Bug 3484 - glibc detected invalid free() on exit_server (in smbd)
Summary: glibc detected invalid free() on exit_server (in smbd)
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.21b
Hardware: x86 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-02-05 03:36 UTC by Vladimir Lettiev
Modified: 2006-02-07 01:04 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2006-02-05 03:36:55 UTC
Since 3.0.21 branch (from 21pre1 to 21b) smbd reports in log internal error on every exit (when server shutdown or client close connection):

[2006/01/31 18:13:20, 3] smbd/server.c:exit_server(655)
  Server exit (Got a SHUTDOWN message)
*** glibc detected *** free(): invalid pointer: 0x400f4d3c ***

When i start smbd under valgrind and send shutdown message (`smbcontrol smbd shutdown`), valgrind produce report:

# valgrind -v smbd -i
Server exit (Got a SHUTDOWN message)
==5513== Invalid free() / delete / delete[]
==5513==    at 0x1B8FFFBD: free (vg_replace_malloc.c:152)
==5513==    by 0x1BA15C2C: remove_error_table (in /lib/libcom_err.so.2.1)
==5513==    by 0x1B986772: (within /lib/libkrb5.so.3.2)
==5513==    by 0x1B986432: (within /lib/libkrb5.so.3.2)
==5513==    by 0x1B9E1B85: (within /lib/libkrb5.so.3.2)
==5513==    by 0x1B8EE926: _dl_fini (in /lib/ld-2.3.5.so)
==5513==    by 0x1BC1DA96: exit (in /lib/libc-2.3.5.so)
==5513==    by 0x3754C265: exit_server (in /usr/sbin/smbd)
==5513==  Address 0x1B9E9D3C is not stack'd, malloc'd or (recently) free'd
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-02-05 06:40:48 UTC
This problem looks to be out of Samba.  If you 
are running Fedora Core 4, there is a bug in bug 
in e2frprogrs that would cause this.  The defect has 
been fixed in the latest e2fsprogs release.
Comment 2 Vladimir Lettiev 2006-02-05 07:18:24 UTC
Samba is running on the unstable branch of ALTLinux (Sisyphus). Filesystem is XFS.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-02-05 07:26:12 UTC
Still looks more like an issue in either the krb5 libs 
or e2fsprogs (depending on how the krb5 libs were built).
Comment 4 Vladimir Lettiev 2006-02-05 08:01:44 UTC
Ok, i rollback to 3.0.20b (just rpm -U --oldpackage ...) and can't reproduce this bug. valgrind also don't report nothing criminal...
Comment 5 Vladimir Lettiev 2006-02-07 01:04:45 UTC
i'm upgrade e2fsprogs to 1.38 and problem dissapeared.
It was a bug in e2fsprogs:
#1150146 "libcom_err can attempt to free an invalid pointer"

Thank you, Gerald.