[2016/04/18 14:52:37.133378, 0] ../lib/util/fault.c:78(fault_report) =============================================================== [2016/04/18 14:52:37.133600, 0] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 11 in pid 24001 (4.3.6) Please read the Trouble-Shooting section of the Samba HOWTO [2016/04/18 14:52:37.133715, 0] ../lib/util/fault.c:81(fault_report) =============================================================== [2016/04/18 14:52:37.133793, 0] ../source3/lib/util.c:789(smb_panic_s3) PANIC (pid 24001): internal error [2016/04/18 14:52:37.136403, 0] ../source3/lib/util.c:900(log_stack_trace) BACKTRACE: 40 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7fa65b024d7f] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7fa65b024bca] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7fa65d2959c5] #3 /usr/lib64/libsamba-util.so.0(+0x307621469d) [0x7fa65d29569d] #4 /usr/lib64/libsamba-util.so.0(+0x30762146b2) [0x7fa65d2956b2] #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7fa65d5002a0] #6 /lib64/libc.so.6(strlen+0x2a) [0x7fa6595465ba] #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7fa65b05aaa5] #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7fa65b6d9683] #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7fa65b6db38c] #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7fa65b70444a] #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7fa65b6f4da7] #12 /usr/lib64/libsamba-passdb.so.0(lookup_name+0xb39) [0x7fa65b6fc0bc] #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1e6495) [0x7fa65ce95495] #14 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_CreateUser2+0x194) [0x7fa65ce95734] #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1fbf16) [0x7fa65ceaaf16] #16 /usr/lib64/samba/libsmbd-base-samba4.so(+0x239fff) [0x7fa65cee8fff] #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x239b86) [0x7fa65cee8b86] #18 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a909) [0x7fa65cee9909] #19 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7fa65cee99ec] #20 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7fa65cd3b765] #21 /usr/lib64/libdcerpc-binding.so.0(+0x306d61c632) [0x7fa6549f4632] #22 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60c1a9) [0x7fa65abf01a9] #23 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60c3d3) [0x7fa65abf03d3] #24 /usr/lib64/samba/libsamba-sockets-samba4.so(+0x306f60b6f9) [0x7fa65abef6f9] #25 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7fa659884d54] #26 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7fa65b040b4f] #27 /usr/lib64/libsmbconf.so.0(+0x3ea5c3e1c3) [0x7fa65b0411c3] #28 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa65988451d] #29 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa6598846bb] #30 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7fa65ce2b367] #31 /usr/sbin/smbd(+0x87cc) [0x7fa65d9397cc] #32 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7fa65b041048] #33 /usr/lib64/libsmbconf.so.0(+0x3ea5c3e2d7) [0x7fa65b0412d7] #34 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa65988451d] #35 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa6598846bb] #36 /usr/sbin/smbd(+0x9643) [0x7fa65d93a643] #37 /usr/sbin/smbd(main+0x1788) [0x7fa65d93bf82] #38 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7fa6594dbfc0] #39 /usr/sbin/smbd(+0x61d9) [0x7fa65d9371d9] [2016/04/18 14:52:37.137887, 0] ../source3/lib/dumpcore.c:318(dump_core)
This only happens whenever I do a net rpc join against my Samba 4 Classic Domain backended by OpenLDAP.
Can you run the crashing daemon under valgrind and post the output?
==26805== Memcheck, a memory error detector ==26805== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==26805== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==26805== Command: smbd -F ==26805== ==26809== ==26809== HEAP SUMMARY: ==26809== in use at exit: 160,809 bytes in 612 blocks ==26809== total heap usage: 1,566 allocs, 954 frees, 454,814 bytes allocated ==26809== ==26809== LEAK SUMMARY: ==26809== definitely lost: 0 bytes in 0 blocks ==26809== indirectly lost: 0 bytes in 0 blocks ==26809== possibly lost: 121,655 bytes in 525 blocks ==26809== still reachable: 39,154 bytes in 87 blocks ==26809== suppressed: 0 bytes in 0 blocks ==26809== Rerun with --leak-check=full to see details of leaked memory ==26809== ==26809== For counts of detected and suppressed errors, rerun with: -v ==26809== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1) ==26815== ==26815== HEAP SUMMARY: ==26815== in use at exit: 513,441 bytes in 1,963 blocks ==26815== total heap usage: 8,951 allocs, 6,988 frees, 1,854,030 bytes allocated ==26815== ==26815== LEAK SUMMARY: ==26815== definitely lost: 0 bytes in 0 blocks ==26815== indirectly lost: 0 bytes in 0 blocks ==26815== possibly lost: 133,815 bytes in 638 blocks ==26815== still reachable: 379,626 bytes in 1,325 blocks ==26815== suppressed: 0 bytes in 0 blocks ==26815== Rerun with --leak-check=full to see details of leaked memory ==26815== ==26815== For counts of detected and suppressed errors, rerun with: -v ==26815== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1) ==26828== Invalid read of size 1 ==26828== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26828== by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==26828== by 0x6A5C682: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26828== by 0x6A5E38B: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26828== by 0x6A87449: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26828== by 0x6A77DA6: lookup_global_sam_name (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26828== by 0x52CFD4E: _samr_LookupNames (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26828== by 0x52E3F88: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26828== by 0x5169500: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26828== by 0x516978E: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26828== by 0xD7C869D: dcerpc_binding_handle_raw_call_send (in /usr/lib64/libdcerpc-binding.so.0.0.1) ==26828== by 0xD7C8F16: dcerpc_binding_handle_call_send (in /usr/lib64/libdcerpc-binding.so.0.0.1) ==26828== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==26828== ==26828== Invalid free() / delete / delete[] / realloc() ==26828== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26828== by 0x8C5E677: __libc_freeres (in /lib64/libc-2.19.so) ==26828== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==26828== by 0x8B2C737: abort (in /lib64/libc-2.19.so) ==26828== by 0x71265F9: dump_core (in /usr/lib64/libsmbconf.so.0) ==26828== by 0x7114D5F: smb_panic_s3 (in /usr/lib64/libsmbconf.so.0) ==26828== by 0x4E929C4: smb_panic (in /usr/lib64/libsamba-util.so.0.0.1) ==26828== by 0x4E9269C: ??? (in /usr/lib64/libsamba-util.so.0.0.1) ==26828== by 0x4E926B1: ??? (in /usr/lib64/libsamba-util.so.0.0.1) ==26828== by 0x4C6F29F: ??? (in /lib64/libpthread-2.19.so) ==26828== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26828== by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==26828== Address 0x8eb4330 is 0 bytes inside data symbol "noai6ai_cached" ==26828== ==26828== ==26828== HEAP SUMMARY: ==26828== in use at exit: 352,100 bytes in 1,269 blocks ==26828== total heap usage: 10,687 allocs, 9,419 frees, 3,462,278 bytes allocated ==26828== ==26828== LEAK SUMMARY: ==26828== definitely lost: 4,527 bytes in 1 blocks ==26828== indirectly lost: 0 bytes in 0 blocks ==26828== possibly lost: 283,292 bytes in 908 blocks ==26828== still reachable: 64,281 bytes in 360 blocks ==26828== suppressed: 0 bytes in 0 blocks ==26828== Rerun with --leak-check=full to see details of leaked memory ==26828== ==26828== For counts of detected and suppressed errors, rerun with: -v ==26828== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1) ==26839== Invalid read of size 1 ==26839== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26839== by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==26839== by 0x6A5C682: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26839== by 0x6A5E38B: ??? (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26839== by 0x6A87449: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26839== by 0x6A77DA6: lookup_global_sam_name (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26839== by 0x6A7F0BB: lookup_name (in /usr/lib64/libsamba-passdb.so.0.24.1) ==26839== by 0x52D4494: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26839== by 0x52D4733: _samr_CreateUser2 (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26839== by 0x52E9F15: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26839== by 0x5327FFE: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26839== by 0x5327B85: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so) ==26839== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==26839== ==26839== Invalid free() / delete / delete[] / realloc() ==26839== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26839== by 0x8C5E677: __libc_freeres (in /lib64/libc-2.19.so) ==26839== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==26839== by 0x8B2C737: abort (in /lib64/libc-2.19.so) ==26839== by 0x71265F9: dump_core (in /usr/lib64/libsmbconf.so.0) ==26839== by 0x7114D5F: smb_panic_s3 (in /usr/lib64/libsmbconf.so.0) ==26839== by 0x4E929C4: smb_panic (in /usr/lib64/libsamba-util.so.0.0.1) ==26839== by 0x4E9269C: ??? (in /usr/lib64/libsamba-util.so.0.0.1) ==26839== by 0x4E926B1: ??? (in /usr/lib64/libsamba-util.so.0.0.1) ==26839== by 0x4C6F29F: ??? (in /lib64/libpthread-2.19.so) ==26839== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==26839== by 0x714AAA4: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==26839== Address 0x8eb4330 is 0 bytes inside data symbol "noai6ai_cached" ==26839== ==26839== ==26839== HEAP SUMMARY: ==26839== in use at exit: 348,595 bytes in 1,330 blocks ==26839== total heap usage: 11,873 allocs, 10,544 frees, 3,520,356 bytes allocated ==26839== ==26839== LEAK SUMMARY: ==26839== definitely lost: 3,567 bytes in 1 blocks ==26839== indirectly lost: 0 bytes in 0 blocks ==26839== possibly lost: 280,426 bytes in 965 blocks ==26839== still reachable: 64,602 bytes in 364 blocks ==26839== suppressed: 0 bytes in 0 blocks ==26839== Rerun with --leak-check=full to see details of leaked memory ==26839== ==26839== For counts of detected and suppressed errors, rerun with: -v ==26839== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1) ==26871== ==26871== HEAP SUMMARY: ==26871== in use at exit: 516,141 bytes in 1,979 blocks ==26871== total heap usage: 9,618 allocs, 7,639 frees, 1,953,671 bytes allocated ==26871== ==26871== LEAK SUMMARY: ==26871== definitely lost: 0 bytes in 0 blocks ==26871== indirectly lost: 0 bytes in 0 blocks ==26871== possibly lost: 136,515 bytes in 654 blocks ==26871== still reachable: 379,626 bytes in 1,325 blocks ==26871== suppressed: 0 bytes in 0 blocks ==26871== Rerun with --leak-check=full to see details of leaked memory
Thanks for the valgrind log. It points somewhere else, but I would really appreciate if you could try the patch sent with https://lists.samba.org/archive/samba-technical/2016-April/113536.html which fixes a memory corruption with pdb_ldap when creating users. Maybe valgrind just does not catch what is happening there correctly. Please report back if it helps and also if it still crashes. Then it would be great if you could compile Samba without optimization and with CFLAGS=-g so that the valgrind trace and the panic will be more informative.
I added that patch and it still panics. INTERNAL ERROR: Signal 11 in pid 16495 (4.3.8) Please read the Trouble-Shooting section of the Samba HOWTO [2016/04/22 04:31:04.637494, 0] ../lib/util/fault.c:81(fault_report) =============================================================== [2016/04/22 04:31:04.637597, 0] ../source3/lib/util.c:789(smb_panic_s3) PANIC (pid 16495): internal error [2016/04/22 04:31:04.639381, 0] ../source3/lib/util.c:900(log_stack_trace) BACKTRACE: 49 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25] #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd] #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712] #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0] #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba] #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a] #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683] #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c] #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a] #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7] #12 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_LookupNames+0x31b) [0x7f6ddc5d7fec] #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1f6295) [0x7f6ddc5ec295] #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b621) [0x7f6ddc471621] #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b8af) [0x7f6ddc4718af] #16 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_raw_call_send+0xb5) [0x7f6dd413aaa7] #17 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call_send+0x3ad) [0x7f6dd413b320] #18 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call+0x96) [0x7f6dd413b6f8] #19 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames_r+0x3f) [0x7f6dd5b18249] #20 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames+0x76) [0x7f6dd5b18671] #21 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb246f) [0x7f6ddc4a846f] #22 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb2774) [0x7f6ddc4a8774] #23 /usr/lib64/samba/libsmbd-base-samba4.so(_netr_ServerAuthenticate3+0x268) [0x7f6ddc4a8fde] #24 /usr/lib64/samba/libsmbd-base-samba4.so(+0xbb6e5) [0x7f6ddc4b16e5] #25 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8] #26 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f] #27 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751] #28 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834] #29 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c] #30 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b] #31 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169] #32 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393] #33 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9] #34 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54] #35 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f] #36 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3] #37 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d] #38 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb] #39 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578] #40 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc] #41 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328] #42 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7] #43 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d] #44 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb] #45 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643] #46 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82] #47 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0] #48 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9] [2016/04/22 04:31:04.639892, 0] ../source3/lib/dumpcore.c:318(dump_core) dumping core in /var/log/samba/cores/smbd [2016/04/22 04:31:08.300063, 0] ../lib/util/fault.c:78(fault_report) =============================================================== [2016/04/22 04:31:08.300143, 0] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 11 in pid 16498 (4.3.8) Please read the Trouble-Shooting section of the Samba HOWTO [2016/04/22 04:31:08.300232, 0] ../lib/util/fault.c:81(fault_report) =============================================================== [2016/04/22 04:31:08.300262, 0] ../source3/lib/util.c:789(smb_panic_s3) PANIC (pid 16498): internal error [2016/04/22 04:31:08.301252, 0] ../source3/lib/util.c:900(log_stack_trace) BACKTRACE: 40 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25] #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd] #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712] #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0] #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba] #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a] #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683] #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c] #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a] #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7] #12 /usr/lib64/libsamba-passdb.so.0(lookup_name+0xb39) [0x7f6ddae410bc] #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1e6732) [0x7f6ddc5dc732] #14 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_CreateUser2+0x194) [0x7f6ddc5dc9d1] #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1fc222) [0x7f6ddc5f2222] #16 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8] #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f] #18 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751] #19 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834] #20 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c] #21 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b] #22 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169] #23 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393] #24 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9] #25 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54] #26 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f] #27 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3] #28 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d] #29 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb] #30 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578] #31 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc] #32 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328] #33 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7] #34 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d] #35 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb] #36 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643] #37 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82] #38 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0] #39 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9] [2016/04/22 04:31:08.301779, 0] ../source3/lib/dumpcore.c:318(dump_core) dumping core in /var/log/samba/cores/smbd
Can you compile Samba with debug information by putting the CFLAGS=-g to the configure line: CFLAGS=-g ./configure ... and re-run under valgrind?
this comment was actually from zombie_ryushu --- Comment #8 from Zombie Ryushu <zombie_ryushu...> --- #0 0x00007ffff3c0f5ba in strlen () from /lib64/libc.so.6 #1 0x00007ffff5723e7a in tcopy_passwd (mem_ctx=0x5555557cb1d0, from=0x7fffffffcba0) at ../lib/util/util_pw.c:39 #2 0x00007ffff5da2683 in init_sam_from_ldap (ldap_state=0x5555557836f0, sampass=0x5555557cb1d0, entry=0x555555780d40) at ../source3/passdb/pdb_ldap.c:1029 #3 0x00007ffff5da438c in ldapsam_getsampwnam (my_methods=0x555555783460, user=0x5555557cb1d0, sname=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_ldap.c:1507 #4 0x00007ffff5dcd44a in pdb_getsampwnam (sam_acct=0x5555557cb1d0, username=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_interface.c:334 #5 0x00007ffff5dbdda7 in lookup_global_sam_name (name=0x5555557c5d30 "BROLY$", flags=0, rid=0x5555557c6c60, type=0x5555557c6cd0) at ../source3/passdb/passdb.c:618 #6 0x00007ffff755bfec in _samr_LookupNames (p=0x5555557aaea0, r=0x5555557c6910) at ../source3/rpc_server/samr/srv_samr_nt.c:1680 #7 0x00007ffff7570295 in api_samr_LookupNames (p=0x5555557aaea0) at default/librpc/gen_ndr/srv_samr.c:1438 #8 0x00007ffff73f5621 in rpcint_dispatch (p=0x5555557aaea0, mem_ctx=0x5555557c6790, opnum=17, in_data=0x5555557c6790, out_data=0x5555557c67a0) at ../source3/rpc_server/rpc_ncacn_np.c:276 #9 0x00007ffff73f58af in rpcint_bh_raw_call_send (mem_ctx=0x5555557c6460, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at ../source3/rpc_server/rpc_ncacn_np.c:363 #10 0x00007fffef0beaa7 in dcerpc_binding_handle_raw_call_send (mem_ctx=0x5555557ab3b0, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at ../librpc/rpc/binding_handle.c:158 #11 0x00007fffef0bf320 in dcerpc_binding_handle_call_send (mem_ctx=0x5555557c4c90, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:429 #12 0x00007fffef0bf6f8 in dcerpc_binding_handle_call (h=0x5555557c4c00, object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:539 #13 0x00007ffff0a9c249 in dcerpc_samr_LookupNames_r (h=0x5555557c4c00, mem_ctx=0x5555557c3700, r=0x7fffffffd380) at default/librpc/gen_ndr/ndr_samr_c.c:3958 #14 0x00007ffff0a9c671 in dcerpc_samr_LookupNames (h=0x5555557c4c00, mem_ctx=0x5555557c3700, _domain_handle=0x7fffffffd480, _num_names=1, _names=0x7fffffffd430, _rids=0x7fffffffd440, _types=0x7fffffffd450, result=0x7fffffffd410) at default/librpc/gen_ndr/ndr_samr_c.c:4103 #15 0x00007ffff742c46f in samr_find_machine_account (mem_ctx=0x5555557c3700, b=0x5555557c4c00, account_name=0x5555557c31d0 "BROLY$", access_mask=33554432, domain_sid_p=0x7fffffffd520, user_rid_p=0x7fffffffd504, user_handle=0x7fffffffd540) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:576 #16 0x00007ffff742c774 in get_md4pw (md4pw=0x7fffffffd600, mach_acct=0x5555557c31d0 "BROLY$", sec_chan_type=SEC_CHAN_BDC, sid=0x7fffffffd5b0, msg_ctx=0x55555577b3e0) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:713 #17 0x00007ffff742cfde in _netr_ServerAuthenticate3 (p=0x5555557afc50, r=0x5555557c2d50) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:978 #18 0x00007ffff74356e5 in api_netr_ServerAuthenticate3 (p=0x5555557afc50) at default/librpc/gen_ndr/srv_netlogon.c:2168 #19 0x00007ffff75b4db8 in api_rpcTNP (p=0x5555557afc50, pkt=0x5555557c5320, api_rpc_cmds=0x7ffff7947fc0 <api_netlogon_cmds>, n_cmds=49, syntax=0x5555557abb30) at ../source3/rpc_server/srv_pipe.c:1471 #20 0x00007ffff75b493f in api_pipe_request (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1406 #21 0x00007ffff75b5751 in process_request_pdu (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1675 #22 0x00007ffff75b5834 in process_complete_pdu (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1693 #23 0x00007ffff740689c in named_pipe_packet_process (subreq=0x0) at ../source3/rpc_server/rpc_server.c:442 #24 0x00007fffef0bda3b in dcerpc_read_ncacn_packet_done (subreq=0x0) at ../librpc/rpc/dcerpc_util.c:425 #25 0x00007ffff52b9169 in tstream_readv_pdu_ask_for_next_vector (req=0x5555557aa650) at ../lib/tsocket/tsocket_helpers.c:245 #26 0x00007ffff52b9393 in tstream_readv_pdu_readv_done (subreq=0x5555557aaec0) at ../lib/tsocket/tsocket_helpers.c:319 #27 0x00007ffff52b86b9 in tstream_readv_done (subreq=0x0) at ../lib/tsocket/tsocket.c:604 #28 0x00007ffff3f4dd54 in tevent_common_loop_immediate () from /usr/lib64/libtevent.so.0 #29 0x00007ffff5709e2f in run_events_poll (ev=0x55555577b2f0, pollrtn=0, pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192 #30 0x00007ffff570a4a3 in s3_event_loop_once (ev=0x55555577b2f0, location=0x7ffff76868d0 "../source3/smbd/process.c:4031") at ../source3/lib/events.c:303 #31 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0 #32 0x00007ffff3f4d6bb in tevent_common_loop_wait () from /usr/lib64/libtevent.so.0 #33 0x00007ffff74f6578 in smbd_process (ev_ctx=0x55555577b2f0, msg_ctx=0x55555577b3e0, sock_fd=27, interactive=true) at ../source3/smbd/process.c:4031 #34 0x000055555555c58c in smbd_accept_connection (ev=0x55555577b2f0, fde=0x55555579ea20, flags=1, private_data=0x5555557a24d0) at ../source3/smbd/server.c:592 #35 0x00007ffff570a328 in run_events_poll (ev=0x55555577b2f0, pollrtn=1, pfds=0x55555579e310, num_pfds=5) at ../source3/lib/events.c:257 #36 0x00007ffff570a5b7 in s3_event_loop_once (ev=0x55555577b2f0, location=0x555555563243 "../source3/smbd/server.c:1011") at ../source3/lib/events.c:326 #37 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0 #38 0x00007ffff3f4d6bb in tevent_common_loop_wait () from /usr/lib64/libtevent.so.0 #39 0x000055555555d643 in smbd_parent_loop (ev_ctx=0x55555577b2f0, parent=0x555555782240) at ../source3/smbd/server.c:1011 #40 0x000055555555ef82 in main (argc=3, argv=0x7fffffffe3c8) at ../source3/smbd/server.c:1663 (gdb) bt full #0 0x00007ffff3c0f5ba in strlen () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ffff5723e7a in tcopy_passwd (mem_ctx=0x5555557cb1d0, from=0x7fffffffcba0) at ../lib/util/util_pw.c:39 ret = 0x5555557999d0 len = 9 #2 0x00007ffff5da2683 in init_sam_from_ldap (ldap_state=0x5555557836f0, sampass=0x5555557cb1d0, entry=0x555555780d40) at ../source3/passdb/pdb_ldap.c:1029 mapped_gsid = {sid_rev_num = 0 '\000', num_auths = 0 '\000', id_auth = "\000\000\000\000\000", sub_auths = {0 <repeats 12 times>, 1434241856, 21845, 3969128011}} primary_gsid = 0x0 unix_pw = {pw_name = 0x5555557cb540 "broly$", pw_passwd = 0x7ffff5de48f0 "x", pw_uid = 10014, pw_gid = 504, pw_gecos = 0x0, pw_dir = 0x7ffff5de491a "", pw_shell = 0x7ffff5de491a ""} have_uid = true have_gid = true id = {id = 0, type = ID_TYPE_NOT_SPECIFIED} logon_time = 0 logoff_time = 140737347189610 kickoff_time = 1 pass_last_set_time = 1358352586 pass_can_change_time = 61563434976 ldap_entry_time = 0 bad_password_time = 0 username = 0x5555557cb540 "broly$" domain = 0x5555557cb940 "PUKEY" nt_username = 0x5555557c6e30 "broly$" fullname = 0x5555557cb6c0 "broly$" homedir = 0x0 dir_drive = 0x0 logon_script = 0x0 profile_path = 0x0 acct_desc = 0x0 workstations = 0x0 munged_dial = 0x0 user_rid = 8192 smblmpwd = '\000' <repeats 15 times> smbntpwd = '\000' <repeats 15 times> use_samba_attrs = true acct_ctrl = 128 logon_divs = 168 bad_password_count = 0 logon_count = 0 hours_len = 21 hours = '\377' <repeats 21 times>, "\000\000\000\340wwUUU\000" temp = 0x5555557cb3d0 "504" cache_entry = {entry_timestamp = 0, acct_ctrl = 0, bad_password_count = 0, bad_password_time = 0} pwHistLen = 0 expand_explicit = false ret = false ctx = 0x5555557c6d40 __FUNCTION__ = "init_sam_from_ldap" #3 0x00007ffff5da438c in ldapsam_getsampwnam (my_methods=0x555555783460, user=0x5555557cb1d0, sname=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_ldap.c:1507 ret = {v = 3221225473} ldap_state = 0x5555557836f0 result = 0x555555780d40 entry = 0x555555780d40 count = 1 attr_list = 0x0 rc = 0 ---Type <return> to continue, or q <return> to quit--- __FUNCTION__ = "ldapsam_getsampwnam" #4 0x00007ffff5dcd44a in pdb_getsampwnam (sam_acct=0x5555557cb1d0, username=0x5555557c5d30 "BROLY$") at ../source3/passdb/pdb_interface.c:334 pdb = 0x555555783460 for_cache = 0x7ffff74bb3a5 <smbd_become_root+38> user_sid = 0x7ffff50aabd7 <become_root+25> status = {v = 4294954784} ok = false __FUNCTION__ = "pdb_getsampwnam" #5 0x00007ffff5dbdda7 in lookup_global_sam_name (name=0x5555557c5d30 "BROLY$", flags=0, rid=0x5555557c6c60, type=0x5555557c6cd0) at ../source3/passdb/passdb.c:618 sam_account = 0x5555557cb1d0 user_sid = {sid_rev_num = 216 '\330', num_auths = -2 '\376', id_auth = "j\367\377\177\000", sub_auths = {1434216720, 21845, 4294954928, 32767, 4056231725, 32767, 4056308928, 32767, 1434105312, 21845, 4294954960, 32767, 4124851508, 32767, 1434104288}} map = 0x5555557ab5e0 ret = false __FUNCTION__ = "lookup_global_sam_name" #6 0x00007ffff755bfec in _samr_LookupNames (p=0x5555557aaea0, r=0x5555557c6910) at ../source3/rpc_server/samr/srv_samr_nt.c:1680 dinfo = 0x5555557ab5e0 status = {v = 3221225587} rid = 0x5555557c6c60 type = 0x5555557c6cd0 i = 0 num_rids = 1 rids = {count = 1434104752, ids = 0x7fffffffd0a0} types = {count = 1434104288, ids = 0x7ffff3f4e5e0} num_mapped = 0 __FUNCTION__ = "_samr_LookupNames" #7 0x00007ffff7570295 in api_samr_LookupNames (p=0x5555557aaea0) at default/librpc/gen_ndr/srv_samr.c:1438 call = 0x7ffff509ff88 <samr_calls+1224> pull = 0x5555557c69b0 push = 0x0 ndr_err = NDR_ERR_SUCCESS r = 0x5555557c6910 #8 0x00007ffff73f5621 in rpcint_dispatch (p=0x5555557aaea0, mem_ctx=0x5555557c6790, opnum=17, in_data=0x5555557c6790, out_data=0x5555557c67a0) at ../source3/rpc_server/rpc_ncacn_np.c:276 fns = 0x5555557aba30 num_cmds = 68 cmds = 0x7ffff7948a00 <api_samr_cmds> i = 17 ok = false #9 0x00007ffff73f58af in rpcint_bh_raw_call_send (mem_ctx=0x5555557c6460, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at ../source3/rpc_server/rpc_ncacn_np.c:363 hs = 0x5555557aabf0 req = 0x5555557c6600 state = 0x5555557c6790 ok = true status = {v = 1434215120} #10 0x00007fffef0beaa7 in dcerpc_binding_handle_raw_call_send (mem_ctx=0x5555557ab3b0, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, opnum=17, in_flags=1048576, in_data=0x5555557c5e40 "", in_length=68) at ../librpc/rpc/binding_handle.c:158 req = 0x5555557c62d0 state = 0x5555557c6460 subreq = 0x5555557ab460 #11 0x00007fffef0bf320 in dcerpc_binding_handle_call_send (mem_ctx=0x5555557c4c90, ev=0x5555557c56a0, h=0x5555557c4c00, object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:429 req = 0x5555557ab220 state = 0x5555557ab3b0 subreq = 0x7ffff796c87f <samba_tevent_context_init+52> ndr_err = NDR_ERR_SUCCESS #12 0x00007fffef0bf6f8 in dcerpc_binding_handle_call (h=0x5555557c4c00, object=0x0, table=0x7ffff5099900 <ndr_table_samr>, opnum=17, ---Type <return> to continue, or q <return> to quit--- r_mem=0x5555557c3700, r_ptr=0x7fffffffd380) at ../librpc/rpc/binding_handle.c:539 frame = 0x5555557c4c90 ev = 0x5555557c56a0 subreq = 0x5555557ab220 status = {v = 3221225495} #13 0x00007ffff0a9c249 in dcerpc_samr_LookupNames_r (h=0x5555557c4c00, mem_ctx=0x5555557c3700, r=0x7fffffffd380) at default/librpc/gen_ndr/ndr_samr_c.c:3958 status = {v = 1434202582} #14 0x00007ffff0a9c671 in dcerpc_samr_LookupNames (h=0x5555557c4c00, mem_ctx=0x5555557c3700, _domain_handle=0x7fffffffd480, _num_names=1, _names=0x7fffffffd430, _rids=0x7fffffffd440, _types=0x7fffffffd450, result=0x7fffffffd410) at default/librpc/gen_ndr/ndr_samr_c.c:4103 r = {in = {domain_handle = 0x7fffffffd480, num_names = 1, names = 0x7fffffffd430}, out = {rids = 0x7fffffffd440, types = 0x7fffffffd450, result = {v = 0}}} status = {v = 0} #15 0x00007ffff742c46f in samr_find_machine_account (mem_ctx=0x5555557c3700, b=0x5555557c4c00, account_name=0x5555557c31d0 "BROLY$", access_mask=33554432, domain_sid_p=0x7fffffffd520, user_rid_p=0x7fffffffd504, user_handle=0x7fffffffd540) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:576 status = {v = 0} result = {v = 0} connect_handle = {handle_type = 0, uuid = {time_low = 16, time_mid = 0, time_hi_and_version = 0, clock_seq = "\034W", node = "w\220!Y\000"}} domain_handle = {handle_type = 0, uuid = {time_low = 17, time_mid = 0, time_hi_and_version = 0, clock_seq = "\034W", node = "w\220!Y\000"}} domain_name = {length = 10, size = 10, string = 0x55555576cb40 "PUKEY"} domain_sid = 0x5555557c5840 names = {length = 12, size = 12, string = 0x5555557c31d0 "BROLY$"} rids = {count = 1434102768, ids = 0x5555557c4c00} types = {count = 4150594925, ids = 0x5555557c2d50} rid = 21845 #16 0x00007ffff742c774 in get_md4pw (md4pw=0x7fffffffd600, mach_acct=0x5555557c31d0 "BROLY$", sec_chan_type=SEC_CHAN_BDC, sid=0x7fffffffd5b0, msg_ctx=0x55555577b3e0) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:713 status = {v = 0} result = {v = 0} mem_ctx = 0x5555557c3700 h = 0x5555557c4c00 local = 0x5555557c4a90 user_handle = {handle_type = 0, uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}} user_rid = 32767 domain_sid = 0x7fffffffd540 acct_ctrl = 32767 info = 0x7ffff5dcd0b6 <pdb_get_methods+18> session_info = 0x5555557c3c80 rc = 0 __FUNCTION__ = "get_md4pw" #17 0x00007ffff742cfde in _netr_ServerAuthenticate3 (p=0x5555557afc50, r=0x5555557c2d50) at ../source3/rpc_server/netlogon/srv_netlog_nt.c:978 status = {v = 1} srv_flgs = 1090667007 in_neg_flags = 1628438527 fn = 0x7ffff76511d6 "_netr_ServerAuthenticate3" lp_ctx = 0x0 sid = {sid_rev_num = 0 '\000', num_auths = 0 '\000', id_auth = "\000\000\000\000\000", sub_auths = {0 <repeats 12 times>, 4095083158, 32767, 0}} mach_pwd = {hash = "\300\262zUUU\000\000\200\326\377\377\377\177\000"} creds = 0x600000006 pipe_state = 0x5555557aae20 __FUNCTION__ = "_netr_ServerAuthenticate3" #18 0x00007ffff74356e5 in api_netr_ServerAuthenticate3 (p=0x5555557afc50) at default/librpc/gen_ndr/srv_netlogon.c:2168 call = 0x7ffff509f3d0 <netlogon_calls+1872> pull = 0x5555557c2e00 ---Type <return> to continue, or q <return> to quit--- push = 0x5555557aa6a0 ndr_err = NDR_ERR_SUCCESS r = 0x5555557c2d50 #19 0x00007ffff75b4db8 in api_rpcTNP (p=0x5555557afc50, pkt=0x5555557c5320, api_rpc_cmds=0x7ffff7947fc0 <api_netlogon_cmds>, n_cmds=49, syntax=0x5555557abb30) at ../source3/rpc_server/srv_pipe.c:1471 fn_num = 26 offset1 = 0 table = 0x7ffff5099800 <ndr_table_netlogon> __FUNCTION__ = "api_rpcTNP" #20 0x00007ffff75b493f in api_pipe_request (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1406 frame = 0x5555557c2cf0 ret = false pipe_fns = 0x5555557abb10 interface_name = 0x7ffff4e2aa47 "netlogon" __FUNCTION__ = "api_pipe_request" __func__ = "api_pipe_request" #21 0x00007ffff75b5751 in process_request_pdu (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1675 status = {v = 0} data = {data = 0x5555557aa890 "", length = 96} hdr2 = {ptype = DCERPC_PKT_REQUEST, reserved1 = 0 '\000', reserved2 = 0, drep = "\020\000\000", call_id = 9, context_id = 0, opnum = 26} __FUNCTION__ = "process_request_pdu" #22 0x00007ffff75b5834 in process_complete_pdu (p=0x5555557afc50, pkt=0x5555557c5320) at ../source3/rpc_server/srv_pipe.c:1693 reply = false __FUNCTION__ = "process_complete_pdu" #23 0x00007ffff740689c in named_pipe_packet_process (subreq=0x0) at ../source3/rpc_server/rpc_server.c:442 npc = 0x5555557adcb0 out = 0x5555557afcf8 recv_buffer = {data = 0x5555557abbb0 "\005", length = 120} pkt = 0x5555557c5320 status = {v = 0} to_send = 21845 i = 21272782304 ok = false __FUNCTION__ = "named_pipe_packet_process" #24 0x00007fffef0bda3b in dcerpc_read_ncacn_packet_done (subreq=0x0) at ../librpc/rpc/dcerpc_util.c:425 req = 0x5555557c5110 state = 0x5555557c52a0 ret = 120 sys_errno = 21845 ndr = 0x0 ndr_err = NDR_ERR_SUCCESS status = {v = 1434210976} #25 0x00007ffff52b9169 in tstream_readv_pdu_ask_for_next_vector (req=0x5555557aa650) at ../lib/tsocket/tsocket_helpers.c:245 state = 0x5555557aa7e0 ret = 0 to_read = 0 i = 140737488345736 subreq = 0x5555557ab050 optimize = true save_optimize = false #26 0x00007ffff52b9393 in tstream_readv_pdu_readv_done (subreq=0x5555557aaec0) at ../lib/tsocket/tsocket_helpers.c:319 req = 0x5555557aa650 state = 0x5555557aa7e0 ret = 104 sys_errno = 1434104288 #27 0x00007ffff52b86b9 in tstream_readv_done (subreq=0x0) at ../lib/tsocket/tsocket.c:604 req = 0x5555557aaec0 state = 0x5555557ab050 ret = 104 ---Type <return> to continue, or q <return> to quit--- sys_errno = 21845 #28 0x00007ffff3f4dd54 in tevent_common_loop_immediate () from /usr/lib64/libtevent.so.0 No symbol table info available. #29 0x00007ffff5709e2f in run_events_poll (ev=0x55555577b2f0, pollrtn=0, pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192 state = 0x5555557c2c90 pollfd_idx = 0x5555557680b0 fde = 0x5555557c2c30 __FUNCTION__ = "run_events_poll" #30 0x00007ffff570a4a3 in s3_event_loop_once (ev=0x55555577b2f0, location=0x7ffff76868d0 "../source3/smbd/process.c:4031") at ../source3/lib/events.c:303 state = 0x55555576aa80 timeout = 2147483647 num_pfds = 32767 ret = -9056 poll_errno = 32767 #31 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0 No symbol table info available. #32 0x00007ffff3f4d6bb in tevent_common_loop_wait () from /usr/lib64/libtevent.so.0 No symbol table info available. #33 0x00007ffff74f6578 in smbd_process (ev_ctx=0x55555577b2f0, msg_ctx=0x55555577b3e0, sock_fd=27, interactive=true) at ../source3/smbd/process.c:4031 trace_state = {ev = 0x55555577b2f0, frame = 0x5555557c2c90} client = 0x5555557a3fe0 sconn = 0x5555557a4470 xconn = 0x5555557a4150 locaddr = 0x5555557a3e50 "!Y" remaddr = 0x5555557a3ed0 "@tyUUU" ret = 21845 status = {v = 0} __FUNCTION__ = "smbd_process" #34 0x000055555555c58c in smbd_accept_connection (ev=0x55555577b2f0, fde=0x55555579ea20, flags=1, private_data=0x5555557a24d0) at ../source3/smbd/server.c:592 s = 0x5555557a24d0 msg_ctx = 0x55555577b3e0 addr = {ss_family = 2, __ss_align = 0, __ss_padding = '\000' <repeats 16 times>, "H\244yUUU\000\000\060\336\377\377\377\177\000\000\260\335\377\377\377\177\000\000\366\361\225\367\377\177\000\000H\244yUUU\000\000\060\336\377\377\377\177\000\000;\000\000\000\000\000\000\000\254\211\001\000\000\000\000\000P\336\377\377\377\177\000\000\265\235p\365\377\177\000\000;\000\000\000\000\000\000\000x\336\377\377\377\177\000"} in_addrlen = 16 fd = 27 pid = 0 unique_id = 93824994489072 __FUNCTION__ = "smbd_accept_connection" #35 0x00007ffff570a328 in run_events_poll (ev=0x55555577b2f0, pollrtn=1, pfds=0x55555579e310, num_pfds=5) at ../source3/lib/events.c:257 pfd = 0x55555579e318 flags = 1 state = 0x55555576aa80 pollfd_idx = 0x55555579e7e0 fde = 0x55555579ea20 __FUNCTION__ = "run_events_poll" #36 0x00007ffff570a5b7 in s3_event_loop_once (ev=0x55555577b2f0, location=0x555555563243 "../source3/smbd/server.c:1011") at ../source3/lib/events.c:326 state = 0x55555576aa80 timeout = 59101 num_pfds = 5 ret = 1 poll_errno = 0 #37 0x00007ffff3f4d51d in _tevent_loop_once () from /usr/lib64/libtevent.so.0 No symbol table info available. ---Type <return> to continue, or q <return> to quit--- #38 0x00007ffff3f4d6bb in tevent_common_loop_wait () from /usr/lib64/libtevent.so.0 No symbol table info available. #39 0x000055555555d643 in smbd_parent_loop (ev_ctx=0x55555577b2f0, parent=0x555555782240) at ../source3/smbd/server.c:1011 trace_state = {frame = 0x55555577c500} ret = 0 __FUNCTION__ = "smbd_parent_loop" #40 0x000055555555ef82 in main (argc=3, argv=0x7fffffffe3c8) at ../source3/smbd/server.c:1663 is_daemon = true interactive = true Fork = false no_process_group = false log_stdout = true ports = 0x0 profile_level = 0x0 opt = -1 pc = 0x55555576a9b0 print_build_options = false long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7ffff457a1c0 <poptHelpOptions>, val = 0, descrip = 0x555555563341 "Help options:", argDescrip = 0x0}, {longName = 0x55555556334f "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x555555563356 "Become a daemon (default)", argDescrip = 0x0}, { longName = 0x555555563370 "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x555555563380 "Run interactive (not a daemon)", argDescrip = 0x0}, {longName = 0x55555556339f "foreground", shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip = 0x5555555633b0 "Run daemon in foreground (for daemontools, etc.)", argDescrip = 0x0}, {longName = 0x5555555633e1 "no-process-group", shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, descrip = 0x5555555633f8 "Don't create a new process group", argDescrip = 0x0}, {longName = 0x555555563419 "log-stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip = 0x555555563424 "Log to stdout", argDescrip = 0x0}, { longName = 0x555555563432 "build-options", shortName = 98 'b', argInfo = 0, arg = 0x0, val = 98, descrip = 0x555555563440 "Print build options", argDescrip = 0x0}, {longName = 0x555555563454 "port", shortName = 112 'p', argInfo = 1, arg = 0x7fffffffdf90, val = 0, descrip = 0x555555563459 "Listen on the specified ports", argDescrip = 0x0}, { longName = 0x555555563477 "profiling-level", shortName = 80 'P', argInfo = 1, arg = 0x7fffffffdf98, val = 0, descrip = 0x555555563487 "Set profiling level", argDescrip = 0x55555556349b "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7ffff5d7b180 <popt_common_samba>, val = 0, descrip = 0x5555555634a9 "Common samba options:", argDescrip = 0x0}, { longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} parent = 0x555555782240 frame = 0x5555557681a0 status = {v = 0} ev_ctx = 0x55555577b2f0 msg_ctx = 0x55555577b3e0 server_id = {pid = 22817, task_id = 0, vnn = 4294967295, unique_id = 12521371111806393781} se = 0x555555783120 profiling_level = 0 np_dir = 0x5555557984f0 "%p" smbd_shim_fns = {cancel_pending_lock_requests_by_fid = 0x7ffff74d2f5c <smbd_cancel_pending_lock_requests_by_fid>, send_stat_cache_delete_message = 0x7ffff74dcb9f <smbd_send_stat_cache_delete_message>, change_to_root_user = 0x7ffff74bafb7 <smbd_change_to_root_user>, become_authenticated_pipe_user = 0x7ffff74bb06d <smbd_become_authenticated_pipe_user>, unbecome_authenticated_pipe_user = 0x7ffff74bb15f <smbd_unbecome_authenticated_pipe_user>, contend_level2_oplocks_begin = 0x7ffff754ae49 <smbd_contend_level2_oplocks_begin>, contend_level2_oplocks_end = 0x7ffff754aebc <smbd_contend_level2_oplocks_end>, become_root = 0x7ffff74bb37f <smbd_become_root>, unbecome_root = 0x7ffff74bb3a7 <smbd_unbecome_root>, exit_server = 0x7ffff753eda4 <smbd_exit_server>, exit_server_cleanly = 0x7ffff753edc1 <smbd_exit_server_cleanly>} __FUNCTION__ = "main" (
this comment was from zombie_ryushu also: --- Comment #7 from Zombie Ryushu <zombie_ryushu...> --- Done. New symbols appeared. [masterz@kefka ~]$ ==22737== Invalid read of size 1 ==22737== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22737== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22737== by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029) ==22737== by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507) ==22737== by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334) ==22737== by 0x6A67DA6: lookup_global_sam_name (passdb.c:618) ==22737== by 0x52BBFEB: _samr_LookupNames (srv_samr_nt.c:1680) ==22737== by 0x52D0294: api_samr_LookupNames (srv_samr.c:1438) ==22737== by 0x5155620: rpcint_dispatch (rpc_ncacn_np.c:276) ==22737== by 0x51558AE: rpcint_bh_raw_call_send (rpc_ncacn_np.c:363) ==22737== by 0xD7B8AA6: dcerpc_binding_handle_raw_call_send (binding_handle.c:158) ==22737== by 0xD7B931F: dcerpc_binding_handle_call_send (binding_handle.c:429) ==22737== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22737== ==22737== Invalid free() / delete / delete[] / realloc() ==22737== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22737== by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so) ==22737== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==22737== by 0x8B1C737: abort (in /lib64/libc-2.19.so) ==22737== by 0x71168D9: dump_core (dumpcore.c:337) ==22737== by 0x710503F: smb_panic_s3 (util.c:812) ==22737== by 0x4E7DA24: smb_panic (fault.c:166) ==22737== by 0x4E7D6FC: fault_report (fault.c:83) ==22737== by 0x4E7D711: sig_fault (fault.c:94) ==22737== by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so) ==22737== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22737== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22737== Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached" ==22737== ==22737== ==22737== HEAP SUMMARY: ==22737== in use at exit: 354,185 bytes in 1,287 blocks ==22737== total heap usage: 10,722 allocs, 9,436 frees, 3,484,737 bytes allocated ==22737== ==22737== LEAK SUMMARY: ==22737== definitely lost: 4,527 bytes in 1 blocks ==22737== indirectly lost: 0 bytes in 0 blocks ==22737== possibly lost: 285,291 bytes in 920 blocks ==22737== still reachable: 64,367 bytes in 366 blocks ==22737== suppressed: 0 bytes in 0 blocks ==22737== Rerun with --leak-check=full to see details of leaked memory ==22737== ==22737== For counts of detected and suppressed errors, rerun with: -v ==22737== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1) ==22739== Invalid read of size 4 ==22739== at 0x6A71FC8: sids_to_unixids (lookup_sid.c:1367) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== by 0x524FA62: construct_reply (process.c:1685) ==22739== by 0x5250B75: process_smb (process.c:1931) ==22739== Address 0x18b4d3b8 is 0 bytes after a block of size 104 alloc'd ==22739== at 0x4A066FF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5) ==22739== by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== ==22739== Invalid read of size 4 ==22739== at 0x6A72088: sids_to_unixids (lookup_sid.c:1378) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== by 0x524FA62: construct_reply (process.c:1685) ==22739== by 0x5250B75: process_smb (process.c:1931) ==22739== Address 0x18b4d3b8 is 0 bytes after a block of size 104 alloc'd ==22739== at 0x4A066FF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5) ==22739== by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== ==22739== Invalid read of size 4 ==22739== at 0x6A720B1: sids_to_unixids (lookup_sid.c:1379) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== by 0x524FA62: construct_reply (process.c:1685) ==22739== by 0x5250B75: process_smb (process.c:1931) ==22739== Address 0x18b4d3bc is 4 bytes after a block of size 104 alloc'd ==22739== at 0x4A066FF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x86C76F2: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5) ==22739== by 0x6A71ECC: sids_to_unixids (lookup_sid.c:1350) ==22739== by 0x6ECE206: create_local_token (auth_util.c:594) ==22739== by 0x6EC863A: auth3_generate_session_info (auth_ntlmssp.c:79) ==22739== by 0xD11E64A: gensec_ntlmssp_session_info (gensec_ntlmssp_server.c:66) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0xD10FED0: gensec_spnego_session_info (spnego.c:288) ==22739== by 0xD1234EE: gensec_session_info (gensec.c:212) ==22739== by 0x51F6053: reply_sesssetup_and_X_spnego (sesssetup.c:275) ==22739== by 0x51F767A: reply_sesssetup_and_X (sesssetup.c:649) ==22739== by 0x524F898: switch_message (process.c:1649) ==22739== ==22739== Invalid read of size 1 ==22739== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22739== by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029) ==22739== by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507) ==22739== by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334) ==22739== by 0x6A67DA6: lookup_global_sam_name (passdb.c:618) ==22739== by 0x6A6F0BB: lookup_name (lookup_sid.c:264) ==22739== by 0x52C0731: can_create (srv_samr_nt.c:3609) ==22739== by 0x52C09D0: _samr_CreateUser2 (srv_samr_nt.c:3679) ==22739== by 0x52D6221: api_samr_CreateUser2 (srv_samr.c:4021) ==22739== by 0x5314DB7: api_rpcTNP (srv_pipe.c:1471) ==22739== by 0x531493E: api_pipe_request (srv_pipe.c:1406) ==22739== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22739== ==22739== Invalid free() / delete / delete[] / realloc() ==22739== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so) ==22739== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==22739== by 0x8B1C737: abort (in /lib64/libc-2.19.so) ==22739== by 0x71168D9: dump_core (dumpcore.c:337) ==22739== by 0x710503F: smb_panic_s3 (util.c:812) ==22739== by 0x4E7DA24: smb_panic (fault.c:166) ==22739== by 0x4E7D6FC: fault_report (fault.c:83) ==22739== by 0x4E7D711: sig_fault (fault.c:94) ==22739== by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so) ==22739== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22739== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22739== Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached" ==22739== ==22739== ==22739== HEAP SUMMARY: ==22739== in use at exit: 352,262 bytes in 1,357 blocks ==22739== total heap usage: 12,134 allocs, 10,778 frees, 3,611,722 bytes allocated ==22739== ==22739== LEAK SUMMARY: ==22739== definitely lost: 3,567 bytes in 1 blocks ==22739== indirectly lost: 0 bytes in 0 blocks ==22739== possibly lost: 284,003 bytes in 985 blocks ==22739== still reachable: 64,692 bytes in 371 blocks ==22739== suppressed: 0 bytes in 0 blocks ==22739== Rerun with --leak-check=full to see details of leaked memory ==22739== ==22739== For counts of detected and suppressed errors, rerun with: -v ==22739== ERROR SUMMARY: 8 errors from 5 contexts (suppressed: 1 from 1) ==22743== ==22743== HEAP SUMMARY: ==22743== in use at exit: 517,068 bytes in 1,988 blocks ==22743== total heap usage: 9,810 allocs, 7,822 frees, 1,983,597 bytes allocated ==22743== ==22743== LEAK SUMMARY: ==22743== definitely lost: 0 bytes in 0 blocks ==22743== indirectly lost: 0 bytes in 0 blocks ==22743== possibly lost: 137,447 bytes in 661 blocks ==22743== still reachable: 379,621 bytes in 1,327 blocks ==22743== suppressed: 0 bytes in 0 blocks ==22743== Rerun with --leak-check=full to see details of leaked memory ==22743== ==22743== For counts of detected and suppressed errors, rerun with: -v ==22743== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1) ==22742== Invalid read of size 1 ==22742== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22742== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22742== by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029) ==22742== by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507) ==22742== by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334) ==22742== by 0x6A67DA6: lookup_global_sam_name (passdb.c:618) ==22742== by 0x52BBFEB: _samr_LookupNames (srv_samr_nt.c:1680) ==22742== by 0x52D0294: api_samr_LookupNames (srv_samr.c:1438) ==22742== by 0x5155620: rpcint_dispatch (rpc_ncacn_np.c:276) ==22742== by 0x51558AE: rpcint_bh_raw_call_send (rpc_ncacn_np.c:363) ==22742== by 0xD7B8AA6: dcerpc_binding_handle_raw_call_send (binding_handle.c:158) ==22742== by 0xD7B931F: dcerpc_binding_handle_call_send (binding_handle.c:429) ==22742== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22742== ==22742== Invalid free() / delete / delete[] / realloc() ==22742== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22742== by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so) ==22742== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==22742== by 0x8B1C737: abort (in /lib64/libc-2.19.so) ==22742== by 0x71168D9: dump_core (dumpcore.c:337) ==22742== by 0x710503F: smb_panic_s3 (util.c:812) ==22742== by 0x4E7DA24: smb_panic (fault.c:166) ==22742== by 0x4E7D6FC: fault_report (fault.c:83) ==22742== by 0x4E7D711: sig_fault (fault.c:94) ==22742== by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so) ==22742== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22742== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22742== Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached" ==22742== ==22742== ==22742== HEAP SUMMARY: ==22742== in use at exit: 354,483 bytes in 1,289 blocks ==22742== total heap usage: 10,749 allocs, 9,461 frees, 3,490,378 bytes allocated ==22742== ==22742== LEAK SUMMARY: ==22742== definitely lost: 4,527 bytes in 1 blocks ==22742== indirectly lost: 0 bytes in 0 blocks ==22742== possibly lost: 285,601 bytes in 922 blocks ==22742== still reachable: 64,355 bytes in 366 blocks ==22742== suppressed: 0 bytes in 0 blocks ==22742== Rerun with --leak-check=full to see details of leaked memory ==22742== ==22742== For counts of detected and suppressed errors, rerun with: -v ==22742== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1) ==22746== Invalid read of size 1 ==22746== at 0x4A095A2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22746== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22746== by 0x6A4C682: init_sam_from_ldap (pdb_ldap.c:1029) ==22746== by 0x6A4E38B: ldapsam_getsampwnam (pdb_ldap.c:1507) ==22746== by 0x6A77449: pdb_getsampwnam (pdb_interface.c:334) ==22746== by 0x6A67DA6: lookup_global_sam_name (passdb.c:618) ==22746== by 0x6A6F0BB: lookup_name (lookup_sid.c:264) ==22746== by 0x52C0731: can_create (srv_samr_nt.c:3609) ==22746== by 0x52C09D0: _samr_CreateUser2 (srv_samr_nt.c:3679) ==22746== by 0x52D6221: api_samr_CreateUser2 (srv_samr.c:4021) ==22746== by 0x5314DB7: api_rpcTNP (srv_pipe.c:1471) ==22746== by 0x531493E: api_pipe_request (srv_pipe.c:1406) ==22746== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==22746== ==22746== Invalid free() / delete / delete[] / realloc() ==22746== at 0x4A07819: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22746== by 0x8C4E677: __libc_freeres (in /lib64/libc-2.19.so) ==22746== by 0x48016DC: _vgnU_freeres (in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so) ==22746== by 0x8B1C737: abort (in /lib64/libc-2.19.so) ==22746== by 0x71168D9: dump_core (dumpcore.c:337) ==22746== by 0x710503F: smb_panic_s3 (util.c:812) ==22746== by 0x4E7DA24: smb_panic (fault.c:166) ==22746== by 0x4E7D6FC: fault_report (fault.c:83) ==22746== by 0x4E7D711: sig_fault (fault.c:94) ==22746== by 0x4C5A29F: ??? (in /lib64/libpthread-2.19.so) ==22746== by 0x4A095A1: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22746== by 0x713AE79: tcopy_passwd (util_pw.c:39) ==22746== Address 0x8ea4330 is 0 bytes inside data symbol "noai6ai_cached" ==22746==
I assume this is a duplicate of bug #11530 and fixed with by that. If you can reproduce it with a recent and supported version, please reopen this bug.