Bug 8562 - talloc: double free error
talloc: double free error
Status: RESOLVED FIXED
Product: Samba 3.6
Classification: Unclassified
Component: Domain Control
3.6.1
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks: 8595
  Show dependency treegraph
 
Reported: 2011-11-02 09:48 UTC by Björn Jacke
Modified: 2011-11-17 18:41 UTC (History)
1 user (show)

See Also:


Attachments
Patches for v3-5-test (4.41 KB, patch)
2011-11-02 10:09 UTC, Stefan Metzmacher
gd: review+
bjacke: review+
Details
git-am fix for 3.6.2. (2.12 KB, patch)
2011-11-03 23:22 UTC, Jeremy Allison
jra: review? (gd)
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2011-11-02 09:48:47 UTC
occasionally this double free error occurs here. Fix already in work by metze...

[2011/11/01 21:14:13.001366,  0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  talloc: double free error - first free may be at rpc_server/srv_netlog_nt.c:998
[2011/11/01 21:14:13.001422,  0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  Bad talloc magic value - double free
[2011/11/01 21:14:13.001437,  0] lib/util.c:1468(smb_panic)
  PANIC (pid 19566): Bad talloc magic value - double free
[2011/11/01 21:14:13.015671,  0] lib/util.c:1572(log_stack_trace)
  BACKTRACE: 24 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x7f121e12f321]
   #1 /usr/sbin/smbd(smb_panic+0x55) [0x7f121e12f424]
   #2 /usr/sbin/smbd(+0x652f8a) [0x7f121e417f8a]
   #3 /usr/sbin/smbd(+0x652f9c) [0x7f121e417f9c]
   #4 /usr/sbin/smbd(_talloc_zero+0x76) [0x7f121e419022]
   #5 /usr/sbin/smbd(ndr_push_init_ctx+0x22) [0x7f121e1475cd]
   #6 /usr/sbin/smbd(+0x2938d4) [0x7f121e0588d4]
   #7 /usr/sbin/smbd(+0x2f63bb) [0x7f121e0bb3bb]
   #8 /usr/sbin/smbd(api_pipe_request+0x1f9) [0x7f121e0c004d]
   #9 /usr/sbin/smbd(np_write_send+0xff9) [0x7f121e0b8635]
   #10 /usr/sbin/smbd(reply_pipe_write_and_X+0x22e) [0x7f121def3700]
   #11 /usr/sbin/smbd(reply_write_and_X+0x18b) [0x7f121defc0b3]
   #12 /usr/sbin/smbd(+0x1757b8) [0x7f121df3a7b8]
   #13 /usr/sbin/smbd(+0x1759dd) [0x7f121df3a9dd]
   #14 /usr/sbin/smbd(+0x1761d2) [0x7f121df3b1d2]
   #15 /usr/sbin/smbd(run_events+0x26e) [0x7f121e13e70a]
   #16 /usr/sbin/smbd(smbd_process+0x950) [0x7f121df3c3a8]
   #17 /usr/sbin/smbd(+0x65149a) [0x7f121e41649a]
   #18 /usr/sbin/smbd(run_events+0x26e) [0x7f121e13e70a]
   #19 /usr/sbin/smbd(+0x379866) [0x7f121e13e866]
   #20 /usr/sbin/smbd(_tevent_loop_once+0x82) [0x7f121e13f1f0]
   #21 /usr/sbin/smbd(main+0x1063) [0x7f121e417679]
   #22 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f121b1e4bfd]
   #23 /usr/sbin/smbd(+0xfd789) [0x7f121dec2789]
Comment 1 Stefan Metzmacher 2011-11-02 10:09:26 UTC
Created attachment 7048 [details]
Patches for v3-5-test
Comment 2 Volker Lendecke 2011-11-02 10:11:37 UTC
Please provide a backtrace with debugging symbols so that I can properly review those patches. Alternatively, you might want to let Björn Jacke who reported this bug initially to me install the patches and verify them.

Volker
Comment 3 Guenther Deschner 2011-11-02 11:30:02 UTC
Comment on attachment 7048 [details]
Patches for v3-5-test

looks good
Comment 4 Björn Jacke 2011-11-03 10:53:47 UTC
Comment on attachment 7048 [details]
Patches for v3-5-test

triggering rpc_server/srv_netlog_nt.c +998 to reproduce the crash isn't easy. But the version with this patch didn't segfault anymore, so this fix obviously fixed the right thing.
Comment 5 Björn Jacke 2011-11-03 10:55:45 UTC
Karolin, please get this to 3.5 ... thanks!
Comment 6 Karolin Seeger 2011-11-03 19:51:19 UTC
Pushed to v3-5-test.
Closing out bug report.

Thanks!
Comment 7 Jeremy Allison 2011-11-03 21:20:42 UTC
The fix inside _netr_ServerPasswordSet2() needs to be applied to master and 3.6.x also.

Jeremy.
Comment 8 Jeremy Allison 2011-11-03 23:22:06 UTC
Created attachment 7060 [details]
git-am fix for 3.6.2.

Guenther please review for 3.6.x. This has gone into master.
Comment 9 Jeremy Allison 2011-11-16 23:24:14 UTC
Comment on attachment 7060 [details]
git-am fix for 3.6.2.

Adding metze for review.
Comment 10 Stefan Metzmacher 2011-11-17 09:30:17 UTC
Comment on attachment 7060 [details]
git-am fix for 3.6.2.

Looks good
Comment 11 Stefan Metzmacher 2011-11-17 09:30:52 UTC
Karolin, please pick this for the release
Comment 12 Karolin Seeger 2011-11-17 18:41:11 UTC
Pushed to v3-6-test.
Closing out bug report.

Thanks!