#0 0xb7f311cd in ltdb_pack_data (module=0x8c36508, message=0x8b64c48, data=0xbfba5c88) at lib/ldb/ldb_tdb/ldb_pack.c:143 ldb = (struct ldb_context *) 0x8a81728 i = 1 j = 0 real_elements = 3 size = 74 dn = 0x8a81670 "hive=NONE" p = (uint8_t *) 0x8c54117 "˙˙˙˙hive=NONE" len = 4 #1 0xb7f2df0d in ltdb_store (module=0x8c36508, msg=0x8b64c48, flgs=2) at lib/ldb/ldb_tdb/ldb_tdb.c:231 ltdb = (struct ltdb_private *) 0x8c0cb08 tdb_key = {dptr = 0x8b0f9d0 "DN=HIVE=NONE", dsize = 13} tdb_data = {dptr = 0x8c540e0 "g\031\001&\003", dsize = 74} ret = -1208738616 #2 0xb7f2e047 in ltdb_add_internal (module=0x8c36508, msg=0x8b64c48) at lib/ldb/ldb_tdb/ldb_tdb.c:269 ret = 0 #3 0xb7f2e1a4 in ltdb_add (module=0x8c36508, req=0x8ca5ae8) at lib/ldb/ldb_tdb/ldb_tdb.c:310 ltdb = (struct ltdb_private *) 0x8c0cb08 ltdb_ac = (struct ltdb_context *) 0x8cd9488 tret = -1208890680 ret = 0 #4 0xb7f1d177 in ldb_request (ldb=0x8a81728, req=0x8ca5ae8) at lib/ldb/common/ldb.c:540 module = (struct ldb_module *) 0x8c36508 ret = 145233704 #5 0xb7f1ce81 in ldb_autotransaction_request (ldb=0x8a81728, req=0x8ca5ae8) at lib/ldb/common/ldb.c:446 ret = 0 #6 0xb7f1dfb0 in ldb_add (ldb=0x8a81728, message=0x8b64c48) at lib/ldb/common/ldb.c:1021 req = (struct ldb_request *) 0x8ca5ae8 ret = 0 #7 0x08395a97 in ldb_set_value (parent=0x8ba4c90, name=0x8a39be8 "Neuer Wert #1", type=1, data= {data = 0x8c0cdd0 "", length = 1}) at lib/registry/ldb.c:480 msg = (struct ldb_message *) 0x8b64c48 kd = (struct ldb_key_data *) 0x8ba4c90 ret = -1208774753 mem_ctx = (TALLOC_CTX *) 0x8bf8d68 __FUNCTION__ = "ldb_set_value" #8 0x0839386e in hive_key_set_value (key=0x8ba4c90, name=0x8a39be8 "Neuer Wert #1", type=1, data= {data = 0x8c0cdd0 "", length = 1}) at lib/registry/hive.c:121 No locals. #9 0x08394192 in local_set_value (key=0x8b16330, name=0x8a39be8 "Neuer Wert #1", type=1, data= {data = 0x8c0cdd0 "", length = 1}) at lib/registry/local.c:219 local = (struct local_key *) 0x8b16330 #10 0x08391a5e in reg_val_set (key=0x8b16330, value=0x8a39be8 "Neuer Wert #1", type=1, data={data = 0x8c0cdd0 "", length = 1}) at lib/registry/interface.c:238 __FUNCTION__ = "reg_val_set" #11 0x082d780e in dcesrv_winreg_SetValue (dce_call=0x8cc5950, mem_ctx=0x8cc5950, r=0x8baeda0) at rpc_server/winreg/rpc_winreg.c:502 h = (struct dcesrv_handle *) 0x8c9d4f8 key = (struct registry_key *) 0x8b16330 result = {v = 145966680} data = {data = 0x8c0cdd0 "", length = 1} #12 0x082d8cea in winreg__op_dispatch (dce_call=0x8cc5950, mem_ctx=0x8cc5950, r=0x8baeda0) at ndr_winreg_s.c:307 r2 = (struct winreg_SetValue *) 0x8baeda0 opnum = 22 __FUNCTION__ = "winreg__op_dispatch" #13 0x082bc244 in dcesrv_request (call=0x8cc5950) at rpc_server/dcerpc_server.c:854 pull = (struct ndr_pull *) 0x89cc438 status = {v = 0} context = (struct dcesrv_connection_context *) 0x8c09c90 __FUNCTION__ = "dcesrv_request" #14 0x082bcdbb in dcesrv_input_process (dce_conn=0x8b2a700) at rpc_server/dcerpc_server.c:1151 ndr = (struct ndr_pull *) 0x8b8dc68 ndr_err = NDR_ERR_SUCCESS status = {v = 3086195940} call = (struct dcesrv_call_state *) 0x8cc5950 blob = {data = 0x8cbed20 "\005", length = 108} #15 0x082bcebc in dcesrv_input (dce_conn=0x8b2a700, data=0x8b56090) at rpc_server/dcerpc_server.c:1189 status = {v = 146036104} #16 0x08294fd5 in ipc_dcerpc_cmd (ntvfs=0x8b48800, req=0x8b0ac88, trans=0x8b56070) at ntvfs/ipc/vfs_ipc.c:748 p = (struct pipe_state *) 0x8b45588 private = (struct ipc_private *) 0x8b6cc98 status = {v = 142966572} fnum_key = {data = 0xbfba61f2 "\001", length = 2} fnum = 1 #17 0x082952ce in ipc_trans (ntvfs=0x8b48800, req=0x8b0ac88, trans=0x8b56070) at ntvfs/ipc/vfs_ipc.c:819 status = {v = 143203590} #18 0x08283c6f in ntvfs_trans (req=0x8b0ac88, trans=0x8b56070) at ntvfs/ntvfs_interface.c:270 ntvfs = (struct ntvfs_module_context *) 0x8b48800 #19 0x08281d73 in reply_trans_complete (req=0x8b52c08, command=37 '%', trans=0x8b56070) at smb_server/smb/trans2.c:1183 op = (struct trans_op *) 0x8b6cc50 #20 0x0828221b in reply_trans_generic (req=0x8b52c08, command=37 '%') at smb_server/smb/trans2.c:1258 trans = (struct smb_trans2 *) 0x8b56070 i = 2 param_ofs = 84 data_ofs = 84 param_count = 0 data_count = 108 param_total = 0 data_total = 108 #21 0x08282721 in smbsrv_reply_trans (req=0x8b52c08) at smb_server/smb/trans2.c:1382 No locals. #22 0x0826ca3e in switch_message (type=37, req=0x8b52c08) at smb_server/smb/receive.c:568 flags = 3 smb_conn = (struct smbsrv_connection *) 0x8a1b578 status = {v = 144815572} __FUNCTION__ = "switch_message" #23 0x0826c59b in smbsrv_recv_smb_request (private=0x8a1b578, blob= {data = 0x8a6a138 "", length = 196}) at smb_server/smb/receive.c:160 smb_conn = (struct smbsrv_connection *) 0x8a1b578 req = (struct smbsrv_request *) 0x8b52c08 cur_time = {tv_sec = 1199828624, tv_usec = 63352} command = 37 '%' __FUNCTION__ = "smbsrv_recv_smb_request" #24 0x087dc0dc in packet_recv (pc=0x8a32fb0) at lib/stream/packet.c:378 npending = 196 status = {v = 0} nread = 196 blob = {data = 0x8a6a138 "", length = 196} __FUNCTION__ = "packet_recv" #25 0x080cbe0b in smbsrv_recv (conn=0x8b2f940, flags=1) at smb_server/smb_server.c:96 smb_conn = (struct smbsrv_connection *) 0x8a1b578 __FUNCTION__ = "smbsrv_recv" #26 0x080deea6 in stream_io_handler (conn=0x8b2f940, flags=1) at smbd/service_stream.c:92 No locals. #27 0x080def16 in stream_io_handler_fde (ev=0x89abd80, fde=0x8a3b850, flags=1, private=0x8b2f940) at smbd/service_stream.c:106 conn = (struct stream_connection *) 0x8b2f940 #28 0x087e7c9c in epoll_event_loop (std_ev=0x89abdc8, tvalp=0xbfba6644) at lib/events/events_standard.c:315 fde = (struct fd_event *) 0x8a3b850 flags = 1 ret = 1 i = 0 events = {{events = 1, data = {ptr = 0x8a3b850, fd = 144947280, u32 = 144947280, u64 = 144947280}}, {events = 489311, data = { ptr = 0x89803fc, fd = 144180220, u32 = 144180220, u64 = 144180220}}, { events = 3216664088, data = {ptr = 0x87e9de6, fd = 142515686, u32 = 142515686, u64 = 13815466905701359078}}, {events = 3216664060, data = {ptr = 0x8acedc4, fd = 145550788, u32 = 145550788, u64 = 13255107835469819332}}, {events = 144358856, data = { ptr = 0x8989258, fd = 144216664, u32 = 144216664, u64 = 144216664}}, { events = 0, data = {ptr = 0xd2, fd = 210, u32 = 210, u64 = 2101574742573266}}, {events = 1199828624, data = {ptr = 0xf5bc, fd = 62908, u32 = 62908, u64 = 620016359249606076}}, { events = 3086267736, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 612056101222875136}}} destruction_count = 324 timeout = 210490 #29 0x087e843d in std_event_loop_once (ev=0x89abd80) at lib/events/events_standard.c:562 std_ev = (struct std_event_context *) 0x89abdc8 tval = {tv_sec = 210, tv_usec = 489311} #30 0x087e84ab in std_event_loop_wait (ev=0x89abd80) at lib/events/events_standard.c:579 std_ev = (struct std_event_context *) 0x89abdc8 #31 0x087e73f3 in event_loop_wait (ev=0x89abd80) at lib/events/events.c:295 No locals. #32 0x080bb007 in binary_smbd_main (binary_name=0x886332b "smbd", argc=4, argv=0xbfba68e4) at smbd/server.c:346 opt_daemon = false opt_interactive = true opt = -1 pc = (poptContext) 0x8989008 static_init = {0x80bcc61 , 0x80c5136 , 0x80c7e2a , 0x80cc3e9 , 0x80cce13 , 0x80d0845 , 0x80d32a8 , 0x80dcb68 , 0x80dce57 , 0x853dc1d , 0x80dd618 , 0} shared_init = (init_module_fn *) 0x0 event_ctx = (struct event_context *) 0x89abd80 status = {v = 0} model = 0x898a5f0 "single" max_runtime = 0 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8980de0, val = 0, descrip = 0x8863092 "Help options:", argDescrip = 0x0}, {longName = 0x88630a0 "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x88630a7 "Become a daemon (default)", argDescrip = 0x0}, { longName = 0x88630c1 "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x88630d0 "Run interactive (not a daemon)", argDescrip = 0x0}, { longName = 0x88630ef "model", shortName = 77 'M', argInfo = 1, arg = 0x0, val = 1002, descrip = 0x88630f5 "Select process model", argDescrip = 0x886310a "MODEL"}, {longName = 0x8863110 "maximum-runtime", shortName = 0 '\0', argInfo = 2, arg = 0xbfba67c8, val = 0, descrip = 0x8863120 "set maximum runtime of the server process, till autotermination", argDescrip = 0x8863160 "seconds"}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8980b80, val = 0, descrip = 0x8863168 "Common samba options:", argDescrip = 0x0}, { longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8980c80, val = 0, descrip = 0x8863168 "Common samba options:", argDescrip = 0x0}, { longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "binary_smbd_main" #33 0x080bb06e in main (argc=4, argv=0xbfba68e4) at smbd/server.c:357 No locals. Starting program: /usr/local/samba/sbin/smbd -i -M single [Thread debugging using libthread_db enabled] [New Thread -1210992960 (LWP 31879)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1210992960 (LWP 31879)] 0x0867a1ed in ltdb_pack_data (module=0x8e78500, message=0x8e039a8, data=0xbffea338) at lib/ldb/ldb_tdb/ldb_pack.c:143 143 memcpy(p+4, message->elements[i].values[j].data, #0 0x0867a1ed in ltdb_pack_data (module=0x8e78500, message=0x8e039a8, data=0xbffea338) at lib/ldb/ldb_tdb/ldb_pack.c:143 ldb = (struct ldb_context *) 0x8e39ce8 i = 1 j = 0 real_elements = 3 size = 95 dn = 0x8e1b7b8 "value=Neuer Wert \\#1,hive=NONE" p = (uint8_t *) 0x8dc7b14 "˙˙˙˙" len = 4 #1 0x08676f5d in ltdb_store (module=0x8e78500, msg=0x8e039a8, flgs=2) at lib/ldb/ldb_tdb/ldb_tdb.c:233 ltdb = (struct ltdb_private *) 0x8d41110 tdb_key = {dptr = 0x8e1b888 "DN=VALUE=NEUER WERT \\#1,HIVE=NONE", dsize = 34} tdb_data = {dptr = 0x8dc7ac8 "g\031\001&\003", dsize = 95} ret = 143636115 #2 0x08677097 in ltdb_add_internal (module=0x8e78500, msg=0x8e039a8) at lib/ldb/ldb_tdb/ldb_tdb.c:272 ret = 0 #3 0x086771f4 in ltdb_add (module=0x8e78500, req=0x8e019d8) at lib/ldb/ldb_tdb/ldb_tdb.c:317 ltdb = (struct ltdb_private *) 0x8d41110 ltdb_ac = (struct ltdb_context *) 0x8e62250 tret = 139983878 ret = 0 #4 0x0858033d in ldb_request (ldb=0x8e39ce8, req=0x8e019d8) at lib/ldb/common/ldb.c:497 module = (struct ldb_module *) 0x8e78500 ret = 149134568 #5 0x0857ffbf in ldb_autotransaction_request (ldb=0x8e39ce8, req=0x8e019d8) at lib/ldb/common/ldb.c:380 ret = 0 #6 0x08581176 in ldb_add (ldb=0x8e39ce8, message=0x8e039a8) at lib/ldb/common/ldb.c:987 req = (struct ldb_request *) 0x8e019d8 ret = 0 #7 0x084e4c38 in ldb_set_value (parent=0x8e2baa0, name=0x8df1968 "Neuer Wert #1", type=1, data= {data = 0x8e03a68 "", length = 1}) at lib/registry/ldb.c:613 msg = (struct ldb_message *) 0x8e039a8 kd = (struct ldb_key_data *) 0x8e2baa0 ret = 148838868 mem_ctx = (TALLOC_CTX *) 0x8e94668 __FUNCTION__ = "ldb_set_value" #8 0x084e21dd in hive_key_set_value (key=0x8e2baa0, name=0x8df1968 "Neuer Wert #1", type=1, data= {data = 0x8e03a68 "", length = 1}) at lib/registry/hive.c:123 No locals. #9 0x084e2bc0 in local_set_value (key=0x8ddf760, name=0x8df1968 "Neuer Wert #1", type=1, data= {data = 0x8e03a68 "", length = 1}) at lib/registry/local.c:215 local = (struct local_key *) 0x8ddf760 #10 0x084d55b0 in reg_val_set (key=0x8ddf760, value=0x8df1968 "Neuer Wert #1", type=1, data={data = 0x8e03a68 "", length = 1}) at lib/registry/interface.c:237 __FUNCTION__ = "reg_val_set" #11 0x08131fee in dcesrv_winreg_SetValue (dce_call=0x8e5e138, mem_ctx=0x8e5e138, r=0x8df7b60) at rpc_server/winreg/rpc_winreg.c:559 h = (struct dcesrv_handle *) 0x8ddf708 key = (struct registry_key *) 0x8ddf760 result = {v = 3084387252} data = {data = 0x8e03a68 "", length = 1} #12 0x08133799 in winreg__op_dispatch (dce_call=0x8e5e138, mem_ctx=0x8e5e138, r=0x8df7b60) at ndr_winreg_s.c:307 r2 = (struct winreg_SetValue *) 0x8df7b60 opnum = 22 __FUNCTION__ = "winreg__op_dispatch" #13 0x08465dd2 in dcesrv_request (call=0x8e5e138) at rpc_server/dcerpc_server.c:865 pull = (struct ndr_pull *) 0x8e1b998 status = {v = 0} context = (struct dcesrv_connection_context *) 0x8df17a0 __FUNCTION__ = "dcesrv_request" #14 0x0846698a in dcesrv_input_process (dce_conn=0x8ddf4f0) at rpc_server/dcerpc_server.c:1162 ndr = (struct ndr_pull *) 0x8dfbc00 ndr_err = NDR_ERR_SUCCESS status = {v = 145165248} call = (struct dcesrv_call_state *) 0x8e5e138 blob = {data = 0x8df1968 "Neuer Wert #1", length = 108} #15 0x08466a8b in dcesrv_input (dce_conn=0x8ddf4f0, data=0x8e624f8) at rpc_server/dcerpc_server.c:1200 status = {v = 149158672} #16 0x08460a46 in ipc_dcerpc_cmd (ntvfs=0x8e197f8, req=0x8e17610, trans=0x8e624d8) at ntvfs/ipc/vfs_ipc.c:748 p = (struct pipe_state *) 0x8e3fb10 private = (struct ipc_private *) 0x8e94738 status = {v = 143531978} fnum_key = {data = 0xbffea942 "\001", length = 2} fnum = 1 #17 0x08460d4d in ipc_trans (ntvfs=0x8e197f8, req=0x8e17610, trans=0x8e624d8) at ntvfs/ipc/vfs_ipc.c:819 status = {v = 28} #18 0x0842d37f in ntvfs_trans (req=0x8e17610, trans=0x8e624d8) at ntvfs/ntvfs_interface.c:270 ntvfs = (struct ntvfs_module_context *) 0x8e197f8 #19 0x083d9e6f in reply_trans_complete (req=0x8e55c20, command=37 '%', trans=0x8e624d8) at smb_server/smb/trans2.c:1204 op = (struct trans_op *) 0x8ea4720 #20 0x083da320 in reply_trans_generic (req=0x8e55c20, command=37 '%') at smb_server/smb/trans2.c:1279 trans = (struct smb_trans2 *) 0x8e624d8 i = 2 param_ofs = 84 data_ofs = 84 param_count = 0 data_count = 108 param_total = 0 data_total = 108 #21 0x083da724 in smbsrv_reply_trans (req=0x8e55c20) at smb_server/smb/trans2.c:1411 No locals. #22 0x083c39a6 in switch_message (type=37, req=0x8e55c20) at smb_server/smb/receive.c:583 flags = 3 smb_conn = (struct smbsrv_connection *) 0x8e3b930 status = {v = 65661} __FUNCTION__ = "switch_message" #23 0x083c34ae in smbsrv_recv_smb_request (private=0x8e3b930, blob= {data = 0x8e622b0 "", length = 196}) at smb_server/smb/receive.c:451 smb_conn = (struct smbsrv_connection *) 0x8e3b930 req = (struct smbsrv_request *) 0x8e55c20 cur_time = {tv_sec = 1215553260, tv_usec = 827510} command = 37 '%' __FUNCTION__ = "smbsrv_recv_smb_request" #24 0x08615c2f in packet_recv (pc=0x8decae0) at lib/stream/packet.c:378 npending = 196 status = {v = 0} nread = 196 blob = {data = 0x8e622b0 "", length = 196} __FUNCTION__ = "packet_recv" #25 0x083b32d1 in smbsrv_recv (conn=0x8e415a8, flags=1) at smb_server/smb_server.c:96 smb_conn = (struct smbsrv_connection *) 0x8e3b930 __FUNCTION__ = "smbsrv_recv" #26 0x085393ea in stream_io_handler (conn=0x8e415a8, flags=1) at smbd/service_stream.c:92 No locals. #27 0x08539465 in stream_io_handler_fde (ev=0x8ac2ed8, fde=0x8d44a60, flags=1, private=0x8e415a8) at smbd/service_stream.c:106 conn = (struct stream_connection *) 0x8e415a8 #28 0x087f6e4c in epoll_event_loop (std_ev=0x8ac2f28, tvalp=0xbffeadd4) at lib/events/events_standard.c:318 fde = (struct fd_event *) 0x8d44a60 flags = 1 ret = 1 i = 0 events = {{events = 1, data = {ptr = 0x8d44a60, fd = 148130400, u32 = 148130400, u64 = 148130400}}, {events = 827170, data = { ptr = 0x12a, fd = 298, u32 = 298, u64 = 298}}, {events = 3221138856, data = {ptr = 0x87f417d, fd = 142557565, u32 = 142557565, u64 = 13834685887918588285}}, {events = 3221138828, data = { ptr = 0x8e43394, fd = 149173140, u32 = 149173140, u64 = 616752579390747540}}, {events = 145501992, data = { ptr = 0x8a70bc0, fd = 145165248, u32 = 145165248, u64 = 145165248}}, { events = 0, data = {ptr = 0x12a, fd = 298, u32 = 298, u64 = 1386492752560426}}, {events = 1215553260, data = {ptr = 0xc9f22, fd = 827170, u32 = 827170, u64 = 624926090985250594}}, { events = 145165248, data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 612321955403530240}}} destruction_count = 68 timeout = 298323 #29 0x087f75d2 in std_event_loop_once (ev=0x8ac2ed8) at lib/events/events_standard.c:566 std_ev = (struct std_event_context *) 0x8ac2f28 tval = {tv_sec = 298, tv_usec = 322818} #30 0x087f7640 in std_event_loop_wait (ev=0x8ac2ed8) at lib/events/events_standard.c:583 std_ev = (struct std_event_context *) 0x8ac2f28 #31 0x087f3c39 in event_loop_wait (ev=0x8ac2ed8) at lib/events/events.c:291 No locals. #32 0x080d89f3 in main (argc=148667160, argv=0x8dc7b18) at smbd/server.c:360 No locals.