Bug 10782 - mangle_hash() can fail to initialize charset (smbd crash).
Summary: mangle_hash() can fail to initialize charset (smbd crash).
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-25 19:17 UTC by Jeremy Allison
Modified: 2014-09-03 07:29 UTC (History)
1 user (show)

See Also:

Attachments
Backtrace (8.64 KB, text/plain)
2014-08-25 19:17 UTC, Jeremy Allison 		no flags Details
git-am fix for master. (1002 bytes, text/plain)
2014-08-25 19:20 UTC, Jeremy Allison 		vl: review+
Details
git-am fix for 4.1.next and 4.0.next. (2.07 KB, patch)
2014-08-25 19:29 UTC, Jeremy Allison 		no flags Details
git-am fix for 4.1.next and 4.0.next. (1.12 KB, patch)
2014-08-26 22:40 UTC, Jeremy Allison 		vl: review+
Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2014-08-25 19:17:19 UTC 
Created attachment 10223 [details]
Backtrace

From: Christian <lnxlists@lownoize.org> reported on the list:

I think i was able to reproduce the error on my test System where i
have debugging symbols enabled (configure --enable-debug).
It happens when i unzip some files to a share via a windows 7 Client.
I used gdb /usr/local/samba4/sbin/smbd core and have attached a bt/bt
full.


Cheers

Christian



[-- Attachment #2 [details]: bt.txt --]
[-- Type: text/plain, Encoding: base64, Size: 3.9K --]

#0  0x00007fdea7acf425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fdea7ad2b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fdea925bae0 in dump_core () at ../source3/lib/dumpcore.c:336
#3  0x00007fdea9249a8c in smb_panic_s3 (why=0x7fdeaaed669d "internal error")
    at ../source3/lib/util.c:808
#4  0x00007fdeaaec2fc8 in smb_panic (why=0x7fdeaaed669d "internal error")
    at ../lib/util/fault.c:159
#5  0x00007fdeaaec2cab in fault_report (sig=11) at ../lib/util/fault.c:77
#6  0x00007fdeaaec2cc0 in sig_fault (sig=11) at ../lib/util/fault.c:88
#7  <signal handler called>
#8  0x00007fdeaaab449d in to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#9  0x00007fdeaaab491f in hash_name_to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#10 0x00007fdeaaab3133 in name_to_8_3 ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#11 0x00007fdeaaa14c0f in smbd_marshall_dir_entry ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#12 0x00007fdeaaa155e4 in smbd_dirptr_lanman2_entry ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#13 0x00007fdeaaa9cf0c in smbd_smb2_find_send ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#14 0x00007fdeaaa9c10d in smbd_smb2_request_process_find ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#15 0x00007fdeaaa83056 in smbd_smb2_request_dispatch ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#16 0x00007fdeaaa83f09 in smbd_smb2_request_dispatch_immediate ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#17 0x00007fdeaa705e48 in tevent_common_loop_immediate ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#18 0x00007fdea926622b in run_events_poll (ev=0x7fdeabf387f0, pollrtn=0,
    pfds=0x0, num_pfds=0) at ../source3/lib/events.c:192
#19 0x00007fdea92668d3 in s3_event_loop_once (ev=0x7fdeabf387f0,
    location=0x7fdeaabe92d8 "../source3/smbd/process.c:3695")
    at ../source3/lib/events.c:303
#20 0x00007fdeaa704f5f in _tevent_loop_once ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#21 0x00007fdeaaa661bd in smbd_process ()
   from /usr/local/samba4/lib/private/libsmbd_base.so
#22 0x00007fdeab52facd in smbd_accept_connection (ev=0x7fdeabf387f0,
    fde=0x7fdeac75f580, flags=1, private_data=0x7fdeac43e660)
    at ../source3/smbd/server.c:628
#23 0x00007fdea9266717 in run_events_poll (ev=0x7fdeabf387f0, pollrtn=1,
    pfds=0x7fdeacbb5880, num_pfds=8) at ../source3/lib/events.c:257
#24 0x00007fdea92669e4 in s3_event_loop_once (ev=0x7fdeabf387f0,
    location=0x7fdeab53417e "../source3/smbd/server.c:954")
    at ../source3/lib/events.c:326
#25 0x00007fdeaa704f5f in _tevent_loop_once ()
   from /usr/local/samba4/lib/private/libtevent.so.0
#26 0x00007fdeab530714 in smbd_parent_loop (ev_ctx=0x7fdeabf387f0,
    parent=0x7fdeabf44e00) at ../source3/smbd/server.c:954
#27 0x00007fdeab531d07 in main (argc=5, argv=0x7fff1b4ba088)
    at ../source3/smbd/server.c:1586
Comment 1 Jeremy Allison 2014-08-25 19:20:41 UTC 
Created attachment 10224 [details]
git-am fix for master.

> Christian <lnxlists@lownoize.org> wrote:
>
> Hello Volker,
>
> the patch fixes the problem for me.
> Samba runs since 12 hours and no backtrace/coredumps anymore.
>
> Thank you very much.

Volker - check if you're happy with the cosmetic changes to the commit message and I'll push to master.

Cheers,

Jeremy.
Comment 2 Jeremy Allison 2014-08-25 19:29:00 UTC 
Created attachment 10225 [details]
git-am fix for 4.1.next and 4.0.next.

Back-port of fix from master.
Comment 3 Jeremy Allison 2014-08-25 19:29:53 UTC 
Comment on attachment 10225 [details]
git-am fix for 4.1.next and 4.0.next.

Argggh. Sorry - attached to wrong bug :-(.
Comment 4 Jeremy Allison 2014-08-26 22:40:19 UTC 
Created attachment 10232 [details]
git-am fix for 4.1.next and 4.0.next.

Fix that went into master. Applies cleanly to 4.1.next, 4.0.next.
Comment 5 Jeremy Allison 2014-08-27 15:32:24 UTC 
Re-assigning to Karolin for inclusion in 4.1.next, 4.0.next.
Jeremy.
Comment 6 Karolin Seeger 2014-09-01 19:28:30 UTC 
Pushed to autobuild-v4-[0|1]-test.
Comment 7 Karolin Seeger 2014-09-03 07:29:39 UTC 
Pushed to both branches.
Closing out bug report.

Thanks!