Bug 3320 - Kerberos context is freed while still in use
Summary: Kerberos context is freed while still in use
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P3 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Andrew Bartlett
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-12 10:29 UTC by Steinar H. Gunderson (dead mail address)
Modified: 2005-12-18 17:20 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Steinar H. Gunderson (dead mail address) 2005-12-12 10:29:08 UTC
smbd is very unstable for me, usually crashing when a client connects. A typical stack trace goes like this:

0x8186736: file lib/fault.c, line 50.
0x818682d: file lib/fault.c, line 136.
0x81869fc: file lib/fault.c, line 157.
0xffffe420
0x81163db: file heimdal/lib/gssapi/copy_ccache.c, line 158.
0x81ffa1b: file auth/credentials/credentials_krb5.c, line 556.
0x8418215: file auth/gensec/gensec_gssapi.c, line 180.
0x836a6c3: file auth/gensec/gensec.c, line 479.
0x836a938: file auth/gensec/gensec.c, line 554.
0x84135d0: file auth/gensec/spnego.c, line 433.
0x8413d22: file auth/gensec/spnego.c, line 616.
0x836b063: file auth/gensec/gensec.c, line 757.
0x81ec6c9: file smb_server/smb/negprot.c, line 373.
0x81ec99d: file smb_server/smb/negprot.c, line 475.
0x81eb4a3: file smb_server/smb/receive.c, line 553.
0x81eb9ea: file smb_server/smb/receive.c, line 155.
0x835e100: file smb_server/smb_server.c, line 59.
0x836b75e: file lib/stream/packet.c, line 374.
0x835e1e8: file smb_server/smb_server.c, line 94.
0x82d8f0a: file smbd/service_stream.c, line 93.
0x82de69f: file lib/events/events_standard.c, line 286.
0x82de867: file lib/events/events_standard.c, line 623.
0x82dda2f: file lib/events/events.c, line 157.
0x805c55f: file smbd/process_standard.c, line 108.
0x82d9199: file smbd/service_stream.c, line 193.
0x82de69f: file lib/events/events_standard.c, line 286.
0x82de867: file lib/events/events_standard.c, line 623.
0x82dda2f: file lib/events/events.c, line 157.
0x80573b4: file smbd/server.c, line 251.

valgrind shows that the problem is routines trying to access already-freed memory (a static Kerberos context), which is freed in standard_accept_connection(), smbd/process_standard.c:86:

        talloc_free(ev);

If I comment out this line, everything is fine (and all the valgrind hits related to this seem to disappear), but I'd guess that's not the correct solution. :-)
Comment 1 Steinar H. Gunderson (dead mail address) 2005-12-18 17:20:58 UTC
01:20 <@abartlet> Sesse: I pushed some calls around, and it should be correct now

I haven't seen it for a while. Closing.