Ticket was cloned from Red Hat Bugzilla: Bug 1758109
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: The ASAN error was reported during the execution of dirsrvtests/tests/suites/basic/basic_test.py::test_basic_import_export ================================================================= ==1150== ERROR: AddressSanitizer: heap-use-after-free on address 0x602a0006a828 at pc 0x7f414d09aef9 bp 0x7f40b0ee1780 sp 0x7f40b0ee1770 READ of size 8 at 0x602a0006a828 thread T73 #0 0x7f414d09aef8 in import_free_job /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/back-ldbm/import.c:155 #1 0x7f414d09c35f in import_main_offline /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/back-ldbm/import.c:1611 #2 0x7f4159857bfa in PR_Select /usr/src/debug/nspr-4.21/pr/src/pthreads/../ ../../nspr/pr/src/pthreads/ptthread.c:201 #3 0x7f415bd61867 in _ZN6__asan10AsanThread11ThreadStartEv _asan_rtl_ #4 0x7f41591f7ea4 in start_thread /usr/src/debug/glibc-2.17-c758a686/nptl/pthread_create.c:307 #5 0x7f41588a38dc in __clone /usr/src/debug////////glibc-2.17-c758a686/misc /../sysdeps/unix/sysv/linux/x86_64/clone.S:111 0x602a0006a828 is located 232 bytes inside of 328-byte region [0x602a0006a740,0x602a0006a888) freed by thread T0 here: #0 0x7f415bd5ddd9 in __interceptor_free _asan_rtl_ #1 0x7f415b6c7588 in slapi_ch_free /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/ch_malloc.c:265 #2 0x7f414d099af9 in idl_iterator_dereference_decrement /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/back-ldbm/import.c:255 #3 0x7f415b7e179f in destroy_task /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/task.c:649 #4 0x7f415b7edf56 in task_shutdown /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/task.c:3020 #5 0x55f28b15dac7 in ?? /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/daemon.c:1275 #6 0x55f28b13cde3 in ?? /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/main.c:1204 #7 0x7f41587c7554 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:266 previously allocated by thread T16 here: #0 0x7f415bd5dff5 in calloc _asan_rtl_ #1 0x7f415b6c7148 in slapi_ch_calloc /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/ch_malloc.c:175 #2 0x7f414d09fa5b in ldbm_back_ldif2ldbm_deluxe /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/back-ldbm/import.c:1648 #3 0x7f414d10e425 in ldbm_back_ldif2ldbm /usr/src/debug/389-ds-base-1.3.10. 1/ldap/servers/slapd/back-ldbm/ldif2ldbm.c:809 #4 0x7f415b7e668d in task_import_add /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/task.c:1041 #5 0x7f415b6de430 in dse_call_callback /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/dse.c:2553 #6 0x7f415b6e3b49 in dse_add /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/dse.c:2250 #7 0x7f415b6b160b in op_shared_add /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/add.c:679 #8 0x7f415b6b328f in do_add /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/add.c:236 #9 0x55f28b151797 in ?? /usr/src/debug/389-ds-base-1.3.10.1/ldap/servers/slapd/connection.c:610 #10 0x7f4159857bfa in PR_Select /usr/src/debug/nspr-4.21/pr/src/pthreads/.. /../../nspr/pr/src/pthreads/ptthread.c:201 Thread T73 created by T16 here: #0 0x7f415bd52a0a in __interceptor_pthread_create _asan_rtl_ #1 0x7f41598578cb in PR_Select /usr/src/debug/nspr-4.21/pr/src/pthreads/../ ../../nspr/pr/src/pthreads/ptthread.c:433 #2 0x0 Thread T16 created by T0 here: #0 0x7f415bd52a0a in __interceptor_pthread_create _asan_rtl_ #1 0x7f41598578cb in PR_Select /usr/src/debug/nspr-4.21/pr/src/pthreads/../ ../../nspr/pr/src/pthreads/ptthread.c:433 #2 0x0 Shadow bytes around the buggy address: 0x0c05c00054b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c00054c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c00054d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c00054e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c05c00054f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c05c0005500: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c05c0005510: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c0005520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c0005530: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c0005540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c05c0005550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==1150== ABORTING Version-Release number of selected component (if applicable): 389-ds-base-1.3.10.1-2 How reproducible: 1 out of 10 runs Steps to Reproduce: Run dirsrvtests/tests/suites/basic/basic_test.py::test_basic_import_export
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1758109
Filed PR:
https://pagure.io/389-ds-base/pull-request/50650
Metadata Update from @mreynolds: - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None
4673148 - 1.4.1
6304942..4898470 389-ds-base-1.4.0 -> 389-ds-base-1.4.0
e185f7c..9e88768 389-ds-base-1.3.10 -> 389-ds-base-1.3.10
Going to work on front-port to 1.4.2 (master branch) next...
Metadata Update from @mreynolds: - Issue assigned to mreynolds
Commit 7a0a090 relates to this ticket
c95f6cf..7a0a090 master -> master
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @vashirov: - Issue set to the milestone: None (was: 0.0 NEEDS_TRIAGE)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3701
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.