Hi, I got the same crash on a VirtualBox VM with r302170 and samba43-4.3.9, tdb-1.3.9,1. Based on the smbd log, when I was on r301989 smbd didn't crash. smbd started crashing when I installed r302170 today. gdb 6.1.1 and 7.11.1 don't see the shared libraries for some reason so I don't get the symbols when opening the core file. lldb works fine. smbclient, smbd, nmbd all panic at the same location: tdb_runtime_check_for_robust_mutexes when calling _pthread_mutex_destroy. When running 'lldb /usr/local/bin/smbclient //HOST/Share', If I point a breakpoint at mutex_assert_not_owned and 'cont' each time, there is no crash (m_qe pointers are both null). Putting a breakpoint at mutex.c:957 and then breaking at mutex_assert_not_owned, I see m_qe.tqe_prev is not null. It points to a null pointer. Core file '/var/tmp/smbclient.50434.core' (x86_64) was loaded. (lldb) bt * thread #1: tid = 100179, 0x00000008047bfcda libc.so.7`thr_kill + 10, name = 'smbclient', stop reason = signal SIGABRT * frame #0: 0x00000008047bfcda libc.so.7`thr_kill + 10 frame #1: 0x00000008047bfcab libc.so.7`__raise(s=6) + 59 at raise.c:52 [opt] frame #2: 0x00000008047bfc19 libc.so.7`abort + 73 at abort.c:65 [opt] frame #3: 0x0000000801481d7a libthr.so.3`_thread_exitf(fname=<unavailable>, lineno=<unavailable>, fmt=<unavailable>) + 138 at thr_exit.c:190 [opt] frame #4: 0x000000080147bcf9 libthr.so.3`mutex_assert_not_owned(curthread=<unavailable>, m=<unavailable>) + 121 at thr_mutex.c:152 [opt] frame #5: 0x000000080147bc27 libthr.so.3`_pthread_mutex_destroy(mutex=0x00000008012e9000) + 87 at thr_mutex.c:474 [opt] frame #6: 0x0000000809abdce3 libtdb.so.1`tdb_runtime_check_for_robust_mutexes + 1475 at mutex.c:957 ... (lldb) f 6 frame #6: 0x0000000809abdce3 libtdb.so.1`tdb_runtime_check_for_robust_mutexes + 1475 at mutex.c:957 954 } 955 } 956 if (m != NULL) { -> 957 pthread_mutex_destroy(m); 958 } 959 if (cleanup_ma) { 960 pthread_mutexattr_destroy(&ma); lldb for smbclient with breakpoint: * thread #1: tid = 100104, 0x000000080147bc8b libthr.so.3`mutex_assert_not_owned(curthread=0x0000000810816000, m=0x0000000801352000) + 11 at thr_mutex.c:150, stop reason = breakpoint 2.1 frame #0: 0x000000080147bc8b libthr.so.3`mutex_assert_not_owned(curthread=0x0000000810816000, m=0x0000000801352000) + 11 at thr_mutex.c:150 [opt] 147 { 148 149 #if defined(_PTHREADS_INVARIANTS) -> 150 if (__predict_false(m->m_qe.tqe_prev != NULL || 151 m->m_qe.tqe_next != NULL)) 152 PANIC("mutex %p own %#x is on list %p %p", 153 m, m->m_lock.m_owner, m->m_qe.tqe_prev, m->m_qe.tqe_next); (lldb) p *m (pthread_mutex) $3 = { m_lock = { m_owner = 100180 m_flags = 17 m_ceilings = ([0] = 0, [1] = 0) m_rb_lnk = 0 m_spare = ([0] = 0, [1] = 0) } m_flags = 1 m_count = 0 m_spinloops = 0 m_yieldloops = 0 m_ps = 2 m_qe = { tqe_next = 0x0000000000000000 tqe_prev = 0x00000008108161a0 } m_pqe = { tqe_next = 0x0000000000000000 tqe_prev = 0x0000000000000000 } m_rb_prev = 0x0000000000000000 } (lldb) p *m->m_qe.tqe_prev (pthread_mutex *) $5 = 0x0000000000000000 Regards, GuyReceived on Fri Jun 24 2016 - 20:03:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC