The Samba-Bugzilla – Attachment 4825 Details for
Bug 6793
winbindd crash with "INTERNAL ERROR: Signal 6" (double-free of "entry_dn")
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
WinbindD under valgrind.
winbind_valgrind.870 (text/plain), 18.82 KB, created by
Pavel May
on 2009-10-09 08:08:40 UTC
(
hide
)
Description:
WinbindD under valgrind.
Filename:
MIME Type:
Creator:
Pavel May
Created:
2009-10-09 08:08:40 UTC
Size:
18.82 KB
patch
obsolete
>==870== Memcheck, a memory error detector. >==870== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. >==870== Using LibVEX rev 1658, a library for dynamic binary translation. >==870== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. >==870== Using valgrind-3.2.1, a dynamic binary instrumentation framework. >==870== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. >==870== For more details, rerun with: -v >==870== >==870== My PID = 870, parent PID = 30112. Prog and args are: >==870== winbindd >==870== -S >==870== -F >==870== -i >==870== -d >==870== 3 >==870== >==870== Conditional jump or move depends on uninitialised value(s) >==870== at 0x15FF14: timeval_min (time.c:541) >==870== by 0x1AA77D: event_add_to_select_args (events.c:78) >==870== by 0x957B3: process_loop (winbindd.c:1053) >==870== by 0x96850: main (winbindd.c:1426) >==870== >==870== Conditional jump or move depends on uninitialised value(s) >==870== at 0x15FF3C: timeval_min (time.c:542) >==870== by 0x1AA77D: event_add_to_select_args (events.c:78) >==870== by 0x957B3: process_loop (winbindd.c:1053) >==870== by 0x96850: main (winbindd.c:1426) >==870== >==870== Conditional jump or move depends on uninitialised value(s) >==870== at 0x15FF66: timeval_min (time.c:543) >==870== by 0x1AA77D: event_add_to_select_args (events.c:78) >==870== by 0x957B3: process_loop (winbindd.c:1053) >==870== by 0x96850: main (winbindd.c:1426) >==871== Conditional jump or move depends on uninitialised value(s) >==871== at 0x15FF14: timeval_min (time.c:541) >==871== by 0x1AA77D: event_add_to_select_args (events.c:78) >==871== by 0xDBF4B: fork_domain_child (winbindd_dual.c:1409) >==871== by 0xD8244: schedule_async_request (winbindd_dual.c:314) >==871== by 0xD79D9: async_request (winbindd_dual.c:145) >==871== by 0xA290A: init_child_connection (winbindd_util.c:627) >==871== by 0xD8431: async_domain_request (winbindd_dual.c:378) >==871== by 0xA1B5A: add_trusted_domains (winbindd_util.c:291) >==871== by 0xA25EB: rescan_trusted_domains (winbindd_util.c:565) >==871== by 0x96810: main (winbindd.c:1411) >==871== >==871== Conditional jump or move depends on uninitialised value(s) >==871== at 0x15FF3C: timeval_min (time.c:542) >==871== by 0x1AA77D: event_add_to_select_args (events.c:78) >==871== by 0xDBF4B: fork_domain_child (winbindd_dual.c:1409) >==871== by 0xD8244: schedule_async_request (winbindd_dual.c:314) >==871== by 0xD79D9: async_request (winbindd_dual.c:145) >==871== by 0xA290A: init_child_connection (winbindd_util.c:627) >==871== by 0xD8431: async_domain_request (winbindd_dual.c:378) >==871== by 0xA1B5A: add_trusted_domains (winbindd_util.c:291) >==871== by 0xA25EB: rescan_trusted_domains (winbindd_util.c:565) >==871== by 0x96810: main (winbindd.c:1411) >==871== >==871== Invalid read of size 8 >==871== at 0x33124E5C79: __strcpy_chk (in /lib64/libc-2.5.so) >==871== by 0x331D25973D: krb5_get_init_creds_password (in /usr/lib64/libkrb5.so.3.3) >==871== by 0x604C56: kerberos_kinit_password_ext (kerberos.c:222) >==871== by 0x605DAD: kerberos_kinit_password (kerberos.c:648) >==871== by 0x1CC237: cli_session_setup_spnego (cliconnect.c:992) >==871== by 0xC5513: cm_prepare_connection (winbindd_cm.c:855) >==871== by 0xC7895: cm_open_connection (winbindd_cm.c:1502) >==871== by 0xC7E35: init_dc_connection_network (winbindd_cm.c:1636) >==871== by 0xC7EA4: init_dc_connection (winbindd_cm.c:1652) >==871== by 0xA2EF4: winbindd_dual_init_connection (winbindd_util.c:720) >==871== by 0xD8770: child_process_request (winbindd_dual.c:453) >==871== by 0xDC339: fork_domain_child (winbindd_dual.c:1456) >==871== Address 0x8DF70F0 is 8 bytes inside a block of size 15 alloc'd >==871== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==871== by 0x164936: memdup (util.c:478) >==871== by 0x2201CB: secrets_fetch (secrets.c:126) >==871== by 0x221EDE: secrets_fetch_machine_password (secrets.c:824) >==871== by 0xF3EE2: get_trust_pw_clear (passdb.c:2307) >==871== by 0xC4CDB: get_trust_creds (winbindd_cm.c:712) >==871== by 0xC53E8: cm_prepare_connection (winbindd_cm.c:837) >==871== by 0xC7895: cm_open_connection (winbindd_cm.c:1502) >==871== by 0xC7E35: init_dc_connection_network (winbindd_cm.c:1636) >==871== by 0xC7EA4: init_dc_connection (winbindd_cm.c:1652) >==871== by 0xA2EF4: winbindd_dual_init_connection (winbindd_util.c:720) >==871== by 0xD8770: child_process_request (winbindd_dual.c:453) >==870== >==870== Invalid read of size 8 >==870== at 0x33124E5C79: __strcpy_chk (in /lib64/libc-2.5.so) >==870== by 0x331D25973D: krb5_get_init_creds_password (in /usr/lib64/libkrb5.so.3.3) >==870== by 0x604C56: kerberos_kinit_password_ext (kerberos.c:222) >==870== by 0x605DAD: kerberos_kinit_password (kerberos.c:648) >==870== by 0x1CC237: cli_session_setup_spnego (cliconnect.c:992) >==870== by 0xC5513: cm_prepare_connection (winbindd_cm.c:855) >==870== by 0xC7895: cm_open_connection (winbindd_cm.c:1502) >==870== by 0xC7E35: init_dc_connection_network (winbindd_cm.c:1636) >==870== by 0xC7EA4: init_dc_connection (winbindd_cm.c:1652) >==870== by 0xA548D: get_cache (winbindd_cache.c:144) >==870== by 0xA8A78: resolve_alias_to_username (winbindd_cache.c:1094) >==870== by 0xA481F: normalize_name_unmap (winbindd_util.c:1498) >==870== Address 0x8DF70F0 is 8 bytes inside a block of size 15 alloc'd >==870== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==870== by 0x164936: memdup (util.c:478) >==870== by 0x2201CB: secrets_fetch (secrets.c:126) >==870== by 0x221EDE: secrets_fetch_machine_password (secrets.c:824) >==870== by 0xF3EE2: get_trust_pw_clear (passdb.c:2307) >==870== by 0xC4CDB: get_trust_creds (winbindd_cm.c:712) >==870== by 0xC53E8: cm_prepare_connection (winbindd_cm.c:837) >==870== by 0xC7895: cm_open_connection (winbindd_cm.c:1502) >==870== by 0xC7E35: init_dc_connection_network (winbindd_cm.c:1636) >==870== by 0xC7EA4: init_dc_connection (winbindd_cm.c:1652) >==870== by 0xA548D: get_cache (winbindd_cache.c:144) >==870== by 0xA8A78: resolve_alias_to_username (winbindd_cache.c:1094) >==870== >==870== Invalid read of size 8 >==870== at 0x33124E5C79: __strcpy_chk (in /lib64/libc-2.5.so) >==870== by 0x331D25973D: krb5_get_init_creds_password (in /usr/lib64/libkrb5.so.3.3) >==870== by 0x604C56: kerberos_kinit_password_ext (kerberos.c:222) >==870== by 0x604F23: ads_kinit_password (kerberos.c:326) >==870== by 0x5F5762: ads_sasl_spnego_bind (sasl.c:812) >==870== by 0x5F67E9: ads_sasl_bind (sasl.c:1113) >==870== by 0x5E8C15: ads_connect (ldap.c:711) >==870== by 0xCFCEF: ads_cached_connection (winbindd_ads.c:124) >==870== by 0xD47C9: sequence_number (winbindd_ads.c:1250) >==870== by 0xA68A1: refresh_sequence_number (winbindd_cache.c:510) >==870== by 0xA706F: wcache_fetch (winbindd_cache.c:638) >==870== by 0xA8AF5: resolve_alias_to_username (winbindd_cache.c:1109) >==870== Address 0x8EBFB90 is 8 bytes inside a block of size 15 alloc'd >==870== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==870== by 0x164936: memdup (util.c:478) >==870== by 0x2201CB: secrets_fetch (secrets.c:126) >==870== by 0x221EDE: secrets_fetch_machine_password (secrets.c:824) >==870== by 0xCFC4A: ads_cached_connection (winbindd_ads.c:100) >==870== by 0xD47C9: sequence_number (winbindd_ads.c:1250) >==870== by 0xA68A1: refresh_sequence_number (winbindd_cache.c:510) >==870== by 0xA706F: wcache_fetch (winbindd_cache.c:638) >==870== by 0xA8AF5: resolve_alias_to_username (winbindd_cache.c:1109) >==870== by 0xA481F: normalize_name_unmap (winbindd_util.c:1498) >==870== by 0x9813E: winbindd_getpwnam (winbindd_user.c:440) >==870== by 0x93EF7: process_request (winbindd.c:538) >==871== >==871== Invalid read of size 8 >==871== at 0x33124E5C79: __strcpy_chk (in /lib64/libc-2.5.so) >==871== by 0x331D25973D: krb5_get_init_creds_password (in /usr/lib64/libkrb5.so.3.3) >==871== by 0x604C56: kerberos_kinit_password_ext (kerberos.c:222) >==871== by 0x604F23: ads_kinit_password (kerberos.c:326) >==871== by 0x5F5762: ads_sasl_spnego_bind (sasl.c:812) >==871== by 0x5F67E9: ads_sasl_bind (sasl.c:1113) >==871== by 0x5E8C15: ads_connect (ldap.c:711) >==871== by 0x8FD96D1: _idmap_adex_init (idmap_adex.c:90) >==871== by 0x8FDA137: _nss_adex_init (idmap_adex.c:309) >==871== by 0x61E471: nss_domain_list_add_domain (nss_info.c:148) >==871== by 0x61E97C: nss_init (nss_info.c:228) >==871== by 0x61EAB8: find_nss_domain (nss_info.c:260) >==871== Address 0x8F06D60 is 8 bytes inside a block of size 15 alloc'd >==871== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==871== by 0x164936: memdup (util.c:478) >==871== by 0x2201CB: secrets_fetch (secrets.c:126) >==871== by 0x221EDE: secrets_fetch_machine_password (secrets.c:824) >==871== by 0x8FD967F: _idmap_adex_init (idmap_adex.c:81) >==871== by 0x8FDA137: _nss_adex_init (idmap_adex.c:309) >==871== by 0x61E471: nss_domain_list_add_domain (nss_info.c:148) >==871== by 0x61E97C: nss_init (nss_info.c:228) >==871== by 0x61EAB8: find_nss_domain (nss_info.c:260) >==871== by 0x61ED00: nss_get_info (nss_info.c:314) >==871== by 0xB3EBE: nss_get_info_cached (winbindd_cache.c:4230) >==871== by 0xD1592: query_user (winbindd_ads.c:487) >==877== >==877== Conditional jump or move depends on uninitialised value(s) >==877== at 0x15FF14: timeval_min (time.c:541) >==877== by 0x1AA77D: event_add_to_select_args (events.c:78) >==877== by 0xDBF4B: fork_domain_child (winbindd_dual.c:1409) >==877== by 0xD8244: schedule_async_request (winbindd_dual.c:314) >==877== by 0xD79D9: async_request (winbindd_dual.c:145) >==877== by 0xDC687: do_async (winbindd_async.c:83) >==877== by 0xE5CF3: winbindd_sid2uid_async (winbindd_idmap.c:282) >==877== by 0x97A78: getpwsid_queryuser_recv (winbindd_user.c:328) >==877== by 0xE02DF: query_user_recv (winbindd_async.c:1014) >==877== by 0xDC502: do_async_recv (winbindd_async.c:56) >==877== by 0xD81E0: async_reply_recv (winbindd_dual.c:285) >==877== by 0x94491: rw_callback (winbindd.c:621) >==877== >==877== Conditional jump or move depends on uninitialised value(s) >==877== at 0x15FF3C: timeval_min (time.c:542) >==877== by 0x1AA77D: event_add_to_select_args (events.c:78) >==877== by 0xDBF4B: fork_domain_child (winbindd_dual.c:1409) >==877== by 0xD8244: schedule_async_request (winbindd_dual.c:314) >==877== by 0xD79D9: async_request (winbindd_dual.c:145) >==877== by 0xDC687: do_async (winbindd_async.c:83) >==877== by 0xE5CF3: winbindd_sid2uid_async (winbindd_idmap.c:282) >==877== by 0x97A78: getpwsid_queryuser_recv (winbindd_user.c:328) >==877== by 0xE02DF: query_user_recv (winbindd_async.c:1014) >==877== by 0xDC502: do_async_recv (winbindd_async.c:56) >==877== by 0xD81E0: async_reply_recv (winbindd_dual.c:285) >==877== by 0x94491: rw_callback (winbindd.c:621) >==882== >==882== ERROR SUMMARY: 78 errors from 7 contexts (suppressed: 49 from 1) >==882== malloc/free: in use at exit: 903,892 bytes in 922 blocks. >==882== malloc/free: 14,897 allocs, 13,975 frees, 3,337,977 bytes allocated. >==882== For counts of detected errors, rerun with: -v >==882== searching for pointers to 922 not-freed blocks. >==882== checked 1,925,856 bytes. >==882== >==882== LEAK SUMMARY: >==882== definitely lost: 363 bytes in 12 blocks. >==882== possibly lost: 104 bytes in 1 blocks. >==882== still reachable: 903,425 bytes in 909 blocks. >==882== suppressed: 0 bytes in 0 blocks. >==882== Use --leak-check=full to see details of leaked memory. >==870== >==870== Invalid write of size 1 >==870== at 0x331246E211: _IO_default_xsputn (in /lib64/libc-2.5.so) >==870== by 0x33124464B2: vfprintf (in /lib64/libc-2.5.so) >==870== by 0x3312469839: vsnprintf (in /lib64/libc-2.5.so) >==870== by 0x331244D442: snprintf (in /lib64/libc-2.5.so) >==870== by 0xA3E7E: canonicalize_username (winbindd_util.c:1214) >==870== by 0xB6BAC: winbindd_pam_auth (winbindd_pam.c:849) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==870== Address 0x964A795 is 0 bytes after a block of size 85 alloc'd >==870== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==870== by 0x4C26C18: __talloc (talloc.c:338) >==870== by 0x4C28B71: __talloc_strlendup (talloc.c:1358) >==870== by 0x4C28B42: talloc_strdup (talloc.c:1374) >==870== by 0xA48FE: normalize_name_unmap (winbindd_util.c:1517) >==870== by 0xB6B5A: winbindd_pam_auth (winbindd_pam.c:836) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==870== >==870== Invalid write of size 1 >==870== at 0x33124435C2: vfprintf (in /lib64/libc-2.5.so) >==870== by 0x3312469839: vsnprintf (in /lib64/libc-2.5.so) >==870== by 0x331244D442: snprintf (in /lib64/libc-2.5.so) >==870== by 0xA3E7E: canonicalize_username (winbindd_util.c:1214) >==870== by 0xB6BAC: winbindd_pam_auth (winbindd_pam.c:849) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==870== Address 0x964A796 is 1 bytes after a block of size 85 alloc'd >==870== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==870== by 0x4C26C18: __talloc (talloc.c:338) >==870== by 0x4C28B71: __talloc_strlendup (talloc.c:1358) >==870== by 0x4C28B42: talloc_strdup (talloc.c:1374) >==870== by 0xA48FE: normalize_name_unmap (winbindd_util.c:1517) >==870== by 0xB6B5A: winbindd_pam_auth (winbindd_pam.c:836) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==870== >==870== Invalid write of size 1 >==870== at 0x331246984F: vsnprintf (in /lib64/libc-2.5.so) >==870== by 0x331244D442: snprintf (in /lib64/libc-2.5.so) >==870== by 0xA3E7E: canonicalize_username (winbindd_util.c:1214) >==870== by 0xB6BAC: winbindd_pam_auth (winbindd_pam.c:849) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==870== Address 0x964A79B is 6 bytes after a block of size 85 alloc'd >==870== at 0x4A05809: malloc (vg_replace_malloc.c:149) >==870== by 0x4C26C18: __talloc (talloc.c:338) >==870== by 0x4C28B71: __talloc_strlendup (talloc.c:1358) >==870== by 0x4C28B42: talloc_strdup (talloc.c:1374) >==870== by 0xA48FE: normalize_name_unmap (winbindd_util.c:1517) >==870== by 0xB6B5A: winbindd_pam_auth (winbindd_pam.c:836) >==870== by 0x93EF7: process_request (winbindd.c:538) >==870== by 0x94EA9: request_recv (winbindd.c:811) >==870== by 0x94C54: request_main_recv (winbindd.c:772) >==870== by 0x94491: rw_callback (winbindd.c:621) >==870== by 0x95A08: process_loop (winbindd.c:1103) >==870== by 0x96850: main (winbindd.c:1426) >==877== >==877== ERROR SUMMARY: 78 errors from 7 contexts (suppressed: 49 from 1) >==877== malloc/free: in use at exit: 897,120 bytes in 868 blocks. >==877== malloc/free: 24,333 allocs, 23,465 frees, 4,921,453 bytes allocated. >==877== For counts of detected errors, rerun with: -v >==877== searching for pointers to 868 not-freed blocks. >==870== >==870== ERROR SUMMARY: 1637 errors from 8 contexts (suppressed: 49 from 1) >==870== malloc/free: in use at exit: 859,246 bytes in 970 blocks. >==870== malloc/free: 80,140 allocs, 79,170 frees, 15,058,586 bytes allocated. >==870== For counts of detected errors, rerun with: -v >==870== searching for pointers to 970 not-freed blocks. >==930== >==930== ERROR SUMMARY: 399 errors from 5 contexts (suppressed: 49 from 1) >==930== malloc/free: in use at exit: 945,595 bytes in 1,092 blocks. >==930== malloc/free: 66,616 allocs, 65,524 frees, 11,002,983 bytes allocated. >==930== For counts of detected errors, rerun with: -v >==930== searching for pointers to 1,092 not-freed blocks. >==877== checked 1,723,152 bytes. >==877== >==877== LEAK SUMMARY: >==877== definitely lost: 506 bytes in 25 blocks. >==877== possibly lost: 104 bytes in 1 blocks. >==877== still reachable: 896,510 bytes in 842 blocks. >==877== suppressed: 0 bytes in 0 blocks. >==877== Use --leak-check=full to see details of leaked memory. >==870== checked 1,674,584 bytes. >==870== >==870== LEAK SUMMARY: >==870== definitely lost: 1,396 bytes in 78 blocks. >==870== possibly lost: 104 bytes in 1 blocks. >==870== still reachable: 857,746 bytes in 891 blocks. >==870== suppressed: 0 bytes in 0 blocks. >==870== Use --leak-check=full to see details of leaked memory. >==930== checked 1,850,144 bytes. >==930== >==930== LEAK SUMMARY: >==930== definitely lost: 1,396 bytes in 78 blocks. >==930== possibly lost: 104 bytes in 1 blocks. >==930== still reachable: 944,095 bytes in 1,013 blocks. >==930== suppressed: 0 bytes in 0 blocks. >==930== Use --leak-check=full to see details of leaked memory. >==871== >==871== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 66 from 1) >==871== malloc/free: in use at exit: 866,870 bytes in 864 blocks. >==871== malloc/free: 24,660 allocs, 23,796 frees, 5,640,543 bytes allocated. >==871== For counts of detected errors, rerun with: -v >==871== searching for pointers to 864 not-freed blocks. >==931== >==931== ERROR SUMMARY: 834 errors from 5 contexts (suppressed: 49 from 1) >==931== malloc/free: in use at exit: 958,291 bytes in 1,100 blocks. >==931== malloc/free: 73,296 allocs, 72,196 frees, 12,254,969 bytes allocated. >==931== For counts of detected errors, rerun with: -v >==931== searching for pointers to 1,100 not-freed blocks. >==871== checked 1,681,952 bytes. >==871== >==871== LEAK SUMMARY: >==871== definitely lost: 1,243 bytes in 25 blocks. >==871== possibly lost: 104 bytes in 1 blocks. >==871== still reachable: 865,523 bytes in 838 blocks. >==871== suppressed: 0 bytes in 0 blocks. >==871== Use --leak-check=full to see details of leaked memory. >==931== checked 1,862,312 bytes. >==931== >==931== LEAK SUMMARY: >==931== definitely lost: 1,396 bytes in 78 blocks. >==931== possibly lost: 104 bytes in 1 blocks. >==931== still reachable: 956,791 bytes in 1,021 blocks. >==931== suppressed: 0 bytes in 0 blocks. >==931== Use --leak-check=full to see details of leaked memory.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 6793
:
4821
| 4825 |
4829
|
4835
|
4836
|
4837
|
4844
|
4845
|
4854