Bug 2449 - nmbd dies because wrong free() operation
Summary: nmbd dies because wrong free() operation
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: nmbd (show other bugs)
Version: 3.0.10
Hardware: All Windows 98
: P3 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL: https://bugzilla.redhat.com/bugzilla/...
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-15 02:32 UTC by Milan Kerslager
Modified: 2006-04-09 12:16 UTC (History)
0 users

See Also:


Attachments
nmbd.log (14.71 KB, text/plain)
2005-11-08 09:33 UTC, Adam Thompson
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Milan Kerslager 2005-03-15 02:32:28 UTC
See bug #150582 in Red Hat Bugzilla (URL filled). The nmbd dies right after few
logins to Samba PDC on Red Hat Enterprise Linux 4 (samba-3.0.10-1.4E from
initial RHEL4 release with glibc-2.3.4-2). The nmbd log contains:

*** glibc detected *** free(): invalid next size (fast): 0x08bfc970 ***

The same configuration works under RHEL3 (samba-3.0.9-1.3E.2), but RHEL3 has
older glibc (glibc-2.3.2-95.30) which is unable to detect this sort of bugs.

See bug #150647 in RH Bugzilla and Release notes for RHEL4 for more info about
new glibc features
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/release-notes/as-x86/

The machine with Samba is Dell with P4 CPU, no HW issuses so far. The server
works well after downgrading to RHEL3.

I set critical severity as this could be possible security bug. I tryed to
compile latest 3.0.11 Samba with no luck. I did not tested older version of
Samba on those RHEL4 machine.
Comment 1 Adam Thompson 2005-11-08 09:30:06 UTC
Same problem here.  RHEL4 with samba-3.0.10-1.4E.2
Attaching nmbd.log
Comment 2 Adam Thompson 2005-11-08 09:33:18 UTC
Created attachment 1566 [details]
nmbd.log

contains multiple nmbd deaths including some normal shutdowns
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-08 09:58:29 UTC
3.0.10 is really old from our perspective.  Unless you 
can (a) reproduce this against 3.0.20b, or (b) get a full 
backtrace with debugging symbols, or (c) get a valigrind log,
it will be extremely hard to track down.  

If we have already fixed the bug in a later release,
you will need to contact RedHat to get a patch for 
your platform.
Comment 4 Adam Thompson 2005-11-09 10:30:32 UTC
Confirmed that on RHEL4, using current RPM from www.samba.org does seem to fix
the problem.

I do have a valgrind log, however... can be found at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172713
Comment 5 Volker Lendecke 2006-04-09 12:16:49 UTC
Adam says it's fixed. Closing.

Volker