talloc_chunk_from_ptr bug
Andreas Schneider
asn at samba.org
Tue Aug 2 03:42:03 MDT 2011
Hello,
today I worked on some new code and while running 'make test' I got a new
backtrace...
Thread 1 (Thread 0x7f1ddd0bc720 (LWP 4682)):
#0 0x00007f1ddad1e26e in waitpid () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007f1ddacb9491 in do_system () from /lib64/libc.so.6
No symbol table info available.
#2 0x0000000000a24e03 in smb_panic_default (why=0x16f8d25 "internal error")
at ../lib/util/fault.c:126
pidstr =
"4682\000\000\000\000\240\376\361\001\000\000\000\000\r\002\000\300"
cmdstring =
"/home/asn/workspace/projects/samba/master/selftest/gdb_backtrace 4682",
'\000' <repeats 11 times>, "\b\000\000\000\060\000\000\000@:/t\377\177\00
0\000\200\071/t\377\177\000\000@\000\000\000\000\000\000\001\220\032", '\000'
<repeats 14 times>,
"\016\215o\001\000\000\000\000B\216o\001\000\000\000\000\000\376\356
\001\000\000\000\000\264\211o\001\000\000\000\000
\377\361\001\000\000\000\000\312\067\200\000\000\000\000\000\340\071/t\377\177\000\000\345\060\b\001\000\000\000\000
\r\002\000\300\315Z{\221"
result = 104
__FUNCTION__ = "smb_panic_default"
#3 0x0000000000a24f8b in smb_panic (why=0x16f8d25 "internal error") at
../lib/util/fault.c:153
No locals.
#4 0x0000000000a24c93 in fault_report (sig=11) at ../lib/util/fault.c:77
counter = 1
__FUNCTION__ = "fault_report"
#5 0x0000000000a24cb2 in sig_fault (sig=11) at ../lib/util/fault.c:88
No locals.
#6 <signal handler called>
No symbol table info available.
#7 0x0000000000ead377 in talloc_chunk_from_ptr (ptr=0x1fbad30) at
../lib/talloc/talloc.c:349
pp = 0x1fbad30 <Address 0x1fbad30 out of bounds>
tc = 0x1fbace0
#8 0x0000000000eaf76d in _talloc_free (ptr=0x1fbad30, location=0x1720730
"../source4/librpc/rpc/dcerpc_smb.c:95") at ../lib/talloc/talloc.c:1361
tc = 0x0
#9 0x0000000000b0c5db in smb_read_callback (req=0x1fbcee0) at
../source4/librpc/rpc/dcerpc_smb.c:95
smb = 0x1eefe10
state = 0x1fbad30
io = 0x1fbce30
frag_length = 0
status = {v = 3221225997}
__FUNCTION__ = "smb_read_callback"
#10 0x0000000000fef7b1 in smbcli_transport_dead (transport=0x1ee6010,
status=...) at ../source4/libcli/raw/clitransport.c:151
req = 0x1fbcee0
#11 0x0000000000fef31f in smbcli_transport_error (private_data=0x1ee6010,
status=...) at ../source4/libcli/raw/clitransport.c:67
transport = 0x1ee6010
#12 0x000000000124ecfa in packet_error (pc=0x1ee3fd0, status=...) at
../source4/lib/stream/packet.c:205
__FUNCTION__ = "packet_error"
#13 0x000000000124f2c2 in packet_recv (pc=0x1ee3fd0) at
../source4/lib/stream/packet.c:330
npending = 4
status = {v = 3221225997}
nread = 0
blob = {data = 0x1f19860 "", length = 223}
recv_retry = false
__FUNCTION__ = "packet_recv"
#14 0x0000000000fef29b in smbcli_transport_event_handler (ev=0x1e9ed30,
fde=0x1ee41f0, flags=1, private_data=0x1ee6010) at
../source4/libcli/raw/clitransport.c:43
transport = 0x1ee6010
#15 0x0000000001085b61 in epoll_event_loop (std_ev=0x1e9ee00,
tvalp=0x7fff742f4300) at ../lib/tevent/tevent_standard.c:309
fde = 0x1ee41f0
flags = 1
ret = 1
i = 0
events = {{events = 25, data = {ptr = 0x1ee41f0, fd = 32391664, u32 =
32391664, u64 = 32391664}}}
timeout = 59997
#16 0x00000000010862c0 in std_event_loop_once (ev=0x1e9ed30,
location=0x1755868 "../source4/torture/rpc/lsa.c:869") at
../lib/tevent/tevent_standard.c:548
std_ev = 0x1e9ee00
tval = {tv_sec = 59, tv_usec = 996719}
#17 0x00000000010816ce in _tevent_loop_once (ev=0x1e9ed30, location=0x1755868
"../source4/torture/rpc/lsa.c:869") at ../lib/tevent/tevent.c:501
ret = 0
nesting_stack_ptr = 0x0
#18 0x0000000000bb435b in test_LookupSids_async (b=0x1ee2df0, tctx=0x1e9ee80,
handle=0x1ee6170) at ../source4/torture/rpc/lsa.c:869
sids = {num_sids = 1, sids = 0x7fff742f43b0}
sidptr = {sid = 0x1efe500}
count = 0x1efe980
names = 0x1efeab0
r = 0x1eff1f0
domains = 0x1f1cb90
req = 0x1efe310
i = 50
replies = -1
ret = true
num_async_requests = 50
#19 0x0000000000bbb63f in torture_rpc_lsa (tctx=0x1e9ee80) at
../source4/torture/rpc/lsa.c:2887
status = {v = 0}
p = 0x1ee2c40
ret = true
handle = 0x1ee6170
join = 0x1ee2b10
machine_creds = 0x1efa380
b = 0x1ee2df0
#20 0x00000000006ba460 in wrap_simple_test (torture_ctx=0x1e9ee80,
tcase=0x1e15180, test=0x1e15290) at ../lib/torture/torture.c:631
fn = 0xbbb553 <torture_rpc_lsa>
#21 0x00000000006b9b8d in internal_torture_run_test (context=0x1e9ee80,
tcase=0x1e15180, test=0x1e15290, already_setup=true, restricted=0x0) at
../lib/torture/torture.c:442
success = false
subunit_testname = 0x1ee29a0 "lsa"
#22 0x00000000006b9dec in torture_run_tcase_restricted (context=0x1e9ee80,
tcase=0x1e15180, restricted=0x0) at ../lib/torture/torture.c:505
ret = true
test = 0x1e15290
setup_succeeded = true
setup_reason = 0x15d1a2f "Setup failed"
#23 0x0000000000f9b446 in run_matching (torture=0x1e9ee80, prefix=0x1ed2d30
"rpc", expr=0x7fff742f66f3 "rpc.lsa", restricted=0x0, suite=0x1e12710,
matched=0x7fff742f46af) at ../source4/torture/smbtorture.c:102
name = 0x1ee2840 "rpc.lsa"
ret = true
o = 0x0
t = 0x1e15180
p = 0x7fff742f45f0
#24 0x0000000000f9b3a0 in run_matching (torture=0x1e9ee80, prefix=0x0,
expr=0x7fff742f66f3 "rpc.lsa", restricted=0x0, suite=0x1de4280,
matched=0x7fff742f46af) at ../source4/torture/smbtorture.c:94
name = 0x1ed2d30 "rpc"
ret = true
o = 0x1e12710
t = 0x1dcc560
p = 0x1ea6060
#25 0x0000000000f9b607 in torture_run_named_tests (torture=0x1e9ee80,
name=0x7fff742f66f3 "rpc.lsa", restricted=0x0) at
../source4/torture/smbtorture.c:142
ret = true
matched = true
o = 0x7fff742f4e00
#26 0x0000000000f9d281 in main (argc=13, argv=0x7fff742f4e08) at
../source4/torture/smbtorture.c:711
opt = -1
i = 2
correct = true
max_runtime = 1200
argc_new = 3
torture = 0x1e9ee80
results = 0x1e9ecb0
ui_ops = 0x1d69d40
argv_new = 0x1dcc330
pc = 0x1dcc010
target = 0x1dd1df0 "samba3"
status = {v = 1949256944}
shell = 0
ui_ops_name = 0x1dd2300 "subunit"
basedir = 0x1dcfba0
"/home/asn/workspace/projects/samba/master/source3/st/tmp"
outputdir = 0x1e9efa0
"/home/asn/workspace/projects/samba/master/source3/st/tmp/smbtortureiNVBdT"
extra_module = 0x0
list_tests = 0
list_testsuites = 0
num_extra_users = 0
restricted = 0x0
num_restricted = -1
load_list = 0x0
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list