On Sun, 30 Jun 2024 18:28:17 +0200 Michael Saxl <m...@mwsys.mine.bz> wrote:
Hello,
just in case it would be of any help to clearly see where
the allocation takes place.
Attached file contains my steps to reproduce the crash in a minimal trixie VM.
And shows the allocation from jemalloc and the free from glibc:
Kind regards,
Bernhard
malloc:
(rr) finish
Run till exit from #0 malloc (size=size@entry=1) at src/jemalloc.c:2751
0x00007efd259d1be4 in tdb_alloc_read (tdb=tdb@entry=0x7efd27478aa0,
offset=8142, len=1) at ../../common/io.c:696
696 if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
Value returned is $1 = (void *) 0x7efd27438670
(rr) bt 10
#0 0x00007efd259d1be4 in tdb_alloc_read (tdb=tdb@entry=0x7efd27478aa0,
offset=8142, len=1) at ../../common/io.c:696
#1 0x00007efd259cc98c in _tdb_fetch (tdb=tdb@entry=0x7efd27478aa0, key=...)
at ../../common/tdb.c:283
#2 0x00007efd259cc9c9 in tdb_fetch (tdb=tdb@entry=0x7efd27478aa0, key=...)
at ../../common/tdb.c:292
#3 0x00007efd242e40d2 in schema_metadata_get_uint64 (key=0x7efd242e5dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7efd26d6a260) at source4/dsdb/samdb/ldb_modules/schema_load.c:148
#4 dsdb_schema_refresh (module=module@entry=0x7efd26d6ba20, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
free:
(rr) bt 10
#0 __GI___libc_free (mem=0x7efd27438670) at ./malloc/malloc.c:3356
#1 0x00007efd242e4155 in schema_metadata_get_uint64 (key=0x7efd242e5dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7efd26d6a260) at source4/dsdb/samdb/ldb_modules/schema_load.c:187
#2 dsdb_schema_refresh (module=module@entry=0x7efd26d6ba20, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
apt install systemd-coredump mc gdb rr bind9 samba samba-ad-provision
samba-dsdb-modules
apt install bind9-dbgsym bind9-libs-dbgsym libuv1t64-dbgsym samba-libs-dbgsym
libldb2-dbgsym samba-dsdb-modules-dbgsym libtdb1-dbgsym libtalloc2-dbgsym
libjemalloc2-dbgsym
apt build-dep samba-dsdb-modules
mkdir /home/benutzer/source/samba-dsdb-modules/orig -p
cd /home/benutzer/source/samba-dsdb-modules/orig
apt source samba-dsdb-modules
mkdir /home/benutzer/source/libtdb1/orig -p
cd /home/benutzer/source/libtdb1/orig
apt source libtdb1
mkdir /home/benutzer/source/glibc/orig -p
cd /home/benutzer/source/glibc/orig
apt source glibc
mkdir /home/benutzer/source/libjemalloc2/orig -p
cd /home/benutzer/source/libjemalloc2/orig
apt source libjemalloc2
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
samba-tool domain provision --server-role=dc --use-rfc2307
--dns-backend=BIND9_DLZ --realm=SAMDOM.EXAMPLE.COM --domain=SAMDOM
--adminpass=Passw0rd
cat <<EOF >> /etc/bind/named.conf
dlz "AD DNS Zone" {
# For BIND 9.18.x
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so -d
9";
};
EOF
Jul 13 14:09:45 debian named[3318]: samba_dlz: GENSEC backend
'fake_gssapi_krb5' registered
Jul 13 14:09:45 debian named[3318]: samba_dlz: ldb: No encrypted secrets key
file. Secret attributes will not be encrypted or decrypted
Jul 13 14:09:45 debian named[3318]: samba_dlz:
Jul 13 14:09:45 debian named[3318]: free(): invalid pointer
Jul 13 14:09:45 debian systemd-coredump[3351]: Process 3318 (named) of user 102
terminated abnormally with signal 6/ABRT, processing...
Jul 13 14:09:45 debian systemd[1]: Started systemd-coredump@4-3351-0.service -
Process Core Dump (PID 3351/UID 0).
Jul 13 14:09:46 debian systemd-coredump[3352]: [🡕] Process 3318 (named) of user
102 dumped core.
Jul 13 14:09:46 debian systemd[1]: systemd-coredump@4-3351-0.service:
Deactivated successfully.
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE SIZE
...
Sat 2024-07-13 14:09:46 CEST 3318 102 109 SIGABRT present /usr/sbin/named 1.1M
root@debian:~# coredumpctl gdb --debugger-argument=-q 3318
PID: 3318 (named)
UID: 102 (bind)
GID: 109 (bind)
Signal: 6 (ABRT)
Timestamp: Sat 2024-07-13 14:09:45 CEST (1min 26s ago)
Command Line: /usr/sbin/named -f -u bind
Executable: /usr/sbin/named
Control Group: /system.slice/named.service
Unit: named.service
Slice: system.slice
Boot ID: a687c03330d041718bcc285381960b5e
Machine ID: 16e4d7437c19482b8c85581d3feaba09
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.named.102.a687c03330d041718bcc285381960b5e.3318.1720872585000000.zst
(present)
Size on Disk: 1.1M
Message: Process 3318 (named) of user 102 dumped core.
Reading symbols from /usr/sbin/named...
(No debugging symbols found in /usr/sbin/named)
...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/named -f -u bind'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7fe00e190580 (LWP 3318))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007fe00d8f4b6f in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at ./nptl/pthread_kill.c:78
#2 0x00007fe00d8a64e2 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007fe00d88f4ed in __GI_abort () at ./stdlib/abort.c:79
#4 0x00007fe00d890395 in __libc_message (fmt=fmt@entry=0x7fe00da0455e "%s\n")
at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007fe00d8fe455 in malloc_printerr (str=str@entry=0x7fe00da0202b
"free(): invalid pointer") at ./malloc/malloc.c:5765
#6 0x00007fe00d9005b4 in _int_free (av=0x7fe00da3fac0 <main_arena>,
p=<optimized out>, have_lock=have_lock@entry=0) at ./malloc/malloc.c:4500
#7 0x00007fe00d902e2f in __GI___libc_free (mem=<optimized out>) at
./malloc/malloc.c:3391
#8 0x00007fe003e94155 in ?? () from
/usr/lib/x86_64-linux-gnu/samba/ldb/schema_load.so
#9 0x00007fe008d4182b in dsdb_get_schema () from
/usr/lib/x86_64-linux-gnu/samba/libldbsamba-private-samba.so.0
#10 0x00007fe003e93d5c in ?? () from
/usr/lib/x86_64-linux-gnu/samba/ldb/schema_load.so
#11 0x00007fe00a5d82c2 in ldb_module_init_chain () from
/lib/x86_64-linux-gnu/libldb.so.2
#12 0x00007fe00a5d82c2 in ldb_module_init_chain () from
/lib/x86_64-linux-gnu/libldb.so.2
#13 0x00007fe003eefdd4 in ?? () from
/usr/lib/x86_64-linux-gnu/samba/ldb/rootdse.so
#14 0x00007fe00a5d82c2 in ldb_module_init_chain () from
/lib/x86_64-linux-gnu/libldb.so.2
#15 0x00007fe003ec3f13 in ?? () from
/usr/lib/x86_64-linux-gnu/samba/ldb/samba_dsdb.so
#16 0x00007fe00a5d82c2 in ldb_module_init_chain () from
/lib/x86_64-linux-gnu/libldb.so.2
#17 0x00007fe00a5d83ac in ldb_load_modules () from
/lib/x86_64-linux-gnu/libldb.so.2
#18 0x00007fe00a5d72be in ldb_connect () from /lib/x86_64-linux-gnu/libldb.so.2
#19 0x00007fe008d3c435 in samba_ldb_connect () from
/usr/lib/x86_64-linux-gnu/samba/libldbsamba-private-samba.so.0
#20 0x00007fe00a580678 in samdb_connect_url () from
/lib/x86_64-linux-gnu/libsamdb.so.0
#21 0x00007fe00d212a6e in dlz_create () from
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so
#22 0x0000561648756126 in ?? ()
#23 0x00007fe00e34d49a in ?? () from
/lib/x86_64-linux-gnu/libdns-9.19.25-185-g392e7199df2-1-Debian.so
#24 0x00007fe00e259105 in dns_dlzcreate () from
/lib/x86_64-linux-gnu/libdns-9.19.25-185-g392e7199df2-1-Debian.so
#25 0x0000561648769f07 in ?? ()
#26 0x000056164877a88f in ?? ()
#27 0x000056164877bb81 in ?? ()
#28 0x00007fe00ea8b537 in isc.async_cb () from
/lib/x86_64-linux-gnu/libisc-9.19.25-185-g392e7199df2-1-Debian.so
#29 0x00007fe00e945d33 in ?? () from /lib/x86_64-linux-gnu/libuv.so.1
#30 0x00007fe00e959a72 in ?? () from /lib/x86_64-linux-gnu/libuv.so.1
#31 0x00007fe00e9469f8 in uv_run () from /lib/x86_64-linux-gnu/libuv.so.1
#32 0x00007fe00ea9e850 in ?? () from
/lib/x86_64-linux-gnu/libisc-9.19.25-185-g392e7199df2-1-Debian.so
#33 0x000056164874b97a in main ()
(gdb)
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007fe00d8f4b6f in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at ./nptl/pthread_kill.c:78
#2 0x00007fe00d8a64e2 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007fe00d88f4ed in __GI_abort () at ./stdlib/abort.c:79
#4 0x00007fe00d890395 in __libc_message (fmt=fmt@entry=0x7fe00da0455e "%s\n")
at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007fe00d8fe455 in malloc_printerr (str=str@entry=0x7fe00da0202b
"free(): invalid pointer") at ./malloc/malloc.c:5765
#6 0x00007fe00d9005b4 in _int_free (av=0x7fe00da3fac0 <main_arena>,
p=<optimized out>, have_lock=have_lock@entry=0) at ./malloc/malloc.c:4500
#7 0x00007fe00d902e2f in __GI___libc_free (mem=<optimized out>) at
./malloc/malloc.c:3391
#8 0x00007fe003e94155 in schema_metadata_get_uint64 (key=0x7fe003e95dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7fe00aef70c0) at source4/dsdb/samdb/ldb_modules/schema_load.c:187
#9 dsdb_schema_refresh (module=module@entry=0x7fe00aef8880, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
#10 0x00007fe008d4182b in dsdb_get_schema (ldb=0x7fe00ae88ea0,
reference_ctx=0x7fe00ae35d20) at source4/dsdb/schema/schema_set.c:896
#11 0x00007fe003e93d5c in schema_load (need_write=0x7fe00aef70ec,
module=<optimized out>, ldb=0x7fe00ae88ea0) at
source4/dsdb/samdb/ldb_modules/schema_load.c:443
#12 schema_load_init (module=<optimized out>) at
source4/dsdb/samdb/ldb_modules/schema_load.c:489
#13 0x00007fe00a5d82c2 in ldb_module_init_chain (ldb=0x7fe00ae88ea0,
module=0x7fe00aef8880) at lib/ldb/common/ldb_modules.c:365
#14 0x00007fe00a5d82c2 in ldb_module_init_chain (ldb=0x7fe00ae88ea0,
module=0x7fe00aef8920) at lib/ldb/common/ldb_modules.c:365
#15 0x00007fe00a5d8741 in ldb_next_init (module=<optimized out>,
module@entry=0x7fe00aef89c0) at lib/ldb/common/ldb_modules.c:619
#16 0x00007fe003eefdd4 in rootdse_init (module=0x7fe00aef89c0) at
source4/dsdb/samdb/ldb_modules/rootdse.c:1013
#17 0x00007fe00a5d82c2 in ldb_module_init_chain (ldb=0x7fe00ae88ea0,
module=0x7fe00aef89c0) at lib/ldb/common/ldb_modules.c:365
#18 0x00007fe00a5d8741 in ldb_next_init (module=<optimized out>,
module@entry=0x7fe00aef66c0) at lib/ldb/common/ldb_modules.c:619
#19 0x00007fe003ec3f13 in samba_dsdb_init (module=0x7fe00aef66c0) at
source4/dsdb/samdb/ldb_modules/samba_dsdb.c:491
#20 0x00007fe00a5d82c2 in ldb_module_init_chain (ldb=ldb@entry=0x7fe00ae88ea0,
module=0x7fe00aef66c0) at lib/ldb/common/ldb_modules.c:365
#21 0x00007fe00a5d83ac in ldb_load_modules (ldb=ldb@entry=0x7fe00ae88ea0,
options=options@entry=0x0) at lib/ldb/common/ldb_modules.c:447
#22 0x00007fe00a5d72be in ldb_connect (ldb=ldb@entry=0x7fe00ae88ea0,
url=url@entry=0x7fe00aef6260 "/var/lib/samba/bind-dns/dns/sam.ldb",
flags=flags@entry=64, options=options@entry=0x0) at lib/ldb/common/ldb.c:275
#23 0x00007fe008d3c435 in samba_ldb_connect (ldb=ldb@entry=0x7fe00ae88ea0,
lp_ctx=lp_ctx@entry=0x7fe00a77a8e0, url=url@entry=0x7fe00aef6080
"/var/lib/samba/bind-dns/dns/sam.ldb", flags=flags@entry=64) at
lib/ldb-samba/ldb_wrap.c:230
#24 0x00007fe00a580678 in samdb_connect_url
(mem_ctx=mem_ctx@entry=0x7fe00ae77ec0, ev_ctx=0x7fe00aeb3160,
lp_ctx=0x7fe00a77a8e0, session_info=0x7fe00a77abe0, flags=64, flags@entry=0,
url=url@entry=0x7fe00aef6080 "/var/lib/samba/bind-dns/dns/sam.ldb",
remote_address=0x0, ldb_ret=0x7fe00ae77ed0, errstring=0x7fff12bd65d0) at
source4/dsdb/samdb/samdb.c:96
#25 0x00007fe00d212a6e in dlz_create (dlzname=<optimized out>, argc=3,
argv=0x7fe00a760f68, dbdata=0x7fe00ae77788) at
source4/dns_server/dlz_bind9.c:741
#26 0x0000561648756126 in dlopen_dlz_create (dlzname=0x7fe00aed3100 "AD DNS
Zone", argc=4, argv=0x7fe00a760f60, driverarg=<optimized out>,
dbdata=0x7fe00af0e108) at ./bin/named/dlz_dlopen_driver.c:311
#27 0x00007fe00e34d49a in dns_sdlzcreate (mctx=<optimized out>,
dlzname=0x7fe00aed3100 "AD DNS Zone", argc=4, argv=0x7fe00a760f60,
driverarg=0x7fe00ae247f0, dbdata=0x7fe00af0e108) at ./lib/dns/sdlz.c:1488
#28 0x00007fe00e259105 in dns_dlzcreate (mctx=mctx@entry=0x7fe00ae1d600,
dlzname=0x7fe00aed3100 "AD DNS Zone",
drivername=drivername@entry=0x7fe00af0e0a0 "dlopen", argc=argc@entry=4,
argv=argv@entry=0x7fe00a760f60, dbp=dbp@entry=0x7fff12bd6bc0) at
./lib/dns/dlz.c:213
#29 0x0000561648769f07 in configure_view (view=0x7fe00aed5200,
viewlist=viewlist@entry=0x7fff12bd7cf0, config=0x7fe00a797220,
vconfig=vconfig@entry=0x0, cachelist=cachelist@entry=0x7fff12bd7d10,
kasplist=kasplist@entry=0x7fe00aeb0780, keystores=0x7fe00aeb0790, bindkeys=0x0,
mctx=0x7fe00ae1d600, actx=0x7fe00ae33ee0, need_hints=true) at
./bin/named/server.c:4214
#30 0x000056164877a88f in load_configuration (filename=<optimized out>,
server=server@entry=0x7fe00aeb0700, first_time=first_time@entry=true) at
./bin/named/server.c:9126
#31 0x000056164877bb81 in run_server (arg=0x7fe00aeb0700) at
./bin/named/server.c:9906
#32 0x00007fe00ea8b537 in isc__async_cb (handle=<optimized out>) at
./lib/isc/async.c:111
#33 0x00007fe00e945d33 in uv__async_io (loop=0x7fe00af05220, w=<optimized out>,
events=<optimized out>) at ./src/unix/async.c:176
#34 0x00007fe00e959a72 in uv__io_poll (loop=loop@entry=0x7fe00af05220,
timeout=<optimized out>) at ./src/unix/linux.c:1534
#35 0x00007fe00e9469f8 in uv_run (loop=loop@entry=0x7fe00af05220,
mode=mode@entry=UV_RUN_DEFAULT) at ./src/unix/core.c:448
#36 0x00007fe00ea9e850 in loop_thread (arg=0x7fe00af05200) at
./lib/isc/loop.c:288
#37 0x000056164874b97a in main (argc=4, argv=0x7fff12bdc628) at
./bin/named/main.c:1575
(gdb)
mc -e /usr/lib/systemd/system/named.service
-ExecStart=/usr/sbin/named -f $OPTIONS
+ExecStart=/usr/bin/valgrind /usr/sbin/named -f $OPTIONS
systemctl daemon-reload
systemctl stop named
systemctl start named
--> no crash or something helpful ...
echo 1 > /proc/sys/kernel/perf_event_paranoid
mc -e /usr/lib/systemd/system/named.service
-ExecStart=/usr/sbin/named -f $OPTIONS
+ExecStart=/usr/bin/rr record /usr/sbin/named -f $OPTIONS
systemctl daemon-reload
systemctl stop named
systemctl start named
Jul 13 14:19:48 debian named[4333]: samba_dlz: GENSEC backend
'fake_gssapi_krb5' registered
Jul 13 14:19:48 debian named[4333]: samba_dlz: ldb: No encrypted secrets key
file. Secret attributes will not be encrypted or decrypted
Jul 13 14:19:48 debian named[4333]: samba_dlz:
Jul 13 14:19:48 debian systemd-coredump[4336]: Process 4333 (named) of user 102
terminated abnormally with signal 11/SEGV, processing...
Jul 13 14:19:48 debian systemd[1]: Started systemd-coredump@5-4336-0.service -
Process Core Dump (PID 4336/UID 0).
Jul 13 14:19:48 debian systemd-coredump[4337]: [🡕] Process 4333 (named) of user
102 dumped core.
Module libnss_systemd.so.2 from
deb systemd-256.2-1.amd64
Module libzstd.so.1 from deb
libzstd-1.5.6+dfsg-1.amd64
Module libsystemd.so.0 from deb
systemd-256.2-1.amd64
Stack trace of thread 4333:
#0 0x00007efd2a019340
_int_free_merge_chunk (libc.so.6 + 0x97340)
#1 0x00007efd2a019669 _int_free
(libc.so.6 + 0x97669)
#2 0x00007efd2a01be2f
__GI___libc_free (libc.so.6 + 0x99e2f)
#3 0x00007efd242e4155
schema_metadata_get_uint64 (schema_load.so + 0x3155)
#4 0x00007efd258c482b
dsdb_get_schema (libldbsamba-private-samba.so.0 + 0x1082b)
#5 0x00007efd242e3d5c
schema_load (schema_load.so + 0x2d5c)
#6 0x00007efd26b632c2
ldb_module_init_chain (libldb.so.2 + 0xe2c2)
#7 0x00007efd26b632c2
ldb_module_init_chain (libldb.so.2 + 0xe2c2)
#8 0x00007efd2433fdd4
rootdse_init (rootdse.so + 0x9dd4)
#9 0x00007efd26b632c2
ldb_module_init_chain (libldb.so.2 + 0xe2c2)
#
root@debian:~# rr ps /tmp/rr/named-0
PID PPID EXIT CMD
4333 -- -11 /usr/sbin/named -f -u bind
root@debian:~# rr replay -a /tmp/rr/named-0
root@debian:~#
root@debian:~# rr replay --debugger-option=-q /tmp/rr/named-0
Reading symbols from /usr/sbin/named...
Reading symbols from
/usr/lib/debug/.build-id/86/913bd61b7444038f78046211736b0b86733ca5.debug...
Really redefine built-in command "restart"? (y or n) [answered Y; input not
from terminal]
Really redefine built-in command "jump"? (y or n) [answered Y; input not from
terminal]
Remote debugging using 127.0.0.1:14997
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from
/usr/lib/debug/.build-id/d8/0ea16fd662edf36787c9f58d72b7d7b40c48ad.debug...
BFD: warning: system-supplied DSO at 0x6fffd000 has a section extending past
end of file
0x00007efd2b176810 in _start () from /lib64/ld-linux-x86-64.so.2
(rr) set width 0
(rr) set pagination off
(rr) directory /home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg
Source directories searched:
/home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg:$cdir:$cwd
(rr) directory /home/benutzer/source/libtdb1/orig/tdb-1.4.10/debian/source
Source directories searched:
/home/benutzer/source/libtdb1/orig/tdb-1.4.10/debian/source:/home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg:$cdir:$cwd
(rr) directory /home/benutzer/source/glibc/orig/glibc-2.38
Source directories searched:
/home/benutzer/source/glibc/orig/glibc-2.38:/home/benutzer/source/libtdb1/orig/tdb-1.4.10/debian/source:/home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg:$cdir:$cwd
(rr) directory /home/benutzer/source/libjemalloc2/orig/jemalloc-5.3.0
Source directories searched:
/home/benutzer/source/libjemalloc2/orig/jemalloc-5.3.0:/home/benutzer/source/glibc/orig/glibc-2.38:/home/benutzer/source/libtdb1/orig/tdb-1.4.10/debian/source:/home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg:$cdir:$cwd
(rr) cont
Continuing.
[New Thread 4333.4335]
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007efd2a019340 in _int_free_merge_chunk (av=av@entry=0x7efd2a158ac0
<main_arena>, p=0x7efd27438660, size=139625091825664) at ./malloc/malloc.c:4668
warning: Source file is more recent than executable.
4668 >= ((char *) av->top + chunksize(av->top)), 0))
(rr) bt
#0 0x00007efd2a019340 in _int_free_merge_chunk (av=av@entry=0x7efd2a158ac0
<main_arena>, p=0x7efd27438660, size=139625091825664) at ./malloc/malloc.c:4668
#1 0x00007efd2a019669 in _int_free (av=0x7efd2a158ac0 <main_arena>,
p=<optimized out>, have_lock=<optimized out>, have_lock@entry=0) at
./malloc/malloc.c:4639
#2 0x00007efd2a01be2f in __GI___libc_free (mem=<optimized out>) at
./malloc/malloc.c:3391
#3 0x00007efd242e4155 in schema_metadata_get_uint64 (key=0x7efd242e5dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7efd26d6a260) at source4/dsdb/samdb/ldb_modules/schema_load.c:187
#4 dsdb_schema_refresh (module=module@entry=0x7efd26d6ba20, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
#5 0x00007efd258c482b in dsdb_get_schema (ldb=ldb@entry=0x7efd27488ea0,
reference_ctx=reference_ctx@entry=0x7efd27435d80) at
source4/dsdb/schema/schema_set.c:896
#6 0x00007efd242e3d5c in schema_load (need_write=0x7efd26d6a28c,
module=<optimized out>, ldb=0x7efd27488ea0) at
source4/dsdb/samdb/ldb_modules/schema_load.c:443
#7 schema_load_init (module=<optimized out>) at
source4/dsdb/samdb/ldb_modules/schema_load.c:489
#8 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6ba20) at lib/ldb/common/ldb_modules.c:365
#9 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6bac0) at lib/ldb/common/ldb_modules.c:365
#10 0x00007efd26b63741 in ldb_next_init (module=<optimized out>,
module@entry=0x7efd26d6bb60) at lib/ldb/common/ldb_modules.c:619
#11 0x00007efd2433fdd4 in rootdse_init (module=0x7efd26d6bb60) at
source4/dsdb/samdb/ldb_modules/rootdse.c:1013
#12 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6bb60) at lib/ldb/common/ldb_modules.c:365
#13 0x00007efd26b63741 in ldb_next_init (module=<optimized out>,
module@entry=0x7efd26d69860) at lib/ldb/common/ldb_modules.c:619
#14 0x00007efd24313f13 in samba_dsdb_init (module=0x7efd26d69860) at
source4/dsdb/samdb/ldb_modules/samba_dsdb.c:491
#15 0x00007efd26b632c2 in ldb_module_init_chain (ldb=ldb@entry=0x7efd27488ea0,
module=0x7efd26d69860) at lib/ldb/common/ldb_modules.c:365
#16 0x00007efd26b633ac in ldb_load_modules (ldb=ldb@entry=0x7efd27488ea0,
options=options@entry=0x0) at lib/ldb/common/ldb_modules.c:447
#17 0x00007efd26b622be in ldb_connect (ldb=ldb@entry=0x7efd27488ea0,
url=url@entry=0x7efd26d69400 "/var/lib/samba/bind-dns/dns/sam.ldb",
flags=flags@entry=64, options=options@entry=0x0) at lib/ldb/common/ldb.c:275
#18 0x00007efd258bf435 in samba_ldb_connect (ldb=ldb@entry=0x7efd27488ea0,
lp_ctx=lp_ctx@entry=0x7efd26d5c720, url=url@entry=0x7efd26d69220
"/var/lib/samba/bind-dns/dns/sam.ldb", flags=flags@entry=64) at
lib/ldb-samba/ldb_wrap.c:230
#19 0x00007efd26b24678 in samdb_connect_url
(mem_ctx=mem_ctx@entry=0x7efd27477fa0, ev_ctx=0x7efd274b1720,
lp_ctx=0x7efd26d5c720, session_info=0x7efd26d5ca20, flags=64, flags@entry=0,
url=url@entry=0x7efd26d69220 "/var/lib/samba/bind-dns/dns/sam.ldb",
remote_address=0x0, ldb_ret=0x7efd27477fb0, errstring=0x7ffd397aa1f0) at
source4/dsdb/samdb/samdb.c:96
#20 0x00007efd29889a6e in dlz_create (dlzname=<optimized out>, argc=3,
argv=0x7efd27546528, dbdata=0x7efd27477868) at
source4/dns_server/dlz_bind9.c:741
#21 0x000055d62b21d126 in dlopen_dlz_create (dlzname=0x7efd274d3180 "AD DNS
Zone", argc=4, argv=0x7efd27546520, driverarg=<optimized out>,
dbdata=0x7efd274fe108) at ./bin/named/dlz_dlopen_driver.c:311
#22 0x00007efd2ab4d49a in dns_sdlzcreate (mctx=<optimized out>,
dlzname=0x7efd274d3180 "AD DNS Zone", argc=4, argv=0x7efd27546520,
driverarg=0x7efd274247f0, dbdata=0x7efd274fe108) at ./lib/dns/sdlz.c:1488
#23 0x00007efd2aa59105 in dns_dlzcreate (mctx=mctx@entry=0x7efd2741d600,
dlzname=0x7efd274d3180 "AD DNS Zone",
drivername=drivername@entry=0x7efd274fe0a0 "dlopen", argc=argc@entry=4,
argv=argv@entry=0x7efd27546520, dbp=dbp@entry=0x7ffd397aa7e0) at
./lib/dns/dlz.c:213
#24 0x000055d62b230f07 in configure_view (view=0x7efd274d4c00,
viewlist=viewlist@entry=0x7ffd397ab910, config=0x7efd275b23c0,
vconfig=vconfig@entry=0x0, cachelist=cachelist@entry=0x7ffd397ab930,
kasplist=kasplist@entry=0x7efd274b0780, keystores=0x7efd274b0790, bindkeys=0x0,
mctx=0x7efd2741d600, actx=0x7efd27433ee0, need_hints=true) at
./bin/named/server.c:4214
#25 0x000055d62b24188f in load_configuration (filename=<optimized out>,
server=server@entry=0x7efd274b0700, first_time=first_time@entry=true) at
./bin/named/server.c:9126
#26 0x000055d62b242b81 in run_server (arg=0x7efd274b0700) at
./bin/named/server.c:9906
#27 0x00007efd2ada5537 in isc__async_cb (handle=<optimized out>) at
./lib/isc/async.c:111
#28 0x00007efd2aca5d33 in uv__async_io (loop=0x7efd2743c820, w=<optimized out>,
events=<optimized out>) at ./src/unix/async.c:176
#29 0x00007efd2acb9a72 in uv__io_poll (loop=loop@entry=0x7efd2743c820,
timeout=<optimized out>) at ./src/unix/linux.c:1534
#30 0x00007efd2aca69f8 in uv_run (loop=loop@entry=0x7efd2743c820,
mode=mode@entry=UV_RUN_DEFAULT) at ./src/unix/core.c:448
#31 0x00007efd2adb8850 in loop_thread (arg=0x7efd2743c800) at
./lib/isc/loop.c:288
#32 0x000055d62b21297a in main (argc=4, argv=0x7ffd397b0248) at
./bin/named/main.c:1575
(rr) b free
Breakpoint 1 at 0x7efd25434800 (60 locations)
(rr) b malloc
Breakpoint 2 at 0x7efd2a01b710: malloc. (47 locations)
(rr) reverse-cont
Continuing.
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007efd2a019340 in _int_free_merge_chunk (av=av@entry=0x7efd2a158ac0
<main_arena>, p=0x7efd27438660, size=139625091825664) at ./malloc/malloc.c:4668
4668 >= ((char *) av->top + chunksize(av->top)), 0))
(rr) reverse-cont
Continuing.
Thread 1 hit Breakpoint 1.2, __GI___libc_free (mem=0x7efd27438670) at
./malloc/malloc.c:3356
3356 if (mem == 0) /* free(0) has no effect */
(rr) bt 10
#0 __GI___libc_free (mem=0x7efd27438670) at ./malloc/malloc.c:3356
#1 0x00007efd242e4155 in schema_metadata_get_uint64 (key=0x7efd242e5dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7efd26d6a260) at source4/dsdb/samdb/ldb_modules/schema_load.c:187
#2 dsdb_schema_refresh (module=module@entry=0x7efd26d6ba20, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
#3 0x00007efd258c482b in dsdb_get_schema (ldb=ldb@entry=0x7efd27488ea0,
reference_ctx=reference_ctx@entry=0x7efd27435d80) at
source4/dsdb/schema/schema_set.c:896
#4 0x00007efd242e3d5c in schema_load (need_write=0x7efd26d6a28c,
module=<optimized out>, ldb=0x7efd27488ea0) at
source4/dsdb/samdb/ldb_modules/schema_load.c:443
#5 schema_load_init (module=<optimized out>) at
source4/dsdb/samdb/ldb_modules/schema_load.c:489
#6 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6ba20) at lib/ldb/common/ldb_modules.c:365
#7 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6bac0) at lib/ldb/common/ldb_modules.c:365
#8 0x00007efd26b63741 in ldb_next_init (module=<optimized out>,
module@entry=0x7efd26d6bb60) at lib/ldb/common/ldb_modules.c:619
#9 0x00007efd2433fdd4 in rootdse_init (module=0x7efd26d6bb60) at
source4/dsdb/samdb/ldb_modules/rootdse.c:1013
(More stack frames follow...)
(rr) reverse-cont
Continuing.
Thread 1 hit Breakpoint 2.2, malloc (size=98) at src/jemalloc.c:2751
warning: Source file is more recent than executable.
2751 je_malloc(size_t size) {
(rr) reverse-cont
Continuing.
Thread 1 hit Breakpoint 2.2, malloc (size=size@entry=1) at src/jemalloc.c:2751
2751 je_malloc(size_t size) {
(rr) finish
Run till exit from #0 malloc (size=size@entry=1) at src/jemalloc.c:2751
0x00007efd259d1be4 in tdb_alloc_read (tdb=tdb@entry=0x7efd27478aa0,
offset=8142, len=1) at ../../common/io.c:696
696 if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
Value returned is $1 = (void *) 0x7efd27438670
(rr) bt 10
#0 0x00007efd259d1be4 in tdb_alloc_read (tdb=tdb@entry=0x7efd27478aa0,
offset=8142, len=1) at ../../common/io.c:696
#1 0x00007efd259cc98c in _tdb_fetch (tdb=tdb@entry=0x7efd27478aa0, key=...) at
../../common/tdb.c:283
#2 0x00007efd259cc9c9 in tdb_fetch (tdb=tdb@entry=0x7efd27478aa0, key=...) at
../../common/tdb.c:292
#3 0x00007efd242e40d2 in schema_metadata_get_uint64 (key=0x7efd242e5dcb
"SCHEMA_SEQ_NUM", default_value=0, value=<synthetic pointer>,
data=0x7efd26d6a260) at source4/dsdb/samdb/ldb_modules/schema_load.c:148
#4 dsdb_schema_refresh (module=module@entry=0x7efd26d6ba20, ev=<optimized
out>, schema=schema@entry=0x0, is_global_schema=is_global_schema@entry=true) at
source4/dsdb/samdb/ldb_modules/schema_load.c:246
#5 0x00007efd258c482b in dsdb_get_schema (ldb=ldb@entry=0x7efd27488ea0,
reference_ctx=reference_ctx@entry=0x7efd27435d80) at
source4/dsdb/schema/schema_set.c:896
#6 0x00007efd242e3d5c in schema_load (need_write=0x7efd26d6a28c,
module=<optimized out>, ldb=0x7efd27488ea0) at
source4/dsdb/samdb/ldb_modules/schema_load.c:443
#7 schema_load_init (module=<optimized out>) at
source4/dsdb/samdb/ldb_modules/schema_load.c:489
#8 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6ba20) at lib/ldb/common/ldb_modules.c:365
#9 0x00007efd26b632c2 in ldb_module_init_chain (ldb=0x7efd27488ea0,
module=0x7efd26d6bac0) at lib/ldb/common/ldb_modules.c:365
(More stack frames follow...)
(rr)
rr replay --debugger-option=-q /tmp/rr/named-0
set width 0
set pagination off
directory /home/benutzer/source/samba-dsdb-modules/orig/samba-4.20.2+dfsg
directory /home/benutzer/source/libtdb1/orig/tdb-1.4.10/debian/source
directory /home/benutzer/source/glibc/orig/glibc-2.38
directory /home/benutzer/source/libjemalloc2/orig/jemalloc-5.3.0
cont
bt
