-config-delete intermittently succeeds but more often than not it fails. It is the only test that has failed in my testing. Test system, a VirtualBox instance: Linux LDAP 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux 2 VCPUs; 1.5GB VirtualBox host system: Linux LDAP 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux 2 CPUs (Core 2 Duo); 8GB Both O/S's are current with respect to Debian updates. Build options: ../../configure --prefix=/tmp/ol --enable-perl --enable-overlays --enable-bdb When run with full logging, the last line of the server log file appeared to be corrupted. This is a sample run: XXXX$ ./run -b mdb test062-config-delete Cleaning up test run directory leftover from previous run. Running ../../../tests/scripts/test062-config-delete for mdb... running defines.sh Starting slapd on TCP/IP port 9011... /home/internet/Projects/OpenLDAP/openldap/BUILD/t2/tests Using ldapsearch to check that slapd is running... Waiting 5 seconds for slapd to start... Inserting syncprov overlay ... Starting a refreshAndPersist search in background Removing syncprov overlay again ... Waiting 2 seconds for RefreshAndPersist search to end ... Checking return code of backgrounded RefreshAndPersist search ... Exit code correct. Running a refreshOnly search, should fail... ldapsearch should have failed with Critical extension is unavailable (12)! ../../../tests/scripts/test062-config-delete: 164: kill: No such process XXXX$ The following is the output from valgrind for the above run. Valgrind was used specifically to aid in creating this bug report; it is not part of my normal testing of this software. ==2454== Memcheck, a memory error detector ==2454== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==2454== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==2454== Command: /home/internet/Projects/OpenLDAP/openldap/BUILD/t2/tests/../servers/slapd/slapd -s0 -F ./slapd.d -h ldap://localhost:9011/ -d 0x4105 ==2454== Parent PID: 2442 ==2454== ==2454== Thread 4: ==2454== Invalid read of size 8 ==2454== at 0x45006E: send_ldap_response (result.c:704) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450072: send_ldap_response (result.c:704) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x45007F: send_ldap_response (result.c:705) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450083: send_ldap_response (result.c:705) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x44FD85: send_ldap_response (result.c:716) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cdb8 is 312 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450B28: slap_send_ldap_result (result.c:845) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc88 is 8 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450CD1: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FA4CBA: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FD4480: _IO_default_xsputn (genops.c:480) ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FD4492: _IO_default_xsputn (genops.c:479) ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== Address 0xa23ce3a is 442 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x5572BC: syncprov_db_close (syncprov.c:3179) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== by 0x440C1D: connection_read_thread (connection.c:1291) ==2454== Address 0xa23cbc0 is 0 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x555F78: syncprov_drop_psearch (syncprov.c:1099) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc00 is 64 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F86: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cbe0 is 32 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F8A: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F8D: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23ce00 is 384 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0x168 is not stack'd, malloc'd or (recently) free'd ==2454== ==2454== ==2454== Process terminating with default action of signal 11 (SIGSEGV) ==2454== Access not within mapped region at address 0x168 ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== If you believe this happened as a result of a stack ==2454== overflow in your program's main thread (unlikely but ==2454== possible), you can try to increase the size of the ==2454== main thread stack using the --main-stacksize= flag. ==2454== The main thread stack size used in this run was 8388608. ==2454== ==2454== HEAP SUMMARY: ==2454== in use at exit: 6,002,487 bytes in 13,317 blocks ==2454== total heap usage: 22,504 allocs, 9,187 frees, 8,818,779 bytes allocated ==2454== ==2454== LEAK SUMMARY: ==2454== definitely lost: 0 bytes in 0 blocks ==2454== indirectly lost: 0 bytes in 0 blocks ==2454== possibly lost: 1,152 bytes in 4 blocks ==2454== still reachable: 6,001,335 bytes in 13,313 blocks ==2454== suppressed: 0 bytes in 0 blocks ==2454== Rerun with --leak-check=full to see details of leaked memory ==2454== ==2454== For counts of detected and suppressed errors, rerun with: -v ==2454== ERROR SUMMARY: 42 errors from 16 contexts (suppressed: 31 from 9) ~ ~
rsbx@acm.org wrote: > Full_Name: Raymond S Brand > Version: 60720f5d9cdc19092d0aad6b0a94e196e5525d1c > OS: Debian Wheezy amd64 > URL: > Submission from: (NULL) (50.88.155.14) > The following is the output from valgrind for the above run. Valgrind was used > specifically to aid in creating this bug report; it is not part of my normal > testing of this software. The output is puzzling. It shows syncprov_db_close accessing a persistent search structure that was already freed in syncprov_op_abandon. The puzzling part is that syncprov_db_close can only find ops by following the si->si_op list, and syncprov_op_abandon always removes ops from the si_op list before it frees anything. Will have to look into this later, but now you can see why this feature is not part of the public 2.4 releases. Nor will it be, it's a 2.5 feature. > ==2454== Memcheck, a memory error detector > ==2454== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. > ==2454== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info > ==2454== Command: /home/internet/Projects/OpenLDAP/openldap/BUILD/t2/tests/../servers/slapd/slapd > -s0 -F ./slapd.d -h ldap://localhost:9011/ -d 0x4105 > ==2454== Parent PID: 2442 > ==2454== > ==2454== Thread 4: > ==2454== Invalid read of size 8 > ==2454== at 0x45006E: send_ldap_response (result.c:704) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x450072: send_ldap_response (result.c:704) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x45007F: send_ldap_response (result.c:705) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x450083: send_ldap_response (result.c:705) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x44FD85: send_ldap_response (result.c:716) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== Address 0xa23cdb8 is 312 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x450B28: slap_send_ldap_result (result.c:845) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23cc88 is 8 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x450CD1: slap_send_ldap_result (result.c:846) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 1 > ==2454== at 0x7FA4CBA: vfprintf (vfprintf.c:1623) > ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) > ==2454== by 0x59D492: lutil_debug (debug.c:67) > ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 1 > ==2454== at 0x7FD4480: _IO_default_xsputn (genops.c:480) > ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) > ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) > ==2454== by 0x59D492: lutil_debug (debug.c:67) > ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 1 > ==2454== at 0x7FD4492: _IO_default_xsputn (genops.c:479) > ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) > ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) > ==2454== by 0x59D492: lutil_debug (debug.c:67) > ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) > ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== Address 0xa23ce3a is 442 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x5572BC: syncprov_db_close (syncprov.c:3179) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== by 0x440C1D: connection_read_thread (connection.c:1291) > ==2454== Address 0xa23cbc0 is 0 bytes inside a block of size 128 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 1 > ==2454== at 0x555F78: syncprov_drop_psearch (syncprov.c:1099) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23cc00 is 64 bytes inside a block of size 128 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x555F86: syncprov_drop_psearch (syncprov.c:1102) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23cbe0 is 32 bytes inside a block of size 128 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x555F8A: syncprov_drop_psearch (syncprov.c:1102) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x555F8D: syncprov_drop_psearch (syncprov.c:1102) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0xa23ce00 is 384 bytes inside a block of size 758 free'd > ==2454== at 0x4C27D4E: free (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) > ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) > ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) > ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) > ==2454== by 0x43EBFB: connection_abandon (connection.c:747) > ==2454== by 0x4403B8: connection_closing (connection.c:820) > ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) > ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) > ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) > ==2454== by 0x8039A7C: clone (clone.S:112) > ==2454== > ==2454== Invalid read of size 8 > ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== Address 0x168 is not stack'd, malloc'd or (recently) free'd > ==2454== > ==2454== > ==2454== Process terminating with default action of signal 11 (SIGSEGV) > ==2454== Access not within mapped region at address 0x168 > ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) > ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) > ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) > ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) > ==2454== by 0x44FD99: send_ldap_response (result.c:717) > ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) > ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) > ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) > ==2454== by 0x4A7734: over_op_func (backover.c:743) > ==2454== by 0x45931F: fe_op_delete (delete.c:174) > ==2454== by 0x45904C: do_delete (delete.c:95) > ==2454== by 0x4407E2: connection_operation (connection.c:1155) > ==2454== If you believe this happened as a result of a stack > ==2454== overflow in your program's main thread (unlikely but > ==2454== possible), you can try to increase the size of the > ==2454== main thread stack using the --main-stacksize= flag. > ==2454== The main thread stack size used in this run was 8388608. > ==2454== > ==2454== HEAP SUMMARY: > ==2454== in use at exit: 6,002,487 bytes in 13,317 blocks > ==2454== total heap usage: 22,504 allocs, 9,187 frees, 8,818,779 bytes > allocated > ==2454== > ==2454== LEAK SUMMARY: > ==2454== definitely lost: 0 bytes in 0 blocks > ==2454== indirectly lost: 0 bytes in 0 blocks > ==2454== possibly lost: 1,152 bytes in 4 blocks > ==2454== still reachable: 6,001,335 bytes in 13,313 blocks > ==2454== suppressed: 0 bytes in 0 blocks > ==2454== Rerun with --leak-check=full to see details of leaked memory > ==2454== > ==2454== For counts of detected and suppressed errors, rerun with: -v > ==2454== ERROR SUMMARY: 42 errors from 16 contexts (suppressed: 31 from 9) > ~ > ~ > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
moved from Incoming to Development
Just hit today... >>>>> Starting test062-config-delete for mdb... running defines.sh Starting slapd on TCP/IP port 9011... /builds/quanah/openldap/tests Using ldapsearch to check that slapd is running... Inserting syncprov overlay ... Starting a refreshAndPersist search in background Removing syncprov overlay again ... Waiting 2 seconds for RefreshAndPersist search to end ... Checking return code of backgrounded RefreshAndPersist search ... Exit code correct. Running a refreshOnly search, should fail... ./scripts/test062-config-delete: 164: kill: No such process ldapsearch should have failed with Critical extension is unavailable (12)! >>>>> test062-config-delete failed for mdb after 5 seconds (exit 255) make[2]: *** [Makefile:291: mdb-mod] Error 255 make[2]: Leaving directory '/builds/quanah/openldap/tests' make[1]: *** [Makefile:278: test] Error 2 make[1]: Leaving directory '/builds/quanah/openldap/tests' make: *** [Makefile:292: test] Error 2
*** Issue 8151 has been marked as a duplicate of this issue. ***
Commits: • edc94862 by Howard Chu at 2020-08-29T00:13:19+00:00 ITS#7639 fix crash in config_delete Additional fix to 41352ea34da225375b77254efdcde8e6e5a1a515 The overlay must be deleted from the backend before the callback can execute. In particular, it must be done before the threadpool is unpaused.