Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1517968
Description of problem: ================================================================= ==12884== ERROR: AddressSanitizer: heap-use-after-free on address 0x600e0014cb70 at pc 0x7f36c786e615 bp 0x7f3680ed4c70 sp 0x7f3680ed4c60 READ of size 8 at 0x600e0014cb70 thread T35 #0 0x7f36c786e614 in slapi_sdn_common_ancestor /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2523 #1 0x7f36c7874937 in dse_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2431 #2 0x7f36c785f486 in op_shared_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/delete.c:324 #3 0x7f36c785fa1a in do_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/delete.c:97 #4 0x55d6ad486e38 in ?? /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/connection.c:614 #5 0x7f36c59f7c8a in PR_Select /usr/src/debug/nspr-4.17.0/pr/src/pthreads/. ./../../nspr/pr/src/pthreads/ptthread.c:216 #6 0x7f36c7eec867 in _ZN6__asan10AsanThread11ThreadStartEv _asan_rtl_ #7 0x7f36c5397dd4 in start_thread /usr/src/debug/glibc-2.17-c758a686/nptl/pthread_create.c:308 #8 0x7f36c4a459bc in __clone /usr/src/debug////////glibc-2.17-c758a686/misc /../sysdeps/unix/sysv/linux/x86_64/clone.S:113 0x600e0014cb70 is located 64 bytes inside of 72-byte region [0x600e0014cb30,0x600e0014cb78) freed by thread T35 here: #0 0x7f36c7ee8dd9 in __interceptor_free _asan_rtl_ #1 0x7f36c78576c8 in slapi_ch_free /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/ch_malloc.c:270 #2 0x7f36c78751e7 in dse_remove_callback /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:321 #3 0x7f36c7875639 in slapi_config_remove_callback /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2618 #4 0x7f36bc4b890c in cb_delete_monitor_callback /usr/src/debug/389-ds-base- 1.3.7.5/ldap/servers/plugins/chainingdb/cb_monitor.c:236 #5 0x7f36bc4b32ec in cb_instance_delete_config_callback /usr/src/debug/389- ds-base-1.3.7.5/ldap/servers/plugins/chainingdb/cb_instance.c:1759 #6 0x7f36c786e520 in slapi_sdn_common_ancestor /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2543 #7 0x7f36c7874937 in dse_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2431 #8 0x7f36c785f486 in op_shared_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/delete.c:324 #9 0x7f36c785fa1a in do_delete /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/delete.c:97 #10 0x55d6ad486e38 in ?? /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/connection.c:614 #11 0x7f36c59f7c8a in PR_Select /usr/src/debug/nspr-4.17.0/pr/src/pthreads/ ../../../nspr/pr/src/pthreads/ptthread.c:216 previously allocated by thread T33 here: #0 0x7f36c7ee8ff5 in calloc _asan_rtl_ #1 0x7f36c7857288 in slapi_ch_calloc /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/ch_malloc.c:180 #2 0x7f36c7874bd2 in dse_register_callback /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:214 #3 0x7f36c787546a in slapi_config_register_callback_plugin /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2597 #4 0x7f36c787551d in slapi_config_register_callback /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/dse.c:2567 #5 0x7f36bc4afb97 in cb_instance_add_monitor_later /usr/src/debug/389-ds-ba se-1.3.7.5/ldap/servers/plugins/chainingdb/cb_instance.c:1788 #6 0x7f36c7888544 in slapd_versatile_strerror /usr/src/debug/389-ds-base-1.3.7.5/ldap/servers/slapd/eventq.c:278 #7 0x7f36c59f7c8a in PR_Select /usr/src/debug/nspr-4.17.0/pr/src/pthreads/. ./../../nspr/pr/src/pthreads/ptthread.c:216 Thread T35 created by T0 here: #0 0x7f36c7edda0a in __interceptor_pthread_create _asan_rtl_ #1 0x7f36c59f795b in PR_Select /usr/src/debug/nspr-4.17.0/pr/src/pthreads/. ./../../nspr/pr/src/pthreads/ptthread.c:457 #2 0x0 Thread T33 created by T0 here: #0 0x7f36c7edda0a in __interceptor_pthread_create _asan_rtl_ #1 0x7f36c59f795b in PR_Select /usr/src/debug/nspr-4.17.0/pr/src/pthreads/. ./../../nspr/pr/src/pthreads/ptthread.c:457 Shadow bytes around the buggy address: 0x0c0240021910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0240021920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0240021930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0240021940: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c0240021950: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c0240021960: fd fa fa fa fa fa fd fd fd fd fd fd fd fd[fd]fa 0x0c0240021970: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa 0x0c0240021980: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c0240021990: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd 0x0c02400219a0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x0c02400219b0: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==12884== ABORTING Version-Release number of selected component (if applicable): 389-ds-base-1.3.7.5-10.el7.x86_64 Problem has occurred in chainingdb test suite in TET.
Metadata Update from @firstyear: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1517968
Metadata Update from @mreynolds: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None - Issue set to the milestone: 1.3.7.0 (was: 0.0 NEEDS_TRIAGE)
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4.2 (was: 1.3.7.0)
Metadata Update from @vashirov: - Issue set to the milestone: 1.4.3 (was: 1.4.2)
Metadata Update from @mreynolds: - Issue assigned to mreynolds
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2532
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.