s4 crash: talloc: double free error - first free may be at ../dsdb/common/util.c:2705
Michael Wood
esiotrot at gmail.com
Mon Jun 21 02:49:48 MDT 2010
Should I report this here or rather file a bug report in bugzilla?
(The last crash report I sent to the list was ignored.)
Last week I compiled 65ca3e4, vampired from a Win2k3 machine, and left
it running over the weekend. There have been a couple of other
instances of Samba4 that have vampired the domain before. Nothing was
happening on the domain over the weekend, i.e. no added/deleted users
etc.
This morning there's a zombie samba process and its parent is:
/usr/local/samba/sbin/samba -i -M single -d10
In the window where I started Samba I see this:
[...]
queued DsReplicaSync for DC=xyz to
bd0034a8-6252-4b42-ba54-1270a66630c4._msdcs.xyz (urgent=false)
uSN=0:3244
queued DsReplicaSync for DC=xyz to
4a86865e-403e-4aa1-b3b5-f8508ba9c873._msdcs.xyz (urgent=false)
uSN=0:3244
dreplsrv_notify_schedule(5) scheduled for: Fri Jun 18 19:18:57 2010 SAST
Timed out smb_krb5 packet
Received smb_krb5 packet of length 154
talloc: double free error - first free may be at ../dsdb/common/util.c:2705
Bad talloc magic value - double free
PANIC: Bad talloc magic value - double free
*** glibc detected *** /usr/local/samba/sbin/samba: corrupted
double-linked list: 0x0000000002691e20 ***
I've attached to the process with gdb and done a bt full (see
attached). What else should I do to find out what caused this?
--
Michael Wood <esiotrot at gmail.com>
-------------- next part --------------
(gdb) bt full
#0 0x00007fc1c7ceef3b in pthread_once () from /lib/libpthread.so.0
No symbol table info available.
#1 0x00007fc1c75ae394 in backtrace () from /lib/libc.so.6
No symbol table info available.
#2 0x00007fc1c751c50f in ?? () from /lib/libc.so.6
No symbol table info available.
#3 0x00007fc1c75265b6 in ?? () from /lib/libc.so.6
No symbol table info available.
#4 0x00007fc1c7526a1f in ?? () from /lib/libc.so.6
No symbol table info available.
#5 0x00007fc1c7529fad in ?? () from /lib/libc.so.6
No symbol table info available.
#6 0x00007fc1c752d424 in calloc () from /lib/libc.so.6
No symbol table info available.
#7 0x00007fc1cc5c445f in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#8 0x00007fc1cc5bf4b6 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#9 0x00007fc1cc5c13a0 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#10 0x00007fc1cc5cc5f9 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#11 0x00007fc1cc5c79c6 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#12 0x00007fc1cc5cbffa in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#13 0x00007fc1c75d3ba0 in ?? () from /lib/libc.so.6
No symbol table info available.
#14 0x00007fc1cc5c79c6 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#15 0x00007fc1c75d3cf7 in __libc_dlopen_mode () from /lib/libc.so.6
No symbol table info available.
#16 0x00007fc1c75ae295 in ?? () from /lib/libc.so.6
No symbol table info available.
#17 0x00007fc1c7ceef43 in pthread_once () from /lib/libpthread.so.0
No symbol table info available.
#18 0x00007fc1c75ae394 in backtrace () from /lib/libc.so.6
No symbol table info available.
#19 0x00007fc1cac63a1f in call_backtrace () at ../../lib/util/fault.c:58
backtrace_stack = {0x7fc1cac52728, 0x100000000, 0x100000246,
0x7fc1c751b423, 0x7ffffbad8000, 0x7fc1cc7d5d58, 0x7fffe8850870, 0x0,
0x7fffe8850898, 0x7fc1cc7d5a00, 0x56584180, 0x7fc1cc5c3772, 0x0,
0x0, 0x1, 0x0, 0x1, 0x7fc1cc7d5a00, 0x0, 0x0, 0x1d00000, 0x0,
0x7fc1cc7d5d58, 0x7fffe8850820, 0x7fffe8850838, 0x100000000,
0x1d03d85, 0x7fc1cac53705, 0x7fffe8850910, 0x6, 0x7fc1cbaf4f12,
0x10, 0x0, 0x7fc1c752ce53, 0x72, 0x7fffe8850910, 0x6,
0x7fc1cbaf4f12, 0x7fc1cac52728, 0x7fc1cc7d5a00, 0x72, 0xffffffff,
0x3000000010, 0x1, 0x22f318, 0x0, 0x10, 0x0, 0x7fc1cac4d000,
0x7fc1cc5c77d1, 0x1, 0x0, 0x7fffe88508e0, 0x7fc1cac52728, 0x72,
0x72, 0x7fffe8850a30, 0x6, 0x7fc1cbaf4f12, 0x7fc1cc5ce475,
0x1d02090, 0x7fc1c7cf08c0, 0xffffffffffffffc0, 0x0}
backtrace_size = 2333824924645138531
backtrace_strings = 0x2923c20
__FUNCTION__ = "call_backtrace"
#20 0x00007fc1cac63d0c in smb_panic (
why=0x7fc1c9d886c8 "Bad talloc magic value - double free")
at ../../lib/util/fault.c:145
result = 0
__FUNCTION__ = "smb_panic"
#21 0x00007fc1c9d84ff9 in talloc_abort (
reason=0x7fc1c9d886c8 "Bad talloc magic value - double free")
at ../../lib/talloc/talloc.c:202
No locals.
#22 0x00007fc1c9d85075 in talloc_abort_double_free ()
at ../../lib/talloc/talloc.c:218
No locals.
#23 0x00007fc1c9d850f2 in talloc_chunk_from_ptr (ptr=0x2691e10)
at ../../lib/talloc/talloc.c:239
pp = 0x2691e10 "\220\261\304\002"
tc = 0x2691dc0
#24 0x00007fc1c9d85351 in __talloc (context=0x2691e10, size=34)
at ../../lib/talloc/talloc.c:400
tc = 0x0
#25 0x00007fc1c9d877c0 in __talloc_strlendup (t=0x2691e10,
p=0x21144d0 " Miscellaneous failure (see text)", len=33)
at ../../lib/talloc/talloc.c:1580
ret = 0x7fc1cb89352a "\353\vH\213U\310H\213E\230H\211\020\213E\354H\201?"
#26 0x00007fc1c9d878b9 in talloc_strndup (t=0x2691e10,
p=0x21144d0 " Miscellaneous failure (see text)", n=33)
at ../../lib/talloc/talloc.c:1605
No locals.
#27 0x00007fc1c9751300 in gssapi_error_string (mem_ctx=0x2691e10,
maj_stat=851968, min_stat=2529638919, mech=0x7fc1cbdaebb0)
at ../auth/gensec/gensec_gssapi.c:70
disp_min_stat = 0
disp_maj_stat = 0
maj_error_message = {length = 33, value = 0x21144d0}
min_error_message = {length = 105, value = 0x2a43130}
maj_error_string = 0x7fc1cac634a3 "\311\303UH\211\345H\203\354 \211}\374\211u\370H\211U\360H\211M\350H\213U\350H\213M\360\213E\374H\211?\307\350\310@\377\377\311\303UH\211\345H\201\354", <incomplete sequence \340>
min_error_string = 0x7fffe8850bd0 "\340\f\205\350\377\177"
msg_ctx = 0
ret = 0x2afb120 "\300?\001"
#28 0x00007fc1c9752703 in gensec_gssapi_update (gensec_security=0x1d02a80,
out_mem_ctx=0x2a9dbe0, in=..., out=0x2a9dbe8)
at ../auth/gensec/gensec_gssapi.c:560
gensec_gssapi_state = 0x2691e10
nt_status = {v = 3221225581}
maj_stat = 851968
min_stat = 2529638919
min_stat2 = 0
input_token = {length = 0, value = 0x0}
output_token = {length = 0, value = 0x0}
gss_oid_p = 0x7fc1cbdaebb0
__FUNCTION__ = "gensec_gssapi_update"
#29 0x00007fc1c975a5fb in gensec_update (gensec_security=0x1d02a80,
out_mem_ctx=0x2a9dbe0, in=..., out=0x2a9dbe8)
at ../auth/gensec/gensec.c:988
No locals.
#30 0x00007fc1ca3c29e8 in dcerpc_bind_auth_send (mem_ctx=0x25cd9d0,
p=0x2a432d0, table=0x7fc1cbd9b5a0, credentials=0x18b6a20,
gensec_settings=0x21221b0, auth_type=16 '\020', auth_level=6 '\006',
service=0x7fc1cbaf4f12 "ldap") at ../librpc/rpc/dcerpc_auth.c:325
c = 0x1ec3250
creq = 0x7fffe8850e10
state = 0x2a9dbe0
sec = 0x26976d0
syntax = {uuid = {time_low = 3813753397, time_mid = 19206,
time_hi_and_version = 4561, clock_seq = "\253\004",
node = "\000\300O\302\334", <incomplete sequence \322>},
if_version = 4}
transfer_syntax = {uuid = {time_low = 2324192516, time_mid = 7403,
time_hi_and_version = 4553,
clock_seq = "\237", <incomplete sequence \350>,
node = "\b\000+\020H`"}, if_version = 2}
__FUNCTION__ = "dcerpc_bind_auth_send"
#31 0x00007fc1ca3c4d39 in dcerpc_pipe_auth_send (p=0x2a432d0,
binding=0x1a9e650, table=0x7fc1cbd9b5a0, credentials=0x18b6a20,
lp_ctx=0x18a47e0) at ../librpc/rpc/dcerpc_util.c:629
c = 0x25cd9d0
s = 0x2c4af80
auth_schannel_req = 0x7fc1ca3ea438
auth_req = 0x7fc1c9d8579a
auth_none_req = 0x7fffe8850ef0
conn = 0x26976c0
auth_type = 16 '\020'
#32 0x00007fc1ca3ca32c in continue_pipe_connect (c=0x2a42080, s=0x2a9ea00)
at ../librpc/rpc/dcerpc_connect.c:684
auth_bind_req = 0x7fc1ca3c98b4
#33 0x00007fc1ca3ca17d in continue_pipe_connect_ncacn_ip_tcp (ctx=0x25cd9d0)
at ../librpc/rpc/dcerpc_connect.c:632
c = 0x2a42080
s = 0x2a9ea00
#34 0x00007fc1cb7cb14a in composite_done (ctx=0x25cd9d0)
at ../libcli/composite/composite.c:144
No locals.
#35 0x00007fc1ca3c96db in continue_pipe_open_ncacn_ip_tcp (ctx=0x29ca780)
at ../librpc/rpc/dcerpc_connect.c:297
c = 0x25cd9d0
#36 0x00007fc1cb7cb14a in composite_done (ctx=0x29ca780)
at ../libcli/composite/composite.c:144
No locals.
#37 0x00007fc1ca3c8795 in continue_ipv4_open_socket (ctx=0x29d3f40)
at ../librpc/rpc/dcerpc_sock.c:452
c = 0x29ca780
s = 0x1d04730
__FUNCTION__ = "continue_ipv4_open_socket"
#38 0x00007fc1cb7cb14a in composite_done (ctx=0x29d3f40)
at ../libcli/composite/composite.c:144
No locals.
#39 0x00007fc1ca3c82eb in continue_socket_connect (ctx=0x2a9df10)
at ../librpc/rpc/dcerpc_sock.c:302
conn = 0x26976c0
sock = 0x2923dd0
c = 0x29d3f40
s = 0x293a590
__FUNCTION__ = "continue_socket_connect"
#40 0x00007fc1cb7cb14a in composite_done (ctx=0x2a9df10)
at ../libcli/composite/composite.c:144
No locals.
#41 0x00007fc1cb7fa082 in socket_connect_handler (ev=0x18b5c70, fde=0x235fc70,
flags=2, private_data=0x2a9df10) at ../lib/socket/connect.c:131
result = 0x2a9df10
state = 0x25ce850
#42 0x00007fc1ca600833 in epoll_event_loop (std_ev=0x18b52f0,
tvalp=0x7fffe88512d0) at ../../lib/tevent/tevent_standard.c:309
fde = 0x235fc70
flags = 2
ret = 1
i = 0
events = {{events = 4, data = {ptr = 0x235fc70, fd = 37092464,
u32 = 37092464, u64 = 37092464}}}
timeout = 4107
#43 0x00007fc1ca600f9f in std_event_loop_once (ev=0x18b5c70,
location=0x8799c7 "../smbd/server.c:474")
at ../../lib/tevent/tevent_standard.c:544
std_ev = 0x18b52f0
tval = {tv_sec = 4, tv_usec = 106978}
#44 0x00007fc1ca5fcbb8 in _tevent_loop_once (ev=0x18b5c70,
location=0x8799c7 "../smbd/server.c:474") at ../../lib/tevent/tevent.c:494
ret = 0
nesting_stack_ptr = 0x0
#45 0x00007fc1ca5fcdf5 in tevent_common_loop_wait (ev=0x18b5c70,
location=0x8799c7 "../smbd/server.c:474") at ../../lib/tevent/tevent.c:595
ret = 0
#46 0x00007fc1ca5fcec0 in _tevent_loop_wait (ev=0x18b5c70,
location=0x8799c7 "../smbd/server.c:474") at ../../lib/tevent/tevent.c:614
No locals.
#47 0x0000000000791009 in binary_smbd_main (binary_name=0x8794e3 "samba",
argc=5, argv=0x7fffe8851778) at ../smbd/server.c:474
opt_daemon = false
opt_interactive = true
opt = -1
pc = 0x18a4040
static_init = {0x587e18 <server_service_drepl_init>,
0x43a1ff <server_service_kcc_init>,
0x4494aa <server_service_dnsupdate_init>,
0x73149c <server_service_auth_init>,
0x52927c <server_service_smb_init>,
0x562c7e <server_service_samba3_smb_init>,
0x757af0 <server_service_rpc_init>,
0x4f5215 <server_service_ldap_init>,
0x497771 <server_service_web_init>,
0x551b27 <server_service_winbind_init>,
0x75927c <server_service_nbtd_init>,
0x4e9c91 <server_service_wrepl_init>,
0x7465be <server_service_cldapd_init>,
0x798abf <server_service_ntp_signd_init>,
0x5ef26d <server_service_kdc_init>, 0}
shared_init = 0x0
event_ctx = 0x18b5c70
stdin_event_flags = 1
status = {v = 0}
model = 0x18a8830 "single"
max_runtime = 0
long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4,
arg = 0x7fc1caa0f1a0, val = 0, descrip = 0x879652 "Help options:",
argDescrip = 0x0}, {longName = 0x879660 "daemon",
shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000,
descrip = 0x879667 "Become a daemon (default)", argDescrip = 0x0},
{longName = 0x879681 "interactive", shortName = 105 'i',
argInfo = 0, arg = 0x0, val = 1001,
descrip = 0x879690 "Run interactive (not a daemon)",
argDescrip = 0x0}, {longName = 0x8796af "model",
shortName = 77 'M', argInfo = 1, arg = 0x0, val = 1002,
descrip = 0x8796b5 "Select process model",
argDescrip = 0x8796ca "MODEL"}, {
longName = 0x8796d0 "maximum-runtime", shortName = 0 '\000',
argInfo = 2, arg = 0x7fffe885164c, val = 0,
descrip = 0x8796e0 "set maximum runtime of the server process, till autotermination", argDescrip = 0x879720 "seconds"}, {
longName = 0x879728 "show-build", shortName = 98 'b', argInfo = 0,
arg = 0x0, val = 1003, descrip = 0x879733 "show build info",
argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000',
argInfo = 4, arg = 0xadbb60, val = 0,
descrip = 0x879743 "Common samba options:", argDescrip = 0x0}, {
longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0xadbd20,
val = 0, descrip = 0x879743 "Common samba options:",
argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000',
argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
__FUNCTION__ = "binary_smbd_main"
#48 0x000000000079104f in main (argc=5, argv=0x7fffe8851778)
at ../smbd/server.c:485
No locals.
More information about the samba-technical
mailing list