Will get 'Signal 10' when create/rename file/dir on samba share dir from windows. According to the testing the issue exist on HPUX and Solaris platform. The env: 1. On Solairs10-sparc 2. with security = ADS and using AD user to access samba share dir. The reproduce steps: 1. access samba share dir from windows client.--- successfully 2. create new file(kingson-test), then will get network error. The related logs as: ============= [2015/12/01 00:30:54.208462, 3, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/trans2.c:8018(smbd_do_setfilepathinfo) smbd_do_setfilepathinfo: New Folder (fnum 2694865164) info_level=65290 totdata=46 [2015/12/01 00:30:54.209162, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/trans2.c:6401(smb2_file_rename_information) smb2_file_rename_information: got name |kingson-test| [2015/12/01 00:30:54.209395, 5, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/filename.c:258(unix_convert) unix_convert called on file "kingson-test" [2015/12/01 00:30:54.209631, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [KINGSON-TEST] [2015/12/01 00:30:54.209845, 5, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name = kingson-test, dirpath = , start = kingson-test [2015/12/01 00:30:54.210121, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:418(is_mangled) is_mangled kingson-test ? [2015/12/01 00:30:54.210328, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component kingson-test (len 12) ? [2015/12/01 00:30:54.210566, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:418(is_mangled) is_mangled kingson-test ? [2015/12/01 00:30:54.210771, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component kingson-test (len 12) ? [2015/12/01 00:30:54.211136, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:418(is_mangled) is_mangled kingson-test ? [2015/12/01 00:30:54.211342, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component kingson-test (len 12) ? [2015/12/01 00:30:54.211570, 5, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/filename.c:816(unix_convert) New file kingson-test [2015/12/01 00:30:54.211782, 3, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1143(check_reduced_name) check_reduced_name [kingson-test] [/samba-test] [2015/12/01 00:30:54.212146, 10, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1203(check_reduced_name) check_reduced_name realpath [kingson-test] -> [/samba-test/kingson-test] [2015/12/01 00:30:54.212387, 3, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1273(check_reduced_name) check_reduced_name: kingson-test reduced to /samba-test/kingson-test [2015/12/01 00:30:54.212624, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/trans2.c:6445(smb2_file_rename_information) smb2_file_rename_information: SMB_FILE_RENAME_INFORMATION (fnum 2694865164) New Folder -> kingson-test [2015/12/01 00:30:54.212928, 3, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1143(check_reduced_name) check_reduced_name [kingson-test] [/samba-test] [2015/12/01 00:30:54.213232, 10, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1203(check_reduced_name) check_reduced_name realpath [kingson-test] -> [/samba-test/kingson-test] [2015/12/01 00:30:54.213468, 3, pid=6250, effective(10008, 10008), real(0, 0), class=vfs] ../source3/smbd/vfs.c:1273(check_reduced_name) check_reduced_name: kingson-test reduced to /samba-test/kingson-test [2015/12/01 00:30:54.214527, 3, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/reply.c:6604(rename_internals_fsp) rename_internals_fsp: succeeded doing rename on New Folder -> kingson-test [2015/12/01 00:30:54.214784, 10, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/smbd/notify_internal.c:615(notify_trigger) notify_trigger called action=0x4, filter=0x2, path=/samba-test/New Folder [2015/12/01 00:30:54.215126, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../lib/util/fault.c:78(fault_report) =============================================================== [2015/12/01 00:30:54.215320, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 10 in pid 6250 (4.2.3) Please read the Trouble-Shooting section of the Samba HOWTO [2015/12/01 00:30:54.215585, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../lib/util/fault.c:81(fault_report) =============================================================== [2015/12/01 00:30:54.215864, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/lib/util.c:788(smb_panic_s3) PANIC (pid 6250): internal error [2015/12/01 00:30:54.216130, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/lib/util.c:949(log_stack_trace) unable to produce a stack trace on this platform [2015/12/01 00:30:54.216395, 0, pid=6250, effective(10008, 10008), real(0, 0)] ../source3/lib/dumpcore.c:291(dump_core) Exiting on internal error (core file administratively disabled) [2015/12/01 00:30:54.244966, 3, pid=6230, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:453(remove_child_pid) ../source3/smbd/server.c:453 Unclean shutdown of pid 6250 [2015/12/01 00:30:54.245668, 1, pid=6230, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:462(remove_child_pid) Scheduled cleanup of brl and lock database after unclean shutdown ================
Probably an alignment issue. Can you get a decent backtrace by setting: panic action = /bin/sleep 99999 in the [global] section of your smb.conf, reproducing the issue then attaching to the crashed process (parent of the sleep) using gdb and getting a backtrace ?
(In reply to Jeremy Allison from comment #1) Thanks for reply. It seams cannot get backtrace on Solairs platform. From the detailed logs, "signal 10" get from following dbwrap_parse_record() function. the code: source3/smbd/notify_internal.c: ======= for (p = strchr(path+1, '/'); p != NULL; p = next_p) { ptrdiff_t path_len = p - path; bool recursive; next_p = strchr(p+1, '/'); recursive = (next_p != NULL); dbwrap_parse_record( notify->db_index, make_tdb_data(discard_const_p(uint8_t, path), path_len), notify_trigger_index_parser, &idx_state); if (idx_state.found_my_vnn) { notify_trigger_local(notify, action, filter, path, path_len, recursive); idx_state.found_my_vnn = false; } } ===================
the call relationship as: dbwrap_parse_record-> db_rbt_parse_record -> notify_trigger_index_parser data.dsize=4 and sizeof(uint32_t)=4 but when access new_vnns[0](line 19) will get Signal 10. 1 static void notify_trigger_index_parser(TDB_DATA key, TDB_DATA data, 2 void *private_data) 3 { 4 struct notify_trigger_index_state *state = 5 (struct notify_trigger_index_state *)private_data; 6 uint32_t *new_vnns; 7 size_t i, num_vnns, num_new_vnns, num_remote_vnns; 8 9 if ((data.dsize % sizeof(uint32_t)) != 0) { 10 DEBUG(1, ("Invalid record size in notify index db: %u\n", 11 (unsigned)data.dsize)); 12 return; 13 } 14 new_vnns = (uint32_t *)data.dptr; 15 num_new_vnns = data.dsize / sizeof(uint32_t); 16 num_remote_vnns = num_new_vnns; 17 18 for (i=0; i<num_new_vnns; i++) { 19 if (new_vnns[i] == state->my_vnn) { 20 state->found_my_vnn = true; 21 num_remote_vnns -= 1; 22 } 23 } 24 ... 25 ... 26 } 27 }
After the line of "if (new_vnns[i] == state->my_vnn)" be written something like this uint32_t nv = IVAL(new_vnns,i*4) if (nv == state->my_vnn) { it seams can fix the "Signal 10" error, on the line of "if (new_vnns[i] == state->my_vnn) {". But after fixing above issue will get another " Signal 10", as following line11, after line11, when access struct notify_db_entry *e, will get " Signal 10" (such as line14, line17 and line20) I try to use %p to ping struct notify_db_entry *e, notify_db_entry:%p = 6c422 ================== 1 static NTSTATUS notify_del_entry(struct db_record *rec, 2 const struct server_id *pid, 3 void *private_data) 4 { 5 ... 6 ... 7 num_entries = value.dsize / sizeof(struct notify_db_entry); 8 entries = (struct notify_db_entry *)value.dptr; 9 10 for (i=0; i<num_entries; i++) { 11 struct notify_db_entry *e = &entries[i]; 12 13 if (DEBUGLEVEL >= 10) { 14 NDR_PRINT_DEBUG(notify_db_entry, e); 15 } 16 17 if (e->private_data != private_data) { 18 continue; 19 } 20 if (serverid_equal(&e->server, pid)) { 21 break; 22 } 23 } 24 ... 25 ... 26 }
is this still an issue or did this get fixed with a more up-to-date release?