samba - May 2004 - Signal 11 on winbindd start: memory leak in malloc

Version: 3.0.2a-1 (both in distributed package and in package rebuilt on my 
machine)
OS: Debian testing
Environment: Windows 2000 Active Directory

I am trying to setup winbind on my machine as described in the Samba HOWTO 
collection. I have edited nsswitch.conf and smb.conf as instructed and my 
samba server has joined the domain (security = ads). Kerberos is configured 
and the samba server runs fine.

However every time I start the winbindd daemon, it crashes immediately with 
the following error message:

[2004/05/28 09:33:21, 0] lib/fault.c:fault_report(36)
  ==============================================================[2004/05/28
09:33:21, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 23236 (3.0.2a-Debian)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/05/28 09:33:21, 0] lib/fault.c:fault_report(39)
  ==============================================================[2004/05/28
09:33:21, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2004/05/28 09:33:21, 0] lib/util.c:smb_panic(1408)
  BACKTRACE: 28 stack frames:
   #0 /usr/sbin/winbindd(smb_panic+0x101) [0x80c2491]
   #1 /usr/sbin/winbindd [0x80b06a8]
   #2 /lib/libc.so.6 [0x4018c658]
   #3 /lib/libc.so.6(malloc+0x93) [0x401d3ed3]
   #4 /lib/libc.so.6 [0x401c2e8f]
   #5 /lib/libc.so.6(fopen+0x2f) [0x401c2f4f]
   #6 /lib/libnss_files.so.2 [0x4039e275]
   #7 /lib/libnss_files.so.2(_nss_files_gethostbyname_r+0x37) [0x4039e747]
   #8 /lib/libc.so.6(gethostbyname_r+0x10b) [0x4024d96b]
   #9 /lib/libc.so.6(gethostbyname+0xf6) [0x4024d2e6]
   #10 /usr/sbin/winbindd(interpret_addr+0x88) [0x80c1bf8]
   #11 /usr/sbin/winbindd(interpret_addr2+0x11) [0x80c1cb1]
   #12 /usr/sbin/winbindd [0x8107075]
   #13 /usr/sbin/winbindd [0x8107685]
   #14 /usr/sbin/winbindd(get_dc_list+0x297) [0x8107e97]
   #15 /usr/sbin/winbindd(get_sorted_dc_list+0x40) [0x8107b70]
   #16 /usr/sbin/winbindd [0x815e94d]
   #17 /usr/sbin/winbindd(ads_connect+0x65) [0x815ebd5]
   #18 /usr/sbin/winbindd [0x816a89e]
   #19 /usr/sbin/winbindd(get_dc_name+0x69) [0x816ad19]
   #20 /usr/sbin/winbindd [0x807cd56]
   #21 /usr/sbin/winbindd(set_dc_type_and_flags+0x65) [0x807dc85]
   #22 /usr/sbin/winbindd [0x80739ad]
   #23 /usr/sbin/winbindd(add_trusted_domains+0x197) [0x8073e37]
   #24 /usr/sbin/winbindd(init_domain_list+0xdf) [0x807407f]
   #25 /usr/sbin/winbindd(main+0x40f) [0x806e6bf]
   #26 /lib/libc.so.6(__libc_start_main+0xc6) [0x40178dc6]
   #27 /usr/sbin/winbindd(chroot+0x35) [0x806ccd1]

There were similar problem reports in February 2004:
ww m-pubsyssamba,     2004-02-04
Christopher Odenbach, 2004-02-10
Since in both messages the advise was to use valgrind to analyze the problem 
(obviously because of the malloc call), I ran winbindd with "valgrind 
--leak-check=yes" and here's the result:


==23407== Memcheck, a memory error detector for x86-linux.
==23407== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward.
==23407== Using valgrind-2.1.1, a program supervision framework for 
x86-linux.
==23407== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
==23407== For more details, rerun with: -v
==23407===23407===23407== ERROR SUMMARY: 0 errors from 0 contexts (suppressed:
45 from 1)
==23407== malloc/free: in use at exit: 705082 bytes in 390 blocks.
==23407== malloc/free: 2634 allocs, 2244 frees, 1446331 bytes allocated.
==23407== For counts of detected errors, rerun with: -v
==23407== searching for pointers to 390 not-freed blocks.
==23407== checked 5367356 bytes.
==23407===23407== 28 bytes in 1 blocks are definitely lost in loss record 10 of
27
==23407==    at 0x3C01F40D: malloc (vg_replace_malloc.c:105)
==23407==    by 0x3C1F196F: strdup (in /lib/libc-2.3.2.so)
==23407==    by 0x80BA887: (within /usr/sbin/winbindd)
==23407==    by 0x80ABA9B: lp_set_logfile (in /usr/sbin/winbindd)
==23407===23407== LEAK SUMMARY:
==23407==    definitely lost: 28 bytes in 1 blocks.
==23407==    possibly lost:   0 bytes in 0 blocks.
==23407==    still reachable: 705054 bytes in 389 blocks.
==23407==         suppressed: 0 bytes in 0 blocks.
==23407== Reachable blocks (those to which a pointer was found) are not 
shown.
==23407== To see them, rerun with: --show-reachable=yes
vassil-d:~# ==23409== Conditional jump or move depends on uninitialised 
value(s)
==23409==    at 0x3C0EA05A: krb5_get_cred_via_tkt (in 
/usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0E981D: (within /usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0E9CD2: krb5_get_cred_from_kdc (in 
/usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0EA6D5: krb5_get_credentials (in 
/usr/lib/libkrb5.so.3.2)
==23409===23409== Conditional jump or move depends on uninitialised value(s)
==23409==    at 0x3C0EA05A: krb5_get_cred_via_tkt (in 
/usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0E9AB5: (within /usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0E9CD2: krb5_get_cred_from_kdc (in 
/usr/lib/libkrb5.so.3.2)
==23409==    by 0x3C0EA6D5: krb5_get_credentials (in 
/usr/lib/libkrb5.so.3.2)

If you need any more information for debugging the problem, I'll be glad to 
provide it- valgrind output with more parameters, system configuration, 
whatever.

Good luck,
Vassil Dichev

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail