*** One segfault: root@vb-samba4:~/samba/source4# gdb --args samba -i -M single GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... (gdb) r Starting program: /usr/local/samba/sbin/samba -i -M single [Thread debugging using libthread_db enabled] [New Thread 0xb7c5f6b0 (LWP 13901)] samba version 4.0.0alpha12-GIT-968678a started. Copyright Andrew Tridgell and the Samba Team 1992-2010 samba: using 'single' process model FIXME: Using new system session for hdb nbtd_getdcname called dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT talloc: double free error - first free may be at smbd/service_stream.c:80 Bad talloc magic value - double free PANIC: Bad talloc magic value - double free BACKTRACE: 23 stack frames: #0 /usr/local/samba/sbin/samba(call_backtrace+0x2b) [0x8a64e23] #1 /usr/local/samba/sbin/samba(smb_panic+0x24c) [0x8a65123] #2 /usr/local/samba/sbin/samba [0x8a7e9a7] #3 /usr/local/samba/sbin/samba [0x8a7ea55] #4 /usr/local/samba/sbin/samba [0x8a7eb63] #5 /usr/local/samba/sbin/samba(talloc_get_name+0x1d) [0x8a7fccf] #6 /usr/local/samba/sbin/samba(talloc_check_name+0x34) [0x8a7fd53] #7 /usr/local/samba/sbin/samba [0x8366f51] #8 /usr/local/samba/sbin/samba [0x83939f9] #9 /usr/local/samba/sbin/samba [0x8392c0a] #10 /usr/local/samba/sbin/samba [0x839978d] #11 /usr/local/samba/sbin/samba [0x849d4b5] #12 /usr/local/samba/sbin/samba(packet_recv+0x761) [0x8552a31] #13 /usr/local/samba/sbin/samba [0x849c2c1] #14 /usr/local/samba/sbin/samba [0x8a86130] #15 /usr/local/samba/sbin/samba [0x8a867e0] #16 /usr/local/samba/sbin/samba(_tevent_loop_once+0xdf) [0x8a826d3] #17 /usr/local/samba/sbin/samba(tevent_common_loop_wait+0x26) [0x8a828f4] #18 /usr/local/samba/sbin/samba(_tevent_loop_wait+0x1d) [0x8a829b2] #19 /usr/local/samba/sbin/samba [0x80ff296] #20 /usr/local/samba/sbin/samba(main+0x38) [0x80ff2fb] #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7c76450] #22 /usr/local/samba/sbin/samba [0x80fe1e1] Program received signal SIGABRT, Aborted. [Switching to Thread 0xb7c5f6b0 (LWP 13901)] 0xb7f7d402 in __kernel_vsyscall () (gdb) bt full #0 0xb7f7d402 in __kernel_vsyscall () No symbol table info available. #1 0xb7c8b085 in raise () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #2 0xb7c8ca01 in abort () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #3 0x08a6513c in smb_panic ( why=0x8c8379c "Bad talloc magic value - double free") at ../lib/util/fault.c:150 result = -1077019624 __FUNCTION__ = "smb_panic" #4 0x08a7e9a7 in talloc_abort ( reason=0x8c8379c "Bad talloc magic value - double free") at ../lib/talloc/talloc.c:202 No locals. #5 0x08a7ea55 in talloc_abort_double_free () at ../lib/talloc/talloc.c:218 No locals. #6 0x08a7eb63 in talloc_chunk_from_ptr (ptr=0x96b7158) at ../lib/talloc/talloc.c:239 pp = 0x96b7158 "\001" tc = (struct talloc_chunk *) 0x96b7128 #7 0x08a7fccf in talloc_get_name (ptr=0x96b7158) at ../lib/talloc/talloc.c:937 tc = (struct talloc_chunk *) 0x91eec18 ---Type to continue, or q to quit--- #8 0x08a7fd53 in talloc_check_name (ptr=0x96b7158, name=0x8b0adc4 "struct composite_context") at ../lib/talloc/talloc.c:956 pname = 0x8f56390 "\020 �\t�r\237\t" #9 0x08366f51 in continue_name_found (req=0x91eec18) at libnet/libnet_lookup.c:348 c = (struct composite_context *) 0x8b102de s = (struct lookup_name_state *) 0x80 #10 0x083939f9 in dcerpc_request_recv_data (c=0x9a85730, raw_packet=0xbfcdfea4, pkt=0xbfcdfe30) at librpc/rpc/dcerpc.c:917 req = (struct rpc_request *) 0x91eec18 length = 128 status = {v = 0} __FUNCTION__ = "dcerpc_request_recv_data" #11 0x08392c0a in dcerpc_recv_data (conn=0x9a85730, blob=0xbfcdfea4, status= {v = 0}) at librpc/rpc/dcerpc.c:582 pkt = {rpc_vers = 5 '\005', rpc_vers_minor = 0 '\0', ptype = DCERPC_PKT_RESPONSE, pfc_flags = 3 '\003', drep = "\020\000\000", frag_length = 176, auth_length = 16, call_id = 763, u = {request = { alloc_hint = 128, context_id = 0, opnum = 2048, object = {empty = { _empty_ = 48 '0'}, object = {time_low = 161976112, time_mid = 1, time_hi_and_version = 0, clock_seq = "\210�", node = "�\b\200\000\000"}}, _pad = {data = 0x0, length = 0}, stub_and_verifier = {data = 0x0, length = 0}}, ping = { ---Type to continue, or q to quit--- _empty_ = -128 '\200'}, response = {alloc_hint = 128, context_id = 0, cancel_count = 0 '\0', _pad = {data = 0x9a78f30 "", length = 1}, stub_and_verifier = {data = 0x8e9af88 "\004", length = 128}}, fault = { alloc_hint = 128, context_id = 0, cancel_count = 0 '\0', status = 161976112, _pad = {data = 0x1

, length = 149532552}}, working = {_empty_ = -128 '\200'}, nocall = { version = 128, _pad1 = 0 '\0', window_size = 2048, max_tdsu = 161976112, max_frag_size = 1, serial_no = 44936, selack_size = 2281, selack = 0x80}, reject = {alloc_hint = 128, context_id = 0, cancel_count = 0 '\0', status = 161976112, _pad = { data = 0x1

, length = 149532552}}, ack = { _empty_ = -128 '\200'}, cl_cancel = {version = 128, id = 134217728}, fack = {version = 128, _pad1 = 0 '\0', window_size = 2048, max_tdsu = 161976112, max_frag_size = 1, serial_no = 44936, selack_size = 2281, selack = 0x80}, cancel_ack = {version = 128, id = 134217728, server_is_accepting = 161976112}, bind = { max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, num_contexts = 48 '0', ctx_list = 0x1, auth_info = { data = 0x8e9af88 "\004", length = 128}}, bind_ack = { max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, secondary_address_size = 36656, secondary_address = 0x1

, _pad1 = { data = 0x8e9af88 "\004", length = 128}, num_results = 0 '\0', ---Type to continue, or q to quit--- ctx_list = 0x0, auth_info = {data = 0x0, length = 0}}, bind_nak = { reject_reason = 128, versions = {v = {num_versions = 134217728, versions = 0x9a78f30}}}, alter = {max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, num_contexts = 48 '0', ctx_list = 0x1, auth_info = {data = 0x8e9af88 "\004", length = 128}}, alter_resp = {max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, secondary_address_size = 36656, secondary_address = 0x1

, _pad1 = { data = 0x8e9af88 "\004", length = 128}, num_results = 0 '\0', ctx_list = 0x0, auth_info = {data = 0x0, length = 0}}, shutdown = { _empty_ = -128 '\200'}, co_cancel = {_pad = 128, auth_info = { data = 0x8000000

, length = 161976112}}, orphaned = {_pad = 128, auth_info = { data = 0x8000000

, length = 161976112}}, auth3 = {_pad = 128, auth_info = { data = 0x8000000

, length = 161976112}}}} #12 0x0839978d in smb_read_callback (req=0x8deaec0) at librpc/rpc/dcerpc_smb.c:116 data = {data = 0x8f563c0 "\005", length = 176} c = (struct dcerpc_connection *) 0x9a85730 smb = (struct smb_private *) 0x8dea260 state = (struct smb_read_state *) 0x93fd4c0 ---Type to continue, or q to quit--- io = (union smb_read *) 0x8debde0 frag_length = 176 status = {v = 0} __FUNCTION__ = "smb_read_callback" #13 0x0849d4b5 in smbcli_transport_finish_recv (private_data=0x9a859f8, blob= {data = 0x94d9df8 "", length = 240}) at libcli/raw/clitransport.c:501 transport = (struct smbcli_transport *) 0x9a859f8 buffer = (uint8_t *) 0x94d9df8 "" hdr = (uint8_t *) 0x94d9dfc "�SMB." vwv = (uint8_t *) 0x94d9e1d "�" len = 240 wct = 12 mid = 3821 op = 46 req = (struct smbcli_request *) 0x8deaec0 __FUNCTION__ = "smbcli_transport_finish_recv" #14 0x08552a31 in packet_recv (pc=0x9a85ad0) at lib/stream/packet.c:414 npending = 236 status = {v = 0} nread = 236 blob = {data = 0x94d9df8 "", length = 240} recv_retry = false __FUNCTION__ = "packet_recv" ---Type to continue, or q to quit--- #15 0x0849c2c1 in smbcli_transport_event_handler (ev=0x8cbd178, fde=0x9a85b48, flags=1, private_data=0x9a859f8) at libcli/raw/clitransport.c:43 transport = (struct smbcli_transport *) 0x9a859f8 #16 0x08a86130 in epoll_event_loop (std_ev=0x8cbd1e8, tvalp=0xbfce00c4) at ../lib/tevent/tevent_standard.c:309 fde = (struct tevent_fd *) 0x9a85b48 flags = 1 ret = 1 i = 0 events = {{events = 1, data = {ptr = 0x9a85b48, fd = 162028360, u32 = 162028360, u64 = 162028360}}} timeout = 2601 #17 0x08a867e0 in std_event_loop_once (ev=0x8cbd178, location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent_standard.c:544 std_ev = (struct std_event_context *) 0x8cbd1e8 tval = {tv_sec = 2, tv_usec = 600877} #18 0x08a826d3 in _tevent_loop_once (ev=0x8cbd178, location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:497 ret = 0 nesting_stack_ptr = (void *) 0x0 #19 0x08a828f4 in tevent_common_loop_wait (ev=0x8cbd178, location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:598 ---Type to continue, or q to quit--- ret = 0 #20 0x08a829b2 in _tevent_loop_wait (ev=0x8cbd178, location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:617 No locals. #21 0x080ff296 in binary_smbd_main (binary_name=0x8a887dd "samba", argc=4, argv=0xbfce03c4) at smbd/server.c:428 opt_daemon = false opt_interactive = true opt = -1 pc = (poptContext) 0x8caf008 static_init = {0x84be7fb , 0x8478f06 , 0x844a867 , 0x84448da , 0x843f4b2 , 0x83c1b75 , 0x83bfeeb , 0x838a137 , 0x8339ad9 , 0x8338167 , 0x811b35e , 0x81196d7 , 0x8113bc1 , 0x810a09f , 0x8109306 , 0} shared_init = (init_module_fn *) 0x0 event_ctx = (struct tevent_context *) 0x8cbd178 ---Type to continue, or q to quit--- stdin_event_flags = 1 status = {v = 0} model = 0x8cb0948 "single" max_runtime = 0 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8ca38c0, val = 0, descrip = 0x8a887fd "Help options:", argDescrip = 0x0}, {longName = 0x8a8880b "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x8a88812 "Become a daemon (default)", argDescrip = 0x0}, { longName = 0x8a8882c "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x8a88838 "Run interactive (not a daemon)", argDescrip = 0x0}, { longName = 0x8a88857 "model", shortName = 77 'M', argInfo = 1, arg = 0x0, val = 1002, descrip = 0x8a8885d "Select process model", argDescrip = 0x8a88872 "MODEL"}, {longName = 0x8a88878 "maximum-runtime", shortName = 0 '\0', argInfo = 2, arg = 0xbfce02dc, val = 0, descrip = 0x8a88888 "set maximum runtime of the server process, till autotermination", argDescrip = 0x8a888c8 "seconds"}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8ca3760, val = 0, descrip = 0x8a888d0 "Common samba options:", argDescrip = 0x0}, { longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8ca3860, val = 0, descrip = 0x8a888d0 "Common samba options:", argDescrip = 0x0}, { longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, ---Type to continue, or q to quit--- descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "binary_smbd_main" #22 0x080ff2fb in main (argc=Cannot access memory at address 0x364d ) at smbd/server.c:439 No locals. *** Another segfault (sorry no GDB trace - since I didn't run s4 in GDB): root@vb-samba4:~/samba/source4# samba -i -M single samba version 4.0.0alpha12-GIT-968678a started. Copyright Andrew Tridgell and the Samba Team 1992-2010 samba: using 'single' process model FIXME: Using new system session for hdb nbtd_getdcname called dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT talloc: double free error - first free may be at smb_server/smb/request.c:322 Bad talloc magic value - double free PANIC: Bad talloc magic value - double free BACKTRACE: 25 stack frames: #0 samba(call_backtrace+0x2b) [0x8a64e23] #1 samba(smb_panic+0x24c) [0x8a65123] #2 samba [0x8a7e9a7] #3 samba [0x8a7ea55] #4 samba [0x8a7eb63] #5 samba(talloc_get_name+0x1d) [0x8a7fccf] #6 samba(talloc_check_name+0x34) [0x8a7fd53] #7 samba [0x8364f9c] #8 samba(composite_done+0xa1) [0x878b4e8] #9 samba [0x836a94a] #10 samba [0x83939f9] #11 samba [0x8392c0a] #12 samba [0x839978d] #13 samba [0x849d4b5] #14 samba(packet_recv+0x761) [0x8552a31] #15 samba [0x849c2c1] #16 samba [0x8a86130] #17 samba [0x8a867e0] #18 samba(_tevent_loop_once+0xdf) [0x8a826d3] #19 samba(tevent_common_loop_wait+0x26) [0x8a828f4] #20 samba(_tevent_loop_wait+0x1d) [0x8a829b2] #21 samba [0x80ff296] #22 samba(main+0x38) [0x80ff2fb] #23 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7cdb450] #24 samba [0x80fe1e1] Aborted