Bug 14475 - Eventd went away (Bad talloc magic value - access after free)
Summary: Eventd went away (Bad talloc magic value - access after free)
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: CTDB (show other bugs)
Version: 4.10.8
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
: 14701 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-09-01 08:01 UTC by Olivier Garaud
Modified: 2021-07-14 08:15 UTC (History)
3 users (show)

See Also:

Attachments
access after free full log (12.38 KB, text/x-log)
2020-09-01 08:01 UTC, Olivier Garaud 		no flags Details
Patch for 4.14 (10.00 KB, patch)
2021-05-18 14:45 UTC, Volker Lendecke 		martins: review+
Details
Patch for 4.13 (10.00 KB, patch)
2021-05-18 14:46 UTC, Volker Lendecke 		martins: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Garaud 2020-09-01 08:01:47 UTC 
Created attachment 16191 [details]
access after free full log

Hi,

After boot CTDB stopped after an access after free:

> ctdb-eventd: startup event failed
> ctdbd: startup event failed
> ctdb-eventd: talloc: access after free error - first free may be at ../../ctdb/event/event_context.c:144
> ctdb-eventd: Bad talloc magic value - access after free
> ctdbd: Eventd went away - exiting
> ctdbd: CTDB daemon shutting down
> ctdb-recoverd: Daemon has exited - shutting down client

See the attached full log.

I've tried to reproduced it without success for now.
I hope that the first free hint may help
Comment 1 Volker Lendecke 2021-05-18 08:16:34 UTC 
See https://gitlab.com/samba-team/samba/-/merge_requests/1964
Comment 2 Samba QA Contact 2021-05-18 11:33:03 UTC 
This bug was referenced in samba master:

f188c9d732e4b9b3d37c4cb09608aba747845997
9398d4b912387be8cde0c2ca30734eca7d547d19
07ab9b7a71d59f3ff2b9dee662632315062213ab
19290f10c7d39e055847eb45affd9e229a116b18
f320d1a7ab0f81eefdb28b36bfe346eacb8980de
adef87a621b17baf746d12f991c60a8a3ffcfcd3
Comment 3 Volker Lendecke 2021-05-18 14:45:41 UTC 
Created attachment 16609 [details]
Patch for 4.14
Comment 4 Volker Lendecke 2021-05-18 14:46:24 UTC 
Created attachment 16610 [details]
Patch for 4.13
Comment 5 Martin Schwenke 2021-05-19 11:55:21 UTC 
I'm keen to review (and I think Amitay would be too) but I need a clear block of time to do the context switch.  It is over a week until 4.14.5 is due, so I don't need to sit up all night tonight.  :-)
Comment 6 Amitay Isaacs 2021-05-24 08:10:51 UTC 
Hi Volker, thanks for persisting with this one and identifying the fix. I want to check another corner case and confirm all looks good.
Comment 7 Amitay Isaacs 2021-05-25 05:22:15 UTC 
Martin and I have discussed the last race condition.  There are couple of ways to clean up the code to avoid the race condition, but Volker's fix prevents anything bad from happening.  So we are good for now.
Comment 8 Martin Schwenke 2021-05-25 07:13:20 UTC 
Comment on attachment 16609 [details]
Patch for 4.14

It took me a while to understand that the 2nd commit isn't necessary to recreate the bug.  ;-)

Now I understand why the bug happens, so the fix is nice and obvious.
Comment 9 Martin Schwenke 2021-05-25 07:16:38 UTC 
Hi Karolin,

This is ready for v4-14-test and v4-13-test.

Thanks!
Comment 10 Karolin Seeger 2021-05-25 08:10:51 UTC 
(In reply to Martin Schwenke from comment #9)

Hi Martin,

pushed to autobuild-v4-{14,13}-test.
Comment 11 Samba QA Contact 2021-05-25 08:56:03 UTC 
This bug was referenced in samba v4-13-test:

83511576a1c8a4b3b674b176cf190fc8710eb421
5e55d2c0dcfa41c10ae0637cd930625a5a273b3a
e70a8cbdb4a1b571651bdc8712ae905d9d9d5283
87265cef4b7e47d8b7a0eac7bb30ff3682714f43
037f4b8fb9a3f3ee373441ea31ab0755053df3c2
c67dbd55aadfffb8ee7623aacbda13aa5c676418
Comment 12 Samba QA Contact 2021-05-25 09:52:03 UTC 
This bug was referenced in samba v4-14-test:

ee9fbada6958f67991997db31e6ab92d5b673065
d700005983a45f11a481ff48be5c0d90dee7bbfe
a41f3fd29fead4b36152743dc7bdce647c8d335d
95966b17f23020d8574c861a3e4beda8dab0283b
477da04a55003825802e56c783e4f3d184729a55
1780305b1939d1f31612223c95f78340830f1a09
Comment 13 Karolin Seeger 2021-05-25 11:06:47 UTC 
Pushed to all branches.
Closing out bug reports!

Thanks!
Comment 14 Amitay Isaacs 2021-05-28 07:57:46 UTC 
*** Bug 14701 has been marked as a duplicate of this bug. ***
Comment 15 Samba QA Contact 2021-06-01 07:26:42 UTC 
This bug was referenced in samba v4-14-stable (Release samba-4.14.5):

ee9fbada6958f67991997db31e6ab92d5b673065
d700005983a45f11a481ff48be5c0d90dee7bbfe
a41f3fd29fead4b36152743dc7bdce647c8d335d
95966b17f23020d8574c861a3e4beda8dab0283b
477da04a55003825802e56c783e4f3d184729a55
1780305b1939d1f31612223c95f78340830f1a09
Comment 16 Samba QA Contact 2021-07-14 08:15:15 UTC 
This bug was referenced in samba v4-13-stable (Release samba-4.13.10):

83511576a1c8a4b3b674b176cf190fc8710eb421
5e55d2c0dcfa41c10ae0637cd930625a5a273b3a
e70a8cbdb4a1b571651bdc8712ae905d9d9d5283
87265cef4b7e47d8b7a0eac7bb30ff3682714f43
037f4b8fb9a3f3ee373441ea31ab0755053df3c2
c67dbd55aadfffb8ee7623aacbda13aa5c676418