The Samba-Bugzilla – Bug 2449
nmbd dies because wrong free() operation
Last modified: 2006-04-09 12:16:49 UTC
See bug #150582 in Red Hat Bugzilla (URL filled). The nmbd dies right after few
logins to Samba PDC on Red Hat Enterprise Linux 4 (samba-3.0.10-1.4E from
initial RHEL4 release with glibc-2.3.4-2). The nmbd log contains:
*** glibc detected *** free(): invalid next size (fast): 0x08bfc970 ***
The same configuration works under RHEL3 (samba-3.0.9-1.3E.2), but RHEL3 has
older glibc (glibc-2.3.2-95.30) which is unable to detect this sort of bugs.
See bug #150647 in RH Bugzilla and Release notes for RHEL4 for more info about
new glibc features
The machine with Samba is Dell with P4 CPU, no HW issuses so far. The server
works well after downgrading to RHEL3.
I set critical severity as this could be possible security bug. I tryed to
compile latest 3.0.11 Samba with no luck. I did not tested older version of
Samba on those RHEL4 machine.
Same problem here. RHEL4 with samba-3.0.10-1.4E.2
Created attachment 1566 [details]
contains multiple nmbd deaths including some normal shutdowns
3.0.10 is really old from our perspective. Unless you
can (a) reproduce this against 3.0.20b, or (b) get a full
backtrace with debugging symbols, or (c) get a valigrind log,
it will be extremely hard to track down.
If we have already fixed the bug in a later release,
you will need to contact RedHat to get a patch for
Confirmed that on RHEL4, using current RPM from www.samba.org does seem to fix
I do have a valgrind log, however... can be found at
Adam says it's fixed. Closing.