Thanks!

This is in regards to bug 3084, I am trying to find out why samba is
crashing. I am using glibc-2.4 with nptl threads. It seems to be a memory
or threading issue. Thanks for any help.

Running smbd through gdb:

Breakpoint 6, charset_name (ch=CH_DISPLAY) at lib/charcnv.c:57
57 const char *ret = NULL;
(gdb)
Continuing.
Substituting charset 'ANSI_X3.4-1968' for LOCALE

Breakpoint 2, smb_iconv_close (cd=0x8412a28) at lib/iconv.c:315
315 if (cd->cd_direct) iconv_close((iconv_t)cd->cd_direct);
(gdb)
Continuing.

Breakpoint 3, iconv_close (cd=0x8412a50) at iconv_close.c:30
30 if (__builtin_expect (cd == (iconv_t *) -1L, 0))
(gdb)
Continuing.
smbd: gconv_db.c:232: __gconv_release_step: Assertion `step->__end_fct ==
((void *)0)' failed.

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) where
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7ce576a in *__GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#2 0xb7ce7060 in *__GI_abort () at abort.c:88
#3 0xb7cdee2d in *__GI___assert_fail (
assertion=0xb7dcbf44 "step->__end_fct == ((void *)0)",
file=0xb7dc7f11 "gconv_db.c", line=232,
function=0xb7dc7f36 "__gconv_release_step") at assert.c:78
#4 0xb7cd4054 in __gconv_release_step (step=)
at gconv_db.c:232
#5 0xb7cd40eb in __gconv_close_transform (steps=0x8401f30, nsteps=2)
at gconv_db.c:791
#6 0xb7cd3dbe in __gconv_close (cd=0x8412a50) at gconv_close.c:64
#7 0xb7cd338c in iconv_close (cd=0x0) at iconv_close.c:36
#8 0x0829106d in smb_iconv_close (cd=0x8412a28) at lib/iconv.c:315
#9 0x08265ca0 in charset_name (ch=CH_DISPLAY) at lib/charcnv.c:82
#10 0x08265d80 in init_iconv () at lib/charcnv.c:127
#11 0x080895f7 in handle_charset (snum=-2, pszParmValue=0x83e98f4 "CP932",
ptr=0x83d2064) at param/loadparm.c:3078
#12 0x0808a4b0 in lp_do_parameter (snum=-2,
pszParmName=0x83e98e8 "dos charset", pszParmValue=0x83e98f4 "CP932")
at param/loadparm.c:3483
#13 0x0808a76b in do_parameter (pszParmName=0x83e98e8 "dos charset",
pszParmValue=0x83e98f4 "CP932") at param/loadparm.c:3557
#14 0x0808f459 in Parameter (InFile=0x83e8028,
pfunc=0x808a6da , c=0) at param/params.c:450
#15 0x0808f523 in Parse (InFile=0x83e8028, sfunc=0x808ab6c ,
pfunc=0x808a6da ) at param/params.c:504
#16 0x0808f7f7 in pm_process (FileName=0xbfa8baec "/etc/samba/smb.conf",
sfunc=0x808ab6c , pfunc=0x808a6da )
at param/params.c:588
#17 0x0808dce3 in lp_load (pszFname=0x83c9900 "/etc/samba/smb.conf",
global_only=0, save_defaults=0, add_ipc=1, initialize_globals=1)
at param/loadparm.c:4896
#18 0x0833ad8a in reload_services (test=0) at smbd/server.c:545
#19 0x0833b712 in main (argc=4, argv=0xbfa8c544) at smbd/server.c:842
(gdb) list
25
26
27 int
28 iconv_close (iconv_t cd)
29 {
30 if (__builtin_expect (cd == (iconv_t *) -1L, 0))
31 {
32 __set_errno (EBADF);
33 return -1;
34 }
(gdb)

Single stepping:


Breakpoint 2, smb_iconv_close (cd=0x8412a28) at lib/iconv.c:315
315 if (cd->cd_direct) iconv_close((iconv_t)cd->cd_direct);
(gdb) step

Breakpoint 3, iconv_close (cd=0x8412a50) at iconv_close.c:30
30 if (__builtin_expect (cd == (iconv_t *) -1L, 0))
(gdb) 36 return __gconv_close ((__gconv_t) cd) ? -1 : 0;
(gdb) __gconv_close (cd=0x8412a50) at gconv_close.c:29
29 {
(gdb) 36 srunp = cd->__steps;
(gdb) 37 nsteps = cd->__nsteps;
(gdb) 36 srunp = cd->__steps;
(gdb) 38 drunp = cd->__data;
(gdb) 37 nsteps = cd->__nsteps;
(gdb) 38 drunp = cd->__data;
(gdb) 37 nsteps = cd->__nsteps;
(gdb) 38 drunp = cd->__data;
(gdb) 43 transp = drunp->__trans;
(gdb) 44 while (transp != NULL)
(gdb) 55 if (!(drunp->__flags & __GCONV_IS_LAST) &&
drunp->__outbuf != NULL)
(gdb) 56 free (drunp->__outbuf);
(gdb) *__GI___libc_free (mem=0x8412aa8) at malloc.c:3413
3413 {
(gdb) 3417 void (*hook) (__malloc_ptr_t, __const __malloc_ptr_t) =
__free_hook;
(gdb) 3418 if (hook != NULL) {
(gdb) 3423 if (mem == 0) /* free(0) has no
effect */
(gdb) 3426 p = mem2chunk(mem);
(gdb) 3429 if (chunk_is_mmapped(p)) /* release
mmapped memory. */
(gdb) 3436 ar_ptr = arena_for_chunk(p);
(gdb) 3445 (void)mutex_lock(&ar_ptr->mutex);
(gdb) 3447 _int_free(ar_ptr, mem);
(gdb) Couldn't get registers: No such process.
(gdb) [Switching to Thread -1216079680 (LWP 4132)]
4291 p = mem2chunk(mem);
(gdb) 4278 {
(gdb) 4292 size = chunksize(p);
(gdb) 4298 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
(gdb) 4307 if (__builtin_expect (size < MINSIZE, 0))
(gdb) 4320 if ((unsigned long)(size) <= (unsigned long)(get_max_fast
())
(gdb) 4360 else if (!chunk_is_mmapped(p)) {
(gdb) 4365 if (__builtin_expect (p == av->top, 0))
(gdb) 4361 nextchunk = chunk_at_offset(p, size);
(gdb) 4371 if (__builtin_expect (contiguous (av)
(gdb) 4379 if (__builtin_expect (!prev_inuse(nextchunk), 0))

(gdb) Couldn't get registers: No such process.
(gdb) [Switching to Thread -1216079680 (LWP 4132)]
4386 if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
(gdb) 4385 nextsize = chunksize(nextchunk);
(gdb) 4386 if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
(gdb) 4393 if (__builtin_expect (perturb_byte, 0))
(gdb) 4397 if (!prev_inuse(p)) {
(gdb) 4404 if (nextchunk != av->top) {
(gdb) 4409 if (!nextinuse) {
(gdb) 4413 clear_inuse_bit_at_offset(nextchunk, 0);
(gdb) 4421 bck = unsorted_chunks(av);
(gdb) 4429 set_foot(p, size);
(gdb) 4421 bck = unsorted_chunks(av);
(gdb) 4422 fwd = bck->fd;
(gdb) 4423 p->bk = bck;
(gdb) 4424 p->fd = fwd;
(gdb) 4425 bck->fd = p;
(gdb) 4428 set_head(p, size | PREV_INUSE);
(gdb) 4426 fwd->bk = p;
(gdb) 4428 set_head(p, size | PREV_INUSE);

4459 if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) {
(gdb) 4493 }
(gdb) *__GI___libc_free (mem=0x8412aa8) at malloc.c:3448
3448 (void)mutex_unlock(&ar_ptr->mutex);
(gdb) 3449 }
(gdb) Couldn't get registers: No such process.
(gdb) [Switching to Thread -1216079680 (LWP 4132)]
__gconv_close (cd=0x8412a50) at gconv_close.c:58
58 while (!((drunp++)->__flags & __GCONV_IS_LAST));
(gdb) 43 transp = drunp->__trans;
(gdb) 44 while (transp != NULL)
(gdb) 55 if (!(drunp->__flags & __GCONV_IS_LAST) &&
drunp->__outbuf != NULL)
(gdb) 61 free (cd);
(gdb) *__GI___libc_free (mem=0x8412a50) at malloc.c:3413
3413 {
(gdb) 3417 void (*hook) (__malloc_ptr_t, __const __malloc_ptr_t) =
__free_hook;
(gdb) 3418 if (hook != NULL) {
(gdb) 3423 if (mem == 0) /* free(0) has no
effect */
(gdb) 3426 p = mem2chunk(mem);
(gdb) 3429 if (chunk_is_mmapped(p)) /* release
mmapped memory. */
(gdb) 3436 ar_ptr = arena_for_chunk(p);
(gdb)

3447 _int_free(ar_ptr, mem);
(gdb) _int_free (av=0xb7d8a120, mem=0x8412a50) at malloc.c:4278
4278 {
(gdb) 4291 p = mem2chunk(mem);
(gdb) 4278 {
(gdb) 4292 size = chunksize(p);
(gdb) 4298 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
(gdb) 4307 if (__builtin_expect (size < MINSIZE, 0))
(gdb) 4320 if ((unsigned long)(size) <= (unsigned long)(get_max_fast
())
(gdb) 4360 else if (!chunk_is_mmapped(p)) {
(gdb) 4365 if (__builtin_expect (p == av->top, 0))
(gdb) 4361 nextchunk = chunk_at_offset(p, size);
(gdb) 4371 if (__builtin_expect (contiguous (av)
(gdb) 4379 if (__builtin_expect (!prev_inuse(nextchunk), 0))
(gdb) 4386 if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
(gdb) 4385 nextsize = chunksize(nextchunk);
(gdb) 4386 if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
(gdb) 4393 if (__builtin_expect (perturb_byte, 0))
(gdb) 4397 if (!prev_inuse(p)) {
(gdb) 4404 if (nextchunk != av->top) {
(gdb) 4409 if (!nextinuse) {

(gdb) 4410 unlink(nextchunk, bck, fwd);
(gdb) 4411 size += nextsize;
(gdb) 4421 bck = unsorted_chunks(av);
(gdb) 4429 set_foot(p, size);
(gdb) 4421 bck = unsorted_chunks(av);
(gdb) 4422 fwd = bck->fd;
(gdb) 4423 p->bk = bck;
(gdb) 4424 p->fd = fwd;
(gdb) 4425 bck->fd = p;
(gdb) 4428 set_head(p, size | PREV_INUSE);
(gdb) 4426 fwd->bk = p;
(gdb) 4428 set_head(p, size | PREV_INUSE);
(gdb) 4459 if ((unsigned long)(size) >=
FASTBIN_CONSOLIDATION_THRESHOLD) {
(gdb) 4493 }
(gdb) *__GI___libc_free (mem=0x8412a50) at malloc.c:3448
3448 (void)mutex_unlock(&ar_ptr->mutex);
(gdb) 3449 }
(gdb) __gconv_close (cd=0x8412a50) at gconv_close.c:64
64 return __gconv_close_transform (srunp, nsteps);
(gdb) __gconv_close_transform (steps=0x8401f30, nsteps=2) at gconv_db.c:781
781 {
(gdb)

786 __libc_lock_lock (__gconv_lock);
(gdb) 790 while (cnt-- > 0)
(gdb) 791 __gconv_release_step (&steps[cnt]);
(gdb) __gconv_release_step (step=0x8401f6c) at gconv_db.c:210
210 if (step->__shlib_handle != NULL && --step->__counter == 0)
(gdb) 208 {
(gdb) 210 if (step->__shlib_handle != NULL && --step->__counter == 0)
(gdb) 232 assert (step->__end_fct == NULL);
(gdb) 233 }
(gdb) __gconv_close_transform (steps=0x8401f30, nsteps=2) at gconv_db.c:790
790 while (cnt-- > 0)
(gdb) 791 __gconv_release_step (&steps[cnt]);
(gdb) __gconv_release_step (step=0x8401f30) at gconv_db.c:210
210 if (step->__shlib_handle != NULL && --step->__counter == 0)
(gdb) 208 {
(gdb) 210 if (step->__shlib_handle != NULL && --step->__counter == 0)
(gdb) 232 assert (step->__end_fct == NULL);
(gdb) *__GI___assert_fail (assertion=0xb7d7af44 "step->__end_fct == ((void
*)0)",
file=0xb7d76f11 "gconv_db.c", line=232,
function=0xb7d76f36 "__gconv_release_step") at assert.c:50
50 {
(gdb) 54 FATAL_PREPARE;
(gdb) __pthread_setcancelstate (state=1, oldstate=0x0)
at pthread_setcancelstate.c:29
29 {
(gdb) 32 if (state < PTHREAD_CANCEL_ENABLE || state >
PTHREAD_CANCEL_DISABLE)
(gdb) 37 int oldval = THREAD_GETMEM (self, cancelhandling);
(gdb) 42 : oldval & ~CANCELSTATE_BITMASK);
(gdb) 45 if (oldstate != NULL)
(gdb) 52 if (oldval == newval)
(gdb) 57 int curval = THREAD_ATOMIC_CMPXCHG_VAL (self,
cancelhandling, newval,
(gdb) 59 if (__builtin_expect (curval == oldval, 1))
(gdb) 61 if (CANCEL_ENABLED_AND_CANCELED_AND_ASYNCHRONOUS
(newval))
(gdb) 72 }
(gdb) warning: Source file is more recent than executable.
198 {
(gdb) 72 }
(gdb) *__GI___assert_fail (assertion=0xb7d7af44 "step->__end_fct == ((void
*)0)",
file=0xb7d76f11 "gconv_db.c", line=232,
function=0xb7d76f36 "__gconv_release_step") at assert.c:57

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba