rsbx@acm.org wrote:
Full_Name: Raymond S Brand Version: 60720f5d9cdc19092d0aad6b0a94e196e5525d1c OS: Debian Wheezy amd64 URL: Submission from: (NULL) (50.88.155.14)
The following is the output from valgrind for the above run. Valgrind was used specifically to aid in creating this bug report; it is not part of my normal testing of this software.
The output is puzzling. It shows syncprov_db_close accessing a persistent search structure that was already freed in syncprov_op_abandon. The puzzling part is that syncprov_db_close can only find ops by following the si->si_op list, and syncprov_op_abandon always removes ops from the si_op list before it frees anything.
Will have to look into this later, but now you can see why this feature is not part of the public 2.4 releases. Nor will it be, it's a 2.5 feature.
==2454== Memcheck, a memory error detector ==2454== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==2454== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==2454== Command: /home/internet/Projects/OpenLDAP/openldap/BUILD/t2/tests/../servers/slapd/slapd -s0 -F ./slapd.d -h ldap://localhost:9011/ -d 0x4105 ==2454== Parent PID: 2442 ==2454== ==2454== Thread 4: ==2454== Invalid read of size 8 ==2454== at 0x45006E: send_ldap_response (result.c:704) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450072: send_ldap_response (result.c:704) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x45007F: send_ldap_response (result.c:705) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450083: send_ldap_response (result.c:705) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23ce30 is 432 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x44FD85: send_ldap_response (result.c:716) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== Address 0xa23cdb8 is 312 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450B28: slap_send_ldap_result (result.c:845) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc88 is 8 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x450CD1: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FA4CBA: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FD4480: _IO_default_xsputn (genops.c:480) ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== Address 0xa23ce38 is 440 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x7FD4492: _IO_default_xsputn (genops.c:479) ==2454== by 0x7FA4B82: vfprintf (vfprintf.c:1623) ==2454== by 0x7FCB6A1: vsnprintf (vsnprintf.c:120) ==2454== by 0x59D492: lutil_debug (debug.c:67) ==2454== by 0x450D03: slap_send_ldap_result (result.c:846) ==2454== by 0x5572BB: syncprov_db_close (syncprov.c:3178) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== Address 0xa23ce3a is 442 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x5572BC: syncprov_db_close (syncprov.c:3179) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== by 0x440C1D: connection_read_thread (connection.c:1291) ==2454== Address 0xa23cbc0 is 0 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 1 ==2454== at 0x555F78: syncprov_drop_psearch (syncprov.c:1099) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc00 is 64 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F86: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cbe0 is 32 bytes inside a block of size 128 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F8A: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23cc80 is 0 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555F8D: syncprov_drop_psearch (syncprov.c:1102) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0xa23ce00 is 384 bytes inside a block of size 758 free'd ==2454== at 0x4C27D4E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2454== by 0x555F5B: syncprov_free_syncop (syncprov.c:814) ==2454== by 0x555FE5: syncprov_drop_psearch (syncprov.c:1109) ==2454== by 0x556141: syncprov_op_abandon (syncprov.c:1158) ==2454== by 0x45E0A6: fe_op_abandon (abandon.c:136) ==2454== by 0x43EBFB: connection_abandon (connection.c:747) ==2454== by 0x4403B8: connection_closing (connection.c:820) ==2454== by 0x440EBA: connection_read_thread (connection.c:1476) ==2454== by 0x573917: ldap_int_thread_pool_wrapper (tpool.c:688) ==2454== by 0x59BFB4F: start_thread (pthread_create.c:304) ==2454== by 0x8039A7C: clone (clone.S:112) ==2454== ==2454== Invalid read of size 8 ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== Address 0x168 is not stack'd, malloc'd or (recently) free'd ==2454== ==2454== ==2454== Process terminating with default action of signal 11 (SIGSEGV) ==2454== Access not within mapped region at address 0x168 ==2454== at 0x555FBB: syncprov_drop_psearch (syncprov.c:1104) ==2454== by 0x5572C8: syncprov_db_close (syncprov.c:3180) ==2454== by 0x4A6B5A: overlay_remove_cb (backover.c:1189) ==2454== by 0x44F93A: slap_cleanup_play (result.c:525) ==2454== by 0x44FD99: send_ldap_response (result.c:717) ==2454== by 0x4508E5: slap_send_ldap_result (result.c:844) ==2454== by 0x42F7C4: config_back_delete (bconfig.c:6481) ==2454== by 0x4A75F2: overlay_op_walk (backover.c:691) ==2454== by 0x4A7734: over_op_func (backover.c:743) ==2454== by 0x45931F: fe_op_delete (delete.c:174) ==2454== by 0x45904C: do_delete (delete.c:95) ==2454== by 0x4407E2: connection_operation (connection.c:1155) ==2454== If you believe this happened as a result of a stack ==2454== overflow in your program's main thread (unlikely but ==2454== possible), you can try to increase the size of the ==2454== main thread stack using the --main-stacksize= flag. ==2454== The main thread stack size used in this run was 8388608. ==2454== ==2454== HEAP SUMMARY: ==2454== in use at exit: 6,002,487 bytes in 13,317 blocks ==2454== total heap usage: 22,504 allocs, 9,187 frees, 8,818,779 bytes allocated ==2454== ==2454== LEAK SUMMARY: ==2454== definitely lost: 0 bytes in 0 blocks ==2454== indirectly lost: 0 bytes in 0 blocks ==2454== possibly lost: 1,152 bytes in 4 blocks ==2454== still reachable: 6,001,335 bytes in 13,313 blocks ==2454== suppressed: 0 bytes in 0 blocks ==2454== Rerun with --leak-check=full to see details of leaked memory ==2454== ==2454== For counts of detected and suppressed errors, rerun with: -v ==2454== ERROR SUMMARY: 42 errors from 16 contexts (suppressed: 31 from 9) ~ ~