[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

Rowland penny rpenny at samba.org
Wed Mar 2 09:23:34 UTC 2016 

On 02/03/16 00:44, Jeremy Allison wrote:
> On Tue, Mar 01, 2016 at 10:11:15PM +0000, Rowland penny wrote:
>> On 01/03/16 21:35, Garming Sam wrote:
>>> Hi Rowland,
>>>
>>> This new segfault seems unrelated to the previous one. It's probably
>>> something like a double free, which typically shouldn't be that hard to
>>> fix. If you try running the tool under valgrind, it should provide
>>> enough information to fix the issue.
>>>
>>>
>>> Cheers,
>>>
>>> Garming
>>>
>> Who or what is 'valgrind' ?
>> I know what a 'valvegrinder' is, but I don't think you mean this :-D
> :-).
>
> Install the valgrind tool from your local repository.
>
>> Or to put it another way, How?
>> I am quite prepared to try and get the required info, but somebody
>> else is going to have to write the 'C' code.
> I'll help :-).
>
> Do:
>
> valgrind bin/smbpasswd <parameters>
>
> and valgrind should print out the source code
> line where we mess up.

OK, here is the output:

root at testpdc:~# nano /usr/local/samba/etc/smb.conf
root at testpdc:~# valgrind /usr/local/samba/bin/smbpasswd -a ldap02
==2405== Memcheck, a memory error detector
==2405== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2405== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==2405== Command: /usr/local/samba/bin/smbpasswd -a ldap02
==2405==
New SMB password:
Retype new SMB password:
==2408==
==2408== HEAP SUMMARY:
==2408==     in use at exit: 180,041 bytes in 987 blocks
==2408==   total heap usage: 5,737 allocs, 4,750 frees, 1,643,712 bytes 
allocated
==2408==
==2408== LEAK SUMMARY:
==2408==    definitely lost: 0 bytes in 0 blocks
==2408==    indirectly lost: 0 bytes in 0 blocks
==2408==      possibly lost: 38,178 bytes in 139 blocks
==2408==    still reachable: 141,863 bytes in 848 blocks
==2408==         suppressed: 0 bytes in 0 blocks
==2408== Rerun with --leak-check=full to see details of leaked memory
==2408==
==2408== For counts of detected and suppressed errors, rerun with: -v
==2408== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Added user ldap02.
==2405== Invalid read of size 4
==2405==    at 0x56AB52A: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405==
==2405== Invalid read of size 4
==2405==    at 0x56AB548: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405==
==2405== Invalid read of size 4
==2405==    at 0x56AB55C: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405==
==2405== Invalid read of size 4
==2405==    at 0x56AB56F: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd4 is 4 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405==
==2405== Invalid free() / delete / delete[] / realloc()
==2405==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==2405==    by 0x5686820: ber_memfree_x (in 
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==2405==    by 0x56AB5AA: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405==
==2405==
==2405== HEAP SUMMARY:
==2405==     in use at exit: 179,738 bytes in 980 blocks
==2405==   total heap usage: 6,523 allocs, 5,544 frees, 2,273,909 bytes 
allocated
==2405==
==2405== LEAK SUMMARY:
==2405==    definitely lost: 348 bytes in 2 blocks
==2405==    indirectly lost: 1,868 bytes in 45 blocks
==2405==      possibly lost: 35,708 bytes in 109 blocks
==2405==    still reachable: 141,814 bytes in 824 blocks
==2405==         suppressed: 0 bytes in 0 blocks
==2405== Rerun with --leak-check=full to see details of leaked memory
==2405==
==2405== For counts of detected and suppressed errors, rerun with: -v
==2405== ERROR SUMMARY: 11 errors from 5 contexts (suppressed: 0 from 0)
root at testpdc:~#


Rowland

More information about the samba mailing list