[Pkg-samba-maint] Bug#536640: Samba 2:3.4.0-1 crashes on startup
sacrificial-spam-address at horizon.com
sacrificial-spam-address at horizon.com
Sun Jul 12 00:06:11 UTC 2009
Package: samba
Version: 2:3.4.0-1
Severity: grave
After upgrading a working 3.3.6-1 configuration to 3.4.0-1, smbd started
exploding on startup.
This is an i386 (32-bit) userland on an AMD quad-processor (Phenom)
with a 64-bit kernel. All packages from current debian/unstable.
The failure is consistent. I haven't diffed thr output, but it looks
the same each time.
> # strace -o /tmp/t -f /etc/init.d/samba start
> Starting Samba daemons: nmbd smbd*** glibc detected *** /usr/sbin/smbd: corrupted double-linked list: 0x08f5a4d0 ***
> ======= Backtrace: =========
> /lib/i686/cmov/libc.so.6[0x419b18c4]
> /lib/i686/cmov/libc.so.6[0x419b362b]
> /lib/i686/cmov/libc.so.6(cfree+0x96)[0x419b3866]
> /lib/i686/cmov/libc.so.6(freeifaddrs+0x1d)[0x41a453ad]
> /usr/sbin/smbd(get_interfaces+0x1e3)[0x831af23]
> /usr/sbin/smbd(load_interfaces+0x8f)[0x832990f]
> /usr/sbin/smbd(reload_services+0x94)[0x8614824]
> /usr/sbin/smbd(main+0x51c)[0x8615d8c]
> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x41959775]
> /usr/sbin/smbd[0x80c3a41]
> ======= Memory map: ========
> 08047000-08728000 r-xp 00000000 09:05 4391449 /usr/sbin/smbd
> 08728000-08733000 r--p 006e1000 09:05 4391449 /usr/sbin/smbd
> 08733000-0873b000 rw-p 006ec000 09:05 4391449 /usr/sbin/smbd
> 0873b000-0873c000 rw-p 00000000 00:00 0
> 08eb0000-08f79000 rw-p 00000000 00:00 0 [heap]
> 41923000-4193f000 r-xp 00000000 09:05 2813335 /lib/ld-2.9.so
> 4193f000-41940000 r--p 0001b000 09:05 2813335 /lib/ld-2.9.so
> 41940000-41941000 rw-p 0001c000 09:05 2813335 /lib/ld-2.9.so
> 41943000-41a9b000 r-xp 00000000 09:05 2813355 /lib/i686/cmov/libc-2.9.so
> 41a9b000-41a9d000 r--p 00158000 09:05 2813355 /lib/i686/cmov/libc-2.9.so
> 41a9d000-41a9e000 rw-p 0015a000 09:05 2813355 /lib/i686/cmov/libc-2.9.so
> 41a9e000-41aa1000 rw-p 00000000 00:00 0
> 41aa3000-41aa5000 r-xp 00000000 09:05 2813099 /lib/i686/cmov/libdl-2.9.so
> 41aa5000-41aa6000 r--p 00001000 09:05 2813099 /lib/i686/cmov/libdl-2.9.so
> 41aa6000-41aa7000 rw-p 00002000 09:05 2813099 /lib/i686/cmov/libdl-2.9.so
> 41aa9000-41acd000 r-xp 00000000 09:05 2813385 /lib/i686/cmov/libm-2.9.so
> 41acd000-41ace000 r--p 00023000 09:05 2813385 /lib/i686/cmov/libm-2.9.so
> 41ace000-41acf000 rw-p 00024000 09:05 2813385 /lib/i686/cmov/libm-2.9.so
> 41ad1000-41ae6000 r-xp 00000000 09:05 2813444 /lib/i686/cmov/libpthread-2.9.so
> 41ae6000-41ae7000 r--p 00014000 09:05 2813444 /lib/i686/cmov/libpthread-2.9.so
> 41ae7000-41ae8000 rw-p 00015000 09:05 2813444 /lib/i686/cmov/libpthread-2.9.so
> 41ae8000-41aea000 rw-p 00000000 00:00 0
> 41aec000-41b00000 r-xp 00000000 09:05 6721906 /usr/lib/libz.so.1.2.3.3
> 41b00000-41b01000 rw-p 00013000 09:05 6721906 /usr/lib/libz.so.1.2.3.3
> 41c37000-41c41000 r-xp 00000000 09:05 2813458 /lib/libpam.so.0.81.12
> 41c41000-41c42000 rw-p 00009000 09:05 2813458 /lib/libpam.so.0.81.12
> 41fbc000-41fe6000 r-xp 00000000 09:05 2813293 /lib/libgcc_s.so.1
> 41fe6000-41fe7000 rw-p 00029000 09:05 2813293 /lib/libgcc_s.so.1
> 4221d000-42223000 r-xp 00000000 09:05 2813469 /lib/libacl.so.1.1.0
> 42223000-42224000 rw-p 00005000 09:05 2813469 /lib/libacl.so.1.1.0
> 42226000-4222a000 r-xp 00000000 09:05 2813278 /lib/libattr.so.1.1.0
> 4222a000-4222b000 rw-p 00003000 09:05 2813278 /lib/libattr.so.1.1.0
> 42273000-42285000 r-xp 00000000 09:05 2813169 /lib/i686/cmov/libresolv-2.9.so
> 42285000-42286000 r--p 00011000 09:05 2813169 /lib/i686/cmov/libresolv-2.9.so
> 42286000-42287000 rw-p 00012000 09:05 2813169 /lib/i686/cmov/libresolv-2.9.so
> 42287000-42289000 rw-p 00000000 00:00 0
> 4270f000-42724000 r-xp 00000000 09:05 2813431 /lib/i686/cmov/libnsl-2.9.so
> 42724000-42725000 r--p 00014000 09:05 2813431 /lib/i686/cmov/libnsl-2.9.so
> 42725000-42726000 rw-p 00015000 09:05 2813431 /lib/i686/cmov/libnsl-2.9.so
> 42726000-42728000 rw-p 00000000 00:00 0
> 4275f000-42768000 r-xp 00000000 09:05 2813449 /lib/i686/cmov/libcrypt-2.9.so
> 42768000-42769000 r--p 00008000 09:05 2813449 /lib/i686/cmov/libcrypt-2.9.so
> 42769000-4276a000 rw-p 00009000 09:05 2813449 /lib/i686/cmov/libcrypt-2.9.so
> 4276a000-42791000 rw-p 00000000 00:00 0
> 4279e000-427b4000 r-xp 00000000 09:05 7044442 /usr/lib/libsasl2.so.2.0.23
> 427b4000-427b5000 rw-p 00015000 09:05 7044442 /usr/lib/libsasl2.so.2.0.23
> 427bc000-427c2000 r-xp 00000000 09:05 7044556 /usr/lib/libkrb5support.so.0.1
> 427c2000-427c3000 rw-p 00005000 09:05 7044556 /usr/lib/libkrb5support.so.0.1
> 427c5000-427ed000 r-xp 00000000 09:05 7044578 /usr/lib/libk5crypto.so.3.1
> 427ed000-427ee000 rw-p 00028000 09:05 7044578 /usr/lib/libk5crypto.so.3.1
> 428c6000-428c8000 r-xp 00000000 09:05 2813463 /lib/libkeyutils-1.2.so
> 428c8000-428c9000 rw-p 00001000 09:05 2813463 /lib/libkeyutils-1.2.so
> 428cb000-428ce000 r-xp 00000000 09:05 2813457 /lib/libcap.so.2.16
> 428ce000-428cf000 rw-p 00002000 09:05 2813457 /lib/libcap.so.2.16
> 428d1000-428de000 r-xp 00000000 09:05 4602963 /usr/lib/liblber-2.4.so.2.4.1
> 428de000-428df000 rw-p 0000c000 09:05 4602963 /usr/lib/liblber-2.4.so.2.4.1
> 428f9000-42901000 r-xp 00000000 09:05 2813455 /lib/libpopt.so.0.0.0
> 42901000-42902000 rw-p 00007000 09:05 2813455 /lib/libpopt.so.0.0.0
> 4294c000-42954000 r-xp 00000000 09:05 7044494 /usr/lib/libtalloc.so.1.3.1
> 42954000-42955000 rw-p 00007000 09:05 7044494 /usr/lib/libtalloc.so.1.3.1
> 42a88000-42afa000 r-xp 00000000 09:05 7044450 /usr/lib/libgcrypt.so.11.5.2
> 42afa000-42afd000 rw-p 00072000 09:05 7044450 /usr/lib/libgcrypt.so.11.5.2
> 42aff000-42b02000 r-xp 00000000 09:05 7044448 /usr/lib/libgpg-error.so.0.4.0
> 42b02000-42b03000 rw-p 00002000 09:05 7044448 /usr/lib/libgpg-error.so.0.4.0
> 42b05000-42b14000 r-xp 00000000 09:05 7044446 /usr/lib/libtasn1.so.3.1.5
> 42b14000-42b15000 rw-p 0000f000 09:05 7044446 /usr/lib/libtasn1.so.3.1.5
> 42b17000-42baf000 r-xp 00000000 09:05 7044451 /usr/lib/libgnutls.so.26.11.7
> 42baf000-42bb5000 rw-p 00098000 09:05 7044451 /usr/lib/libgnutls.so.26.11.7
> 42d77000-42db8000 r-xp 00000000 09:05 7044465 /usr/lib/libldap_r-2.4.so.2.4.1
> 42db8000-42dba000 rw-p 00040000 09:05 7044465 /usr/lib/libldap_r-2.4.so.2.4.1
> 42dba000-42dbb000 rw-p 00000000 00:00 0
> 4df07000-4df09000 r-xp 00000000 09:05 2813159 /lib/libcom_err.so.2.1
> 4df09000-4df0a000 rw-p 00001000 09:05 2813159 /lib/libcom_err.so.2.1
> 4df0c000-4df34000 r-xp 00000000 09:05 6721969 /usr/lib/libgssapi_krb5.so.2.2
> 4df34000-4df35000 rw-p 00028000 09:05 6721969 /usr/lib/libgssapi_krb5.so.2.2
> 4df37000-4df6b000 r-xp 00000000 09:05 6703180 /usr/lib/libcups.so.2
> 4df6b000-4df6c000 ---p 00034000 09:05 6703180 /usr/lib/libcups.so.2
> 4df6c000-4df6d000 r--p 00034000 09:05 6703180 /usr/lib/libcups.so.2
> 4df6d000-4df6e000 rw-p 00035000 09:05 6703180 /usr/lib/libcups.so.2
> 4df9d000-4dfa6000 r-xp 00000000 09:05 6722026 /usr/lib/libwbclient.so.0
> 4dfa6000-4dfa7000 r--p 00008000 09:05 6722026 /usr/lib/libwbclient.so.0
> 4dfa7000-4dfa8000 rw-p 00009000 09:05 6722026 /usr/lib/libwbclient.so.0
> 4dfa8000-4dfa9000 rw-p 00000000 00:00 0
> 4dfc9000-4e06c000 r-xp 00000000 09:05 4602544 /usr/lib/libkrb5.so.3.3
> 4e06c000-4e072000 rw-p 000a2000 09:05 4602544 /usr/lib/libkrb5.so.3.3
> f7e00000-f7e21000 rw-p 00000000 00:00 0
> f7e21000-f7f00000 ---p 00000000 00:00 0
> f7f83000-f7f85000 r-xp 00000000 09:05 1795742 /usr/lib/gconv/UTF-16.so
> f7f85000-f7f86000 r--p 00001000 09:05 1795742 /usr/lib/gconv/UTF-16.so
> f7f86000-f7f87000 rw-p 00002000 09:05 1795742 /usr/lib/gconv/UTF-16.so
> f7f87000-f7f8e000 r--s 00000000 09:05 4636812 /usr/lib/gconv/gconv-modules.cache
> f7f8e000-f7fae000 r--s 00000000 09:05 4737798 /usr/share/samba/lowcase.dat
> f7fae000-f7fce000 r--s 00000000 09:05 4737796 /usr/share/samba/upcase.dat
> f7fce000-f7fd6000 rw-p 00000000 00:00 0
> f7fdb000-f7fdc000 rw-s 00000000 09:05 5060223 /var/run/samba/messages.tdb
> f7fdc000-f7fec000 r--s 00000000 09:05 4737797 /usr/share/samba/valid.dat
> f7fec000-f7fee000 r-xp 00000000 09:05 1795787 /usr/lib/gconv/IBM850.so
> f7fee000-f7fef000 r--p 00001000 09:05 1795787 /usr/lib/gconv/IBM850.so
> f7fef000-f7ff0000 rw-p 00002000 09:05 1795787 /usr/lib/gconv/IBM850.so
> f7ff0000-f7ff2000 rw-p 00000000 00:00 0
> f7ff2000-f7ff3000 r-xp 00000000 00:00 0 [vdso]
> ffdb4000-ffdc9000 rw-p 00000000 00:00 0 [stack]
At this point, it hangs until I hit ^C. The trace reads /etc/smb.conf,
clones a child which does a bunch of CUPS stuff and writes it back over a
pipe, then the child exits and the parent reads the pipe. (Is that safe?
What of the pipe fills?) Then here's the kablooie:
Just finished reading a bunch of CUPS stuff...
17219 read(4, "HP LaserJet 4550\0", 17) = 17
17219 read(4, "", 4) = 0
17219 close(4) = 0
17219 stat64("", 0xffdc6ce4) = -1 ENOENT (No such file or directory)
17219 umask(022) = 0
17219 open("/var/log/samba/log.smbd", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0644) = 4
17219 close(8) = 0
17219 umask(0) = 022
17219 dup2(4, 2) = 2
17219 stat64("/etc/samba/smb.conf", {st_mode=S_IFREG|0644, st_size=14309, ...}) = 0
17219 umask(022) = 0
17219 open("/var/log/samba/log.smbd", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0644) = 8
17219 close(4) = 0
17219 umask(0) = 022
17219 dup2(8, 2) = 2
17219 socket(PF_NETLINK, SOCK_RAW, 0) = 4
17219 bind(4, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
17219 getsockname(4, {sa_family=AF_NETLINK, pid=17219, groups=00000000}, [12]) = 0
17219 time(NULL) = 1247326183
17219 sendto(4, "\24\0\0\0\22\0\1\3\347\257XJ\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
17219 recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\360\0\0\0\20\0\2\0\347\257XJCC\0\0\0\0\4\3\1\0\0\0I\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 2628
17219 recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\347\257XJCC\0\0\0\0\0\0\1\0\0\0I\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
17219 sendto(4, "\24\0\0\0\26\0\1\3\350\257XJ\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
17219 recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"8\0\0\0\24\0\2\0\350\257XJCC\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 660
17219 recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\350\257XJCC\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
17219 close(4) = 0
17219 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = 4
17219 writev(4, [{"*** glibc detected *** ", 23}, {"/usr/sbin/smbd", 14}, {": ", 2}, {"corrupted double-linked list", 28}, {": 0x", 4}, {"08f5a4d0", 8}, {" ***\n", 5}], 7) = 84
17219 open("/etc/ld.so.cache", O_RDONLY) = 9
17219 fstat64(9, {st_mode=S_IFREG|0644, st_size=104094, ...}) = 0
17219 mmap2(NULL, 104094, PROT_READ, MAP_PRIVATE, 9, 0) = 0xf7f69000
17219 close(9) = 0
17219 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
17219 open("/lib/libgcc_s.so.1", O_RDONLY) = 9
17219 read(9, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\343\373A4\0\0\0"..., 512) = 512
17219 mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xf7d69000
17219 munmap(0xf7d69000, 618496) = 0
17219 munmap(0xf7f00000, 430080) = 0
17219 mprotect(0xf7e00000, 135168, PROT_READ|PROT_WRITE) = 0
17219 fstat64(9, {st_mode=S_IFREG|0644, st_size=172580, ...}) = 0
17219 mmap2(0x41fbc000, 174216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 9, 0) = 0x41fbc000
17219 mmap2(0x41fe6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 9, 0x29) = 0x41fe6000
17219 close(9) = 0
17219 munmap(0xf7f69000, 104094) = 0
17219 futex(0x41a9fa78, FUTEX_WAKE_PRIVATE, 2147483647) = 0
17219 futex(0x41fe6748, FUTEX_WAKE_PRIVATE, 2147483647) = 0
17219 write(4, "======= Backtrace: =========\n", 29) = 29
17219 writev(4, [{"/lib/i686/cmov/libc.so.6", 24}, {"[0x", 3}, {"419b18c4", 8}, {"]\n", 2}], 4) = 37
17219 writev(4, [{"/lib/i686/cmov/libc.so.6", 24}, {"[0x", 3}, {"419b362b", 8}, {"]\n", 2}], 4) = 37
17219 writev(4, [{"/lib/i686/cmov/libc.so.6", 24}, {"(", 1}, {"cfree", 5}, {"+0x", 3}, {"96", 2}, {")", 1}, {"[0x", 3}, {"419b3866", 8}, {"]\n", 2}], 9) = 49
17219 writev(4, [{"/lib/i686/cmov/libc.so.6", 24}, {"(", 1}, {"freeifaddrs", 11}, {"+0x", 3}, {"1d", 2}, {")", 1}, {"[0x", 3}, {"41a453ad", 8}, {"]\n", 2}], 9) = 55
17219 writev(4, [{"/usr/sbin/smbd", 14}, {"(", 1}, {"get_interfaces", 14}, {"+0x", 3}, {"1e3", 3}, {")", 1}, {"[0x", 3}, {"831af23", 7}, {"]\n", 2}], 9) = 48
17219 writev(4, [{"/usr/sbin/smbd", 14}, {"(", 1}, {"load_interfaces", 15}, {"+0x", 3}, {"8f", 2}, {")", 1}, {"[0x", 3}, {"832990f", 7}, {"]\n", 2}], 9) = 48
17219 writev(4, [{"/usr/sbin/smbd", 14}, {"(", 1}, {"reload_services", 15}, {"+0x", 3}, {"94", 2}, {")", 1}, {"[0x", 3}, {"8614824", 7}, {"]\n", 2}], 9) = 48
17219 writev(4, [{"/usr/sbin/smbd", 14}, {"(", 1}, {"main", 4}, {"+0x", 3}, {"51c", 3}, {")", 1}, {"[0x", 3}, {"8615d8c", 7}, {"]\n", 2}], 9) = 38
17219 writev(4, [{"/lib/i686/cmov/libc.so.6", 24}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"e5", 2}, {")", 1}, {"[0x", 3}, {"41959775", 8}, {"]\n", 2}], 9) = 61
17219 writev(4, [{"/usr/sbin/smbd", 14}, {"[0x", 3}, {"80c3a41", 7}, {"]\n", 2}], 4) = 26
17219 write(4, "======= Memory map: ========\n", 29) = 29
17219 open("/proc/self/maps", O_RDONLY) = 9
17219 read(9, "08047000-08728000 r-xp 00000000 "..., 1024) = 1024
17219 write(4, "08047000-08728000 r-xp 00000000 "..., 1024) = 1024
17219 read(9, ":05 2813099 "..., 1024) = 1024
17219 write(4, ":05 2813099 "..., 1024) = 1024
17219 read(9, "3\n41b00000-41b01000 rw-p 0001300"..., 1024) = 1024
17219 write(4, "3\n41b00000-41b01000 rw-p 0001300"..., 1024) = 1024
17219 read(9, " /lib/i686/cmov/libresolv"..., 1024) = 1024
17219 write(4, " /lib/i686/cmov/libresolv"..., 1024) = 1024
17219 read(9, " 7044442 "..., 1024) = 1024
17219 write(4, " 7044442 "..., 1024) = 1024
17219 read(9, " /usr/lib/liblber-2.4.so.2."..., 1024) = 1024
17219 write(4, " /usr/lib/liblber-2.4.so.2."..., 1024) = 1024
17219 read(9, "btasn1.so.3.1.5\n42b17000-42baf00"..., 1024) = 1024
17219 write(4, "btasn1.so.3.1.5\n42b17000-42baf00"..., 1024) = 1024
17219 read(9, " /usr/lib/libcup"..., 1024) = 1024
17219 write(4, " /usr/lib/libcup"..., 1024) = 1024
17219 read(9, "conv/UTF-16.so\nf7f86000-f7f87000"..., 1024) = 1024
17219 write(4, "conv/UTF-16.so\nf7f86000-f7f87000"..., 1024) = 1024
17219 read(9, "00000000 00:00 0 "..., 1024) = 138
17219 write(4, "00000000 00:00 0 "..., 138) = 138
17219 read(9, "", 1024) = 0
17219 close(9) = 0
17219 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
17219 tgkill(17219, 17219, SIGABRT) = 0
17219 --- SIGABRT (Aborted) @ 0 (0) ---
17219 time(NULL) = 1247326183
17219 futex(0x41a9e160, FUTEX_WAIT_PRIVATE, 2, NULL) = ? ERESTARTSYS (To be restarted)
17219 --- SIGINT (Interrupt) @ 0 (0) ---
More information about the Pkg-samba-maint
mailing list