7828 – signal 11 in gensec_gssapi_update on opensolaris

Bug 7828 - signal 11 in gensec_gssapi_update on opensolaris

Summary: signal 11 in gensec_gssapi_update on opensolaris

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	DCE-RPCs and pipes (show other bugs)
Version:	unspecified
Hardware:	x86 Solaris

Importance:	P3 critical (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	samba4-qa@samba.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-11-28 14:26 UTC by Matthieu Patou
Modified:	2012-03-15 20:43 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthieu Patou 2010-11-28 14:26:16 UTC

On opensolaris of the buildfarm we have this error:

0xfeee53d5 in __waitid () from /lib/libc.so.1
#0  0xfeee53d5 in __waitid () from /lib/libc.so.1
No symbol table info available.
#1  0xfeed1e8f in waitid () from /lib/libc.so.1
No symbol table info available.
#2  0xfee93e95 in waitpid () from /lib/libc.so.1
No symbol table info available.
#3  0xfeeb4c5c in system () from /lib/libc.so.1
No symbol table info available.
#4  0xfedba97d in smb_panic (
    why=0xfe894e40 "Bad talloc magic value - unknown value")
    at ../../lib/util/fault.c:134
	pidstr = "18449\000\212�X@\004\b�\037\211��h9\b"
	cmdstring = "/export/home/tridge/build_farm/samba_4_0_test/selftest/gdb_backtrace 18449 /export/home/tridge/build_farm/samba_4_0_test/source4/./bin/samba\000!\211�\000\000\000\000�U���h9\b�h9\b�h9\b\220Q\212�(@\004\b�7\211��h9\b|M\211�(@\004\b\0347\211������h9\b"
	result = 137980152
	__FUNCTION__ = "smb_panic"
#5  0xfe892096 in talloc_abort (
    reason=0xfe894e40 "Bad talloc magic value - unknown value")
    at ../../lib/talloc/talloc.c:213
No locals.
#6  0xfe89215f in talloc_abort_unknown_value ()
    at ../../lib/talloc/talloc.c:234
No locals.
#7  0xfe89227d in talloc_chunk_from_ptr (ptr=0xa9cc758)
    at ../../lib/talloc/talloc.c:253
	pp = 0xa9cc758 "�w�\nh�-\v\230�\v\nॢ\nx�r\n(�r\n(ϱ\nX\025\026\n��\n�\177�\t\030�*\v8��\nP.�\n(�\n�̵\n\220\006�\t�\235�\t8�!\b\030�\"\b(�t\n`\v�\nX\005�\n\200�\232\t(\005�\nhB\210\n\030A\036\v(\230\002\n���\b\b}�\b�\f�\t`\230\025\n�\006�\t�b\025\n�\032\a\v\220\216j\n@\203�\n�ڲ\n�X�\n8o�\n�\232�\n \223�\n\020|�\tXmv\n���\b��\016\v��\a\v8f\n\v��\017\v�#)\v(0\r\v"...
	tc = (struct talloc_chunk *) 0xa9cc728
#8  0xfe892476 in __talloc (context=0xa9cc758, size=34)
    at ../../lib/talloc/talloc.c:411
	tc = (struct talloc_chunk *) 0x0
#9  0xfe8942be in __talloc_strlendup (t=0xa9cc758, 
    p=0x84aa880 " Miscellaneous failure (see text)�J\bheck9", len=33)
    at ../../lib/talloc/talloc.c:1603
	ret = 0x9aa5f90 "��_\b\210�\206\n�I?\b\030�\\\b�\224�\nx�\032\v \1770\v�j\204\n��\t8d�\b(\b�\b��\210\t�\006\033\t\0201\033\t8\204�\b�\027\b\210\200\n\v\030��\n�y�\b`�\017\t�&S\b\230�\032\v(\005V\b��\026\n\030��\t8d\034\n�$\017\v8��\nh\205m\b8��\n(f-\b��9\n \223�\t"
#10 0xfe894351 in talloc_strndup (t=0xa9cc758, 
    p=0x84aa880 " Miscellaneous failure (see text)�J\bheck9", n=33)
    at ../../lib/talloc/talloc.c:1628
No locals.
#11 0xfe476f13 in gssapi_error_string (mem_ctx=0xa9cc758, maj_stat=851968, 
    min_stat=12, mech=0xfed70484) at ../auth/gensec/gensec_gssapi.c:70
	disp_min_stat = 0
	disp_maj_stat = 0
	maj_error_message = {length = 33, value = 0x84aa880}
	min_error_message = {length = 21, value = 0x9316f90}
	maj_error_string = 0xfede55e4 "xZ\003"
	min_error_string = 0x0
	msg_ctx = 0
	ret = 0xfed704fc "\006"
#12 0xfe4784c6 in gensec_gssapi_update (gensec_security=0xb3128f0, 
    out_mem_ctx=0xa9cc758, in={data = 0x0, length = 0}, out=0xa9cc75c)
    at ../auth/gensec/gensec_gssapi.c:597
	gensec_gssapi_state = (struct gensec_gssapi_state *) 0xb981f88
	nt_status = {v = 3221225581}
	maj_stat = 851968
	min_stat = 12
	min_stat2 = 4275831020
	input_token = {length = 0, value = 0x0}
	output_token = {length = 0, value = 0x0}
	gss_oid_p = (gss_OID) 0xfed70484
	__FUNCTION__ = "gensec_gssapi_update"
#13 0xfe4730a9 in gensec_update (gensec_security=0xb3128f0, 
    out_mem_ctx=0xa9cc758, in={data = 0x0, length = 0}, out=0xa9cc75c)
    at ../auth/gensec/gensec.c:977
No locals.
#14 0xfec7ab3b in dcerpc_bind_auth_send (mem_ctx=0xae94740, p=0xb64c2d0, 
    table=0xfec0a340, credentials=0x8078f60, gensec_settings=0xacacd98, 
    auth_type=16 '\020', auth_level=6 '\006', service=0xfebedba2 "ldap")
    at ../librpc/rpc/dcerpc_auth.c:336
	c = (struct composite_context *) 0x9aa5f88
	creq = (struct composite_context *) 0xfecd3989
	state = (struct bind_auth_state *) 0xa9cc758
	sec = (struct dcerpc_security *) 0xb75b3b8
	syntax = {uuid = {time_low = 3813753397, time_mid = 19206, 
    time_hi_and_version = 4561, clock_seq = "�\004", node = "\000�O���"}, 
  if_version = 4}
	transfer_syntax = {uuid = {time_low = 2324192516, time_mid = 7403, 
    time_hi_and_version = 4553, clock_seq = "\237�", node = "\b\000+\020H`"}, 
  if_version = 2}
	__FUNCTION__ = "dcerpc_bind_auth_send"
#15 0xfec7cb2f in dcerpc_pipe_auth_send (p=0xb64c2d0, binding=0x9f5d240, 
    table=0xfec0a340, credentials=0x8078f60, lp_ctx=0x8071318)
    at ../librpc/rpc/dcerpc_util.c:630
	c = (struct composite_context *) 0xae94740
	s = (struct pipe_auth_state *) 0xb340e60
	auth_schannel_req = (struct composite_context *) 0xfe8925fd
	auth_req = (struct composite_context *) 0xb2d6bf8
	auth_none_req = (struct composite_context *) 0xfe892710
	conn = (struct dcerpc_connection *) 0xb75b3a8
	auth_type = 16 '\020'
#16 0xfec81a85 in continue_pipe_connect (c=0xa6f5038, s=0xb1a80d8)
    at ../librpc/rpc/dcerpc_connect.c:686
	auth_bind_req = (struct composite_context *) 0x1
#17 0xfec818ec in continue_pipe_connect_ncacn_ip_tcp (ctx=0xb2d6bf8)
    at ../librpc/rpc/dcerpc_connect.c:634
	c = (struct composite_context *) 0xa6f5038
	s = (struct pipe_connect_state *) 0xb1a80d8
#18 0xfe808f94 in composite_done (ctx=0xb2d6bf8)
    at ../libcli/composite/composite.c:143
No locals.
#19 0xfec80f13 in continue_pipe_open_ncacn_ip_tcp (ctx=0xb7b4510)
    at ../librpc/rpc/dcerpc_connect.c:298
	c = (struct composite_context *) 0xb2d6bf8
#20 0xfe808f94 in composite_done (ctx=0xb7b4510)
    at ../libcli/composite/composite.c:143
No locals.
#21 0xfec800ce in continue_ipv4_open_socket (ctx=0x9aa5f88)
    at ../librpc/rpc/dcerpc_sock.c:459
	c = (struct composite_context *) 0xb7b4510
	s = (struct pipe_tcp_state *) 0x9a309d8
	__FUNCTION__ = "continue_ipv4_open_socket"
#22 0xfe808f94 in composite_done (ctx=0x9aa5f88)
    at ../libcli/composite/composite.c:143
No locals.
#23 0xfec7fc32 in continue_socket_connect (ctx=0x819e8b0)
    at ../librpc/rpc/dcerpc_sock.c:303
	conn = (struct dcerpc_connection *) 0xb75b3a8
	sock = (struct sock_private *) 0xb0bca90
	c = (struct composite_context *) 0x9aa5f88
	s = (struct pipe_open_socket_state *) 0xae94740
	__FUNCTION__ = "continue_socket_connect"
#24 0xfe808f94 in composite_done (ctx=0x819e8b0)
    at ../libcli/composite/composite.c:143
No locals.
#25 0xfe807f8e in socket_connect_handler (ev=0x80788d0, fde=0xa001530, 
    flags=2, private_data=0x819e8b0) at ../lib/socket/connect.c:131
	result = (struct composite_context *) 0x819e8b0
	state = (struct connect_state *) 0x83e8ce0
#26 0xfeaa6837 in std_event_loop_select (std_ev=0x8078948, tvalp=0x80446d0)
    at ../../lib/tevent/tevent_standard.c:509
	flags = 2
	r_fds = {fds_bits = {1073741824, 0, 524288, 0 <repeats 29 times>}}
	w_fds = {fds_bits = {0, 0, 2048, 0 <repeats 29 times>}}
	fde = (struct tevent_fd *) 0xa001530
	selrtn = 3
#27 0xfeaa6918 in std_event_loop_once (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent_standard.c:548
	std_ev = (struct std_event_context *) 0x8078948
	tval = {tv_sec = 1, tv_usec = 857982}
#28 0xfeaa383d in _tevent_loop_once (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:493
	ret = 0
	nesting_stack_ptr = (void *) 0x0
#29 0xfeaa3a1c in tevent_common_loop_wait (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:594
	ret = 0
#30 0xfeaa3a9a in _tevent_loop_wait (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:613
No locals.
#31 0x0805af9a in binary_smbd_main (binary_name=0x805e8a7 "samba", argc=6, 
    argv=0x8044964) at ../smbd/server.c:480
	opt_daemon = false
	opt_interactive = true
	opt = -1
	pc = (poptContext) 0x8070108
	static_init = {0xfedf66b8 <server_service_auth_init>, 0}
	shared_init = (init_module_fn *) 0x8077f18
	event_ctx = (struct tevent_context *) 0x80788d0
	stdin_event_flags = 1
	status = {v = 0}
	model = 0x8070cf8 "single"
	max_runtime = 18000
	long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0xfdad67f0, val = 0, descrip = 0x805ea29 "Help options:", 
    argDescrip = 0x0}, {longName = 0x805ea37 "daemon", shortName = 68 'D', 
    argInfo = 0, arg = 0x0, val = 1000, 
    descrip = 0x805ea3e "Become a daemon (default)", argDescrip = 0x0}, {
    longName = 0x805ea58 "interactive", shortName = 105 'i', argInfo = 0, 
    arg = 0x0, val = 1001, 
    descrip = 0x805ea64 "Run interactive (not a daemon)", argDescrip = 0x0}, {
    longName = 0x805ea83 "model", shortName = 77 'M', argInfo = 1, arg = 0x0, 
    val = 1002, descrip = 0x805ea89 "Select process model", 
    argDescrip = 0x805ea9e "MODEL"}, {longName = 0x805eaa4 "maximum-runtime", 
    shortName = 0 '\0', argInfo = 2, arg = 0x80448c0, val = 0, 
    descrip = 0x805eab4 "set maximum runtime of the server process, till autotermination", argDescrip = 0x805eaf4 "seconds"}, {
    longName = 0x805eafc "show-build", shortName = 98 'b', argInfo = 0, 
    arg = 0x0, val = 1003, descrip = 0x805eb07 "show build info", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0x806fea0, val = 0, descrip = 0x805eb17 "Common samba options:", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0x806ffa0, val = 0, descrip = 0x805eb17 "Common samba options:", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, 
    arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
	__FUNCTION__ = "binary_smbd_main"
#32 0x0805b00b in main (argc=6, argv=0x8044964) at ../smbd/server.c:491
No locals.
No symbol table info available.
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
smb_panic(): action returned status 0
PANIC: Bad talloc magic value - unknown value
BACKTRACE: 31 stack frames:
 #0 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'call_backtrace+0x27 [0xfedba7a2]
 #1 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'smb_panic+0x1f1 [0xfedbaa65]
 #2 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_abort+0x44 [0xfe892096]
 #3 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_abort_unknown_value+0x22 [0xfe89215f]
 #4 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_chunk_from_ptr+0x9a [0xfe89227d]
 #5 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'__talloc+0x56 [0xfe892476]
 #6 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'__talloc_strlendup+0x23 [0xfe8942be]
 #7 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_strndup+0x42 [0xfe894351]
 #8 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gssapi_error_string+0x8b [0xfe476f13]
 #9 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gensec_gssapi_update+0x737 [0xfe4784c6]
 #10 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gensec_update+0x27 [0xfe4730a9]
 #11 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_bind_auth_send+0x58c [0xfec7ab3b]
 #12 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_pipe_auth_send+0x379 [0xfec7cb2f]
 #13 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_connect+0x81 [0xfec81a85]
 #14 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_connect_ncacn_ip_tcp+0x80 [0xfec818ec]
 #15 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83 [0xfe808f94]
 #16 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_open_ncacn_ip_tcp+0x62 [0xfec80f13]
 #17 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83 [0xfe808f94]
 #18 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_ipv4_open_socket+0xe3 [0xfec800ce]
 #19 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83 [0xfe808f94]
 #20 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_socket_connect+0x2f4 [0xfec7fc32]
 #21 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83 [0xfe808f94]
 #22 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'socket_connect_handler+0x89 [0xfe807f8e]
 #23 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'std_event_loop_select+0x2f2 [0xfeaa6837]
 #24 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'std_event_loop_once+0xb3 [0xfeaa6918]
 #25 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'_tevent_loop_once+0xb7 [0xfeaa383d]
 #26 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'tevent_common_loop_wait+0x47 [0xfeaa3a1c]
 #27 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'_tevent_loop_wait+0x19 [0xfeaa3a9a]
 #28 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'binary_smbd_main+0x9e3 [0x805af9a]
 #29 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'main+0x3e [0x805b00b]
 #30 /export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'_start+0x83 [0x8055627]
./bin/samba got signal 6 and exits with 0!

All information here:

http://build.samba.org/build.cgi?function=View+Build;checksum=9ded86b6cf08910abdb821afc54516d2855e3995;host=opensolaris;revision=4cf85a719350942960d131adfd120eb649c5c861;tree=samba_4_0_test;compiler=gcc

Comment 1 Matthias Dieter Wallnöfer 2010-12-07 03:57:02 UTC

ekacnet, the last two builds don't suffer from this issue. So do you think it's worth to keep this open? Do you have any suspicion?

Otherwise I propose to close this until it happens agains.

Comment 2 Matthieu Patou 2010-12-07 06:25:16 UTC

This segfault is comming quite regulary, not facing it didn't mean that the real problem is fixed.

One solution would be to run the server in valgrind on opensolaris to see what valgrind says!

Keep it open.

Comment 3 Matthias Dieter Wallnöfer 2010-12-07 06:34:47 UTC

Well, there are two issues:

1.) "valgrind" isn't available on (Open)Solaris
2.) do you know the exact test where it fails?

Otherwise I could try to detect the issue since I've now installed an OpenIndiana VM.

Comment 4 Matthias Dieter Wallnöfer 2011-02-18 07:15:04 UTC

Ekacnet, are you able to answer the second item?

(In reply to comment #3)
> Well, there are two issues:
> 
> 1.) "valgrind" isn't available on (Open)Solaris
> 2.) do you know the exact test where it fails?
> 
> Otherwise I could try to detect the issue since I've now installed an
> OpenIndiana VM.
>

Comment 5 Matthias Dieter Wallnöfer 2012-03-15 09:00:15 UTC

metze,

shouldn't this have been fixed by your recent rpc library rework?

Comment 6 Matthias Dieter Wallnöfer 2012-03-15 20:43:34 UTC

This could have been fixed as well. I will close this since much work has been done in this area, we can always reopen if the problem persists.