Bug 3630 - glibc double free or corruption during delete_write_cache
glibc double free or corruption during delete_write_cache
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.21b
x86 Linux
: P3 normal
: none
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-24 17:13 UTC by admin
Modified: 2006-04-20 07:56 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description admin 2006-03-24 17:13:06 UTC
I get a somewhat-repeatable crash of the smbd attached to my PC -- somewhat repeatable because it happens only during a timed procedure in a particular database-application runtime (Omnis 7), a procedure which runs normally several times a day.

This timed procedure reads from four large (database) files (256M each) on one share, exporting to a series of text files on another share.  The database files are accessed near-constantly by the Omnis application (though not this timed procedure) from many PCs on our network, and the involvement of delete_write_cache points me to the writing of the text files as the point of failure; on the other hand, these text files are quite small and many of our shares handle constant updates of all file types.

I upgraded a week ago from Samba 3.0.14 to 3.0.21b (on Gentoo Linux, glibc 2.3.5-r2 and a vanilla-sources-2.6.12.5 kernel), and the crash started shortly afterward (once a day, since I find the crash and restart each morning).  I have crashed smbd with this timed procedure on two different PCs (the first under Windows Server 2003, the second under Windows 2000), and no other PC in our network of ~150 has shown any such failures.

This is the latest report from /var/log/samba3/log.client-pc:

*** glibc detected *** double free or corruption (!prev): 0x803e11e8 ***
[2006/03/24 12:47:01, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2006/03/24 12:47:01, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 6 in pid 2899 (3.0.21b)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/03/24 12:47:01, 0] lib/fault.c:fault_report(39)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/03/24 12:47:01, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2006/03/24 12:47:01, 0] lib/util.c:smb_panic2(1554)
  PANIC: internal error
[2006/03/24 12:47:01, 0] lib/util.c:smb_panic2(1562)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x153) [0x80185793]
   #1 /usr/sbin/smbd(smb_panic+0x19) [0x8018563b]
   #2 /usr/sbin/smbd [0x8017554e]
   #3 [0xffffe420]
   #4 /lib/libc.so.6(abort+0x13d) [0xb7c5028d]
   #5 /lib/libc.so.6 [0xb7c814ec]
   #6 /lib/libc.so.6 [0xb7c8b337]
   #7 /lib/libc.so.6 [0xb7c89fef]
   #8 /lib/libc.so.6(__libc_free+0x7f) [0xb7c88bff]
   #9 /usr/sbin/smbd(delete_write_cache+0x85) [0x80050507]
   #10 /usr/sbin/smbd [0x8007e57d]
   #11 /usr/sbin/smbd [0x8007e6ac]
   #12 /usr/sbin/smbd(reply_close+0x18e) [0x800656d9]
   #13 /usr/sbin/smbd [0x8008daae]
   #14 /usr/sbin/smbd [0x8008db42]
   #15 /usr/sbin/smbd(process_smb+0x197) [0x8008de25]
   #16 /usr/sbin/smbd(smbd_process+0x139) [0x8008e9dd]
   #17 /usr/sbin/smbd(main+0x69d) [0x801f9b0b]
   #18 /lib/libc.so.6(__libc_start_main+0xa5) [0xb7c3b555]
   #19 /usr/sbin/smbd [0x8003e0f1]


Here is a previous report, for the Windows Server PC:

*** glibc detected *** double free or corruption (out): 0x80393510 ***
[2006/03/23 15:04:47, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2006/03/23 15:04:47, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 6 in pid 21196 (3.0.21b)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/03/23 15:04:47, 0] lib/fault.c:fault_report(39)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/03/23 15:04:47, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2006/03/23 15:04:47, 0] lib/util.c:smb_panic2(1554)
  PANIC: internal error
[2006/03/23 15:04:47, 0] lib/util.c:smb_panic2(1562)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x153) [0x80185793]
   #1 /usr/sbin/smbd(smb_panic+0x19) [0x8018563b]
   #2 /usr/sbin/smbd [0x8017554e]
   #3 [0xffffe420]
   #4 /lib/libc.so.6(abort+0x13d) [0xb7c5028d]
   #5 /lib/libc.so.6 [0xb7c814ec]
   #6 /lib/libc.so.6 [0xb7c8b337]
   #7 /lib/libc.so.6 [0xb7c89fef]
   #8 /lib/libc.so.6(__libc_free+0x7f) [0xb7c88bff]
   #9 /usr/sbin/smbd(delete_write_cache+0x85) [0x80050507]
   #10 /usr/sbin/smbd [0x8007e57d]
   #11 /usr/sbin/smbd [0x8007e6ac]
   #12 /usr/sbin/smbd(reply_close+0x18e) [0x800656d9]
   #13 /usr/sbin/smbd [0x8008daae]
   #14 /usr/sbin/smbd [0x8008db42]
   #15 /usr/sbin/smbd(process_smb+0x197) [0x8008de25]
   #16 /usr/sbin/smbd(smbd_process+0x139) [0x8008e9dd]
   #17 /usr/sbin/smbd(main+0x69d) [0x801f9b0b]
   #18 /lib/libc.so.6(__libc_start_main+0xa5) [0xb7c3b555]
   #19 /usr/sbin/smbd [0x8003e0f1]
Comment 1 Jeremy Allison 2006-03-24 17:58:02 UTC
Does this problem occur if you're not using the write cache ?
Jeremy.
Comment 2 admin 2006-03-27 13:21:55 UTC
(In reply to comment #1)
> Does this problem occur if you're not using the write cache ?
> Jeremy.
> 

I found and commented the "write cache size" option in smb.conf,
and restarted Samba.  Since then, it and the Omnis procedure have
continued successfully for two days.

Thanks for pointing me in the right direction.
Comment 3 Gerald (Jerry) Carter 2006-04-20 07:56:48 UTC
Please retest against 3.0.23pre1.