ds crashes occasionally hen performing a cn=monitor search.
his bug was reported in bz1203338, details there.
The core issue is in libdb, see: bz 1211871, but it could eventually fixed in DS by prebvening db_open calls and memp_stat calls to run in parallel
attachment 0001-testcase-for-ticket-48149.patch
with the attached test script I did get a crash in 5 out of 10 runs I produced 10 crahses with 7 different stack traces, but all in malloc and related to ldbm_back_monitor_instance search. That we see different crash location is quite usual for heap corruptions
attachment 0001-Ticket-48149-ns-slapd-double-free-or-corruption-cras.patch
attachment 0002-Ticket-48149-test-for-ns-slapd-double-free-or-corrup.patch
attachment 0002-Ticket-48149-test-for-ns-slapd-double-free-or-corrup.2.patch
{{{ 105 #define DB_OPEN(priv, oflags, db, txnid, file, database, type, flags, mode, rval) \ ... 109 if ((priv)) slapi_rwlock_rdlock((priv)->dblayer_env_lock); \ 109 110 (rval) = ((db)->open)((db), (txnid), (file), (database), (type), (flags)|DB_AUTO_COMMIT, (mode)); \ 111 if ((priv)) slapi_rwlock_unlock((priv)->dblayer_env_lock); \ }}} Should this be "env" instead of "priv"?
well it is of type 'struct dblayer_private_env *', so I called it priv, but maybe it could be penv
Replying to [comment:9 lkrispen]:
Ok. I was just confused because everywhere DB_OPEN is used, the first argument is pENV or mypENV, and here the argument is env instead of priv: {{{ 125 #define DB_OPEN(env, oflags, db, txnid, file, database, type, flags, mode, rval) \ }}}
If it should be priv for the first definition of DB_OPEN, that's fine.
git patch file (1.2.11 branch) -- fixing a coverity defect 0001-Ticket-48149-ns-slapd-double-free-or-corruption-cras.2.patch
This issue is taken care in 1.2.11. This is not a problem in 1.3.3 and newer since libdb has the fix.
Closing this ticket. Thanks, Ludwig!
Metadata Update from @lkrispen: - Issue assigned to lkrispen - Issue set to the milestone: 1.2.11.33
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1480
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.