3073 – *** glibc detected *** smbd: free(): invalid pointer

Bug 3073 - *** glibc detected *** smbd: free(): invalid pointer

Summary: *** glibc detected *** smbd: free(): invalid pointer

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	File Services (show other bugs)
Version:	3.0.20
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (1):	3074 (view as bug list)
Depends on:
Blocks:

Reported:	2005-09-08 14:22 UTC by Dax Kelson
Modified:	2005-09-27 14:57 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dax Kelson 2005-09-08 14:22:39 UTC

I upgraded to Samba 3.0.20 and started using the new ability to authenticate
against a MIT Kerberos KDC.

Part of my config:

   workgroup = GURULABS
   realm = GURULABS.COM
   use kerberos keytab = yes
   log level = 3 passdb:5 auth:10



I'm having problems with thousands of smbd processes on the server, even though
there are just a handful of users on a single Windows terminal server.

From the client/user's perspective the server seems fine. <shrug>

I also saw this in my logs:

[2005/09/08 15:04:04, 3] smbd/process.c:process_smb(1114)
  Transaction 2834 of length 45
[2005/09/08 15:04:04, 3] smbd/process.c:switch_message(900)
  switch message SMBclose (pid 1245) conn 0x8df41f0
[2005/09/08 15:04:04, 3] smbd/reply.c:reply_close(3247)
  close fd=31 fnum=8068 (numopen=3)
[2005/09/08 15:04:04, 2] smbd/close.c:close_normal_file(270)
  jpinegar closed file Operations/Forms/Name Tents.sxd (numopen=2)
[2005/09/08 15:04:04, 3] smbd/process.c:process_smb(1114)
  Transaction 2835 of length 45
[2005/09/08 15:04:04, 3] smbd/process.c:switch_message(900)
  switch message SMBclose (pid 1245) conn 0x8df41f0
[2005/09/08 15:04:04, 3] smbd/reply.c:reply_close(3247)
  close fd=-1 fnum=8074 (numopen=2)
[2005/09/08 15:04:04, 2] smbd/close.c:close_normal_file(270)
  jpinegar closed file Operations/Forms/Name Tents.sxd (numopen=1)
[2005/09/08 15:04:04, 3] smbd/process.c:timeout_processing(1366)
  timeout_processing: End of file from client (client has disconnected).
[2005/09/08 15:04:04, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/09/08 15:04:04, 2] smbd/server.c:exit_server(608)
  Closing connections
[2005/09/08 15:04:04, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2005/09/08 15:04:04, 3] smbd/server.c:exit_server(652)
  Server exit (normal exit)
*** glibc detected *** smbd: free(): invalid pointer: 0x0024cef0 ***
======= Backtrace: =========
/lib/libc.so.6[0x805124]
/lib/libc.so.6(__libc_free+0x77)[0x80565f]
/lib/libcom_err.so.2(remove_error_table+0x5d)[0x12dc0d]
/usr/lib/libkrb5.so.3[0x1ea8da]
/usr/lib/libkrb5.so.3[0x1ea607]
/usr/lib/libkrb5.so.3[0x23bb0a]
/lib/ld-linux.so.2[0x3fd2d8]
/lib/libc.so.6(exit+0xc5)[0x7ccba9]
smbd(exit_server+0x26c)[0xd168f6]
smbd(main+0x8fc)[0xd17418]
/lib/libc.so.6(__libc_start_main+0xdf)[0x7b6d5f]
smbd[0xaf2121]
======= Memory map: ========
00111000-00112000 r-xp 00111000 00:00 0
00112000-00129000 r-xp 00000000 fd:00 1037472    /usr/lib/libgssapi_krb5.so.2.2
00129000-0012a000 rwxp 00016000 fd:00 1037472    /usr/lib/libgssapi_krb5.so.2.2
0012a000-0012c000 r-xp 00000000 fd:00 1037361    /usr/lib/libkrb5support.so.0.0
0012c000-0012d000 rwxp 00002000 fd:00 1037361    /usr/lib/libkrb5support.so.0.0
0012d000-0012f000 r-xp 00000000 fd:00 406458     /lib/libcom_err.so.2.1
0012f000-00130000 rwxp 00001000 fd:00 406458     /lib/libcom_err.so.2.1
00130000-0013f000 r-xp 00000000 fd:00 406445     /lib/libresolv-2.3.5.so
0013f000-00140000 r-xp 0000e000 fd:00 406445     /lib/libresolv-2.3.5.so
00140000-00141000 rwxp 0000f000 fd:00 406445     /lib/libresolv-2.3.5.so
00141000-00143000 rwxp 00141000 00:00 0
00143000-00148000 r-xp 00000000 fd:00 406487     /lib/libcrypt-2.3.5.so
00148000-00149000 r-xp 00004000 fd:00 406487     /lib/libcrypt-2.3.5.so
00149000-0014a000 rwxp 00005000 fd:00 406487     /lib/libcrypt-2.3.5.so
0014a000-00171000 rwxp 0014a000 00:00 0
00171000-00173000 r-xp 00000000 fd:00 406426     /lib/libdl-2.3.5.so
00173000-00174000 r-xp 00001000 fd:00 406426     /lib/libdl-2.3.5.so
00174000-00175000 rwxp 00002000 fd:00 406426     /lib/libdl-2.3.5.so
00175000-0018a000 r-xp 00000000 fd:00 1037818    /usr/lib/libsasl2.so.2.0.20
0018a000-0018b000 rwxp 00015000 fd:00 1037818    /usr/lib/libsasl2.so.2.0.20
0018b000-00194000 r-xp 00000000 fd:00 406504     /lib/libaudit.so.0.0.0
00194000-00198000 rwxp 00009000 fd:00 406504     /lib/libaudit.so.0.0.0
00198000-0019a000 r-xp 00000000 fd:00 1126716    /usr/lib/gconv/IBM850.so
0019a000-0019c000 rwxp 00001000 fd:00 1126716    /usr/lib/gconv/IBM850.so
0019c000-001a5000 r-xp 00000000 fd:00 406432     /lib/libgcc_s-4.0.1-20050727.so.1
001a5000-001a6000 rwxp 00009000 fd:00 406432     /lib/libgcc_s-4.0.1-20050727.so.1
001db000-0024a000 r-xp 00000000 fd:00 1037469    /usr/lib/libkrb5.so.3.2
0024a000-0024d000 rwxp 0006e000 fd:00 1037469    /usr/lib/libkrb5.so.3.2
0032a000-0035f000 r-xp 00000000 fd:00 406466     /lib/libssl.so.0.9.7f
0035f000-00362000 rwxp 00035000 fd:00 406466     /lib/libssl.so.0.9.7f
0039a000-003ce000 r-xp 00000000 fd:00 1037836    /usr/lib/libldap-2.2.so.7.0.16
003ce000-003d0000 rwxp 00033000 fd:00 1037836    /usr/lib/libldap-2.2.so.7.0.16
003ef000-00409000 r-xp 00000000 fd:00 406407     /lib/ld-2.3.5.so
00409000-0040a000 r-xp 00019000 fd:00 406407     /lib/ld-2.3.5.so
0040a000-0040b000 rwxp 0001a000 fd:00 406407     /lib/ld-2.3.5.so
0040b000-00503000 r-xp 00000000 fd:00 406460     /lib/libcrypto.so.0.9.7f
00503000-00515000 rwxp 000f8000 fd:00 406460     /lib/libcrypto.so.0.9.7f
00515000-00518000 rwxp 00515000 00:00 0
00549000-0055b000 r-xp 00000000 fd:00 1036431    /usr/lib/libz.so.1.2.2.2
0055b000-0055c000 rwxp 00011000 fd:00 1036431    /usr/lib/libz.so.1.2.2.2
00568000-0056a000 r-xp 00000000 fd:00 1127108    /usr/lib/gconv/UTF-16.so
0056a000-0056c000 rwxp 00001000 fd:00 1127108    /usr/lib/gconv/UTF-16.so
0058c000-00599000 r-xp 00000000 fd:00 1029421    /usr/lib/liblber-2.2.so.7.0.16
00599000-0059a000 rwxp 0000c000 fd:00 1029421    /usr/lib/liblber-2.2.so.7.0.16
00681000-00684000 r-xp 00000000 fd:00 406537     /lib/libattr.so.1.1.0
00684000-00685000 rwxp 00002000 fd:00 406537     /lib/libattr.so.1.1.0
006f1000-006f6000 r-xp 00000000 fd:00 406652     /lib/libacl.so.1.1.0
006f6000-006f7000 rwxp 00004000 fd:00 406652     /lib/libacl.so.1.1.0
00761000-00768000 r-xp 00000000 fd:00 1035104    /usr/lib/libpopt.so.0.0.0
00768000-00769000 rwxp 00006000 fd:00 1035104    /usr/lib/libpopt.so.0.0.0
00799000-007a1000 r-xp 00000000 fd:00 406511     /lib/libpam.so.0.79
007a1000-007a2000 rwxp 00007000 fd:00 406511     /lib/libpam.so.0.79
007a2000-008c5000 r-xp 00000000 fd:00 406409     /lib/libc-2.3.5.so
008c5000-008c7000 r-xp 00123000 fd:00 406409     /lib/libc-2.3.5.so
008c7000-008c9000 rwxp 00125000 fd:00 406409     /lib/libc-2.3.5.so
008c9000-008cb000 rwxp 008c9000 00:00 0
0097c000-00999000 r-xp 00000000 fd:00 1037001    /usr/lib/libcups.so.2
00999000-0099b000 rwxp 0001c000 fd:00 1037001    /usr/lib/libcups.so.2
00a71000-00a83000 r-xp 00000000 fd:00 406472     /lib/libnsl-2.3.5.so
00a83000-00a84000 r-xp 00011000 fd:00 406472     /lib/libnsl-2.3.5.so
00a84000-00a85000 rwxp 00012000 fd:00 406472     /lib/libnsl-2.3.5.so
00a85000-00a87000 rwxp 00a85000 00:00 0
00ab6000-00dba000 r-xp 00000000 fd:00 1033554    /usr/sbin/smbd
00dba000-00dd2000 rwxp 00304000 fd:00 1033554    /usr/sbin/smbd
00dd2000-00de9000 rwxp 00dd2000 00:00 0
00fa9000-00fcc000 r-xp 00000000 fd:00 1037463    /usr/lib/libk5crypto.so.3.0
00fcc000-00fcd000 rwxp 00023000 fd:00 1037463    /usr/lib/libk5crypto.so.3.0
08d97000-08e00000 rw-p 08d97000 00:00 0          [heap]
b7b00000-b7b21000 rw-p b7b00000 00:00 0
b7b21000-b7c00000 ---p b7b21000 00:00 0
b7c60000-b7c95000 r--s 00000000 fd:03 1056646    /var/db/nscd/hosts
b7c95000-b7cb6000 rw-p b7c95000 00:00 0
b7cb6000-b7ceb000 r--s 00000000 fd:03 1056645    /var/db/nscd/group
b7cf5000-b7cf9000 rw-s 00000000 fd:04 321926     /var/lib/samba/connections.tdb
b7cf9000-b7d1a000 rw-p b7cf9000 00:00 0
b7d1c000-b7d1e000 rw-s 00000000 fd:04 321935     /var/lib/samba/ntprinters.tdb
b7d1e000-b7d20000 rw-s 00000000 fd:04 321934     /var/lib/samba/ntdrivers.tdb
b7d20000-b7d22000 rw-s 00000000 fd:04 321932     /var/lib/samba/registry.tdb
b7d23000-b7d25000 rw-s 00000000 fd:04 321930     /var/lib/samba/share_info.tdb
b7d28000-b7d2a000 rw-s 00000000 fd:04 321923     /var/lib/samba/account_policy.tdb
b7d2a000-b7d2c000 rw-s 00000000 fd:04 321922     /var/lib/samba/group_mapping.tdb
b7d2c000-b7d61000 r--s 00000000 fd:03 1056642    /var/db/nscd/passwd
b7d61000-b7d63000 rw-s 00000000 fd:00 37407      /etc/samba/secrets.tdb
b7d63000-b7d73000 r--s 00000000 fd:00 1124702    /usr/lib/samba/valid.dat
b7d73000-b7d79000 r--s 00000000 fd:00 1127120    /usr/lib/gconv/gconv-modules.cache
b7d79000-b7f79000 r--p 00000000 fd:00 1028530    /usr/lib/locale/locale-archive
b7f79000-b7f99000 r--s 00000000 fd:00 1122543    /usr/lib/samba/lowcase.dat
b7f99000-b7f9f000 rw-p b7f99000 00:00 0
b7f9f000-b7fa0000 rw-s 00000000 fd:04 321936     /var/lib/samba/ntforms.tdb
b7fa0000-b7fa1000 rw-s 00000000 fd:04 321925     /var/lib/samba/sessionid.tdb
b7fa1000-b7fa2000 rw-s 00000000 fd:04 321924     /var/lib/samba/messages.tdb
b7fa2000-b7fc2000 r--s 00000000 fd:00 1124695    /usr/lib/samba/upcase.dat
bfcad000-bfcc2000 rw-p bfcad000 00:00 0          [stack]

Comment 1 Dax Kelson 2005-09-08 14:25:15 UTC

The box is running FC4. I rebuilt the samba-3.0.20 src.rpm from samba.org and
installed the results.

Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-09-08 14:46:30 UTC

This is a bug in e2fsprogs from FC4.  You'll have to get 
RH to fix it.  I've already notified them about it.

Comment 3 Dax Kelson 2005-09-08 15:20:35 UTC

(In reply to comment #2)
> This is a bug in e2fsprogs from FC4.  You'll have to get 
> RH to fix it.  I've already notified them about it.

Thanks for the info!

Do you have any more details or a bug id in bugzilla.redhat.com?

Comment 4 Dax Kelson 2005-09-08 16:11:37 UTC

(In reply to comment #3)
> (In reply to comment #2)
> > This is a bug in e2fsprogs from FC4.  You'll have to get 
> > RH to fix it.  I've already notified them about it.
> 
> Thanks for the info!
> 
> Do you have any more details or a bug id in bugzilla.redhat.com?

I did some research and found what you are talking about:

http://sourceforge.net/tracker/index.php?func=detail&aid=1150146&group_id=2406&atid=102406

The fix is in E2fsprogs 1.38 released on June 30, 2005.

Comment 5 Dax Kelson 2005-09-27 14:57:41 UTC

*** Bug 3074 has been marked as a duplicate of this bug. ***