Bug 8562 - talloc: double free error
Summary: talloc: double free error
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.6.1
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 8595
  Show dependency treegraph
 
Reported: 2011-11-02 09:48 UTC by Björn Jacke
Modified: 2020-12-14 15:33 UTC (History)
1 user (show)

See Also:

Attachments
Patches for v3-5-test (4.41 KB, patch)
2011-11-02 10:09 UTC, Stefan Metzmacher 		gd: review+
bjacke: review+
Details
git-am fix for 3.6.2. (2.12 KB, patch)
2011-11-03 23:22 UTC, Jeremy Allison 		metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2011-11-02 09:48:47 UTC 
occasionally this double free error occurs here. Fix already in work by metze...

[2011/11/01 21:14:13.001366,  0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  talloc: double free error - first free may be at rpc_server/srv_netlog_nt.c:998
[2011/11/01 21:14:13.001422,  0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  Bad talloc magic value - double free
[2011/11/01 21:14:13.001437,  0] lib/util.c:1468(smb_panic)
  PANIC (pid 19566): Bad talloc magic value - double free
[2011/11/01 21:14:13.015671,  0] lib/util.c:1572(log_stack_trace)
  BACKTRACE: 24 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x7f121e12f321]
   #1 /usr/sbin/smbd(smb_panic+0x55) [0x7f121e12f424]
   #2 /usr/sbin/smbd(+0x652f8a) [0x7f121e417f8a]
   #3 /usr/sbin/smbd(+0x652f9c) [0x7f121e417f9c]
   #4 /usr/sbin/smbd(_talloc_zero+0x76) [0x7f121e419022]
   #5 /usr/sbin/smbd(ndr_push_init_ctx+0x22) [0x7f121e1475cd]
   #6 /usr/sbin/smbd(+0x2938d4) [0x7f121e0588d4]
   #7 /usr/sbin/smbd(+0x2f63bb) [0x7f121e0bb3bb]
   #8 /usr/sbin/smbd(api_pipe_request+0x1f9) [0x7f121e0c004d]
   #9 /usr/sbin/smbd(np_write_send+0xff9) [0x7f121e0b8635]
   #10 /usr/sbin/smbd(reply_pipe_write_and_X+0x22e) [0x7f121def3700]
   #11 /usr/sbin/smbd(reply_write_and_X+0x18b) [0x7f121defc0b3]
   #12 /usr/sbin/smbd(+0x1757b8) [0x7f121df3a7b8]
   #13 /usr/sbin/smbd(+0x1759dd) [0x7f121df3a9dd]
   #14 /usr/sbin/smbd(+0x1761d2) [0x7f121df3b1d2]
   #15 /usr/sbin/smbd(run_events+0x26e) [0x7f121e13e70a]
   #16 /usr/sbin/smbd(smbd_process+0x950) [0x7f121df3c3a8]
   #17 /usr/sbin/smbd(+0x65149a) [0x7f121e41649a]
   #18 /usr/sbin/smbd(run_events+0x26e) [0x7f121e13e70a]
   #19 /usr/sbin/smbd(+0x379866) [0x7f121e13e866]
   #20 /usr/sbin/smbd(_tevent_loop_once+0x82) [0x7f121e13f1f0]
   #21 /usr/sbin/smbd(main+0x1063) [0x7f121e417679]
   #22 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f121b1e4bfd]
   #23 /usr/sbin/smbd(+0xfd789) [0x7f121dec2789]
Comment 1 Stefan Metzmacher 2011-11-02 10:09:26 UTC 
Created attachment 7048 [details]
Patches for v3-5-test
Comment 2 Volker Lendecke 2011-11-02 10:11:37 UTC 
Please provide a backtrace with debugging symbols so that I can properly review those patches. Alternatively, you might want to let Björn Jacke who reported this bug initially to me install the patches and verify them.

Volker
Comment 3 Guenther Deschner 2011-11-02 11:30:02 UTC 
Comment on attachment 7048 [details]
Patches for v3-5-test

looks good
Comment 4 Björn Jacke 2011-11-03 10:53:47 UTC 
Comment on attachment 7048 [details]
Patches for v3-5-test

triggering rpc_server/srv_netlog_nt.c +998 to reproduce the crash isn't easy. But the version with this patch didn't segfault anymore, so this fix obviously fixed the right thing.
Comment 5 Björn Jacke 2011-11-03 10:55:45 UTC 
Karolin, please get this to 3.5 ... thanks!
Comment 6 Karolin Seeger 2011-11-03 19:51:19 UTC 
Pushed to v3-5-test.
Closing out bug report.

Thanks!
Comment 7 Jeremy Allison 2011-11-03 21:20:42 UTC 
The fix inside _netr_ServerPasswordSet2() needs to be applied to master and 3.6.x also.

Jeremy.
Comment 8 Jeremy Allison 2011-11-03 23:22:06 UTC 
Created attachment 7060 [details]
git-am fix for 3.6.2.

Guenther please review for 3.6.x. This has gone into master.
Comment 9 Jeremy Allison 2011-11-16 23:24:14 UTC 
Comment on attachment 7060 [details]
git-am fix for 3.6.2.

Adding metze for review.
Comment 10 Stefan Metzmacher 2011-11-17 09:30:17 UTC 
Comment on attachment 7060 [details]
git-am fix for 3.6.2.

Looks good
Comment 11 Stefan Metzmacher 2011-11-17 09:30:52 UTC 
Karolin, please pick this for the release
Comment 12 Karolin Seeger 2011-11-17 18:41:11 UTC 
Pushed to v3-6-test.
Closing out bug report.

Thanks!