The Samba-Bugzilla – Attachment 5478 Details for
Bug 7226
wbinfo --group-info "Domain admins" segfault time to time when running in unit test
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Segfault traces
segfaults.txt (text/plain), 13.61 KB, created by
Matthias Dieter Wallnöfer
on 2010-03-09 12:21:09 UTC
(
hide
)
Description:
Segfault traces
Filename:
MIME Type:
Creator:
Matthias Dieter Wallnöfer
Created:
2010-03-09 12:21:09 UTC
Size:
13.61 KB
patch
obsolete
>*** One segfault: > >root@vb-samba4:~/samba/source4# gdb --args samba -i -M single >GNU gdb 6.8-debian >Copyright (C) 2008 Free Software Foundation, Inc. >License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> >This is free software: you are free to change and redistribute it. >There is NO WARRANTY, to the extent permitted by law. Type "show copying" >and "show warranty" for details. >This GDB was configured as "i486-linux-gnu"... >(gdb) r >Starting program: /usr/local/samba/sbin/samba -i -M single >[Thread debugging using libthread_db enabled] >[New Thread 0xb7c5f6b0 (LWP 13901)] >samba version 4.0.0alpha12-GIT-968678a started. >Copyright Andrew Tridgell and the Samba Team 1992-2010 >samba: using 'single' process model >FIXME: Using new system session for hdb >nbtd_getdcname called >dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT >talloc: double free error - first free may be at smbd/service_stream.c:80 >Bad talloc magic value - double free >PANIC: Bad talloc magic value - double free >BACKTRACE: 23 stack frames: > #0 /usr/local/samba/sbin/samba(call_backtrace+0x2b) [0x8a64e23] > #1 /usr/local/samba/sbin/samba(smb_panic+0x24c) [0x8a65123] > #2 /usr/local/samba/sbin/samba [0x8a7e9a7] > #3 /usr/local/samba/sbin/samba [0x8a7ea55] > #4 /usr/local/samba/sbin/samba [0x8a7eb63] > #5 /usr/local/samba/sbin/samba(talloc_get_name+0x1d) [0x8a7fccf] > #6 /usr/local/samba/sbin/samba(talloc_check_name+0x34) [0x8a7fd53] > #7 /usr/local/samba/sbin/samba [0x8366f51] > #8 /usr/local/samba/sbin/samba [0x83939f9] > #9 /usr/local/samba/sbin/samba [0x8392c0a] > #10 /usr/local/samba/sbin/samba [0x839978d] > #11 /usr/local/samba/sbin/samba [0x849d4b5] > #12 /usr/local/samba/sbin/samba(packet_recv+0x761) [0x8552a31] > #13 /usr/local/samba/sbin/samba [0x849c2c1] > #14 /usr/local/samba/sbin/samba [0x8a86130] > #15 /usr/local/samba/sbin/samba [0x8a867e0] > #16 /usr/local/samba/sbin/samba(_tevent_loop_once+0xdf) [0x8a826d3] > #17 /usr/local/samba/sbin/samba(tevent_common_loop_wait+0x26) [0x8a828f4] > #18 /usr/local/samba/sbin/samba(_tevent_loop_wait+0x1d) [0x8a829b2] > #19 /usr/local/samba/sbin/samba [0x80ff296] > #20 /usr/local/samba/sbin/samba(main+0x38) [0x80ff2fb] > #21 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7c76450] > #22 /usr/local/samba/sbin/samba [0x80fe1e1] > >Program received signal SIGABRT, Aborted. >[Switching to Thread 0xb7c5f6b0 (LWP 13901)] >0xb7f7d402 in __kernel_vsyscall () >(gdb) bt full >#0 0xb7f7d402 in __kernel_vsyscall () >No symbol table info available. >#1 0xb7c8b085 in raise () from /lib/tls/i686/cmov/libc.so.6 >No symbol table info available. >#2 0xb7c8ca01 in abort () from /lib/tls/i686/cmov/libc.so.6 >No symbol table info available. >#3 0x08a6513c in smb_panic ( > why=0x8c8379c "Bad talloc magic value - double free") > at ../lib/util/fault.c:150 > result = -1077019624 > __FUNCTION__ = "smb_panic" >#4 0x08a7e9a7 in talloc_abort ( > reason=0x8c8379c "Bad talloc magic value - double free") > at ../lib/talloc/talloc.c:202 >No locals. >#5 0x08a7ea55 in talloc_abort_double_free () at ../lib/talloc/talloc.c:218 >No locals. >#6 0x08a7eb63 in talloc_chunk_from_ptr (ptr=0x96b7158) > at ../lib/talloc/talloc.c:239 > pp = 0x96b7158 "\001" > tc = (struct talloc_chunk *) 0x96b7128 >#7 0x08a7fccf in talloc_get_name (ptr=0x96b7158) at ../lib/talloc/talloc.c:937 > tc = (struct talloc_chunk *) 0x91eec18 >---Type <return> to continue, or q <return> to quit--- >#8 0x08a7fd53 in talloc_check_name (ptr=0x96b7158, > name=0x8b0adc4 "struct composite_context") at ../lib/talloc/talloc.c:956 > pname = 0x8f56390 "\020 �\t�r\237\t" >#9 0x08366f51 in continue_name_found (req=0x91eec18) > at libnet/libnet_lookup.c:348 > c = (struct composite_context *) 0x8b102de > s = (struct lookup_name_state *) 0x80 >#10 0x083939f9 in dcerpc_request_recv_data (c=0x9a85730, > raw_packet=0xbfcdfea4, pkt=0xbfcdfe30) at librpc/rpc/dcerpc.c:917 > req = (struct rpc_request *) 0x91eec18 > length = 128 > status = {v = 0} > __FUNCTION__ = "dcerpc_request_recv_data" >#11 0x08392c0a in dcerpc_recv_data (conn=0x9a85730, blob=0xbfcdfea4, status= > {v = 0}) at librpc/rpc/dcerpc.c:582 > pkt = {rpc_vers = 5 '\005', rpc_vers_minor = 0 '\0', > ptype = DCERPC_PKT_RESPONSE, pfc_flags = 3 '\003', drep = "\020\000\000", > frag_length = 176, auth_length = 16, call_id = 763, u = {request = { > alloc_hint = 128, context_id = 0, opnum = 2048, object = {empty = { > _empty_ = 48 '0'}, object = {time_low = 161976112, time_mid = 1, > time_hi_and_version = 0, clock_seq = "\210�", > node = "�\b\200\000\000"}}, _pad = {data = 0x0, length = 0}, > stub_and_verifier = {data = 0x0, length = 0}}, ping = { >---Type <return> to continue, or q <return> to quit--- > _empty_ = -128 '\200'}, response = {alloc_hint = 128, context_id = 0, > cancel_count = 0 '\0', _pad = {data = 0x9a78f30 "", length = 1}, > stub_and_verifier = {data = 0x8e9af88 "\004", length = 128}}, fault = { > alloc_hint = 128, context_id = 0, cancel_count = 0 '\0', > status = 161976112, _pad = {data = 0x1 <Address 0x1 out of bounds>, > length = 149532552}}, working = {_empty_ = -128 '\200'}, nocall = { > version = 128, _pad1 = 0 '\0', window_size = 2048, max_tdsu = 161976112, > max_frag_size = 1, serial_no = 44936, selack_size = 2281, > selack = 0x80}, reject = {alloc_hint = 128, context_id = 0, > cancel_count = 0 '\0', status = 161976112, _pad = { > data = 0x1 <Address 0x1 out of bounds>, length = 149532552}}, ack = { > _empty_ = -128 '\200'}, cl_cancel = {version = 128, id = 134217728}, > fack = {version = 128, _pad1 = 0 '\0', window_size = 2048, > max_tdsu = 161976112, max_frag_size = 1, serial_no = 44936, > selack_size = 2281, selack = 0x80}, cancel_ack = {version = 128, > id = 134217728, server_is_accepting = 161976112}, bind = { > max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, > num_contexts = 48 '0', ctx_list = 0x1, auth_info = { > data = 0x8e9af88 "\004", length = 128}}, bind_ack = { > max_xmit_frag = 128, max_recv_frag = 0, assoc_group_id = 134217728, > secondary_address_size = 36656, > secondary_address = 0x1 <Address 0x1 out of bounds>, _pad1 = { > data = 0x8e9af88 "\004", length = 128}, num_results = 0 '\0', >---Type <return> to continue, or q <return> to quit--- > ctx_list = 0x0, auth_info = {data = 0x0, length = 0}}, bind_nak = { > reject_reason = 128, versions = {v = {num_versions = 134217728, > versions = 0x9a78f30}}}, alter = {max_xmit_frag = 128, > max_recv_frag = 0, assoc_group_id = 134217728, num_contexts = 48 '0', > ctx_list = 0x1, auth_info = {data = 0x8e9af88 "\004", length = 128}}, > alter_resp = {max_xmit_frag = 128, max_recv_frag = 0, > assoc_group_id = 134217728, secondary_address_size = 36656, > secondary_address = 0x1 <Address 0x1 out of bounds>, _pad1 = { > data = 0x8e9af88 "\004", length = 128}, num_results = 0 '\0', > ctx_list = 0x0, auth_info = {data = 0x0, length = 0}}, shutdown = { > _empty_ = -128 '\200'}, co_cancel = {_pad = 128, auth_info = { > data = 0x8000000 <Address 0x8000000 out of bounds>, > length = 161976112}}, orphaned = {_pad = 128, auth_info = { > data = 0x8000000 <Address 0x8000000 out of bounds>, > length = 161976112}}, auth3 = {_pad = 128, auth_info = { > data = 0x8000000 <Address 0x8000000 out of bounds>, > length = 161976112}}}} >#12 0x0839978d in smb_read_callback (req=0x8deaec0) > at librpc/rpc/dcerpc_smb.c:116 > data = {data = 0x8f563c0 "\005", length = 176} > c = (struct dcerpc_connection *) 0x9a85730 > smb = (struct smb_private *) 0x8dea260 > state = (struct smb_read_state *) 0x93fd4c0 >---Type <return> to continue, or q <return> to quit--- > io = (union smb_read *) 0x8debde0 > frag_length = 176 > status = {v = 0} > __FUNCTION__ = "smb_read_callback" >#13 0x0849d4b5 in smbcli_transport_finish_recv (private_data=0x9a859f8, blob= > {data = 0x94d9df8 "", length = 240}) at libcli/raw/clitransport.c:501 > transport = (struct smbcli_transport *) 0x9a859f8 > buffer = (uint8_t *) 0x94d9df8 "" > hdr = (uint8_t *) 0x94d9dfc "�SMB." > vwv = (uint8_t *) 0x94d9e1d "�" > len = 240 > wct = 12 > mid = 3821 > op = 46 > req = (struct smbcli_request *) 0x8deaec0 > __FUNCTION__ = "smbcli_transport_finish_recv" >#14 0x08552a31 in packet_recv (pc=0x9a85ad0) at lib/stream/packet.c:414 > npending = 236 > status = {v = 0} > nread = 236 > blob = {data = 0x94d9df8 "", length = 240} > recv_retry = false > __FUNCTION__ = "packet_recv" >---Type <return> to continue, or q <return> to quit--- >#15 0x0849c2c1 in smbcli_transport_event_handler (ev=0x8cbd178, fde=0x9a85b48, > flags=1, private_data=0x9a859f8) at libcli/raw/clitransport.c:43 > transport = (struct smbcli_transport *) 0x9a859f8 >#16 0x08a86130 in epoll_event_loop (std_ev=0x8cbd1e8, tvalp=0xbfce00c4) > at ../lib/tevent/tevent_standard.c:309 > fde = (struct tevent_fd *) 0x9a85b48 > flags = 1 > ret = 1 > i = 0 > events = {{events = 1, data = {ptr = 0x9a85b48, fd = 162028360, > u32 = 162028360, u64 = 162028360}}} > timeout = 2601 >#17 0x08a867e0 in std_event_loop_once (ev=0x8cbd178, > location=0x8a88b2b "smbd/server.c:428") > at ../lib/tevent/tevent_standard.c:544 > std_ev = (struct std_event_context *) 0x8cbd1e8 > tval = {tv_sec = 2, tv_usec = 600877} >#18 0x08a826d3 in _tevent_loop_once (ev=0x8cbd178, > location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:497 > ret = 0 > nesting_stack_ptr = (void *) 0x0 >#19 0x08a828f4 in tevent_common_loop_wait (ev=0x8cbd178, > location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:598 >---Type <return> to continue, or q <return> to quit--- > ret = 0 >#20 0x08a829b2 in _tevent_loop_wait (ev=0x8cbd178, > location=0x8a88b2b "smbd/server.c:428") at ../lib/tevent/tevent.c:617 >No locals. >#21 0x080ff296 in binary_smbd_main (binary_name=0x8a887dd "samba", argc=4, > argv=0xbfce03c4) at smbd/server.c:428 > opt_daemon = false > opt_interactive = true > opt = -1 > pc = (poptContext) 0x8caf008 > static_init = {0x84be7fb <server_service_wrepl_init>, > 0x8478f06 <server_service_auth_init>, 0x844a867 <server_service_kdc_init>, > 0x84448da <server_service_ldap_init>, > 0x843f4b2 <server_service_cldapd_init>, 0x83c1b75 <server_service_smb_init>, > 0x83bfeeb <server_service_web_init>, 0x838a137 <server_service_drepl_init>, > 0x8339ad9 <server_service_winbind_init>, > 0x8338167 <server_service_ntp_signd_init>, > 0x811b35e <server_service_rpc_init>, > 0x81196d7 <server_service_samba3_smb_init>, > 0x8113bc1 <server_service_kcc_init>, 0x810a09f <server_service_nbtd_init>, > 0x8109306 <server_service_dnsupdate_init>, 0} > shared_init = (init_module_fn *) 0x0 > event_ctx = (struct tevent_context *) 0x8cbd178 >---Type <return> to continue, or q <return> to quit--- > stdin_event_flags = 1 > status = {v = 0} > model = 0x8cb0948 "single" > max_runtime = 0 > long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, > arg = 0x8ca38c0, val = 0, descrip = 0x8a887fd "Help options:", > argDescrip = 0x0}, {longName = 0x8a8880b "daemon", shortName = 68 'D', > argInfo = 0, arg = 0x0, val = 1000, > descrip = 0x8a88812 "Become a daemon (default)", argDescrip = 0x0}, { > longName = 0x8a8882c "interactive", shortName = 105 'i', argInfo = 0, > arg = 0x0, val = 1001, > descrip = 0x8a88838 "Run interactive (not a daemon)", argDescrip = 0x0}, { > longName = 0x8a88857 "model", shortName = 77 'M', argInfo = 1, arg = 0x0, > val = 1002, descrip = 0x8a8885d "Select process model", > argDescrip = 0x8a88872 "MODEL"}, {longName = 0x8a88878 "maximum-runtime", > shortName = 0 '\0', argInfo = 2, arg = 0xbfce02dc, val = 0, > descrip = 0x8a88888 "set maximum runtime of the server process, till autotermination", argDescrip = 0x8a888c8 "seconds"}, {longName = 0x0, > shortName = 0 '\0', argInfo = 4, arg = 0x8ca3760, val = 0, > descrip = 0x8a888d0 "Common samba options:", argDescrip = 0x0}, { > longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8ca3860, val = 0, > descrip = 0x8a888d0 "Common samba options:", argDescrip = 0x0}, { > longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, >---Type <return> to continue, or q <return> to quit--- > descrip = 0x0, argDescrip = 0x0}} > __FUNCTION__ = "binary_smbd_main" >#22 0x080ff2fb in main (argc=Cannot access memory at address 0x364d >) at smbd/server.c:439 >No locals. > > >*** Another segfault (sorry no GDB trace - since I didn't run s4 in GDB): > >root@vb-samba4:~/samba/source4# samba -i -M single >samba version 4.0.0alpha12-GIT-968678a started. >Copyright Andrew Tridgell and the Samba Team 1992-2010 >samba: using 'single' process model >FIXME: Using new system session for hdb >nbtd_getdcname called >dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT >dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_IO_TIMEOUT >talloc: double free error - first free may be at smb_server/smb/request.c:322 >Bad talloc magic value - double free >PANIC: Bad talloc magic value - double free >BACKTRACE: 25 stack frames: > #0 samba(call_backtrace+0x2b) [0x8a64e23] > #1 samba(smb_panic+0x24c) [0x8a65123] > #2 samba [0x8a7e9a7] > #3 samba [0x8a7ea55] > #4 samba [0x8a7eb63] > #5 samba(talloc_get_name+0x1d) [0x8a7fccf] > #6 samba(talloc_check_name+0x34) [0x8a7fd53] > #7 samba [0x8364f9c] > #8 samba(composite_done+0xa1) [0x878b4e8] > #9 samba [0x836a94a] > #10 samba [0x83939f9] > #11 samba [0x8392c0a] > #12 samba [0x839978d] > #13 samba [0x849d4b5] > #14 samba(packet_recv+0x761) [0x8552a31] > #15 samba [0x849c2c1] > #16 samba [0x8a86130] > #17 samba [0x8a867e0] > #18 samba(_tevent_loop_once+0xdf) [0x8a826d3] > #19 samba(tevent_common_loop_wait+0x26) [0x8a828f4] > #20 samba(_tevent_loop_wait+0x1d) [0x8a829b2] > #21 samba [0x80ff296] > #22 samba(main+0x38) [0x80ff2fb] > #23 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7cdb450] > #24 samba [0x80fe1e1] >Aborted > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7226
:
5474
| 5478