From: Volker Lendecke Date: Tue, 11 Feb 2020 21:10:32 +0000 (+0100) Subject: lib: Fix a shutdown crash with "clustering = yes" X-Git-Tag: ldb-2.1.1~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1577c2bc13c91ea912ae461870e470065f250c1;p=thirdparty%2Fsamba.git lib: Fix a shutdown crash with "clustering = yes" This is a bit confusing now, sorry for that: register_msg_pool_usage() in the ctdb case uses messaging_ctdb_register_tevent_context(), which talloc_reference()s the central struct messaging_ctdb_fde_ev of the messaging_ctdb_context. In messaging_reinit(), we talloc_free only one of those references and allocate a new messaging_ctdb_fde_ev. The remaining messaging_ctdb_fde_ev should have been deleted as well, but due to the second reference this does not happen. When doing the shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on the properly reinitialized fde_ev, and once much later on the leftover one which references invalid data structures. By the way, this is not a problem with talloc_reference(), this would have happened with explicit refcounting too. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184 --- diff --git a/source3/lib/messages.c b/source3/lib/messages.c index b29df0a44f9..63d6362e0c9 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -602,7 +602,7 @@ static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx, /* Register some debugging related messages */ - register_msg_pool_usage(ctx, ctx); + register_msg_pool_usage(ctx->per_process_talloc_ctx, ctx); register_dmalloc_msgs(ctx); debug_register_msgs(ctx); @@ -699,6 +699,7 @@ NTSTATUS messaging_reinit(struct messaging_context *msg_ctx) } server_id_db_reinit(msg_ctx->names_db, msg_ctx->id); + register_msg_pool_usage(msg_ctx->per_process_talloc_ctx, msg_ctx); return NT_STATUS_OK; }