Created attachment 9138 [details] the library code that i call in my test driver as described in bug Env: centos 64 bit OS Samba version: 3.6.9 talloc version: 2.0.7 Core dump pasted at bottom of this bug. As a test i wrote a C library that makes calls to smbc_ family of functions in this library i have 2 functions called ctx_create_new_smbc_context and ctx_cleanup_context (src code attached) In ctx_create_new_smbc_context in brief i call smbc_new_context(); smbc_init_context(); in addition to other stuff as in attached src in crx_cleanup_context() i call smbc_free_context(smb_ctxt, 1); I have a test driver which at the moment does do much except call ctx_create_new_smbc_context and ctx_cleanup_context in a loop 1000 times Now with a single thread it is all good but with multiple (2 threads) it core dumps right away. I know parts of samba code is not multi-thread safe but according to samba docs if each thread creates its own smbc_context it should be safe but does not seem to be. Here is my thread function It works for a single thread not more than 1 If i guard it with a mutex (mutex_sync in below snippet) all is fine but did not want to serialize smbc_ calls for better performance if possible. static void * thread_ctx(void *arg) { thread_info *tinfo = arg; char *uargv, *p; int i = 0; SMBCCTX* smb_ctxt = NULL; const char *username = "Administrator"; const char*domain_name = "NTAPQA2"; const char *password = "Pur@to789"; const char* srvr = "172.16.3.38"; const char *share = "subset"; struct user_auth_info *p_user_auth_info = NULL; printf("Thread %d: top of stack near %p;\n",tinfo->thread_num, &p); while(i++< 1000) { //pthread_mutex_lock(&mutex_sync); TALLOC_CTX *talloc_ctx = talloc_stackframe(); int err = ctx_create_new_smbc_context(talloc_ctx,&p_user_auth_info,&smb_ctxt,username,domain_name,password,srvr,share); smbc_set_context(smb_ctxt); printf("%s: Thread [%lu]: ctx_create_new_smbc_context res=%d ctx=%p count=%d\n",__func__,pthread_self(),err,smb_ctxt,i); sleep(1); ctx_cleanup_context(talloc_ctx,p_user_auth_info,smb_ctxt); printf("%s: Thread [%lu]: ctx_cleanup_context\n",__func__,pthread_self()); smb_ctxt = NULL; TALLOC_FREE(talloc_ctx); //pthread_mutex_unlock(&mutex_sync); } return NULL; } Core dump begin Thread 3 (Thread 0x7f6711613700 (LWP 24975)): #0 0x00007f67156ec086 in memset () from /lib64/ld-linux-x86-64.so.2 #1 0x00007f67156db5fd in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 #2 0x00007f67156dc35a in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 #3 0x00007f67156e69b4 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 #4 0x00007f67156e2196 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #5 0x00007f67156e646a in _dl_open () from /lib64/ld-linux-x86-64.so.2 #6 0x00007f671362c300 in do_dlopen () from /lib64/libc.so.6 #7 0x00007f67156e2196 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #8 0x00007f671362c457 in __libc_dlopen_mode () from /lib64/libc.so.6 #9 0x00007f6713604855 in init () from /lib64/libc.so.6 #10 0x00007f67138a5b23 in pthread_once () from /lib64/libpthread.so.0 #11 0x00007f6713604954 in backtrace () from /lib64/libc.so.6 #12 0x00007f67135767cb in __libc_message () from /lib64/libc.so.6 #13 0x00007f671357c0e6 in malloc_printerr () from /lib64/libc.so.6 #14 0x00007f6713581ae7 in _int_realloc () from /lib64/libc.so.6 #15 0x00007f6713581ca5 in realloc () from /lib64/libc.so.6 #16 0x00000000007d942d in _talloc_realloc () #17 0x00000000007d959f in _talloc_realloc_array () #18 0x0000000000418006 in talloc_stackframe_internal () #19 0x00000000004180ac in talloc_stackframe () #20 0x00000000007a521f in SMBC_module_init () #21 0x00000000007a54eb in smbc_new_context () #22 0x0000000000417be7 in ctx_create_new_smbc_context () #23 0x0000000000411072 in thread_ctx (arg=0x139a260) at ./egn_sc_perms/driver/egn_sc_ctx_tester.c:459 #24 0x00007f67138a0851 in start_thread () from /lib64/libpthread.so.0 #25 0x00007f67135ee90d in clone () from /lib64/libc.so.6 Thread 2 (Thread 0x7f67158e07c0 (LWP 24974)): #0 0x00007f67135b2b8d in nanosleep () from /lib64/libc.so.6 #1 0x00007f67135b2a00 in sleep () from /lib64/libc.so.6 #2 0x000000000041048b in main (argc=1, argv=0x7ffff681e738) at ./egn_sc_perms/driver/egn_sc_ctx_tester.c:102 Thread 1 (Thread 0x7f6710c12700 (LWP 24976)): #0 0x00007f67135388a5 in raise () from /lib64/libc.so.6 #1 0x00007f671353a085 in abort () from /lib64/libc.so.6 #2 0x00000000007d562f in talloc_abort () #3 0x00000000007d5646 in talloc_abort_access_after_free () #4 0x00000000007d90ce in _talloc_realloc () #5 0x00000000007d959f in _talloc_realloc_array () #6 0x0000000000418006 in talloc_stackframe_internal () ---Type <return> to continue, or q <return> to quit--- #7 0x00000000004180ac in talloc_stackframe () #8 0x00000000007a521f in SMBC_module_init () #9 0x00000000007a54eb in smbc_new_context () #10 0x0000000000417be7 in ctx_create_new_smbc_context () #11 0x0000000000411072 in thread_ctx (arg=0x139a278) at ./egn_sc_perms/driver/egn_sc_ctx_tester.c:459 #12 0x00007f67138a0851 in start_thread () from /lib64/libpthread.so.0 #13 0x00007f67135ee90d in clone () from /lib64/libc.so.6 (gdb)
I have set the HOME evn variable as HOME = /root
Sorry to say that, but the Samba libraries are not thread-safe. This is a very desirable enhancement, but an enhancement
You may just need to call smbc_thread_posix()