Bug 11851 - Samba 4.3.6 Segfault.
Summary: Samba 4.3.6 Segfault.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.3.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-18 19:17 UTC by Zombie Ryushu
Modified: 2018-02-26 12:49 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2016-04-18 19:17:39 UTC
[2016/04/18 14:52:37.133378,  0] ../lib/util/fault.c:78(fault_report)
  ===============================================================
[2016/04/18 14:52:37.133600,  0] ../lib/util/fault.c:79(fault_report)
  INTERNAL ERROR: Signal 11 in pid 24001 (4.3.6)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2016/04/18 14:52:37.133715,  0] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2016/04/18 14:52:37.133793,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 24001): internal error
[2016/04/18 14:52:37.136403,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 40 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7fa65b024d7f]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7fa65b024bca]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7fa65d2959c5]
   #3 /usr/lib64/libsamba-util.so.0(+0x307621469d) [0x7fa65d29569d]
   #4 /usr/lib64/libsamba-util.so.0(+0x30762146b2) [0x7fa65d2956b2]
   #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7fa65d5002a0]
   #6 /lib64/libc.so.6(strlen+0x2a) [0x7fa6595465ba]
   #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7fa65b05aaa5]
   #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7fa65b6d9683]
   #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7fa65b6db38c]
   #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7fa65b70444a]
   #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7fa65b6f4da7]
   #12 /usr/lib64/libsamba-passdb.so.0(lookup_name+0xb39) [0x7fa65b6fc0bc]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1e6495) [0x7fa65ce95495]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_CreateUser2+0x194) [0x7fa65ce95734]
   #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1fbf16) [0x7fa65ceaaf16]
   #16 /usr/lib64/samba/libsmbd-base-samba4.so(+0x239fff) [0x7fa65cee8fff]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x239b86) [0x7fa65cee8b86]
   #18 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a909) [0x7fa65cee9909]
   #19 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7fa65cee99ec]
   #20 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7fa65cd3b765]
   #21 /usr/lib64/libdcerpc-binding.so.0(+0x306d61c632) [0x7fa6549f4632]
   #22 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60c1a9) [0x7fa65abf01a9]
   #23 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60c3d3) [0x7fa65abf03d3]
   #24 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60b6f9) [0x7fa65abef6f9]
   #25 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7fa659884d54]
   #26 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7fa65b040b4f]
   #27 /usr/lib64/libsmbconf.so.0(+0x3ea5c3e1c3) [0x7fa65b0411c3]
   #28 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa65988451d]
   #29 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa6598846bb]
   #30 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7fa65ce2b367]
   #31 /usr/sbin/smbd(+0x87cc) [0x7fa65d9397cc]
   #32 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7fa65b041048]
   #33 /usr/lib64/libsmbconf.so.0(+0x3ea5c3e2d7) [0x7fa65b0412d7]
   #34 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa65988451d]
   #35 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa6598846bb]
   #36 /usr/sbin/smbd(+0x9643) [0x7fa65d93a643]
   #37 /usr/sbin/smbd(main+0x1788) [0x7fa65d93bf82]
   #38 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7fa6594dbfc0]
   #39 /usr/sbin/smbd(+0x61d9) [0x7fa65d9371d9]
[2016/04/18 14:52:37.137887,  0] ../source3/lib/dumpcore.c:318(dump_core)
Comment 1 Zombie Ryushu 2016-04-18 19:18:43 UTC
This only happens whenever I do a net rpc join against my Samba 4 Classic Domain backended by OpenLDAP.
Comment 2 Volker Lendecke 2016-04-19 15:12:25 UTC
Can you run the crashing daemon under valgrind and post the output?
Comment 3 Zombie Ryushu 2016-04-19 21:03:52 UTC
==26805== Memcheck, a memory error detector
==26805== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26805== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==26805== Command: smbd -F
==26805== 

==26809== 
==26809== HEAP SUMMARY:
==26809==     in use at exit: 160,809 bytes in 612 blocks
==26809==   total heap usage: 1,566 allocs, 954 frees, 454,814 bytes allocated
==26809== 
==26809== LEAK SUMMARY:
==26809==    definitely lost: 0 bytes in 0 blocks
==26809==    indirectly lost: 0 bytes in 0 blocks
==26809==      possibly lost: 121,655 bytes in 525 blocks
==26809==    still reachable: 39,154 bytes in 87 blocks
==26809==         suppressed: 0 bytes in 0 blocks
==26809== Rerun with --leak-check=full to see details of leaked memory
==26809== 
==26809== For counts of detected and suppressed errors, rerun with: -v
==26809== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
==26815== 
==26815== HEAP SUMMARY:
==26815==     in use at exit: 513,441 bytes in 1,963 blocks
==26815==   total heap usage: 8,951 allocs, 6,988 frees, 1,854,030 bytes allocated
==26815== 
==26815== LEAK SUMMARY:
==26815==    definitely lost: 0 bytes in 0 blocks
==26815==    indirectly lost: 0 bytes in 0 blocks
==26815==      possibly lost: 133,815 bytes in 638 blocks
==26815==    still reachable: 379,626 bytes in 1,325 blocks
==26815==         suppressed: 0 bytes in 0 blocks
==26815== Rerun with --leak-check=full to see details of leaked memory
==26815== 
==26815== For counts of detected and suppressed errors, rerun with: -v
==26815== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
==26828== Invalid read of size 1
==26828==    at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26828==    by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==26828==    by 0x6A5C682: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26828==    by 0x6A5E38B: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26828==    by 0x6A87449: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26828==    by 0x6A77DA6: lookup_global_sam_name (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26828==    by 0x52CFD4E: _samr_LookupNames (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26828==    by 0x52E3F88: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26828==    by 0x5169500: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26828==    by 0x516978E: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26828==    by 0xD7C869D: dcerpc_binding_handle_raw_call_send (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==26828==    by 0xD7C8F16: dcerpc_binding_handle_call_send (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==26828==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==26828== 
==26828== Invalid free() / delete / delete[] / realloc()
==26828==    at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26828==    by 0x8C5E677: __libc_freeres (in /lib64/libc-2.19.so)
==26828==    by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==26828==    by 0x8B2C737: abort (in /lib64/libc-2.19.so)
==26828==    by 0x71265F9: dump_core (in /usr/lib64/libsmbconf.so.0)
==26828==    by 0x7114D5F: smb_panic_s3 (in /usr/lib64/libsmbconf.so.0)
==26828==    by 0x4E929C4: smb_panic (in /usr/lib64/libsamba-util.so.0.0.1)
==26828==    by 0x4E9269C: ??? (in /usr/lib64/libsamba-util.so.0.0.1)
==26828==    by 0x4E926B1: ??? (in /usr/lib64/libsamba-util.so.0.0.1)
==26828==    by 0x4C6F29F: ??? (in /lib64/libpthread-2.19.so)
==26828==    by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26828==    by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==26828==  Address 0x8eb4330 is 0 bytes inside data symbol "noai6ai_cached"
==26828== 
==26828== 
==26828== HEAP SUMMARY:
==26828==     in use at exit: 352,100 bytes in 1,269 blocks
==26828==   total heap usage: 10,687 allocs, 9,419 frees, 3,462,278 bytes allocated
==26828== 
==26828== LEAK SUMMARY:
==26828==    definitely lost: 4,527 bytes in 1 blocks
==26828==    indirectly lost: 0 bytes in 0 blocks
==26828==      possibly lost: 283,292 bytes in 908 blocks
==26828==    still reachable: 64,281 bytes in 360 blocks
==26828==         suppressed: 0 bytes in 0 blocks
==26828== Rerun with --leak-check=full to see details of leaked memory
==26828== 
==26828== For counts of detected and suppressed errors, rerun with: -v
==26828== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)
==26839== Invalid read of size 1
==26839==    at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26839==    by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==26839==    by 0x6A5C682: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26839==    by 0x6A5E38B: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26839==    by 0x6A87449: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26839==    by 0x6A77DA6: lookup_global_sam_name (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26839==    by 0x6A7F0BB: lookup_name (in /usr/lib64/libsamba-passdb.so.0.24.1)
==26839==    by 0x52D4494: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26839==    by 0x52D4733: _samr_CreateUser2 (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26839==    by 0x52E9F15: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26839==    by 0x5327FFE: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26839==    by 0x5327B85: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==26839==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==26839== 
==26839== Invalid free() / delete / delete[] / realloc()
==26839==    at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26839==    by 0x8C5E677: __libc_freeres (in /lib64/libc-2.19.so)
==26839==    by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==26839==    by 0x8B2C737: abort (in /lib64/libc-2.19.so)
==26839==    by 0x71265F9: dump_core (in /usr/lib64/libsmbconf.so.0)
==26839==    by 0x7114D5F: smb_panic_s3 (in /usr/lib64/libsmbconf.so.0)
==26839==    by 0x4E929C4: smb_panic (in /usr/lib64/libsamba-util.so.0.0.1)
==26839==    by 0x4E9269C: ??? (in /usr/lib64/libsamba-util.so.0.0.1)
==26839==    by 0x4E926B1: ??? (in /usr/lib64/libsamba-util.so.0.0.1)
==26839==    by 0x4C6F29F: ??? (in /lib64/libpthread-2.19.so)
==26839==    by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26839==    by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==26839==  Address 0x8eb4330 is 0 bytes inside data symbol "noai6ai_cached"
==26839== 
==26839== 
==26839== HEAP SUMMARY:
==26839==     in use at exit: 348,595 bytes in 1,330 blocks
==26839==   total heap usage: 11,873 allocs, 10,544 frees, 3,520,356 bytes allocated
==26839== 
==26839== LEAK SUMMARY:
==26839==    definitely lost: 3,567 bytes in 1 blocks
==26839==    indirectly lost: 0 bytes in 0 blocks
==26839==      possibly lost: 280,426 bytes in 965 blocks
==26839==    still reachable: 64,602 bytes in 364 blocks
==26839==         suppressed: 0 bytes in 0 blocks
==26839== Rerun with --leak-check=full to see details of leaked memory
==26839== 
==26839== For counts of detected and suppressed errors, rerun with: -v
==26839== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)
==26871== 
==26871== HEAP SUMMARY:
==26871==     in use at exit: 516,141 bytes in 1,979 blocks
==26871==   total heap usage: 9,618 allocs, 7,639 frees, 1,953,671 bytes allocated
==26871== 
==26871== LEAK SUMMARY:
==26871==    definitely lost: 0 bytes in 0 blocks
==26871==    indirectly lost: 0 bytes in 0 blocks
==26871==      possibly lost: 136,515 bytes in 654 blocks
==26871==    still reachable: 379,626 bytes in 1,325 blocks
==26871==         suppressed: 0 bytes in 0 blocks
==26871== Rerun with --leak-check=full to see details of leaked memory
Comment 4 Volker Lendecke 2016-04-20 14:19:33 UTC
Thanks for the valgrind log. It points somewhere else, but I would really appreciate if you could try the patch sent with

https://lists.samba.org/archive/samba-technical/2016-April/113536.html

which fixes a memory corruption with pdb_ldap when creating users. Maybe valgrind just does not catch what is happening there correctly. Please report back if it helps and also if it still crashes. Then it would be great if you could compile Samba without optimization and with CFLAGS=-g so that the valgrind trace and the panic will be more informative.
Comment 5 Zombie Ryushu 2016-04-22 08:34:00 UTC
I added that patch and it still panics.
 INTERNAL ERROR: Signal 11 in pid 16495 (4.3.8)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2016/04/22 04:31:04.637494,  0] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2016/04/22 04:31:04.637597,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 16495): internal error
[2016/04/22 04:31:04.639381,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 49 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25]
   #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd]
   #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712]
   #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0]
   #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba]
   #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a]
   #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683]
   #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c]
   #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a]
   #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7]
   #12 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_LookupNames+0x31b) [0x7f6ddc5d7fec]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1f6295) [0x7f6ddc5ec295]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b621) [0x7f6ddc471621]
   #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b8af) [0x7f6ddc4718af]
   #16 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_raw_call_send+0xb5) [0x7f6dd413aaa7]
   #17 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call_send+0x3ad) [0x7f6dd413b320]
   #18 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call+0x96) [0x7f6dd413b6f8]
   #19 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames_r+0x3f) [0x7f6dd5b18249]
   #20 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames+0x76) [0x7f6dd5b18671]
   #21 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb246f) [0x7f6ddc4a846f]
   #22 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb2774) [0x7f6ddc4a8774]
   #23 /usr/lib64/samba/libsmbd-base-samba4.so(_netr_ServerAuthenticate3+0x268) [0x7f6ddc4a8fde]
   #24 /usr/lib64/samba/libsmbd-base-samba4.so(+0xbb6e5) [0x7f6ddc4b16e5]
   #25 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8]
   #26 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f]
   #27 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751]
   #28 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834]
   #29 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c]
   #30 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b]
   #31 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169]
   #32 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393]
   #33 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9]
   #34 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54]
   #35 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f]
   #36 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3]
   #37 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #38 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #39 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578]
   #40 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc]
   #41 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328]
   #42 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7]
   #43 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #44 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #45 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643]
   #46 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82]
   #47 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0]
   #48 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9]
[2016/04/22 04:31:04.639892,  0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd
[2016/04/22 04:31:08.300063,  0] ../lib/util/fault.c:78(fault_report)
  ===============================================================
[2016/04/22 04:31:08.300143,  0] ../lib/util/fault.c:79(fault_report)
  INTERNAL ERROR: Signal 11 in pid 16498 (4.3.8)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2016/04/22 04:31:08.300232,  0] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2016/04/22 04:31:08.300262,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 16498): internal error
[2016/04/22 04:31:08.301252,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 40 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25]
   #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd]
   #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712]
   #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0]
   #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba]
   #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a]
   #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683]
   #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c]
   #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a]
   #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7]
   #12 /usr/lib64/libsamba-passdb.so.0(lookup_name+0xb39) [0x7f6ddae410bc]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1e6732) [0x7f6ddc5dc732]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_CreateUser2+0x194) [0x7f6ddc5dc9d1]
   #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1fc222) [0x7f6ddc5f2222]
   #16 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f]
   #18 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751]
   #19 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834]
   #20 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c]
   #21 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b]
   #22 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169]
   #23 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393]
   #24 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9]
   #25 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54]
   #26 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f]
   #27 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3]
   #28 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #29 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #30 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578]
   #31 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc]
   #32 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328]
   #33 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7]
   #34 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #35 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #36 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643]
   #37 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82]
   #38 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0]
   #39 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9]
[2016/04/22 04:31:08.301779,  0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd
Comment 6 Volker Lendecke 2016-04-22 11:42:43 UTC
Can you compile Samba with debug information by putting the CFLAGS=-g to the configure line:

CFLAGS=-g ./configure ...

and re-run under valgrind?
Comment 7 Björn Jacke 2016-04-25 13:42:07 UTC
this comment was actually from zombie_ryushu
--- Comment #8 from Zombie Ryushu <zombie_ryushu...> ---
#0  0x00007ffff3c0f5ba in strlen () from /lib64/libc.so.6
#1  0x00007ffff5723e7a in tcopy_passwd (mem_ctx=0x5555557cb1d0,
from=0x7fffffffcba0) at ../lib/util/util_pw.c:39
#2  0x00007ffff5da2683 in init_sam_from_ldap (ldap_state=0x5555557836f0,
sampass=0x5555557cb1d0, entry=0x555555780d40)
    at ../source3/passdb/pdb_ldap.c:1029
#3  0x00007ffff5da438c in ldapsam_getsampwnam (my_methods=0x555555783460,
user=0x5555557cb1d0, sname=0x5555557c5d30 "BROLY$")
    at ../source3/passdb/pdb_ldap.c:1507
#4  0x00007ffff5dcd44a in pdb_getsampwnam (sam_acct=0x5555557cb1d0,
username=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_interface.c:334
#5  0x00007ffff5dbdda7 in lookup_global_sam_name (name=0x5555557c5d30 "BROLY$",
flags=0, rid=0x5555557c6c60, type=0x5555557c6cd0)
    at ../source3/passdb/passdb.c:618
#6  0x00007ffff755bfec in _samr_LookupNames (p=0x5555557aaea0,
r=0x5555557c6910) at ../source3/rpc_server/samr/srv_samr_nt.c:1680
#7  0x00007ffff7570295 in api_samr_LookupNames (p=0x5555557aaea0) at
default/librpc/gen_ndr/srv_samr.c:1438
#8  0x00007ffff73f5621 in rpcint_dispatch (p=0x5555557aaea0,
mem_ctx=0x5555557c6790, opnum=17, in_data=0x5555557c6790,
out_data=0x5555557c67a0)
    at ../source3/rpc_server/rpc_ncacn_np.c:276
#9  0x00007ffff73f58af in rpcint_bh_raw_call_send (mem_ctx=0x5555557c6460,
ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, 
    in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at
../source3/rpc_server/rpc_ncacn_np.c:363
#10 0x00007fffef0beaa7 in dcerpc_binding_handle_raw_call_send
(mem_ctx=0x5555557ab3b0, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0,
opnum=17, 
    in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at
../librpc/rpc/binding_handle.c:158
#11 0x00007fffef0bf320 in dcerpc_binding_handle_call_send
(mem_ctx=0x5555557c4c90, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, 
    table=0x7ffff5099900 <ndr_table_samr>, opnum=17, r_mem=0x5555557c3700,
r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:429
#12 0x00007fffef0bf6f8 in dcerpc_binding_handle_call (h=0x5555557c4c00,
object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, 
    r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at
../librpc/rpc/binding_handle.c:539
#13 0x00007ffff0a9c249 in dcerpc_samr_LookupNames_r (h=0x5555557c4c00,
mem_ctx=0x5555557c3700, r=0x7fffffffd380)
    at default/librpc/gen_ndr/ndr_samr_c.c:3958
#14 0x00007ffff0a9c671 in dcerpc_samr_LookupNames (h=0x5555557c4c00,
mem_ctx=0x5555557c3700, _domain_handle=0x7fffffffd480, _num_names=1, 
    _names=0x7fffffffd430, _rids=0x7fffffffd440, _types=0x7fffffffd450,
result=0x7fffffffd410) at default/librpc/gen_ndr/ndr_samr_c.c:4103
#15 0x00007ffff742c46f in samr_find_machine_account (mem_ctx=0x5555557c3700,
b=0x5555557c4c00, account_name=0x5555557c31d0 "BROLY$", 
    access_mask=33554432, domain_sid_p=0x7fffffffd520,
user_rid_p=0x7fffffffd504, user_handle=0x7fffffffd540)
    at ../source3/rpc_server/netlogon/srv_netlog_nt.c:576
#16 0x00007ffff742c774 in get_md4pw (md4pw=0x7fffffffd600,
mach_acct=0x5555557c31d0 "BROLY$", sec_chan_type=SEC_CHAN_BDC,
sid=0x7fffffffd5b0, 
    msg_ctx=0x55555577b3e0) at
../source3/rpc_server/netlogon/srv_netlog_nt.c:713
#17 0x00007ffff742cfde in _netr_ServerAuthenticate3 (p=0x5555557afc50,
r=0x5555557c2d50) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:978
#18 0x00007ffff74356e5 in api_netr_ServerAuthenticate3 (p=0x5555557afc50) at
default/librpc/gen_ndr/srv_netlogon.c:2168
#19 0x00007ffff75b4db8 in api_rpcTNP (p=0x5555557afc50, pkt=0x5555557c5320,
api_rpc_cmds=0x7ffff7947fc0 <api_netlogon_cmds>, n_cmds=49, 
    syntax=0x5555557abb30) at ../source3/rpc_server/srv_pipe.c:1471
#20 0x00007ffff75b493f in api_pipe_request (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1406
#21 0x00007ffff75b5751 in process_request_pdu (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1675
#22 0x00007ffff75b5834 in process_complete_pdu (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1693
#23 0x00007ffff740689c in named_pipe_packet_process (subreq=0x0) at
../source3/rpc_server/rpc_server.c:442
#24 0x00007fffef0bda3b in dcerpc_read_ncacn_packet_done (subreq=0x0) at
../librpc/rpc/dcerpc_util.c:425
#25 0x00007ffff52b9169 in tstream_readv_pdu_ask_for_next_vector
(req=0x5555557aa650) at ../lib/tsocket/tsocket_helpers.c:245
#26 0x00007ffff52b9393 in tstream_readv_pdu_readv_done (subreq=0x5555557aaec0)
at ../lib/tsocket/tsocket_helpers.c:319
#27 0x00007ffff52b86b9 in tstream_readv_done (subreq=0x0) at
../lib/tsocket/tsocket.c:604
#28 0x00007ffff3f4dd54 in tevent_common_loop_immediate () from
/usr/lib64/libtevent.so.0
#29 0x00007ffff5709e2f in run_events_poll (ev=0x55555577b2f0, pollrtn=0,
pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192
#30 0x00007ffff570a4a3 in s3_event_loop_once (ev=0x55555577b2f0,
location=0x7ffff76868d0 "../source3/smbd/process.c:4031")
    at ../source3/lib/events.c:303
#31 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0
#32 0x00007ffff3f4d6bb in tevent_common_loop_wait () from
/usr/lib64/libtevent.so.0
#33 0x00007ffff74f6578 in smbd_process (ev_ctx=0x55555577b2f0,
msg_ctx=0x55555577b3e0, sock_fd=27, interactive=true)
    at ../source3/smbd/process.c:4031
#34 0x000055555555c58c in smbd_accept_connection (ev=0x55555577b2f0,
fde=0x55555579ea20, flags=1, private_data=0x5555557a24d0)
    at ../source3/smbd/server.c:592
#35 0x00007ffff570a328 in run_events_poll (ev=0x55555577b2f0, pollrtn=1,
pfds=0x55555579e310, num_pfds=5) at ../source3/lib/events.c:257
#36 0x00007ffff570a5b7 in s3_event_loop_once (ev=0x55555577b2f0,
location=0x555555563243 "../source3/smbd/server.c:1011")
    at ../source3/lib/events.c:326
#37 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0
#38 0x00007ffff3f4d6bb in tevent_common_loop_wait () from
/usr/lib64/libtevent.so.0
#39 0x000055555555d643 in smbd_parent_loop (ev_ctx=0x55555577b2f0,
parent=0x555555782240) at ../source3/smbd/server.c:1011
#40 0x000055555555ef82 in main (argc=3, argv=0x7fffffffe3c8) at
../source3/smbd/server.c:1663
(gdb) bt full
#0  0x00007ffff3c0f5ba in strlen () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff5723e7a in tcopy_passwd (mem_ctx=0x5555557cb1d0,
from=0x7fffffffcba0) at ../lib/util/util_pw.c:39
        ret = 0x5555557999d0
        len = 9
#2  0x00007ffff5da2683 in init_sam_from_ldap (ldap_state=0x5555557836f0,
sampass=0x5555557cb1d0, entry=0x555555780d40)
    at ../source3/passdb/pdb_ldap.c:1029
        mapped_gsid = {sid_rev_num = 0 '\000', num_auths = 0 '\000', id_auth =
"\000\000\000\000\000", sub_auths = {0 <repeats 12 times>, 
            1434241856, 21845, 3969128011}}
        primary_gsid = 0x0
        unix_pw = {pw_name = 0x5555557cb540 "broly$", pw_passwd =
0x7ffff5de48f0 "x", pw_uid = 10014, pw_gid = 504, pw_gecos = 0x0, 
          pw_dir = 0x7ffff5de491a "", pw_shell = 0x7ffff5de491a ""}
        have_uid = true
        have_gid = true
        id = {id = 0, type = ID_TYPE_NOT_SPECIFIED}
        logon_time = 0
        logoff_time = 140737347189610
        kickoff_time = 1
        pass_last_set_time = 1358352586
        pass_can_change_time = 61563434976
        ldap_entry_time = 0
        bad_password_time = 0
        username = 0x5555557cb540 "broly$"
        domain = 0x5555557cb940 "PUKEY"
        nt_username = 0x5555557c6e30 "broly$"
        fullname = 0x5555557cb6c0 "broly$"
        homedir = 0x0
        dir_drive = 0x0
        logon_script = 0x0
        profile_path = 0x0
        acct_desc = 0x0
        workstations = 0x0
        munged_dial = 0x0
        user_rid = 8192
        smblmpwd = '\000' <repeats 15 times>
        smbntpwd = '\000' <repeats 15 times>
        use_samba_attrs = true
        acct_ctrl = 128
        logon_divs = 168
        bad_password_count = 0
        logon_count = 0
        hours_len = 21
        hours = '\377' <repeats 21 times>, "\000\000\000\340wwUUU\000"
        temp = 0x5555557cb3d0 "504"
        cache_entry = {entry_timestamp = 0, acct_ctrl = 0, bad_password_count =
0, bad_password_time = 0}
        pwHistLen = 0
        expand_explicit = false
        ret = false
        ctx = 0x5555557c6d40
        __FUNCTION__ = "init_sam_from_ldap"
#3  0x00007ffff5da438c in ldapsam_getsampwnam (my_methods=0x555555783460,
user=0x5555557cb1d0, sname=0x5555557c5d30 "BROLY$")
    at ../source3/passdb/pdb_ldap.c:1507
        ret = {v = 3221225473}
        ldap_state = 0x5555557836f0
        result = 0x555555780d40
        entry = 0x555555780d40
        count = 1
        attr_list = 0x0
        rc = 0
---Type <return> to continue, or q <return> to quit---
        __FUNCTION__ = "ldapsam_getsampwnam"
#4  0x00007ffff5dcd44a in pdb_getsampwnam (sam_acct=0x5555557cb1d0,
username=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_interface.c:334
        pdb = 0x555555783460
        for_cache = 0x7ffff74bb3a5 <smbd_become_root+38>
        user_sid = 0x7ffff50aabd7 <become_root+25>
        status = {v = 4294954784}
        ok = false
        __FUNCTION__ = "pdb_getsampwnam"
#5  0x00007ffff5dbdda7 in lookup_global_sam_name (name=0x5555557c5d30 "BROLY$",
flags=0, rid=0x5555557c6c60, type=0x5555557c6cd0)
    at ../source3/passdb/passdb.c:618
        sam_account = 0x5555557cb1d0
        user_sid = {sid_rev_num = 216 '\330', num_auths = -2 '\376', id_auth =
"j\367\377\177\000", sub_auths = {1434216720, 21845, 4294954928, 
            32767, 4056231725, 32767, 4056308928, 32767, 1434105312, 21845,
4294954960, 32767, 4124851508, 32767, 1434104288}}
        map = 0x5555557ab5e0
        ret = false
        __FUNCTION__ = "lookup_global_sam_name"
#6  0x00007ffff755bfec in _samr_LookupNames (p=0x5555557aaea0,
r=0x5555557c6910) at ../source3/rpc_server/samr/srv_samr_nt.c:1680
        dinfo = 0x5555557ab5e0
        status = {v = 3221225587}
        rid = 0x5555557c6c60
        type = 0x5555557c6cd0
        i = 0
        num_rids = 1
        rids = {count = 1434104752, ids = 0x7fffffffd0a0}
        types = {count = 1434104288, ids = 0x7ffff3f4e5e0}
        num_mapped = 0
        __FUNCTION__ = "_samr_LookupNames"
#7  0x00007ffff7570295 in api_samr_LookupNames (p=0x5555557aaea0) at
default/librpc/gen_ndr/srv_samr.c:1438
        call = 0x7ffff509ff88 <samr_calls+1224>
        pull = 0x5555557c69b0
        push = 0x0
        ndr_err = NDR_ERR_SUCCESS
        r = 0x5555557c6910
#8  0x00007ffff73f5621 in rpcint_dispatch (p=0x5555557aaea0,
mem_ctx=0x5555557c6790, opnum=17, in_data=0x5555557c6790,
out_data=0x5555557c67a0)
    at ../source3/rpc_server/rpc_ncacn_np.c:276
        fns = 0x5555557aba30
        num_cmds = 68
        cmds = 0x7ffff7948a00 <api_samr_cmds>
        i = 17
        ok = false
#9  0x00007ffff73f58af in rpcint_bh_raw_call_send (mem_ctx=0x5555557c6460,
ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, 
    in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at
../source3/rpc_server/rpc_ncacn_np.c:363
        hs = 0x5555557aabf0
        req = 0x5555557c6600
        state = 0x5555557c6790
        ok = true
        status = {v = 1434215120}
#10 0x00007fffef0beaa7 in dcerpc_binding_handle_raw_call_send
(mem_ctx=0x5555557ab3b0, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0,
opnum=17, 
    in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at
../librpc/rpc/binding_handle.c:158
        req = 0x5555557c62d0
        state = 0x5555557c6460
        subreq = 0x5555557ab460
#11 0x00007fffef0bf320 in dcerpc_binding_handle_call_send
(mem_ctx=0x5555557c4c90, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, 
    table=0x7ffff5099900 <ndr_table_samr>, opnum=17, r_mem=0x5555557c3700,
r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:429
        req = 0x5555557ab220
        state = 0x5555557ab3b0
        subreq = 0x7ffff796c87f <samba_tevent_context_init+52>
        ndr_err = NDR_ERR_SUCCESS
#12 0x00007fffef0bf6f8 in dcerpc_binding_handle_call (h=0x5555557c4c00,
object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, 
---Type <return> to continue, or q <return> to quit---
    r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at
../librpc/rpc/binding_handle.c:539
        frame = 0x5555557c4c90
        ev = 0x5555557c56a0
        subreq = 0x5555557ab220
        status = {v = 3221225495}
#13 0x00007ffff0a9c249 in dcerpc_samr_LookupNames_r (h=0x5555557c4c00,
mem_ctx=0x5555557c3700, r=0x7fffffffd380)
    at default/librpc/gen_ndr/ndr_samr_c.c:3958
        status = {v = 1434202582}
#14 0x00007ffff0a9c671 in dcerpc_samr_LookupNames (h=0x5555557c4c00,
mem_ctx=0x5555557c3700, _domain_handle=0x7fffffffd480, _num_names=1, 
    _names=0x7fffffffd430, _rids=0x7fffffffd440, _types=0x7fffffffd450,
result=0x7fffffffd410) at default/librpc/gen_ndr/ndr_samr_c.c:4103
        r = {in = {domain_handle = 0x7fffffffd480, num_names = 1, names =
0x7fffffffd430}, out = {rids = 0x7fffffffd440, types = 0x7fffffffd450, 
            result = {v = 0}}}
        status = {v = 0}
#15 0x00007ffff742c46f in samr_find_machine_account (mem_ctx=0x5555557c3700,
b=0x5555557c4c00, account_name=0x5555557c31d0 "BROLY$", 
    access_mask=33554432, domain_sid_p=0x7fffffffd520,
user_rid_p=0x7fffffffd504, user_handle=0x7fffffffd540)
    at ../source3/rpc_server/netlogon/srv_netlog_nt.c:576
        status = {v = 0}
        result = {v = 0}
        connect_handle = {handle_type = 0, uuid = {time_low = 16, time_mid = 0,
time_hi_and_version = 0, clock_seq = "\034W", 
            node = "w\220!Y\000"}}
        domain_handle = {handle_type = 0, uuid = {time_low = 17, time_mid = 0,
time_hi_and_version = 0, clock_seq = "\034W", 
            node = "w\220!Y\000"}}
        domain_name = {length = 10, size = 10, string = 0x55555576cb40 "PUKEY"}
        domain_sid = 0x5555557c5840
        names = {length = 12, size = 12, string = 0x5555557c31d0 "BROLY$"}
        rids = {count = 1434102768, ids = 0x5555557c4c00}
        types = {count = 4150594925, ids = 0x5555557c2d50}
        rid = 21845
#16 0x00007ffff742c774 in get_md4pw (md4pw=0x7fffffffd600,
mach_acct=0x5555557c31d0 "BROLY$", sec_chan_type=SEC_CHAN_BDC,
sid=0x7fffffffd5b0, 
    msg_ctx=0x55555577b3e0) at
../source3/rpc_server/netlogon/srv_netlog_nt.c:713
        status = {v = 0}
        result = {v = 0}
        mem_ctx = 0x5555557c3700
        h = 0x5555557c4c00
        local = 0x5555557c4a90
        user_handle = {handle_type = 0, uuid = {time_low = 0, time_mid = 0,
time_hi_and_version = 0, clock_seq = "\000", 
            node = "\000\000\000\000\000"}}
        user_rid = 32767
        domain_sid = 0x7fffffffd540
        acct_ctrl = 32767
        info = 0x7ffff5dcd0b6 <pdb_get_methods+18>
        session_info = 0x5555557c3c80
        rc = 0
        __FUNCTION__ = "get_md4pw"
#17 0x00007ffff742cfde in _netr_ServerAuthenticate3 (p=0x5555557afc50,
r=0x5555557c2d50) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:978
        status = {v = 1}
        srv_flgs = 1090667007
        in_neg_flags = 1628438527
        fn = 0x7ffff76511d6 "_netr_ServerAuthenticate3"
        lp_ctx = 0x0
        sid = {sid_rev_num = 0 '\000', num_auths = 0 '\000', id_auth =
"\000\000\000\000\000", sub_auths = {0 <repeats 12 times>, 4095083158, 
            32767, 0}}
        mach_pwd = {hash = "\300\262zUUU\000\000\200\326\377\377\377\177\000"}
        creds = 0x600000006
        pipe_state = 0x5555557aae20
        __FUNCTION__ = "_netr_ServerAuthenticate3"
#18 0x00007ffff74356e5 in api_netr_ServerAuthenticate3 (p=0x5555557afc50) at
default/librpc/gen_ndr/srv_netlogon.c:2168
        call = 0x7ffff509f3d0 <netlogon_calls+1872>
        pull = 0x5555557c2e00
---Type <return> to continue, or q <return> to quit---
        push = 0x5555557aa6a0
        ndr_err = NDR_ERR_SUCCESS
        r = 0x5555557c2d50
#19 0x00007ffff75b4db8 in api_rpcTNP (p=0x5555557afc50, pkt=0x5555557c5320,
api_rpc_cmds=0x7ffff7947fc0 <api_netlogon_cmds>, n_cmds=49, 
    syntax=0x5555557abb30) at ../source3/rpc_server/srv_pipe.c:1471
        fn_num = 26
        offset1 = 0
        table = 0x7ffff5099800 <ndr_table_netlogon>
        __FUNCTION__ = "api_rpcTNP"
#20 0x00007ffff75b493f in api_pipe_request (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1406
        frame = 0x5555557c2cf0
        ret = false
        pipe_fns = 0x5555557abb10
        interface_name = 0x7ffff4e2aa47 "netlogon"
        __FUNCTION__ = "api_pipe_request"
        __func__ = "api_pipe_request"
#21 0x00007ffff75b5751 in process_request_pdu (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1675
        status = {v = 0}
        data = {data = 0x5555557aa890 "", length = 96}
        hdr2 = {ptype = DCERPC_PKT_REQUEST, reserved1 = 0 '\000', reserved2 =
0, drep = "\020\000\000", call_id = 9, context_id = 0, opnum = 26}
        __FUNCTION__ = "process_request_pdu"
#22 0x00007ffff75b5834 in process_complete_pdu (p=0x5555557afc50,
pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1693
        reply = false
        __FUNCTION__ = "process_complete_pdu"
#23 0x00007ffff740689c in named_pipe_packet_process (subreq=0x0) at
../source3/rpc_server/rpc_server.c:442
        npc = 0x5555557adcb0
        out = 0x5555557afcf8
        recv_buffer = {data = 0x5555557abbb0 "\005", length = 120}
        pkt = 0x5555557c5320
        status = {v = 0}
        to_send = 21845
        i = 21272782304
        ok = false
        __FUNCTION__ = "named_pipe_packet_process"
#24 0x00007fffef0bda3b in dcerpc_read_ncacn_packet_done (subreq=0x0) at
../librpc/rpc/dcerpc_util.c:425
        req = 0x5555557c5110
        state = 0x5555557c52a0
        ret = 120
        sys_errno = 21845
        ndr = 0x0
        ndr_err = NDR_ERR_SUCCESS
        status = {v = 1434210976}
#25 0x00007ffff52b9169 in tstream_readv_pdu_ask_for_next_vector
(req=0x5555557aa650) at ../lib/tsocket/tsocket_helpers.c:245
        state = 0x5555557aa7e0
        ret = 0
        to_read = 0
        i = 140737488345736
        subreq = 0x5555557ab050
        optimize = true
        save_optimize = false
#26 0x00007ffff52b9393 in tstream_readv_pdu_readv_done (subreq=0x5555557aaec0)
at ../lib/tsocket/tsocket_helpers.c:319
        req = 0x5555557aa650
        state = 0x5555557aa7e0
        ret = 104
        sys_errno = 1434104288
#27 0x00007ffff52b86b9 in tstream_readv_done (subreq=0x0) at
../lib/tsocket/tsocket.c:604
        req = 0x5555557aaec0
        state = 0x5555557ab050
        ret = 104
---Type <return> to continue, or q <return> to quit---
        sys_errno = 21845
#28 0x00007ffff3f4dd54 in tevent_common_loop_immediate () from
/usr/lib64/libtevent.so.0
No symbol table info available.
#29 0x00007ffff5709e2f in run_events_poll (ev=0x55555577b2f0, pollrtn=0,
pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192
        state = 0x5555557c2c90
        pollfd_idx = 0x5555557680b0
        fde = 0x5555557c2c30
        __FUNCTION__ = "run_events_poll"
#30 0x00007ffff570a4a3 in s3_event_loop_once (ev=0x55555577b2f0,
location=0x7ffff76868d0 "../source3/smbd/process.c:4031")
    at ../source3/lib/events.c:303
        state = 0x55555576aa80
        timeout = 2147483647
        num_pfds = 32767
        ret = -9056
        poll_errno = 32767
#31 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0
No symbol table info available.
#32 0x00007ffff3f4d6bb in tevent_common_loop_wait () from
/usr/lib64/libtevent.so.0
No symbol table info available.
#33 0x00007ffff74f6578 in smbd_process (ev_ctx=0x55555577b2f0,
msg_ctx=0x55555577b3e0, sock_fd=27, interactive=true)
    at ../source3/smbd/process.c:4031
        trace_state = {ev = 0x55555577b2f0, frame = 0x5555557c2c90}
        client = 0x5555557a3fe0
        sconn = 0x5555557a4470
        xconn = 0x5555557a4150
        locaddr = 0x5555557a3e50 "!Y"
        remaddr = 0x5555557a3ed0 "@tyUUU"
        ret = 21845
        status = {v = 0}
        __FUNCTION__ = "smbd_process"
#34 0x000055555555c58c in smbd_accept_connection (ev=0x55555577b2f0,
fde=0x55555579ea20, flags=1, private_data=0x5555557a24d0)
    at ../source3/smbd/server.c:592
        s = 0x5555557a24d0
        msg_ctx = 0x55555577b3e0
        addr = {ss_family = 2, __ss_align = 0, 
          __ss_padding = '\000' <repeats 16 times>,
"H\244yUUU\000\000\060\336\377\377\377\177\000\000\260\335\377\377\377\177\000\000\366\361\225\367\377\177\000\000H\244yUUU\000\000\060\336\377\377\377\177\000\000;\000\000\000\000\000\000\000\254\211\001\000\000\000\000\000P\336\377\377\377\177\000\000\265\235p\365\377\177\000\000;\000\000\000\000\000\000\000x\336\377\377\377\177\000"}
        in_addrlen = 16
        fd = 27
        pid = 0
        unique_id = 93824994489072
        __FUNCTION__ = "smbd_accept_connection"
#35 0x00007ffff570a328 in run_events_poll (ev=0x55555577b2f0, pollrtn=1,
pfds=0x55555579e310, num_pfds=5) at ../source3/lib/events.c:257
        pfd = 0x55555579e318
        flags = 1
        state = 0x55555576aa80
        pollfd_idx = 0x55555579e7e0
        fde = 0x55555579ea20
        __FUNCTION__ = "run_events_poll"
#36 0x00007ffff570a5b7 in s3_event_loop_once (ev=0x55555577b2f0,
location=0x555555563243 "../source3/smbd/server.c:1011")
    at ../source3/lib/events.c:326
        state = 0x55555576aa80
        timeout = 59101
        num_pfds = 5
        ret = 1
        poll_errno = 0
#37 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#38 0x00007ffff3f4d6bb in tevent_common_loop_wait () from
/usr/lib64/libtevent.so.0
No symbol table info available.
#39 0x000055555555d643 in smbd_parent_loop (ev_ctx=0x55555577b2f0,
parent=0x555555782240) at ../source3/smbd/server.c:1011
        trace_state = {frame = 0x55555577c500}
        ret = 0
        __FUNCTION__ = "smbd_parent_loop"
#40 0x000055555555ef82 in main (argc=3, argv=0x7fffffffe3c8) at
../source3/smbd/server.c:1663
        is_daemon = true
        interactive = true
        Fork = false
        no_process_group = false
        log_stdout = true
        ports = 0x0
        profile_level = 0x0
        opt = -1
        pc = 0x55555576a9b0
        print_build_options = false
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg
= 0x7ffff457a1c0 <poptHelpOptions>, val = 0, 
            descrip = 0x555555563341 "Help options:", argDescrip = 0x0},
{longName = 0x55555556334f "daemon", shortName = 68 'D', argInfo = 0, 
            arg = 0x0, val = 1000, descrip = 0x555555563356 "Become a daemon
(default)", argDescrip = 0x0}, {
            longName = 0x555555563370 "interactive", shortName = 105 'i',
argInfo = 0, arg = 0x0, val = 1001, 
            descrip = 0x555555563380 "Run interactive (not a daemon)",
argDescrip = 0x0}, {longName = 0x55555556339f "foreground", 
            shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip =
0x5555555633b0 "Run daemon in foreground (for daemontools, etc.)", 
            argDescrip = 0x0}, {longName = 0x5555555633e1 "no-process-group",
shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, 
            descrip = 0x5555555633f8 "Don't create a new process group",
argDescrip = 0x0}, {longName = 0x555555563419 "log-stdout", 
            shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip =
0x555555563424 "Log to stdout", argDescrip = 0x0}, {
            longName = 0x555555563432 "build-options", shortName = 98 'b',
argInfo = 0, arg = 0x0, val = 98, 
            descrip = 0x555555563440 "Print build options", argDescrip = 0x0},
{longName = 0x555555563454 "port", shortName = 112 'p', 
            argInfo = 1, arg = 0x7fffffffdf90, val = 0, descrip =
0x555555563459 "Listen on the specified ports", argDescrip = 0x0}, {
            longName = 0x555555563477 "profiling-level", shortName = 80 'P',
argInfo = 1, arg = 0x7fffffffdf98, val = 0, 
            descrip = 0x555555563487 "Set profiling level", argDescrip =
0x55555556349b "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', 
            argInfo = 4, arg = 0x7ffff5d7b180 <popt_common_samba>, val = 0,
descrip = 0x5555555634a9 "Common samba options:", argDescrip = 0x0}, {
            longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val =
0, descrip = 0x0, argDescrip = 0x0}}
        parent = 0x555555782240
        frame = 0x5555557681a0
        status = {v = 0}
        ev_ctx = 0x55555577b2f0
        msg_ctx = 0x55555577b3e0
        server_id = {pid = 22817, task_id = 0, vnn = 4294967295, unique_id =
12521371111806393781}
        se = 0x555555783120
        profiling_level = 0
        np_dir = 0x5555557984f0 "%p"
        smbd_shim_fns = {cancel_pending_lock_requests_by_fid = 0x7ffff74d2f5c
<smbd_cancel_pending_lock_requests_by_fid>, 
          send_stat_cache_delete_message = 0x7ffff74dcb9f
<smbd_send_stat_cache_delete_message>, 
          change_to_root_user = 0x7ffff74bafb7 <smbd_change_to_root_user>, 
          become_authenticated_pipe_user = 0x7ffff74bb06d
<smbd_become_authenticated_pipe_user>, 
          unbecome_authenticated_pipe_user = 0x7ffff74bb15f
<smbd_unbecome_authenticated_pipe_user>, 
          contend_level2_oplocks_begin = 0x7ffff754ae49
<smbd_contend_level2_oplocks_begin>, 
          contend_level2_oplocks_end = 0x7ffff754aebc
<smbd_contend_level2_oplocks_end>, become_root = 0x7ffff74bb37f
<smbd_become_root>, 
          unbecome_root = 0x7ffff74bb3a7 <smbd_unbecome_root>, exit_server =
0x7ffff753eda4 <smbd_exit_server>, 
          exit_server_cleanly = 0x7ffff753edc1 <smbd_exit_server_cleanly>}
        __FUNCTION__ = "main"
(
Comment 8 Björn Jacke 2016-04-25 13:43:37 UTC
this comment was from zombie_ryushu also:
--- Comment #7 from Zombie Ryushu <zombie_ryushu...> ---
Done. New symbols appeared.


[masterz@kefka ~]$ ==22737== Invalid read of size 1
==22737==    at 0x4A095A2: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22737==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22737==    by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029)
==22737==    by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507)
==22737==    by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334)
==22737==    by 0x6A67DA6: lookup_global_sam_name (passdb.c:618)
==22737==    by 0x52BBFEB: _samr_LookupNames (srv_samr_nt.c:1680)
==22737==    by 0x52D0294: api_samr_LookupNames (srv_samr.c:1438)
==22737==    by 0x5155620: rpcint_dispatch (rpc_ncacn_np.c:276)
==22737==    by 0x51558AE: rpcint_bh_raw_call_send (rpc_ncacn_np.c:363)
==22737==    by 0xD7B8AA6: dcerpc_binding_handle_raw_call_send
(binding_handle.c:158)
==22737==    by 0xD7B931F: dcerpc_binding_handle_call_send
(binding_handle.c:429)
==22737==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==22737== 
==22737== Invalid free() / delete / delete[] / realloc()
==22737==    at 0x4A07819: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22737==    by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so)
==22737==    by 0x48016DC: _vgnU_freeres (in
/usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==22737==    by 0x8B1C737: abort (in /lib64/libc-2.19.so)
==22737==    by 0x71168D9: dump_core (dumpcore.c:337)
==22737==    by 0x710503F: smb_panic_s3 (util.c:812)
==22737==    by 0x4E7DA24: smb_panic (fault.c:166)
==22737==    by 0x4E7D6FC: fault_report (fault.c:83)
==22737==    by 0x4E7D711: sig_fault (fault.c:94)
==22737==    by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so)
==22737==    by 0x4A095A1: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22737==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22737==  Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached"
==22737== 
==22737== 
==22737== HEAP SUMMARY:
==22737==     in use at exit: 354,185 bytes in 1,287 blocks
==22737==   total heap usage: 10,722 allocs, 9,436 frees, 3,484,737 bytes
allocated
==22737== 
==22737== LEAK SUMMARY:
==22737==    definitely lost: 4,527 bytes in 1 blocks
==22737==    indirectly lost: 0 bytes in 0 blocks
==22737==      possibly lost: 285,291 bytes in 920 blocks
==22737==    still reachable: 64,367 bytes in 366 blocks
==22737==         suppressed: 0 bytes in 0 blocks
==22737== Rerun with --leak-check=full to see details of leaked memory
==22737== 
==22737== For counts of detected and suppressed errors, rerun with: -v
==22737== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)
==22739== Invalid read of size 4
==22739==    at 0x6A71FC8: sids_to_unixids (lookup_sid.c:1367)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739==    by 0x524FA62: construct_reply (process.c:1685)
==22739==    by 0x5250B75: process_smb (process.c:1931)
==22739==  Address 0x18b4d3b8 is 0 bytes after a block of size 104 alloc'd
==22739==    at 0x4A066FF: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==22739==    by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739== 
==22739== Invalid read of size 4
==22739==    at 0x6A72088: sids_to_unixids (lookup_sid.c:1378)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739==    by 0x524FA62: construct_reply (process.c:1685)
==22739==    by 0x5250B75: process_smb (process.c:1931)
==22739==  Address 0x18b4d3b8 is 0 bytes after a block of size 104 alloc'd
==22739==    at 0x4A066FF: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==22739==    by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739== 
==22739== Invalid read of size 4
==22739==    at 0x6A720B1: sids_to_unixids (lookup_sid.c:1379)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739==    by 0x524FA62: construct_reply (process.c:1685)
==22739==    by 0x5250B75: process_smb (process.c:1931)
==22739==  Address 0x18b4d3bc is 4 bytes after a block of size 104 alloc'd
==22739==    at 0x4A066FF: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==22739==    by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350)
==22739==    by 0x6ECE206: create_local_token (auth_util.c:594)
==22739==    by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79)
==22739==    by 0xD11E64A: gensec_ntlmssp_session_info
(gensec_ntlmssp_server.c:66)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0xD10FED0: gensec_spnego_session_info (spnego.c:288)
==22739==    by 0xD1234EE: gensec_session_info (gensec.c:212)
==22739==    by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275)
==22739==    by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649)
==22739==    by 0x524F898: switch_message (process.c:1649)
==22739== 
==22739== Invalid read of size 1
==22739==    at 0x4A095A2: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22739==    by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029)
==22739==    by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507)
==22739==    by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334)
==22739==    by 0x6A67DA6: lookup_global_sam_name (passdb.c:618)
==22739==    by 0x6A6F0BB: lookup_name (lookup_sid.c:264)
==22739==    by 0x52C0731: can_create (srv_samr_nt.c:3609)
==22739==    by 0x52C09D0: _samr_CreateUser2 (srv_samr_nt.c:3679)
==22739==    by 0x52D6221: api_samr_CreateUser2 (srv_samr.c:4021)
==22739==    by 0x5314DB7: api_rpcTNP (srv_pipe.c:1471)
==22739==    by 0x531493E: api_pipe_request (srv_pipe.c:1406)
==22739==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==22739== 
==22739== Invalid free() / delete / delete[] / realloc()
==22739==    at 0x4A07819: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so)
==22739==    by 0x48016DC: _vgnU_freeres (in
/usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==22739==    by 0x8B1C737: abort (in /lib64/libc-2.19.so)
==22739==    by 0x71168D9: dump_core (dumpcore.c:337)
==22739==    by 0x710503F: smb_panic_s3 (util.c:812)
==22739==    by 0x4E7DA24: smb_panic (fault.c:166)
==22739==    by 0x4E7D6FC: fault_report (fault.c:83)
==22739==    by 0x4E7D711: sig_fault (fault.c:94)
==22739==    by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so)
==22739==    by 0x4A095A1: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22739==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22739==  Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached"
==22739== 
==22739== 
==22739== HEAP SUMMARY:
==22739==     in use at exit: 352,262 bytes in 1,357 blocks
==22739==   total heap usage: 12,134 allocs, 10,778 frees, 3,611,722 bytes
allocated
==22739== 
==22739== LEAK SUMMARY:
==22739==    definitely lost: 3,567 bytes in 1 blocks
==22739==    indirectly lost: 0 bytes in 0 blocks
==22739==      possibly lost: 284,003 bytes in 985 blocks
==22739==    still reachable: 64,692 bytes in 371 blocks
==22739==         suppressed: 0 bytes in 0 blocks
==22739== Rerun with --leak-check=full to see details of leaked memory
==22739== 
==22739== For counts of detected and suppressed errors, rerun with: -v
==22739== ERROR SUMMARY: 8 errors from 5 contexts (suppressed: 1 from 1)
==22743== 
==22743== HEAP SUMMARY:
==22743==     in use at exit: 517,068 bytes in 1,988 blocks
==22743==   total heap usage: 9,810 allocs, 7,822 frees, 1,983,597 bytes
allocated
==22743== 
==22743== LEAK SUMMARY:
==22743==    definitely lost: 0 bytes in 0 blocks
==22743==    indirectly lost: 0 bytes in 0 blocks
==22743==      possibly lost: 137,447 bytes in 661 blocks
==22743==    still reachable: 379,621 bytes in 1,327 blocks
==22743==         suppressed: 0 bytes in 0 blocks
==22743== Rerun with --leak-check=full to see details of leaked memory
==22743== 
==22743== For counts of detected and suppressed errors, rerun with: -v
==22743== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
==22742== Invalid read of size 1
==22742==    at 0x4A095A2: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22742==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22742==    by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029)
==22742==    by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507)
==22742==    by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334)
==22742==    by 0x6A67DA6: lookup_global_sam_name (passdb.c:618)
==22742==    by 0x52BBFEB: _samr_LookupNames (srv_samr_nt.c:1680)
==22742==    by 0x52D0294: api_samr_LookupNames (srv_samr.c:1438)
==22742==    by 0x5155620: rpcint_dispatch (rpc_ncacn_np.c:276)
==22742==    by 0x51558AE: rpcint_bh_raw_call_send (rpc_ncacn_np.c:363)
==22742==    by 0xD7B8AA6: dcerpc_binding_handle_raw_call_send
(binding_handle.c:158)
==22742==    by 0xD7B931F: dcerpc_binding_handle_call_send
(binding_handle.c:429)
==22742==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==22742== 
==22742== Invalid free() / delete / delete[] / realloc()
==22742==    at 0x4A07819: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22742==    by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so)
==22742==    by 0x48016DC: _vgnU_freeres (in
/usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==22742==    by 0x8B1C737: abort (in /lib64/libc-2.19.so)
==22742==    by 0x71168D9: dump_core (dumpcore.c:337)
==22742==    by 0x710503F: smb_panic_s3 (util.c:812)
==22742==    by 0x4E7DA24: smb_panic (fault.c:166)
==22742==    by 0x4E7D6FC: fault_report (fault.c:83)
==22742==    by 0x4E7D711: sig_fault (fault.c:94)
==22742==    by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so)
==22742==    by 0x4A095A1: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22742==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22742==  Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached"
==22742== 
==22742== 
==22742== HEAP SUMMARY:
==22742==     in use at exit: 354,483 bytes in 1,289 blocks
==22742==   total heap usage: 10,749 allocs, 9,461 frees, 3,490,378 bytes
allocated
==22742== 
==22742== LEAK SUMMARY:
==22742==    definitely lost: 4,527 bytes in 1 blocks
==22742==    indirectly lost: 0 bytes in 0 blocks
==22742==      possibly lost: 285,601 bytes in 922 blocks
==22742==    still reachable: 64,355 bytes in 366 blocks
==22742==         suppressed: 0 bytes in 0 blocks
==22742== Rerun with --leak-check=full to see details of leaked memory
==22742== 
==22742== For counts of detected and suppressed errors, rerun with: -v
==22742== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)
==22746== Invalid read of size 1
==22746==    at 0x4A095A2: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22746==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22746==    by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029)
==22746==    by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507)
==22746==    by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334)
==22746==    by 0x6A67DA6: lookup_global_sam_name (passdb.c:618)
==22746==    by 0x6A6F0BB: lookup_name (lookup_sid.c:264)
==22746==    by 0x52C0731: can_create (srv_samr_nt.c:3609)
==22746==    by 0x52C09D0: _samr_CreateUser2 (srv_samr_nt.c:3679)
==22746==    by 0x52D6221: api_samr_CreateUser2 (srv_samr.c:4021)
==22746==    by 0x5314DB7: api_rpcTNP (srv_pipe.c:1471)
==22746==    by 0x531493E: api_pipe_request (srv_pipe.c:1406)
==22746==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==22746== 
==22746== Invalid free() / delete / delete[] / realloc()
==22746==    at 0x4A07819: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22746==    by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so)
==22746==    by 0x48016DC: _vgnU_freeres (in
/usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==22746==    by 0x8B1C737: abort (in /lib64/libc-2.19.so)
==22746==    by 0x71168D9: dump_core (dumpcore.c:337)
==22746==    by 0x710503F: smb_panic_s3 (util.c:812)
==22746==    by 0x4E7DA24: smb_panic (fault.c:166)
==22746==    by 0x4E7D6FC: fault_report (fault.c:83)
==22746==    by 0x4E7D711: sig_fault (fault.c:94)
==22746==    by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so)
==22746==    by 0x4A095A1: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22746==    by 0x713AE79: tcopy_passwd (util_pw.c:39)
==22746==  Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached"
==22746==
Comment 9 Björn Jacke 2018-02-26 12:49:51 UTC
I assume this is a duplicate of bug #11530 and fixed with by that. If you can reproduce it with a recent and supported version, please reopen this bug.