SIG11 in smbtorture (libsmb/clientgen.c)
Andrew Bartlett
abartlet at pcug.org.au
Sat Jun 30 10:41:35 GMT 2001
I have started looking at making smbtorture more scriptable, with
failures being returned as status outputs. I thought it would be a good
idea to check if smbtourture actualy worked *before* I started, and I
find it doesn't :-)
Well, it does for most of the tests - using smbd-on-a-string mode (AKA
SMBLIB_PROG), but test RW3 does this:
Its failing to free a pointer, but I can't see how this particular test
fails when the rest work fine. The faling op is on cli->outbuf.
Does anybody have any ideas?
(I have had no problems reproducing this - so its not memory or the
like).
Andrew Bartlett
[abartlet at piglett bin]$ gdb ./smbtorture core
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `./smbtorture //localhost/test RW3'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0 0x400c0109 in chunk_free (ar_ptr=0x40154d40, p=0x80ff030) at
malloc.c:3111
3111 malloc.c: No such file or directory.
(gdb) bt full
#0 0x400c0109 in chunk_free (ar_ptr=0x40154d40, p=0x80ff030) at
malloc.c:3111
hd = 1075137864
sz = 65544
idx = 0
next = 0x810f038
nextsz = 0
prevsz = 1075137864
bck = 0x424d53ff
fwd = 0x810f040
islr = 0
#1 0x400bff9a in __libc_free (mem=0x80ff038) at malloc.c:3023
mem = (void *) 0x810f038
ar_ptr = (arena *) 0x40154d40
p = 0x80ff030
#2 0x8051633 in cli_shutdown (cli=0x80b4d80) at libsmb/clientgen.c:210
cli = (struct cli_state *) 0x80b4d80
#3 0x804ad36 in close_connection (c=0x80b4d80) at torture/torture.c:162
c = (struct cli_state *) 0x80b4d80
#4 0x804b9bd in run_readwritelarge (dummy=0) at torture/torture.c:531
cli1 = {port = 139, fd = 5, cnum = 1, pid = 11426, mid = 1, vuid = 100,
protocol = 5, sec_mode = 3, rap_error = 0, privileges = 0, eff_name =
'\000' <repeats 255 times>,
desthost = "localhost", '\000' <repeats 246 times>, user_name =
"abartlet", '\000' <repeats 247 times>, domain = '\000' <repeats 255
times>, server_type = "Samba", '\000' <repeats 250 times>,
server_os = "Unix", '\000' <repeats 251 times>, server_domain =
"TESTWG", '\000' <repeats 249 times>, share = "test", '\000' <repeats
251 times>, dev = ":NTFS", '\000' <repeats 250 times>, called = {
name = "LOCALHOST\000\000\000\000\000\000\000", scope = '\000'
<repeats 63 times>, name_type = 32}, calling = {name =
"PIGLETT\000\000\000\000\000\000\000\000\000", scope = '\000' <repeats
63 times>,
name_type = 0}, full_dest_host_name = '\000' <repeats 255 times>,
dest_ip = {s_addr = 16777343}, pwd = {null_pwd = 0, cleartext = 0,
crypted = 0, password = '\000' <repeats 255 times>,
smb_lm_pwd = '\000' <repeats 15 times>, smb_nt_pwd = '\000' <repeats
15 times>, smb_lm_owf = '\000' <repeats 23 times>, smb_nt_owf = '\000'
<repeats 127 times>, nt_owf_len = 0,
lm_cli_chal = "\000\000\000\000\000\000\000", nt_cli_chal = '\000'
<repeats 127 times>, nt_cli_chal_len = 0, sess_key = '\000' <repeats 15
times>}, cryptkey = "ø\214\\`X)\224µ", sesskey = 11428,
serverzone = -36000, servertime = 993859293, readbraw_supported = 1,
writebraw_supported = 1, timeout = 120000, max_xmit = 69632, max_mux =
50, outbuf = 0x80ff038 "", inbuf = 0x810f040 "",
bufsize = 65539, initialised = 1, win95 = 0, capabilities = 949,
mem_ctx = 0x80fe9b8, nt_error = 0, nt_pipe_fnum = 0, sess_key = '\000'
<repeats 15 times>, ntlmssp_hash = '\000' <repeats 257 times>,
ntlmssp_cli_flgs = 0, ntlmssp_srv_flgs = 0, ntlmssp_seq_num = 0,
clnt_cred = {challenge = {data = "\000\000\000\000\000\000\000"},
timestamp = {time = 0}}, mach_acct = '\000' <repeats 255 times>,
srv_name_slash = '\000' <repeats 255 times>, clnt_name_slash = '\000'
<repeats 255 times>, max_xmit_frag = 0, max_recv_frag = 0, key = {pid =
0, vuid = 0}, ntlmssp_flags = 0, use_oplocks = 0,
use_level_II_oplocks = 0, oplock_handler = 0x805ee50 <cli_oplock_ack>}
fnum1 = 5025
lockfname = 0x8085052 "\\large.dat"
fsize = 65536
buf = '\000' <repeats 65535 times>
#5 0x80509c0 in run_test (name=0xbffffa78 "RW3") at
torture/torture.c:2895
name = 0xbffffa78 "RW3"
i = 25
#6 0x8050de9 in main (argc=3, argv=0xbffff924) at
torture/torture.c:3050
argc = 2
argv = (char **) 0xbffff928
opt = 1075137864
i = 1
p = 0x1 <Address 0x1 out of bounds>
gotpass = 1
servicesf = "/home/abartlet/build_farm/prefix/samba/lib/smb.conf",
'\000' <repeats 972 times>
(gdb)
--
Andrew Bartlett
abartlet at pcug.org.au
abartlet at samba.org
More information about the samba-technical
mailing list