Created attachment 8921 [details] gdb; bt full Built from: 4.1.0pre1-GIT-1c9ef67 commit 1c9ef675d1a44fb9b0d599f96391abf1e21981c1 Author: Volker Lendecke <vl@samba.org> Date: Fri May 17 15:14:58 2013 +0200 smbd: Fix a ISO C90 forbids mixed declarations and code warning Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat May 18 01:40:04 CEST 2013 on sn-devel-104 Crash smbd.log: [2013/05/25 13:24:38.582662, 0] ../source3/smbd/oplock.c:333(oplock_timeout_handler) Oplock break failed for file betsy/Documents/Downloads/Demoto-Backsplash Only.pdf -- replying anyway [2013/05/25 13:25:02.178940, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) talloc: access after free error - first free may be at ../source3/smbd/open.c:1514 [2013/05/25 13:25:02.179114, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) Bad talloc magic value - access after free [2013/05/25 13:25:02.179259, 0] ../source3/lib/util.c:810(smb_panic_s3) PANIC (pid 4152): Bad talloc magic value - access after free [2013/05/25 13:25:02.184976, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.170 (ipv4:192.168.0.170:55907) closed connection to service betsy [2013/05/25 13:25:02.211771, 0] ../source3/lib/util.c:921(log_stack_trace) BACKTRACE: 22 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f9ca4103caa] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6c) [0x7f9ca4103afd] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f9ca5b87c49] #3 /usr/local/samba/lib/private/libtalloc.so.2(+0x241f) [0x7f9ca51a441f] #4 /usr/local/samba/lib/private/libtalloc.so.2(+0x249b) [0x7f9ca51a449b] #5 /usr/local/samba/lib/private/libtalloc.so.2(+0x2518) [0x7f9ca51a4518] #6 /usr/local/samba/lib/private/libtalloc.so.2(talloc_get_name+0x18) [0x7f9ca51a5fb8] #7 /usr/local/samba/lib/private/libtalloc.so.2(_talloc_get_type_abort+0x4c) [0x7f9ca51a6138] #8 /usr/local/samba/lib/libsmbconf.so.0(+0x3130d) [0x7f9ca411130d] #9 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_immediate+0x1f5) [0x7f9ca53b0f78] #10 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x56) [0x7f9ca4124de3] #11 /usr/local/samba/lib/libsmbconf.so.0(+0x454a7) [0x7f9ca41254a7] #12 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9ca53b00b2] #13 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x12ef) [0x7f9ca5725449] #14 /usr/local/samba/sbin/smbd() [0x409ec6] #15 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x55f) [0x7f9ca41252ec] #16 /usr/local/samba/lib/libsmbconf.so.0(+0x455b8) [0x7f9ca41255b8] #17 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9ca53b00b2] #18 /usr/local/samba/sbin/smbd() [0x40ab30] #19 /usr/local/samba/sbin/smbd(main+0x1709) [0x40c38a] #20 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f9ca2972ea5] #21 /usr/local/samba/sbin/smbd() [0x4055e9] [2013/05/25 13:25:02.212732, 0] ../source3/lib/util.c:822(smb_panic_s3) smb_panic(): calling panic action [/bin/sleep 99999999] [2013/05/25 13:25:04.294102, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.152 (ipv4:192.168.0.152:57569) closed connection to service sysvol [2013/05/25 13:26:29.799740, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.152 (ipv4:192.168.0.152:57569) closed connection to service sysvol [2013/05/25 13:27:19.689165, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.152 (ipv4:192.168.0.152:57569) closed connection to service sysvol [2013/05/25 13:28:31.173121, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.152 (ipv4:192.168.0.152:57569) closed connection to service sysvol [2013/05/25 13:29:07.193624, 1] ../source3/smbd/service.c:1122(close_cnum) 192.168.0.152 (ipv4:192.168.0.152:57569) closed connection to service sysvol Terminated [2013/05/25 13:31:33.514811, 0] ../source3/lib/util.c:830(smb_panic_s3) smb_panic(): action returned status 143 [2013/05/25 13:31:33.515025, 0] ../source3/lib/dumpcore.c:317(dump_core) dumping core in /usr/local/samba/var/cores/smbd [2013/05/25 13:31:33.592143, 1] ../source3/smbd/server.c:456(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown [2013/05/25 13:31:53.598941, 1] ../source3/smbd/server.c:409(cleanup_timeout_fn) Cleaning up brl and lock database after unclean shutdown
Haven't seen this in a while. Likely fixed/invalid.
Oct 29 10:14:18 [smbd] [2013/10/29 10:14:18.717705, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)_ Oct 29 10:14:18 [smbd] talloc: access after free error - first free may be at ../source3/smbd/open.c:1529_ Oct 29 10:14:18 [smbd] [2013/10/29 10:14:18.718340, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)_ Oct 29 10:14:18 [smbd] Bad talloc magic value - access after free_ Oct 29 10:14:18 [smbd] [2013/10/29 10:14:18.718743, 0] ../source3/lib/util.c:785(smb_panic_s3)_ Oct 29 10:14:18 [smbd] PANIC (pid 21033): Bad talloc magic value - access after free_ Oct 29 10:14:18 [smbd] [2013/10/29 10:14:18.721530, 0] ../source3/lib/util.c:896(log_stack_trace)_ Oct 29 10:14:18 [smbd] BACKTRACE: 19 stack frames:_ Oct 29 10:14:18 [smbd] #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x18) [0x7b4c71eba361]_ Oct 29 10:14:18 [smbd] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x4c) [0x7b4c71eba43a]_ Oct 29 10:14:18 [smbd] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x2d) [0x7b4c7335c784]_ Oct 29 10:14:18 [smbd] #3 /usr/lib64/libtalloc.so.2(+0x2ac8) [0x7b4c70b1bac8]_ Oct 29 10:14:18 [smbd] #4 /usr/lib64/libtalloc.so.2(talloc_get_name+0x7) [0x7b4c70b1bea6]_ Oct 29 10:14:18 [smbd] #5 /usr/lib64/libtalloc.so.2(_talloc_get_type_abort+0x4e) [0x7b4c70b1c55c]_ Oct 29 10:14:18 [smbd] #6 /usr/lib64/libsmbconf.so.0(+0x2d4de) [0x7b4c71ec14de]_ Oct 29 10:14:18 [smbd] #7 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xf1) [0x7b4c709107c6]_ Oct 29 10:14:18 [smbd] #8 /usr/lib64/libsmbconf.so.0(run_events_poll+0x45) [0x7b4c71ecbadd]_ Oct 29 10:14:18 [smbd] #9 /usr/lib64/libsmbconf.so.0(+0x37d58) [0x7b4c71ecbd58]_ Oct 29 10:14:18 [smbd] #10 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x5f) [0x7b4c70910081]_ Oct 29 10:14:18 [smbd] #11 /usr/lib64/samba/libsmbd_base.so(smbd_process+0xc38) [0x7b4c72f96e5d]_ Oct 29 10:14:18 [smbd] #12 /usr/sbin/smbd(+0xa418) [0x73a19e17418]_ Oct 29 10:14:18 [smbd] #13 /usr/lib64/libsmbconf.so.0(run_events_poll+0x250) [0x7b4c71ecbce8]_ Oct 29 10:14:18 [smbd] #14 /usr/lib64/libsmbconf.so.0(+0x37e09) [0x7b4c71ecbe09]_ Oct 29 10:14:18 [smbd] #15 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x5f) [0x7b4c70910081]_ Oct 29 10:14:18 [smbd] #16 /usr/sbin/smbd(main+0x14cc) [0x73a19e1485c]_ Oct 29 10:14:18 [smbd] #17 /lib64/libc.so.6(__libc_start_main+0xf5) [0x7b4c70588665]_ Oct 29 10:14:18 [smbd] #18 /usr/sbin/smbd(+0x78fd) [0x73a19e148fd]_ Oct 29 10:14:18 [smbd] [2013/10/29 10:14:18.727452, 0] ../source3/lib/dumpcore.c:317(dump_core)_ Oct 29 10:14:18 [smbd] dumping core in /var/log/samba/cores/smbd_ When multiple users are logging in, I get these a lot on 4.1.0.
still happening on 4.1.2
I can confirm that problem. Yesterday I switched to 4.1.3 and tonight I hit the following twice: [2013/12/17 04:04:54.376628, 0, pid=20181] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) talloc: access after free error - first free may be at ../source3/smbd/open.c:1569 [2013/12/17 04:04:54.376768, 0, pid=20181] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) Bad talloc magic value - access after free [2013/12/17 04:04:54.376831, 0, pid=20181] ../source3/lib/util.c:785(smb_panic_s3) PANIC (pid 20181): Bad talloc magic value - access after free [2013/12/17 04:04:54.377302, 0, pid=20181] ../source3/lib/util.c:896(log_stack_trace) BACKTRACE: 22 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7ff412cf6a02] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7ff412cf6871] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7ff414756c79] #3 /usr/local/samba/lib/samba/libtalloc.so.2(+0x20a9) [0x7ff413d8a0a9] #4 /usr/local/samba/lib/samba/libtalloc.so.2(+0x2125) [0x7ff413d8a125] #5 /usr/local/samba/lib/samba/libtalloc.so.2(+0x21a3) [0x7ff413d8a1a3] #6 /usr/local/samba/lib/samba/libtalloc.so.2(talloc_get_name+0x18) [0x7ff413d8bc83] #7 /usr/local/samba/lib/samba/libtalloc.so.2(_talloc_get_type_abort+0x4c) [0x7ff413d8be03] #8 /usr/local/samba/lib/libsmbconf.so.0(+0x315f7) [0x7ff412d025f7] #9 /usr/local/samba/lib/samba/libtevent.so.0(tevent_common_loop_immediate+0x1f9) [0x7ff413f94ee4] #10 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x57) [0x7ff412d13057] #11 /usr/local/samba/lib/libsmbconf.so.0(+0x42704) [0x7ff412d13704] #12 /usr/local/samba/lib/samba/libtevent.so.0(_tevent_loop_once+0xfc) [0x7ff413f93fa9] #13 /usr/local/samba/lib/samba/libsmbd_base.so(smbd_process+0x1331) [0x7ff4142faf55] #14 /usr/sbin/smbd(+0x99ea) [0x7ff414dbe9ea] #15 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x544) [0x7ff412d13544] #16 /usr/local/samba/lib/libsmbconf.so.0(+0x4281a) [0x7ff412d1381a] #17 /usr/local/samba/lib/samba/libtevent.so.0(_tevent_loop_once+0xfc) [0x7ff413f93fa9] #18 /usr/sbin/smbd(+0xa669) [0x7ff414dbf669] #19 /usr/sbin/smbd(main+0x15d1) [0x7ff414dc0d8b] #20 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7ff41158ad1d] #21 /usr/sbin/smbd(+0x56c9) [0x7ff414dba6c9] [2013/12/17 04:04:54.377820, 0, pid=20181] ../source3/lib/util.c:797(smb_panic_s3) smb_panic(): calling panic action [/usr/local/bin/panic-action 20181] [2013/12/17 04:04:54.681254, 0, pid=20181] ../source3/lib/util.c:805(smb_panic_s3) smb_panic(): action returned status 0 [2013/12/17 04:04:54.681466, 0, pid=20181] ../source3/lib/dumpcore.c:317(dump_core) dumping core in /var/log/samba//cores/smbd
Created attachment 9527 [details] core dump file
Created attachment 9528 [details] backtrace
This is different from bug 10250 or bug 10284? Please note that because it's a security release only, 4.1.3 does not contain the patches from those bugs.
(In reply to comment #7) > This is different from bug 10250 or bug 10284? Please note that because it's a > security release only, 4.1.3 does not contain the patches from those bugs. You are right. The patches from Bug 10250 and bug 10284 were pushed shortly *after* 4.1.2 was released. And as 4.1.3 was a security release, it wasn't included, of course. But the patch from 10284 doesn't apply to 4.1.3: # patch -p 1 < patch.txt patching file source3/lib/msg_channel.c Hunk #7 FAILED at 228. 1 out of 9 hunks FAILED -- saving rejects to file source3/lib/msg_channel.c.rej
It is possible that you have to apply the patch from 10250 before you apply 10284.
The question remains -- is this a different crash than those two?
(In reply to comment #9) > It is possible that you have to apply the patch from 10250 before you apply > 10284. 10250 before 10284 applies fine. Thanks. (In reply to comment #10) > The question remains -- is this a different crash than those two? I guess it isn't, if 4.1.2 and 4.1.3 didn't contain the patch(es). I upgraded last night from a patched 4.1.1 to plain 4.1.3 and didn't mentioned that the patches are not included yet. That's why I thought this could be a new/different issue and hooked up to this bug report, as it contained the same errors and was still open. I'll recheck 4.1.3 with the two patches in the next two nights and give feedback.
Closing as a likely duplicate of 10284 *** This bug has been marked as a duplicate of bug 10284 ***