smbd crashed when viewing the eventlog exported by "eventlog list". (1) set smb.conf like as: ----- [global] ... eventlog list = Samba [C$] path = /tmp ----- (2) run "eventlogadm" cat list1 | eventlogadm -o write Samba The content of list1 is : ----- LEN: 0 RS1: 1699505740 RCN: 0 TMG: 1128631322 TMW: 1128631322 EID: 1000 ETP: INFO ECT: 0 RS2: 0 CRN: 0 USL: 0 SRC: cron SRN: dmlinux STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) DAT: ----- (3) (4) Viewing the "Samba" eventlog with "Computer Management" (5) smbd crashed.
Created attachment 3724 [details] level 10 log
Created attachment 3726 [details] Patch for 3.2.x Don't mix talloc and free(). Thanks ! Jeremy.
Fixed in all git branches. Thanks ! Jeremy.
Created attachment 3734 [details] level 10 log #2 I applied this patch, re-compiled Samba and found this bug still existed.
Re-open this bug as #4
Can you get me a decent backtrace or valgrind log then please ? I was able to reproduce the crash easily, and fix it with the patch in attachment : https://bugzilla.samba.org/attachment.cgi?id=3726 so I'm puzzled as to why you're still seeing a crash (it was a fairly obvious mixing up of MALLOC & TALLOC). Jeremy.
Created attachment 3735 [details] valgrind log valgrind log # valgrind --leak-check=full ./smbd -i Sorry, I am newvie for valgrind, so please tell me what option is proper. Or if you could, I can offer my test environment (VMware image 1.5GB).
yep, reproduced here.
Meaning, it is still an issue here as well. I didn't had a chance to figure out why we crash though.
Created attachment 3752 [details] Cleanup This is *horrid* code that badly mixes int and uint32(_t). Here is a small cleanup (don't think it will fix the bug but needs doing). Jeremy.
Absolutely true Jeremy, eventlog really needs a lot of cleanup. I was talking with Michael about this (after identifying the problematic function) and he fixed this. So, for me this bug is resolved with the latest fix (pushed to all git trees). master commit is here: http://git.samba.org/?p=samba.git;a=commitdiff;h=172628dca2b8553b8b7273a645393d5c96daa67e Can you verify ?
The upcoming Samba 3.4 release (v3-4-test branch) has a reworked eventlog service. Any chance you can try that?
Ok, eventlog rewrite will not be ported back to 3.2. Closing as fixed in 3.4.
I examined and this works well at Samba 3.4. BTW, These 3 fields ----- LEN: 0 RS1: 1699505740 RCN: 0 ----- are needed by eventlogadm? The manual page says yes, but as far as I examined not, and the parselog.pl also does not create these fields.