[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8460) Invalid pointer free
Full_Name: Quanah Gibson-Mount
Version: 2.4.44+ITS8432
OS: Linux 3.13
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.52.177)
See thread 1:
Thread 10 (Thread 0x7fcf1e7d1700 (LWP 28740)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_cond_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527546472192, ltu_key = {{ltk_key
= 0x4ac6bb <slap_sl_mem_init>, ltk_data = 0x4376480, ltk_free = 0x4ac4e0
<slap_sl_mem_destroy>}, {ltk_key = 0x1f03400, ltk_data = 0x469c000,
ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x7ff72164e109 <search_stack>, ltk_data = 0x49a6000, ltk_free = 0x7ff72164e0e6
<search_stack_free>}, {ltk_key = 0x7ff72164acad <scope_chunk_get>,
ltk_data = 0x46a6000, ltk_free = 0x7ff72164ac65
<scope_chunk_free>}, {ltk_key = 0x1f02d00, ltk_data = 0x4694800, ltk_free =
0x7ff721658ea5 <mdb_reader_free>}, {ltk_key = 0x439b53 <conn_counter_init>,
ltk_data = 0x1f03c00, ltk_free = 0x4399a5 <conn_counter_destroy>},
{ltk_key = 0x4548c9 <slap_op_free>, ltk_data = 0xfdb7480, ltk_free = 0x45481c
<slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0xe4b2400,
ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}
<repeats 24 times>}}
kctx = 0x0
i = 32
keyslot = 64
hash = 1350373440
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1e7d1700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1e7d1700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527546472192,
2936369338381151317, 0, 140527546472896, 140527546472192, 0,
-2927858035490640811, -2941309649140011947}, mask_was_saved =%7}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007ff724e9eced in cne % () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 9 (Thread 0x7fcf1f7d3700 (LWP 28738)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_cond_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527563257600, ltu_key = {{ltk_key
= 0x4ac6bb <slap_sl_mem_init>, ltk_data = 0x4376440, ltk_free = 0x4ac4e0
<slap_sl_mem_destroy>}, {ltk_key = 0x1f03400, ltk_data = 0x436e200,
ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x1f02d00, ltk_data = 0x468e000, ltk_free = 0x7ff721658ea5 <mdb_reader_free>},
{ltk_key = 0x439b53 <conn_counter_init>, ltk_data = 0x1f05d00,
ltk_free = 0x4399a5 <conn_counter_destroy>}, {ltk_key = 0x4548c9
<slap_op_free>, ltk_data = 0xffe43c0, ltk_free = 0x45481c <slap_op_q_destroy>},
{ltk_key = 0x7ff72164e109 <search_stack>, ltk_data = 0x858c000,
ltk_free = 0x7ff72164e0e6 <search_stack_free>}, {ltk_key =
0x7ff72164acad <scope_chunk_get>, ltk_data = 0x828c000, ltk_free =
0x7ff72164ac65 <scope_chunk_free>}, {ltk_key = 0x0, ltk_data = 0x106a8400,
ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 24
times>}}
kctx = 0x0
i = 32
keyslot = 161
hash = 4023759009
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1f7d3700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1f7d3700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527563257600,
2936369338381151317, 0, 140527563258304, 140527563257600,%0,
-2927855835393643435, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
frereesize = <optimized out>
#4 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 8 (Thread 0x7fcf207d5700 (LWP 28736)):
#0 0x00007ff724e9f2c3 in epoll_wait () at
../sysdeps/unix/syscall-template.S:81
No locals.
#1 0x0000000000435e73 in slapd_daemon_task (ptr=0x1cfbf18) at daemon.c:2517
ns = 1
at = 0
nfds = 2560
revents = 0x1d96000
tvp = 0x7fcf207d4e00
cat = {tv_sec = 1467852042, tv_usec3D3D 0}
i = 1
nwriters = 0
now = 1467838511
tv = {tv_sec = 13531, tv_usec = 0}
tdelta = 1
rtask = 0x1d23d60
l = 3
last_idle_check = 1467808842
ebadf = 0
tid = 0
#2 0x00007ff725171dc5 in start_thread (arg=0x7fcf207d5700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf207d5700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527580043008,
2936369338381151317, 0, 140527580043712, 140527580043008, 0,
-2927809654831535019, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#3 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 7 (Thread 0x7fcf1d5c9700 (LWP 30049)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_cond_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527527565056, ltu_key =
wB7Bltk_key = 0x439b53 <conn_counter_init>, ltk_data = 0xb344b00, ltk_free =
0x4399a5 <conn_counter_destroy>}, {ltk_key = 0x4ac6bb <slap_sl_mem_init>,
ltk_data = 0xb354a40, ltk_free = 0x4ac4e0 <slap_sl_mem_destroy>},
{ltk_key = 0x1f02d00, ltk_data = 0x4696200, ltk_free = 0x7ff721658ea5
<mdb_reader_free>}, {ltk_key = 0x7ff72164e109 <search_stack>, ltk_data =
0xb75e000,
ltk_free = 0x7ff72164e0e6 <search_stack_free>}, {ltk_key =
0x7ff72164acad <scope_chunk_get>, ltk_data = 0xb45e000, ltk_free =
0x7ff72164ac65 <scope_chunk_free>}, {ltk_key = 0x4548c9 <slap_op_free>, ltk_data
= 0xfdb5e00,
ltk_free = 0x45481c <slap_op_q_destroy>}, {ltk_key = 0x1f03400,
ltk_data = 0xe516000, ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x0, ltk_data = 0xfb24800, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0,
ltk_free = 0x0} <repeats 24 times>}}
kctx = 0x0
i = 32
keyslot = 958
hash = 371020734
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1d5c9700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1d5c9700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527527565056,
2936369338381151317, 0, 140527527565760, 140527527565056, 0,
-2927851159247999915, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 6 (Thread 0x7fcf1ddca700 (LWP 29664)):
#0 0x00007ff724e9469d in poll () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1 0x00007ff726720abe in ldap_int_select (ld=0xe479d10, timeout=0x0) at
os-ip.c:1139
to = -1
rc = 209519392
sip = 0xaa2a000
__PRETTY_FUNCTION__ = "ldap_int_select"
#2 0x00007ff726703569 in wait4msg (ld=0xe479d10, msgid=110, all=0, timeout=0x0,
result=0x7fcf1ddc92f8) at result.c:312
err = 500994368
lc_ready = 0
rc = -2
tv = {tv_sec = 0, tv_usec = 0}
tv0 = {tv_sec = 0, tv_usec = 0}
start_time_tv = {tv_sec = 0, tv_usec = 0}
tvp = 0x0
lc = 0x0
__PRETTY_FUNCTION__ = "iait4msg"
#3 0x00007ff726702e8b in ldap_result (ld=0xe479d10, msgid=110, all=0,
timeout=0x0, result=0x7fcf1ddc92f8) at result.c:117
rc = 32719
__PRETTY_FUNCTION__ = "ldap_result"
#4 0x00000000004b6de9 in do_syncrep2 (op=0x7fcf1ddc9480, si=0x1d278c0) at
syncrepl.c:841
berbuf = {
buffer = "\002\000\001\000\000\000\000\000\377\377\377\377\377\377\377\377",
'\000' <repeats 56 times>, "@_\370\006", '\000' <repeats 12 times>,
"@_\370\006", '\000' <repeats 29 times>, "@^\t", '\002727 <repeats 28 times>,
"\t\033p&\367\177\000\000\000\247\334\035\317\177\000\000@cu\000\000\000\000\000\340\223\334\035\317\177\000\000\t\033p&\367\177\000\000\230\224\334\035\001\000\000\000"...,
ialign = 65538, lalign = 65538, falign = 9.18382988e-41,
dalign = 3.2380074297143616e-319, palign = 0x10002 <Address 0x10002
out of bounds>}
ber = 0x7fcf1ddc9300
msg = 0x0
syncCookie = {ctxcsn = 0x0, sids = 0x0, numcsns = 0, rid = 0, octet_str
= {bv_len = 0, bv_val = 0x0}, sid D D 0, sc_next = {stqe_next = 0x0}}
syncCookie_req = {ctxcsn = 0x20c6d80, sids = 0xe5138c0, numcsns = 5, rid
= 1, octet_str = {bv_len = 224,
bv_val = 0xfebe960
"rid=001,sid=004,csn=20160704232006.675752Z#000000#000#000000;20160706084911.646411Z#000000#001#000000;20160704233433.821120Z#000000#002#000000;20160706135712.349342Z#000000#003#000000;20160704233459.2"...},
sid = 4, sc_next = {stqe_next = 0x0}}
rc = 4096
err = 0
modlist = 0x0
m =%0
tout_p = 0x0
tout = {tv_sec = 0, tv_usec = 0}
refreshDeletes = 0
empty = "empty"
__PRETTY_FUNCTION__ = "do_syncrep2"
#5 0x00000000004b74f4 in do_syncrepl (ctx=0x7fcf1ddc9bb0, arg=0x1d23e00) at
syncrepl.c:1565
rtask = 0x1d23e00
si = 0x1d278c0
conn = {c_struct_state = SLAP_C_UNINITIALIZED, c_conn_state =
SLAP_C_INVALID, c_conn_idx = -1, c_sd = 0, c_close_reason = 0x0, c_mutex =
{__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0,
__list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats
39 times>, __align = 0}, c_sb = 0x0, c_starttime = 0, c_activitytime = 0,
c_connid = 18446744073709551615, c_peer_domain = {bv_len = 0,
bv_val = 0x4f05b0 ""}, c_peer_name = {bv_len = 0, bv_val = 0x4f05b0
""}, c_listener = 0x4f8740 <dummy_list>, c_sasl_bind_mech = {bv_len = 0, bv_val
= 0x0}, c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = {
bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x0, c_authz_coieie =
0x0, c_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn =
{bv_len = 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0},
sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf =
0}, crorotocol = 0, c_ops = {stqh_first = 0x0, stqh_last = 0x0}, c_pending_ops =
{stqh_first = 0x0, stqh_last = 0x0}, c_write1_mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0, __list = {prprev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39
times>, __align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0,
__total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0,
__nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>,
__align = 0}, c_write2_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write2_cv =
{__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0,
__woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq =
0}, __size = '\000' <repeats 47 times>, __align = 0}, c_currentber = 0x0,
c_writers = 0, c_writing = 0 '\000', c_sasl_bind_in_progress = 0 '\000',
c_writewaiter = 0 '\000', c_is_tls = 0 '\000', c_needs_tls_accept = 0
'\000', c_sasl_layers = 0 '\000', c_sasl_done = 0 '\000', c_sasl_authctx = 0x0,
c_sasl_sockctx = 0x0, c_sasl_extra = 0x0, c_sasl_bindop = 0x0,
c_pagedresults_state = {ps_be = 0x0, ps_size = 0, ps_count = 0,
ps_cookie = 0, ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 0,
c_n_ops_executing = 0, c_n_ops_pending = 0, c_n_ops_completed = 0, c_n_get = 0,
c_n_read = 0, c_n_write = 0, c_extensions = 0x0, c_clientfunc = 0x0,
c_clientarg = 0x0, c_send_ldap_result = 0x4506fe <slap_send_ldap_result>,
c_send_search_entry = 0x451575 <slap_send_search_entry>,
c_send_search_reference = 0x453527 <slap_send_search_reference>,
c_send_ldap_extended = 0x45105e <slap_send_ldap_extended>,
c_send_ldap_intermediate = 0x451360 <slap_send_ldap_intermediate>}
opbuf = {ob_op = {o_hdr = 0x7fcf1ddc95f0, o_tag = 108, o_time =
1467813432, o_tincr = 690746, o_bd = 0x1f23400, o_req_dn = {bv_len = 36, bv_val
= 0x6f50d80 "20160706084911.796411Z#000000#001#000000"}, o_req_ndn = {bv_len =
36,
bv_val = 0xb2778d0 "20160704233433.821120Z#000000#002#000000"},
o_request = {oq_add = {rs_modlist = 0xfb8b580, rs_e = 0x0}, oq_bind = {rb_method
= 263763328, rb_cred = {bv_len = 0,
bv_val = 0x1 <Address 0x1 out of bounds>}, rb_edn = {bv_len =
10, bv_val = 0xffbd3b0 "\200\300"}, rb_ssf = 10, rb_mech = {bv_len = 234930304,
bv_val = 0x0}}, oq_compare = {rs_ava = 0xfb8b580}, oq_modify = {rs_mods = {
rs_modlist = 0xfb8b580, rs_no_opattrs = 0 '\000'},
rs_increment = 1}, oq_modrdn = {rs_mods = {rs_modlist = 0xfb8b580, rs_no_opattrs
= 0 '\000'}, rs_deleteoldrdn = 1, rs_newrdn = {bv_len = 10,
bv_val = 0xffbd3b0 "\200\300"}, rs_nnewrdn = {bv_len = 10,
bv_val = 0xe00c080 " S\245\017"}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search
= {rs_scope = 263763328, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0,
rs_limit = 0x1, rs_attrsonly = 10, rs_attrs = 0xffbd3b0,
rs_filter = 0xa, rs_filterstr = {bv_len = 234930304, bv_val = 0x0}}, oq_abandon
= {rs_msgid = 263763328}, oq_cancel = {rs_msgid = 263763328}, oq_extended = {
rs_reqoid = {bv_len = 263763328, bv_val = 0x0}, rs_flags = 1,
rs_reqdata = 0xa}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 263763328,
bv_val = 0x0}, rs_flags = 1, rs_reqdata = 0xa}, rs_old = {
bv_len = 268161968, bv_val = 0xa <Address 0xa out of bounds>},
rs_new = {bv_len = 234930304, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}},
o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000',
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv
= ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000',
o_no_schema_check = 1 '\001', o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 14 times>, "\002", '\000' <repeats 16
times>, o_controls = 0x7fcf1ddc9738, o_authz = {sai_method = 0, sai_mech =
{bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 9,
bv_val = 0x2220c60 "cn=config"}, sai_ndn = {bv_len = 9, bv_val =
0x2220c80 "cn=config"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0,
sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0,
o_callback = 0x7fcf1ddc9080, o_ctrls = 0x0, o_csn = {bv_len = 0,
bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {stqe_next
= 0x0}}, ob_hdr = {oh_opid = 0, oh_connid = 1, oh_conn = 0x7fcf1ddc9840,
oh_msgid = 0, oh_protocol = 0, oh_tid = 140527535957760,
oh_threadctx = 0x7fcf1ddc9bb0, oh_tmpmemctx = 0x6f85f40, oh_tmpmfuncs = 0x7543c0
<slap_sl_mfuncs>, oh_counters = 0x7578c0 <slap_counters>,
oh_log_prefix = "conn=-1 op=0", '\000' <repeats 243 times>},
ob_controls = {0x0 <repeats 17 times>, 0x7fcf1ddc92c0, 0x0 <repeats 14 times>}}
op = 0x7fcf1ddc9480
rc = 0
dostop = 0
s = 2400
i = 1
defer = 1
fail = 0
freeinfo = 0
be = 0x1f23400
#6 0x000000000043a59d in connection_read_thread (ctx=0x7fcf1ddc9bb0,
argv=0x960) at connection.c:1273
rc = 0
cri = {op = 0x0, func = 0x4b6fd7 <do_syncrepl>, arg = 0x1d23e00, ctx =
0x7fcf1ddc9bb0, nullop = 0}
s = 2400
#7 0x00007ff7267003ea in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:956
pq = 0x1d32000
pool = 0x1efa240
task = 0x1017a700
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527535757760, ltu_key = {{ltk_key
= 0x439b53 <conn_counter_init>, ltk_data = 0x1f05600, ltk_free = 0x4399a5
<conn_counter_destroy>}, {ltk_key = 0x4ac6bb <slap_sl_mem_init>,
ltk_data = 0x6f85f40, ltk_free =x4x4ac4e0 <slap_sl_mem_destroy>},
{ltk_key = 0x1f02d00, ltk_data = 0x469f400, ltk_free = 0x7ff721658ea5
<mdb_reader_free>}, {ltk_key = 0x4548c9 <slap_op_free>, ltk_data = 0x24d70c0,
ltk_free = 0x45481c <slap_op_q_destroy>}, {ltk_key = 0x1f03400,
ltk_data = 0x46a0e00, ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x7ff72164e109 <search_stack>, ltk_data = 0x99e4000,
ltk_free = 0x7ff72164e0e6 <search_stack_free>}, {ltk_key =
0x7ff72164acad <scope_chunk_get>, ltk_data = 0x96e4000, l_f_free =
0x7ff72164ac65 <scope_chunk_free>}, {ltk_key = 0x0, ltk_data = 0x1015a800,
ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 24
times>}}
kctx = 0x0
i = 32
keyslot = 846
hash = 3140276046
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#8 0x00007ff725171dc5 in start_thread (arg=0x7fcf1ddca700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1ddca700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527535957760,
2936369338381151317, 0, 140527535958464, 140527535957760, 0,
-2927850059199501227, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#9 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 5 (Thread 0x7fcf1cdc8700 (LWP 30136)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_ndnd_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527519172352, ltu_key = {{ltk_key
= 0x439b53 <conn_counter_init>, ltk_data = 0xc7c6c00, ltk_free = 0x4399a5
<conn_counter_destroy>}, {ltk_key = 0x4ac6bb <slap_sl_mem_init>,
ltk_data = 0xaed2200, ltk_free = 0x4ac4e0 <slap_sl_mem_destroy>},
{ltk_key = 0x4548c9 <slap_op_free>, ltk_data = 0xb014f00, ltk_free = 0x45481c
<slap_op_q_destroy>}, {ltk_key = 0x1f02d00, ltk_data = 0x46a2800,
ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x7ff72164e109 <search_stack>, ltk_data = 0xcbf8000, ltk_free = 0x7ff72164e0e6
<search_stack_free>}, {ltk_key = 0x7ff72164acad <scope_chunk_get>,
ltk_data = 0xc8f8000, ltk_free = 0x7ff72164ac65
<scope_chunk_free>}, {ltk_key = 0x1f03400, ltk_data = 0x46a4200, ltk_free =
0x7ff721658ea5 <mdb_reader_free>}, {ltk_key = 0x0, ltk_data = 0x106a8400,
ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 24
times>}}
kctx = 0x0
i = 32
keyslot = 365
hash = 453090669
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1cdc8700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1cdc8700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527519172352,
2936369338381151317, 0, 140527519173056, 140527519172352, 0,
-2927852250706564011, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 4 (Thread 0x7fcf1c5c7700 (LWP 30363)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_cond_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000)tat
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527510779648, ltu_key = {{ltk_key
= 0x439b53 <conn_counter_init>, ltk_data = 0xe56a000, ltk_free = 0x4399a5
<conn_counter_destroy>}, {ltk_key = 0x4ac6bb <slap_sl_mem_init>,
ltk_data = 0x95d0e00, ltk_free = 0x4ac4e0 <slap_sl_mem_destroy>},
{ltk_key = 0x4548c9 <slap_op_free>, ltk_data = 0x24d7840, ltk_free = 0x45481c
<slap_op_q_destroy>}, {ltk_key = 0x1f02d00, ltk_data = 0xe519400,
ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x7ff72164e109 <search_stack>, ltk_data = 0xe976000, ltk_free = 0x7ff72164e0e6
<search_stack_free>}, {ltk_key = 0x7ff72164acad <scope_chunk_get>,
ltk_data = 0xe676000, ltk_free = 0x7ff72164ac65
<scope_chunk_free>}, {ltk_key = 0x1f03400, ltk_data = 0xe517a00, ltk_free =
0x7ff721658ea5 <mdb_reader_free>}, {ltk_key = 0x0, ltk_data = 0x103ad600,
ltk_free = 0x0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 24
times>}}
kctx = 0x0
i = 32
keyslot = 477
hash = 1978802653
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1c5c7700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1c5c7700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140527510779648,
2936369338381151317, 0, 140527510780352, 140527510779648, 0,
-2927853350755062699, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 3 (Thread 0x7fcf1efd2700 (LWP 28739)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1 0x00007ff726701a82 in ldap_pvt_thread_cond_wait (cond=0x1d32038,
mutex=0x1d32010) at thr_posix.c:277
No locals.
#2 0x00007ff726700315 in ldap_int_thread_pool_wrapper (xpool=0x1d32000) at
tpool.c:938
pq = 0x1d32000
pool = 0x1efa240
task = 0x0
work_list = 0x1d32070
ctx = {ltu_pq = 0x1d32000, ltu_id = 140527554864896, ltu_key = {{ltk_key
= 4a4ac6bb <slap_sl_mem_init>, ltk_data = 0x4376640, ltk_free = 0x4ac4e0
<slap_sl_mem_destroy>}, {ltk_key = 0x1f02d00, ltk_data = 0x4692e00,
ltk_free = 0x7ff721658ea5 <mdb_reader_free>}, {ltk_key =
0x1f03400, ltk_data = 0x469da00, ltk_free = 0xf7f721658ea5 <mdb_reader_free>},
{ltk_key = 0x7ff72164e109 <search_stack>, ltk_data = 0x5e16000,
ltk_free = 0x7ff72164e0e6 <search_stack_free>}, {ltk_key =
0x7ff72164acad <scope_chunk_get>, ltk_data = 0x5b16000, ltk_free =
0x7ff72164ac65 <scope_chunk_free>}, {ltk_key = 0x439b53 <conn_counter_init>,
ltk_data = 0x1f05c00, ltk_free = 0x4399a5 <conn_counter_destroy>},
{ltk_key = 0x4548c9 <slap_op_free>, ltk_data = 0x10a86780, ltk_free = 0x45481c
<slap_op_q_destroy>}, {ltk_key = 0x0, ltk_da =3D 0x103ad600,
ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}
<repeats 24 times>}}
kctx = 0x0
i = 32
keyslot = 976
hash = 4119628752
pool_lock = 0
freeme = 0
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#3 0x00007ff725171dc5 in start_thread (arg=0x7fcf1efd2700) at
pthread_create.c:308
__res = <optimized out>
pd = 0x7fcf1efd2700
now = <optimized out>
unwind_buf = {canl_jmjmp_buf = {{jmp_buf = {140527554864896,
2936369338381151317, 0, 140527554865600, 140527554864896, 0,
-2927856935442142123, -2941309649140011947}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, cleanup = 0x0% c canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007ff724e9eced in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.
Thread 2 (Thread 0x7ff726dad740 (LWP 28735)):
#0 0x00007ff725172ef7 in pthread_join (threadid=140527580043008,
thread_return=0x0) at pthread_join.c:92
_tid = 28736
_buffer = {__routine = 0x7ff725172e30 <cleanup>, __arg = 0x7fcf207d5d28,
__canceltype = 545085184, __prev = 0x0}
oldtype = 0
pd = 0x7fcf207d5700
self = 0x7ff726dad740
result = 0
#1 0x00007ff7267019c3 in ldap_pvt_thread_join (thread=140527580043008,
thread_return=0x0) at thr_posix.c:197
No locals.
#2 0x0000000000437032 in slapd_daemon () at daemon.c:2910
i = 0
rc = 0
#3 0x0000000000414bfa in main (argc=9, argv=0x7ffc431d0c18) at main.c:1017
i = 9
no_detach = 0
rc = 0
urls = 0x1d02020 "ldap:/// ldapi:///"
username = 0x1cfa010 "root"
groupname = 0x0
sandbox = 0x0
syslogUser = 128
pid = 0
waitfds = {10, 11}
g_argc = 9
g_argv = 0x7ffc431d0c18
configfile = 0x0
configdir = 0x1d02040 "/opt/zimbra/data/ldap/config"
serverName = 0x7ffc431d169f "slapd"
serverMode = 1
scp = 0x0
scp_entry = 0x0
debug_unknowns = 0x0
syslog_unknowns = 0x0
serverNamePrefix = 0x4f0048 ""
l = 2305843479183585312
slapd_pid_file_unlink = 1
slapd_args_file_unlink = 1
firstopt = 0
__PRETTY_FUNCTION__ = "main"
Thread 1 (Thread 0x7fcf1ffd4700 (LWP 28737)):
#0 0x00007ff724ddd5f7 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
resultvar = 0
pid = 28735
selftid = 28737
#1 0x00007ff724ddece8 in __GI_abort () at abort.c:90
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x7fcf1ffd1f60, sa_sigaction
= 0x7fcf1ffd1f60}, sa_mask = {__val = {69, 1, 140699483447904, 0,
140699485592136, 140527571640064, 140527571640048, 2470669171, 140699480966590,
4294967295, 140699481017829, 69, 140699455947213, 69,
140527571640176, 0}}, sa_flags = 55, sa_restorer = 0x7fcf1ffd1f20}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007ff7269610f8 in tcmalloc::Log (mode=mode@entry=tcmalloc::kCrash,
filename=lelename@entry=0x7ff72696edc6 "src/tcmalloc.cc", line=line@entry=278,
a=..., b=..., c=..., d=...) at src/internal_logging.cc:120
state = {static kBufSize = 200, p_ = 0x7fcf1ffd1fb5 "", end_ =
0x7fcf1ffd2038 "\306\355\226&\367\177",
buf_ = "src/tcmalloc.cc:278] Attempt to free invalid pointer
0x7fd0aefadf98 \n\000\000\000\230(\225&\367\177\000\000\230\337\372\256\320\177\000\000\240r^\001",
'\000' <repeats 12 times>,
"`\"\273&\367\177\000\000\340\022\026%\367\177\000\000\000\000\000\000\0%0\000\000\000\203N\362$\367\177\000\000@
\375\037\317\177\000\000\377\377\377\377\320\177\000\000\066
\375\037\317\177\000\000\006\000\000\000\000\000\000\000@$\026%\367\177\000\000\326w\205\376\003",
'\000' <repeats 11 times>, "\026\001\000\000\000\000\000"}
msglen = 69
fifirst_crash = true
#3 0x00007ff72695d8b4 in (anonymous namespace)::InvalidFree
(ptr=ptr@entry=0x7fd0aefadf98) at src/tcmalloc.cc:278
No locals.
#4 0x00007ff72695cd2f in free_null_or_invalid (invalid_free_fn=0x7ff72695d860
<(anonymous namespace)::InvalidFree(void*)>, ptr=ptr@entry=0x7fd0aefadf98) at
src/tcmalloc.cc:1137
No locals.
#5 (anonymous namespace)::do_free_helper (ptr=ptr@entry=0x7fd0aefadf98,
heap_must_be_valid=true, heap=0x15e72a0, invalid_free_fn=0x7ff72695d860
<(anonymous namespace)::InvalidFree(void*)>) at src/tcmalloc.cc:1181
No locals.
#6 0x00007ff72696b62c in do_free_helper (invalid_free_fn=0x7ff72695d860
<(anonymous namespace)::InvalidFree(void*)>, heap_must_be_valid=true,
heap=0x15e72a0, ptr=0x7fd0aefadf98) at src/thread_cache.h:381
No locals.
#7 do_free_with_callback (invalid_free_fn=0x7ff72695d860 <(anonymous
namespace)::InvalidFree(void*)>, ptr=0x7fd0aefadf98) at src/tcmalloc.cc:1221
heap = 0x15e72a0
#8 do_free (ptr=0x7fd0aefadf98) at src/tcmalloc.cc:1230
No locals.
#9 tc_free (ptr=0x7fd0aefadf98) at src/tcmalloc.cc:1581
No locals.
#10 0x00007ff7264e66ab in ber_memfree_x (p=0x7fd0aefadf98, ctx=0x0) at
memory.c:152
__PRETTY_FUNCTION__ = "ber_memfree_x"
#11 0x00000000004ad69f in slap_sl_free (ptr=0x7fd0aefadf98, ctx=0x43764c0) at
sl_malloc.c:503
sh = 0x43764c0
size = 140527571640688
p = 0x7fd0aefadf98
nextp = 0x106e1aba8
tmpp = 0x7ff700000000
#12 0x00007ff720ff5d26 in accesslog_entry (op=0x7fcf1ffd3480, rs=0x7fcf1ffd3010,
logop=2, op2=0x7fcf1ffd2390) at accesslog.c:1332
on = 0x22dc760
li = 0x20d9de0
rdnbuf = "reqStart=20160706205511.1000000\000x\332\372\256\320\177"
nrdnbuf = "reqStart=m\211\214\000\177\000\000\000\360\004\257\320\177",
'\000' <repeats 11 times>, "-\360\001\000\000"
rdn = {bv_len = 31, bv_val = 0x7fcf1ffd2240
"reqStart=20160706205511.1000000"}
nrdn = {bv_len = 17, bv_val = 0x7fcf1ffd2210 "reqStart=m\211\214"}
timestamp = {bv_len = 22, bv_val = 0x7fcf1ffd2249
"20160706205511.1000000"}
ntimestamp = {bv_len = 8, bv_val = 0x7fd0aefadf98 <Address
0x7fd0aefadf98 out of bounds>}
bv = {bv_len = 140527571641664, bv_val = 0x7fcf1ffd2560 ""}
lo = 0x7ff7211fd0 %3<logops+144>
e = 0x20625d8
#13 0x00007ff720ff6668 in accesslog_response (op=0x7fcf1ffd3480,
rs=0x7fcf1ffd3010) at accesslog.c:1528
on = 0x22dc760
li = 0x20d9de0
a = 0x7fcf1ffd3480
last_attr = 0x7fcf1ffd3010
m = 0x7fcf1ffd27c0
b = 0x7fcf1ffd2610
uuid = {bv_len = 36, bv_val = 0x10736c60
"bd4b254a-9cfc-102f-8a73-ad92a9dc2877"}
i = 0
logop = 2
do_graduate = 0
lo = 0x7ff7211fd5d0 <logops+144>
e = 0x0
old = 0x0
e_uuid = 0x0
timebuf = "\240\003\000\000\000\000\000\000\b\244\337\017\000\000\000\000\b\000\000\000\000\000\000\000\b%\375\037\317\177"
bv = {bv_len = 70672576, bv_val = 0x8c896c <Address 0x8c896c out of
bounds>}
ptr = 0x7fd0aefa7000 <Address 0x7fd0aefa7000 out of bounds>
vals = 0x7fcf1ffd2558
op2 = {o_hdr = 0x0, o_tag = 0, o_time = 0, o_tincr = 0, o_bd = 0x0,
o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 0x0},
o_request = {oq_add = {rs_modlist = 0x0, rs_e = 0x0}, oq_bind = {rb_method = 0,
rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val
= 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {rs_ava
= 0x0}, oq_modify = {rs_mods = {rs_modlist = 0x0,
rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn =
{rs_mods = {rs_modlist = 0x0, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0,
rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 0x0},
rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 0,
rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0,
rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}},
oq_abandon = {rs_msgid = 0}, oq_cancel = {rs_msgid = 0}, oq_extended
= {rs_reqoid = {bv_len = 0, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0},
oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 0, bv_val = 0x0},
rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val =
0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}},
o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000',
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv =
ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000',
o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz =
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0,
bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0,
sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber =
0x0, o_res_ber = 0x0, o_callback = 0x0, o_ctrls = 0x0, o_csn = {bv_len = 0,
bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {
stqe_next = 0x0}}
rs2 = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0,
r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl =
{r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags
= 0}