smbd is crashing intermittently with "Bad talloc magic value - access after free".
Issue
sambais crashing intermittently on RHEL 7.8 system.
Jul 27 05:22:04 test smbd[18231]: BACKTRACE: 30 stack frames:
Jul 27 05:22:04 test smbd[18231]: #0 /lib64/libsamba-util.so.0(log_stack_trace+0x2f) [0x7fbc1f5765cf]
Jul 27 05:22:04 test smbd[18231]: #1 /lib64/libsmbconf.so.0(smb_panic_s3+0x18) [0x7fbc1ed70dd8]
Jul 27 05:22:04 test smbd[18231]: #2 /lib64/libsamba-util.so.0(smb_panic+0x2d) [0x7fbc1f5766cd]
Jul 27 05:22:04 test smbd[18231]: #3 /lib64/libtalloc.so.2(+0x28af) [0x7fbc10d508af]
Jul 27 05:22:04 test smbd[18231]: #4 /lib64/libtalloc.so.2(+0x363c) [0x7fbc10d5163c]
Jul 27 05:22:04 test smbd[18231]: #5 /usr/lib64/samba/libsmbd-base-samba4.so(+0x140426) [0x7fbc1f115426]
Jul 27 05:22:04 test smbd[18231]: #6 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1442b3) [0x7fbc1f1192b3]
Jul 27 05:22:04 test smbd[18231]: #7 /usr/lib64/samba/libsmbd-base-samba4.so(create_file_default+0x219) [0x7fbc1f11b2f9]
Jul 27 05:22:04 test smbd[18231]: #8 /usr/lib64/samba/libsmbd-base-samba4.so(+0xaa95e) [0x7fbc1f07f95e]
Jul 27 05:22:04 test smbd[18231]: #9 /usr/lib64/samba/libsmbd-base-samba4.so(smb_vfs_call_create_file+0xd8) [0x7fbc1f122458]
Jul 27 05:22:04 test smbd[18231]: #10 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_process_create+0xc9b) [0x7fbc1f152f7b]
Jul 27 05:22:04 test smbd[18231]: #11 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x17cb) [0x7fbc1f14927b]
Jul 27 05:22:04 test smbd[18231]: #12 /usr/lib64/samba/libsmbd-base-samba4.so(+0x175c45) [0x7fbc1f14ac45]
Jul 27 05:22:04 test smbd[18231]: #13 /lib64/libtevent.so.0(tevent_common_invoke_fd_handler+0x83) [0x7fbc0fe2bb13]
Jul 27 05:22:04 test smbd[18231]: #14 /lib64/libtevent.so.0(+0xd087) [0x7fbc0fe32087]
Jul 27 05:22:04 test smbd[18231]: #15 /lib64/libtevent.so.0(+0xb057) [0x7fbc0fe30057]
Jul 27 05:22:04 test smbd[18231]: #16 /lib64/libtevent.so.0(_tevent_loop_once+0xbd) [0x7fbc0fe2b25d]
Jul 27 05:22:04 test smbd[18231]: #17 /lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fbc0fe2b4bb]
Jul 27 05:22:04 test smbd[18231]: #18 /lib64/libtevent.so.0(+0xaff7) [0x7fbc0fe2fff7]
Jul 27 05:22:04 test smbd[18231]: #19 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0x6b1) [0x7fbc1f138181]
Jul 27 05:22:04 test smbd[18231]: #20 /usr/sbin/smbd(+0xb2b8) [0x560539b272b8]
Jul 27 05:22:04 test smbd[18231]: #21 /lib64/libtevent.so.0(tevent_common_invoke_fd_handler+0x83) [0x7fbc0fe2bb13]
Jul 27 05:22:04 test smbd[18231]: #22 /lib64/libtevent.so.0(+0xd087) [0x7fbc0fe32087]
Jul 27 05:22:04 test smbd[18231]: #23 /lib64/libtevent.so.0(+0xb057) [0x7fbc0fe30057]
Jul 27 05:22:04 test smbd[18231]: #24 /lib64/libtevent.so.0(_tevent_loop_once+0xbd) [0x7fbc0fe2b25d]
Jul 27 05:22:04 test smbd[18231]: #25 /lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fbc0fe2b4bb]
Jul 27 05:22:04 test smbd[18231]: #26 /lib64/libtevent.so.0(+0xaff7) [0x7fbc0fe2fff7]
Jul 27 05:22:04 test smbd[18231]: #27 /usr/sbin/smbd(main+0x1ad8) [0x560539b249e8]
Jul 27 05:22:04 test smbd[18231]: #28 /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fbc0f86f555]
Jul 27 05:22:04 test smbd[18231]: #29 /usr/sbin/smbd(+0x8d84) [0x560539b24d84]
Jul 27 05:22:04 test smbd[18231]: [2020/07/27 05:22:04.028720, 0, pid=18231] ../../source3/lib/dumpcore.c:315(dump_core)
Jul 27 05:22:04 test smbd[18231]: dumping core in /var/log/samba/cores/smbd
Jul 27 05:22:04 test smbd[18231]:
Jul 27 05:22:04 test smbd[18242]: [2020/07/27 05:22:04.053312, 0, pid=18242] ../../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
Jul 27 05:22:04 test smbd[18242]: talloc: access after free error - first free may be at ../../lib/util/memcache.c:218
Jul 27 05:22:04 test smbd[18242]: [2020/07/27 05:22:04.053388, 0, pid=18242] ../../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
Jul 27 05:22:04 test smbd[18242]: Bad talloc magic value - access after free
Jul 27 05:22:04 test smbd[18242]: [2020/07/27 05:22:04.053432, 0, pid=18242] ../../source3/lib/util.c:824(smb_panic_s3)
Jul 27 05:22:04 test smbd[18242]: PANIC (pid 18242): Bad talloc magic value - access after free
Jul 27 05:22:04 test smbd[18242]: [2020/07/27 05:22:04.053940, 0, pid=18242] ../../lib/util/fault.c:261(log_stack_trace)"
Environment
- Red Hat Enterprise Linux 7, 8
- samba
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
