Bug 5698 - Unable to initiate share with userid, get *** glibc detected *** /usr/sbin/smbd: free(): invalid pointer: 0xb7fcb540 ***
Summary: Unable to initiate share with userid, get *** glibc detected *** /usr/sbin/sm...
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.2.1
Hardware: x86 Windows XP
: P3 major
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-18 08:38 UTC by Douglas Wegscheid
Modified: 2008-08-21 14:08 UTC (History)
0 users

See Also:


Attachments
log.smbd output when error occurs (179.81 KB, text/plain)
2008-08-18 08:59 UTC, Douglas Wegscheid
no flags Details
output from valgrind (incorrect, had a null smbpasswd file) (123.52 KB, text/plain)
2008-08-19 06:35 UTC, Douglas Wegscheid
no flags Details
valgrind output (98.88 KB, text/plain)
2008-08-19 08:36 UTC, Douglas Wegscheid
no flags Details
valgrind output. from 3.2.2 build, with -g. core file available. (5.59 KB, text/plain)
2008-08-21 09:11 UTC, Douglas Wegscheid
no flags Details
Patch (989 bytes, patch)
2008-08-21 12:23 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Wegscheid 2008-08-18 08:38:04 UTC
whenever I try to map to my home share, using my userid and password, I get:

*** glibc detected *** /usr/sbin/smbd: free(): invalid pointer: 0xb7fcb540 ***
======= Backtrace: =========
/lib/libc.so.6[0xb74affc4]
/lib/libc.so.6(cfree+0x9c)[0xb74b195c]
/usr/sbin/smbd(str_list_substitute+0x13c)[0xb7c40c8c]
/usr/sbin/smbd[0xb7a3a8d6]
/usr/sbin/smbd(authorise_login+0xca)[0xb7a3aaaa]
/usr/sbin/smbd[0xb7aa6d6b]
/usr/sbin/smbd(make_connection+0x26c)[0xb7aa7d2c]
/usr/sbin/smbd(reply_tcon_and_X+0x21b)[0xb7a5e51b]
/usr/sbin/smbd[0xb7aa1137]
/usr/sbin/smbd(chain_reply+0x226)[0xb7aa3d76]
/usr/sbin/smbd(reply_sesssetup_and_X+0xcef)[0xb7a6a8df]
/usr/sbin/smbd[0xb7aa1137]
/usr/sbin/smbd(smbd_process+0x2b2)[0xb7aa3722]
/usr/sbin/smbd(main+0x1052)[0xb7e8bb62]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb745a5f5]
/usr/sbin/smbd[0xb7a1edd1]

mapping to a different share as guest works fine. 

running on opensuse 11.0. Problem exists with the samba 3.2.0 shipped with opensuse, and also with the 3.2.1 from http://us5.samba.org/samba/ftp/Binary_Packages/SuSE/STABLE/11.0/

i will attach log output as attachments.
Comment 1 Douglas Wegscheid 2008-08-18 08:59:38 UTC
Created attachment 3486 [details]
log.smbd output when error occurs

there were two connections made during this session; a successful one to \\unladen-swallow\dist as guest, and a failed one to \\unladen-swallow\wegscd as wegscd.

in spite of the comment at the bottom of the log, there was no core dump to attach.
Comment 2 Jeremy Allison 2008-08-18 17:28:45 UTC
Can you run this under valgrind and try and reproduce the problem ? If you don't have valgrind try setting the glibc environment variable : 

MALLOC_CHECK_=2

and re-running.
Jeremy,
Comment 3 Douglas Wegscheid 2008-08-19 06:35:43 UTC
Created attachment 3492 [details]
output from valgrind (incorrect, had a null smbpasswd file)

as requested by Jeremy
Comment 4 Douglas Wegscheid 2008-08-19 08:36:12 UTC
Created attachment 3493 [details]
valgrind output
Comment 5 Volker Lendecke 2008-08-21 02:56:33 UTC
Tried to reproduce the crash, but failed.

Your latest attachement is not valgrind output. Can you run

valgrind --tool=memcheck --log-file=/tmp/valgrind-log smbd

and send /tmp/valgrind-log. Please also compile smbd with -g so that we can see the line numbers of the crash.

Thanks,

Volker
Comment 6 Douglas Wegscheid 2008-08-21 09:11:45 UTC
Created attachment 3499 [details]
valgrind output. from 3.2.2 build, with -g. core file available.

note that this was built from 3.2.2 source!!!!!!
Comment 7 Volker Lendecke 2008-08-21 09:17:43 UTC
Ah, ok, thanks! We're trying to free() something that was allocated with talloc. Looking.
Comment 8 Douglas Wegscheid 2008-08-21 09:26:54 UTC
(In reply to comment #7)
> Ah, ok, thanks! We're trying to free() something that was allocated with
> talloc. Looking.
> 

good. I have the 3.2.2 tree out there and ready to test; am willing to patch and retest.
Comment 9 Jeremy Allison 2008-08-21 10:55:35 UTC
Ok, spotted the problem here. Will have a fix shortly.

Jeremy.
Comment 10 Jeremy Allison 2008-08-21 12:23:31 UTC
Created attachment 3501 [details]
Patch

Patch for mixup of TALLOC/malloc. Please let me know if this fixes the problem.
Jeremy.
Comment 11 Douglas Wegscheid 2008-08-21 14:06:51 UTC
this indeed fixes the problem! do I mark the bug as resolved, or do you?

Comment 12 Jeremy Allison 2008-08-21 14:08:21 UTC
I will. Fixed post 3.2.2. Thanks a lot for your help in tracking this down !
Jeremy.