While deleting a chainingdb database link we start calling that backend's callbacks, and one of those callbacks deletes other callbacks from that same callback list.
==16217== Invalid read of size 8 ==16217== at 0x4C713B9: dse_call_callback (dse.c:2555) ==16217== by 0x4C70E31: dse_delete (dse.c:2439) ==16217== by 0x4C652CB: op_shared_delete (delete.c:364) ==16217== by 0x4C64AB4: do_delete (delete.c:128) ==16217== by 0x415C00: connection_dispatch_operation (connection.c:650) ==16217== by 0x417AB2: connection_threadmain (connection.c:2534) ==16217== by 0x3A8D029A72: ??? (in /lib64/libnspr4.so) ==16217== by 0x378E407850: start_thread (in /lib64/libpthread-2.12.so) ==16217== by 0x378E0E890C: clone (in /lib64/libc-2.12.so) ==16217== Address 0xaf3e1e8 is 56 bytes inside a block of size 64 free'd ==16217== at 0x4A063F0: free (vg_replace_malloc.c:446) ==16217== by 0x4C5FB24: slapi_ch_free (ch_malloc.c:363) ==16217== by 0x4C6C572: dse_callback_delete (dse.c:265) ==16217== by 0x4C6C80D: dse_callback_removefromlist (dse.c:350) ==16217== by 0x4C7129D: dse_remove_callback (dse.c:2523) ==16217== by 0x4C7152F: slapi_config_remove_callback (dse.c:2588) ==16217== by 0x8CB62DB: cb_delete_monitor_callback (cb_monitor.c:260) ==16217== by 0x4C713A3: dse_call_callback (dse.c:2548) ==16217== by 0x4C70E31: dse_delete (dse.c:2439) ==16217== by 0x4C652CB: op_shared_delete (delete.c:364) ==16217== by 0x4C64AB4: do_delete (delete.c:128) ==16217== by 0x415C00: connection_dispatch_operation (connection.c:650) ==16217== by 0x417AB2: connection_threadmain (connection.c:2534) ==16217== by 0x3A8D029A72: ??? (in /lib64/libnspr4.so) ==16217== by 0x378E407850: start_thread (in /lib64/libpthread-2.12.so) ==16217== by 0x378E0E890C: clone (in /lib64/libc-2.12.so) ==16217== ==16217== Thread 19: ==16217== Invalid read of size 8 ==16217== at 0x4C713B9: dse_call_callback (dse.c:2555) ==16217== by 0x4C70F9E: dse_delete (dse.c:2465) ==16217== by 0x4C652CB: op_shared_delete (delete.c:364) ==16217== by 0x4C64AB4: do_delete (delete.c:128) ==16217== by 0x415C00: connection_dispatch_operation (connection.c:650) ==16217== by 0x417AB2: connection_threadmain (connection.c:2534) ==16217== by 0x3A8D029A72: ??? (in /lib64/libnspr4.so) ==16217== by 0x378E407850: start_thread (in /lib64/libpthread-2.12.so) ==16217== by 0x378E0E890C: clone (in /lib64/libc-2.12.so) ==16217== Address 0xcc6bf38 is 56 bytes inside a block of size 64 free'd ==16217== at 0x4A063F0: free (vg_replace_malloc.c:446) ==16217== by 0x4C5FB24: slapi_ch_free (ch_malloc.c:363) ==16217== by 0x4C6C572: dse_callback_delete (dse.c:265) ==16217== by 0x4C6C80D: dse_callback_removefromlist (dse.c:350) ==16217== by 0x4C7129D: dse_remove_callback (dse.c:2523) ==16217== by 0x4C7152F: slapi_config_remove_callback (dse.c:2588) ==16217== by 0x8CB351E: cb_instance_delete_config_callback (cb_instance.c:1714) ==16217== by 0x4C713A3: dse_call_callback (dse.c:2548) ==16217== by 0x4C70F9E: dse_delete (dse.c:2465) ==16217== by 0x4C652CB: op_shared_delete (delete.c:364) ==16217== by 0x4C64AB4: do_delete (delete.c:128) ==16217== by 0x415C00: connection_dispatch_operation (connection.c:650) ==16217== by 0x417AB2: connection_threadmain (connection.c:2534) ==16217== by 0x3A8D029A72: ??? (in /lib64/libnspr4.so)
attachment 0001-Ticket-47686-removing-chaining-database-links-trigge.patch
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1252082
5daea97..a799c46 master -> master commit a799c46 Author: Mark Reynolds mreynolds@redhat.com Date: Mon Aug 10 12:19:00 2015 -0400
9a0047e..29c669e 389-ds-base-1.3.4 -> 389-ds-base-1.3.4 commit 29c669e
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.4 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1022
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.