Bug 10782 - mangle_hash() can fail to initialize charset (smbd crash).
Summary: mangle_hash() can fail to initialize charset (smbd crash).
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2014-08-25 19:17 UTC by Jeremy Allison
Modified: 2014-09-03 07:29 UTC (History)
1 user (show)

See Also:

Backtrace (8.64 KB, text/plain)
2014-08-25 19:17 UTC, Jeremy Allison
no flags Details
git-am fix for master. (1002 bytes, text/plain)
2014-08-25 19:20 UTC, Jeremy Allison
vl: review+
git-am fix for 4.1.next and 4.0.next. (2.07 KB, patch)
2014-08-25 19:29 UTC, Jeremy Allison
no flags Details
git-am fix for 4.1.next and 4.0.next. (1.12 KB, patch)
2014-08-26 22:40 UTC, Jeremy Allison
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2014-08-25 19:17:19 UTC
Created attachment 10223 [details]

From: Christian <lnxlists@lownoize.org> reported on the list:

I think i was able to reproduce the error on my test System where i
have debugging symbols enabled (configure --enable-debug).
It happens when i unzip some files to a share via a windows 7 Client.
I used gdb /usr/local/samba4/sbin/smbd core and have attached a bt/bt



[-- Attachment #2 [details]: bt.txt --]
[-- Type: text/plain, Encoding: base64, Size: 3.9K --]

#0  0x00007fdea7acf425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fdea7ad2b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fdea925bae0 in dump_core () at ../source3/lib/dumpcore.c:336
#3  0x00007fdea9249a8c in smb_panic_s3 (why=0x7fdeaaed669d "internal error")
    at ../source3/lib/util.c:808
#4  0x00007fdeaaec2fc8 in smb_panic (why=0x7fdeaaed669d "internal error")
    at ../lib/util/fault.c:159
#5  0x00007fdeaaec2cab in fault_report (sig=11) at ../lib/util/fault.c:77
#6  0x00007fdeaaec2cc0 in sig_fault (sig=11) at ../lib/util/fault.c:88
#7  <signal handler called>
#8  0x00007fdeaaab449d in to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#9  0x00007fdeaaab491f in hash_name_to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#10 0x00007fdeaaab3133 in name_to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#11 0x00007fdeaaa14c0f in smbd_marshall_dir_entry ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#12 0x00007fdeaaa155e4 in smbd_dirptr_lanman2_entry ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#13 0x00007fdeaaa9cf0c in smbd_smb2_find_send ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#14 0x00007fdeaaa9c10d in smbd_smb2_request_process_find ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#15 0x00007fdeaaa83056 in smbd_smb2_request_dispatch ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#16 0x00007fdeaaa83f09 in smbd_smb2_request_dispatch_immediate ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#17 0x00007fdeaa705e48 in tevent_common_loop_immediate ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#18 0x00007fdea926622b in run_events_poll (ev=0x7fdeabf387f0, pollrtn=0,
    pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192
#19 0x00007fdea92668d3 in s3_event_loop_once (ev=0x7fdeabf387f0,
    location=0x7fdeaabe92d8 "../source3/smbd/process.c:3695")
    at ../source3/lib/events.c:303
#20 0x00007fdeaa704f5f in _tevent_loop_once ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#21 0x00007fdeaaa661bd in smbd_process ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#22 0x00007fdeab52facd in smbd_accept_connection (ev=0x7fdeabf387f0,
    fde=0x7fdeac75f580, flags=1, private_data=0x7fdeac43e660)
    at ../source3/smbd/server.c:628
#23 0x00007fdea9266717 in run_events_poll (ev=0x7fdeabf387f0, pollrtn=1,
    pfds=0x7fdeacbb5880, num_pfds=8) at ../source3/lib/events.c:257
#24 0x00007fdea92669e4 in s3_event_loop_once (ev=0x7fdeabf387f0,
    location=0x7fdeab53417e "../source3/smbd/server.c:954")
    at ../source3/lib/events.c:326
#25 0x00007fdeaa704f5f in _tevent_loop_once ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#26 0x00007fdeab530714 in smbd_parent_loop (ev_ctx=0x7fdeabf387f0,
    parent=0x7fdeabf44e00) at ../source3/smbd/server.c:954
#27 0x00007fdeab531d07 in main (argc=5, argv=0x7fff1b4ba088)
    at ../source3/smbd/server.c:1586
Comment 1 Jeremy Allison 2014-08-25 19:20:41 UTC
Created attachment 10224 [details]
git-am fix for master.

> Christian <lnxlists@lownoize.org> wrote:
> Hello Volker,
> the patch fixes the problem for me.
> Samba runs since 12 hours and no backtrace/coredumps anymore.
> Thank you very much.

Volker - check if you're happy with the cosmetic changes to the commit message and I'll push to master.


Comment 2 Jeremy Allison 2014-08-25 19:29:00 UTC
Created attachment 10225 [details]
git-am fix for 4.1.next and 4.0.next.

Back-port of fix from master.
Comment 3 Jeremy Allison 2014-08-25 19:29:53 UTC
Comment on attachment 10225 [details]
git-am fix for 4.1.next and 4.0.next.

Argggh. Sorry - attached to wrong bug :-(.
Comment 4 Jeremy Allison 2014-08-26 22:40:19 UTC
Created attachment 10232 [details]
git-am fix for 4.1.next and 4.0.next.

Fix that went into master. Applies cleanly to 4.1.next, 4.0.next.
Comment 5 Jeremy Allison 2014-08-27 15:32:24 UTC
Re-assigning to Karolin for inclusion in 4.1.next, 4.0.next.
Comment 6 Karolin Seeger 2014-09-01 19:28:30 UTC
Pushed to autobuild-v4-[0|1]-test.
Comment 7 Karolin Seeger 2014-09-03 07:29:39 UTC
Pushed to both branches.
Closing out bug report.