Here is the stack trace from core dump. #0 talloc_chunk_from_ptr (ptr=0xca965428) at ../talloc.c:429 #1 0x00007fe6ca96697b in __talloc_get_name (ptr=0xca965428, name=0x42af62 "struct comm_write_state", location=0x42b1c7 "../common/comm.c:419") at ../talloc.c:1463 #2 _talloc_get_type_abort (ptr=0xca965428, name=0x42af62 "struct comm_write_state", location=0x42b1c7 "../common/comm.c:419") at ../talloc.c:1520 #3 0x0000000000405469 in comm_fd_handler (ev=0x1aa1830, fde=0x1aaa620, flags=3, private_data=<value optimized out>) at ../common/comm.c:418 #4 0x00007fe6cab7b276 in ?? () from /usr/lib64/libtevent.so.0 #5 0x00007fe6cab79576 in ?? () from /usr/lib64/libtevent.so.0 #6 0x00007fe6cab74605 in _tevent_loop_once () from /usr/lib64/libtevent.so.0 #7 0x00007fe6cab7616b in tevent_req_poll () from /usr/lib64/libtevent.so.0 #8 0x0000000000408f96 in main (argc=<value optimized out>, argv=<value optimized out>) at ../tests/src/transaction_loop.c:392 The crash occurs in comm.c at following line: write_state = tevent_req_data(comm->write_req, struct comm_write_state); Looks like write_req was free'd causing a stale reference.
Created attachment 12952 [details] Patches for v4-6
Created attachment 12954 [details] Patches for v4-5
Created attachment 12955 [details] Patches for v4-4
Hi Karolin, This one is ready for 4.4, 4.5, 4.6. Thanks...
(In reply to Martin Schwenke from comment #4) Pushed to autobuild-v4-{6,5,4}-test.
(In reply to Karolin Seeger from comment #5) Pushed to all branches. Closing out bug report. Thanks!