Bug 1465 - segv in smbd related to quota support
segv in smbd related to quota support
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.14a
x86 Linux
: P3 regression
: none
Assigned To: Gerald (Jerry) Carter
Samba QA Contact
:
: 3279 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-18 11:14 UTC by Andrei Nazarenko
Modified: 2006-02-01 09:32 UTC (History)
3 users (show)

See Also:


Attachments
Here is level 10 log (549.01 KB, text/plain)
2004-12-01 14:47 UTC, Andrei Nazarenko
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrei Nazarenko 2004-06-18 11:14:31 UTC
Running Samba 3.0.4 (installed from RPM) on SuSE 8.2 on Intel x86.

The following log entries repeat many times (15+). The user under Windows 2000 
gets the error message, while trying to create a shortcut to a file in the same 
folder (located on Samba share): "The shortcut cannot be created. Your disk may 
be full or you do not have permission to access the folder". However, *copying* 
files to the same share works fine.

Restarting SMB daemon with "/etc/init.d/smb restart" does not rectify the 
problem. After full system reboot it works again until the next panic.

----------------------------------------------------------------------------

[2004/06/18 19:16:02, 1] smbd/service.c:make_connection_snum(619)
  tsxxxx (172.19.72.138) connect to service thd2 initially as user smbuser1 
(uid=509, gid=501) (pid 15062)
[2004/06/18 19:16:02, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/06/18 19:16:02, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 15062 (3.0.4-SerNet-SuSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/06/18 19:16:02, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/06/18 19:16:02, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
[2004/06/18 19:16:02, 0] lib/util.c:smb_panic2(1406)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x18c) [0x819fb35]
   #1 /usr/sbin/smbd(smb_panic+0x10) [0x819f9a7]
   #2 /usr/sbin/smbd [0x818f96e]
   #3 /usr/sbin/smbd [0x818f9c3]
   #4 /lib/libc.so.6 [0x4021a5c8]
   #5 /lib/libc.so.6(__getmntent_r+0x56) [0x402cd1e6]
   #6 /lib/libc.so.6(getmntent+0x6d) [0x402cd07d]
   #7 /usr/sbin/smbd [0x80cbed1]
   #8 /usr/sbin/smbd(sys_get_quota+0x8e) [0x80cc6ed]
   #9 /usr/sbin/smbd(disk_quotas+0x30) [0x80cf304]
   #10 /usr/sbin/smbd [0x8082963]
   #11 /usr/sbin/smbd(sys_disk_free+0x1a) [0x8082b6c]
   #12 /usr/sbin/smbd(vfswrap_disk_free+0x1a) [0x80be6d1]
   #13 /usr/sbin/smbd [0x80adc3a]
   #14 /usr/sbin/smbd(reply_trans2+0xb5e) [0x80b466f]
   #15 /usr/sbin/smbd [0x80c80e0]
   #16 /usr/sbin/smbd [0x80c8172]
   #17 /usr/sbin/smbd(process_smb+0x1d6) [0x80c8491]
   #18 /usr/sbin/smbd(smbd_process+0x158) [0x80c9004]
   #19 /usr/sbin/smbd(main+0x769) [0x81f812e]
   #20 /lib/libc.so.6(__libc_start_main+0xce) [0x402068ae]
   #21 /usr/sbin/smbd(ldap_msgfree+0x71) [0x8076d61]
[2004/06/18 19:16:02, 0] lib/util_sock.c:get_peer_addr(978)
  getpeername failed. Error was Transport endpoint is not connected
[2004/06/18 19:16:02, 0] lib/util_sock.c:read_socket_data(367)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/06/18 19:16:02, 1] smbd/service.c:make_connection_snum(619)

---------------------------------------------------------------------------
Comment 1 Andrei Nazarenko 2004-06-18 11:15:34 UTC
This didn't seem to happen with Samba 3.0.2a although the system is used more 
extensively with the 3.0.4 version.
Comment 2 Joosep-Georg Järvemaa 2004-06-28 08:33:36 UTC
[2004/06/28 10:07:30, 1] smbd/service.c:make_connection_snum(619)
  herbert (192.168.0.1) connect to service georg initially as user georg
(uid=1000, gid=100) (pid 4366)
[2004/06/28 10:07:35, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/06/28 10:07:35, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 4366 (3.0.2a-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/06/28 10:07:35, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/06/28 10:07:35, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
[2004/06/28 10:07:35, 0] lib/util.c:smb_panic2(1406)
  BACKTRACE: 21 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x1ec) [0x81ee9e5]
   #1 /usr/sbin/smbd(smb_panic+0x25) [0x81ee7f3]
   #2 /usr/sbin/smbd [0x81da9b7]
   #3 /usr/sbin/smbd [0x81daa2d]
   #4 [0xffffe440]
   #5 /lib/tls/libc.so.6(getmntent+0x54) [0x4034f7c4]
   #6 /usr/sbin/smbd [0x80decc3]
   #7 /usr/sbin/smbd(sys_get_quota+0xad) [0x80df685]
   #8 /usr/sbin/smbd(disk_quotas+0x51) [0x80e31b1]
   #9 /usr/sbin/smbd [0x8087628]
   #10 /usr/sbin/smbd(sys_disk_free+0x2d) [0x80878e3]
   #11 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80ce868]
   #12 /usr/sbin/smbd [0x80bb23d]
   #13 /usr/sbin/smbd(reply_trans2+0xca0) [0x80c2cbf]
   #14 /usr/sbin/smbd [0x80da408]
   #15 /usr/sbin/smbd [0x80da4cd]
   #16 /usr/sbin/smbd(process_smb+0x241) [0x80da8b0]
   #17 /usr/sbin/smbd(smbd_process+0x199) [0x80db525]
   #18 /usr/sbin/smbd(main+0x8d9) [0x8265bc5]
   #19 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x402b24b0]
   #20 /usr/sbin/smbd [0x8078241]
Comment 3 Joosep-Georg Järvemaa 2004-07-01 03:46:55 UTC
[2004/07/01 13:41:30, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/07/01 13:41:30, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 28798 (3.0.4-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/07/01 13:41:30, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/07/01 13:41:30, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
[2004/07/01 13:41:30, 0] lib/util.c:smb_panic2(1406)
  BACKTRACE: 17 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x120) [0x8202790]
   #1 /usr/sbin/smbd(smb_panic+0x26) [0x8202956]
   #2 /usr/sbin/smbd [0x81edf20]
   #3 [0xffffe440]
   #4 /lib/tls/libc.so.6(getmntent+0x54) [0x403467c4]
   #5 /usr/sbin/smbd [0x80e6488]
   #6 /usr/sbin/smbd(sys_get_quota+0xed) [0x80e6ead]
   #7 /usr/sbin/smbd(disk_quotas+0x5a) [0x80eaf9a]
   #8 /usr/sbin/smbd(sys_disk_free+0xcb) [0x8087afb]
   #9 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80d83b9]
   #10 /usr/sbin/smbd(reply_dskattr+0x81) [0x80a4921]
   #11 /usr/sbin/smbd [0x80e2287]
   #12 /usr/sbin/smbd(process_smb+0x1aa) [0x80e282a]
   #13 /usr/sbin/smbd(smbd_process+0x16b) [0x80e2c9b]
   #14 /usr/sbin/smbd(main+0x526) [0x827cff6]
   #15 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x402a94b0]
   #16 /usr/sbin/smbd [0x8078ba1]
Comment 4 Joosep-Georg Järvemaa 2004-07-01 03:57:05 UTC
georg@elfi:~> smbclient //localhost/documents
Password:
Domain=[ELFI] OS=[Unix] Server=[Samba 3.0.4-SUSE]
smb: \> dir
  .                                   D        0  Mon Jun 28 15:59:13 2004
  ..                                  D        0  Mon Jun 28 15:31:07 2004
  Jaan                                D        0  Mon Jun 28 16:00:16 2004
  Hergo                               D        0  Mon Jun 28 15:52:04 2004
  Jaak                                D        0  Mon Jun 28 15:52:10 2004
  Andres                              D        0  Mon Jun 28 15:52:26 2004
  Uno                                 D        0  Mon Jun 28 15:52:37 2004
  Liina                               D        0  Mon Jun 28 15:52:54 2004
  Tiina                               D        0  Mon Jun 28 15:53:07 2004
  Janne                               D        0  Mon Jun 28 15:53:15 2004
  K-Büroo                            D        0  Mon Jun 28 15:59:10 2004
  Peeter                              D        0  Mon Jun 28 15:53:20 2004
  Ivo                                 D        0  Mon Jun 28 15:55:03 2004
  Siim                                D        0  Mon Jun 28 15:55:21 2004
Error in dskattr: Call returned zero bytes (EOF)
smb: \> cd Jaan
cd \Jaan\: Call returned zero bytes (EOF)
smb: \> dir
Call returned zero bytes (EOF) listing *
Error in dskattr: Call returned zero bytes (EOF)
smb: \>
Comment 5 Andrei Nazarenko 2004-07-05 10:23:17 UTC
Perhaps I should add more details to my first report:

SuSE Linux 8.2 is running with an SMP Kernel, 2xCPUs in Dell PowerEdge 2650 
server, Intel platform. Kernel version is 2.40.20.

The bug occures even with only one user connected (problem is not caused by 
high system load). It is not possible to say what causes the problem. Sometimes 
the system is fine for hours, and sometimes it takes only a few file operations 
to cause Signal 11 panic.

The easiest way to describe the problem is the following: the MSOfficeXP 
document located on Samba share is opened by Windows client for editing. It 
reads fine, but as soon as the user tries to save the document back to the 
share, the Panic on Signal 11 occures and the file on the Samba share becomes 
zero in length. Windows client gets file access error and saving is impossible.

The strange thing is that the file can be saved locally on Windows client 
machine and then *copied* to Samba share without any problem! (Even overwriting 
that zero-length file *by copying over* works fine).

This problem was present in Samba 2.8.0a, where it occured immediately every 
time the document was saved. Now with 3.0.4 it happens sporadically, and makes 
it impossible to run Samba in a production environment.
Comment 6 Björn Jacke 2004-07-07 05:07:43 UTC
I saw several reports like that with suse 8.2 installations. is it possible for
you to set up the same environment on a suse 9.0/9.1 ? Might be a non samba issue.
Comment 7 Andrei Nazarenko 2004-07-07 06:10:42 UTC
Björn,

Thank you for addressing this issue.

I would love to go SuSE 9.1, but unfortunately the newer kernel versions 
supplied with 9.x do not have PERC RAID controller support compiled in.

 I tried to ask at the official Dell Linux forum if there's a way to run SuSE 
on these Dell PowerEdge machines, but I got no reply. See 
http://forums.us.dell.com/supportforums/board/message?
board.id=pes_linux&message.id=1951

I have gone back to Samba 3.0.2 as it was the only older RPM I could find for 
SuSE 8.2 distribution. It has been running for 15 hours now in the production 
environment and so far there hasn't been a Signal 11 panic. (I keep my fingers 
crossed).
Comment 8 Joosep-Georg Järvemaa 2004-07-08 01:24:13 UTC
I have SuSE 9.1 and it appears that I got rid of the problem after setting up 
disk quotas on my system. Thanks for Jeremy Allison
(news://news.gmane.org:119/20040701230543.GB24250@legion.cup.hp.com)
Comment 9 Andrei Nazarenko 2004-07-12 09:45:20 UTC
Well, it does not seem to be an OS issue. At least not directly.
I am now running Samba 3.0.2 on the same machine that had problems with 3.0.4.

The older version (3.0.2) has been running in a productive environment for 4 
working days now, with ~25 users connecting simultaneously and no problems 
whatsover.

I cannot say with a 100% reliability that the the problem is gone for good with 
an older version, but with 3.0.4 usually I would get it at least 2 times a day 
(sometimes much more). Now with 3.0.2 I haven't had it for 4 days.

I'll keep watching...
Comment 10 Andrei Nazarenko 2004-07-19 10:20:52 UTC
This is just to confirm that 3.0.2 has been running without any problems for 10 
days now, meaning there is definitely an issue with 3.0.4.

I have noticed theres a 3.0.5RC1 available for download, with some bugs fixed 
that sound similar to the problems I've been having. Going to give it a try...
Comment 11 Andrei Nazarenko 2004-07-21 12:31:44 UTC
Tried 3.0.5RC1 on the above mentioned machine running SuSE 8.2.

Unusable at all... :(


Browsing folders is ok, but as soon as *any* operation is attempted on a file, 
the Windows explorer freezes, and after a couple of minutes it says that share 
is unavailable.  The message in samba log looks like this:

[2004/07/19 21:23:49, 0] lib/util_sock.c:read_socket_data(384)
  read_socket_data: recv failure for 4. Error = Connection reset by peer

So back to 3.0.2... :((
Comment 12 Gerald (Jerry) Carter 2004-08-26 14:25:44 UTC
can you give 3.0.6 a quick test and see if the bug is 
fixed there.  The diff is fairly large.  Thanks.
Comment 13 Ties Dethlefs 2004-09-03 04:45:57 UTC
I had the same problem on a SuSE 9.1 machine with the security update from Samba
3.0.2 to 3.0.4 provided by Suse. Today I've installed the 3.0.6 Suse rpm from
www.samba.org and it works fine now.
Comment 14 Gerald (Jerry) Carter 2004-09-03 05:34:54 UTC
fixed in 3.0.6.  Thanks for testing.
Comment 15 Andrei Nazarenko 2004-09-06 11:29:29 UTC
Tried 3.0.6 today. Got a bit further with it than with 3.0.5RC, which did not 
work at all, but still far from perfect.  :(

The testing is done on SuSE 8.2 Intel machine, 2xCPUs, SMP Kernel 2.4.20

I have only installed 2 RPM packages from the official Samba binaries:
samba3-3.0.6-1.rpm
samba3-client-3.0.6-1.rpm

The config file is very basic, as I only need filesharing features:

===========================================

[global]
        server string = Samba
        map to guest = Bad User
        guest account = nobody
        syslog = 3
        unix charset = ISO8859-1
        display charset = ISO8859-1

[htdocs]
        path = /srv/www
        valid users = +FERM
        write list = +FERM
        force user = wwwrun
        force group = www
        create mask = 0660
        directory mask = 0770
        read only = No
        browseable = No

======================================================

Once I start the smb daemon I can successfully map and browse the "htdocs" 
share. Then I try to create a text file from Windows explorer. I open this text 
file with the Notepad or Wordpad and edit it. When I try to save I get the 
error message saying that the access to file is denied. After that I close 
Notepad/Wordpad and do the smbstatus command. Here is the result:


Samba version 3.0.6-SUSE
PID     Username      Group         Machine
-------------------------------------------------------------------
 6106   nazaand       FERM          pc39789      (172.17.28.101)

Service      pid     machine       Connected at
-------------------------------------------------------
htdocs        6106   pc39789       Mon Sep  6 20:22:56 2004
Locked files:
Pid    DenyMode   Access      R/W        Oplock           Name
--------------------------------------------------------------
6105   DENY_ALL   0x2019f     RDWR       EXCLUSIVE+BATCH  /srv/www/htdocs/New 
Text Document.txt   Mon Sep  6 20:22:50 2004


The oplock remains long after the file editing application was closed.
And here is the contents of the log file. Signal 11 panic is still there.

Starting Samba SMB daemon                done
cts2:/etc/samba # cat /var/log/samba/log.smbd
[2004/09/06 20:27:30, 0] smbd/server.c:main(760)
  smbd version 3.0.6-SUSE started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2004/09/06 20:27:32, 1] smbd/service.c:make_connection_snum(648)
  pc39789 (172.17.28.101) connect to service htdocs initially as user wwwrun 
(uid=30, gid=8) (pid 6136)
[2004/09/06 20:27:37, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/09/06 20:27:37, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 6136 (3.0.6-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/09/06 20:27:37, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/09/06 20:27:37, 0] lib/util.c:smb_panic2(1385)
  PANIC: internal error
[2004/09/06 20:27:37, 0] lib/util.c:smb_panic2(1393)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81d6e1f]
   #1 /usr/sbin/smbd(smb_panic+0x19) [0x81d6c67]
   #2 /usr/sbin/smbd [0x81c50ed]
   #3 /usr/sbin/smbd [0x81c5162]
   #4 /lib/libc.so.6 [0x4021a5c8]
   #5 /lib/libc.so.6(__getmntent_r+0x56) [0x402cd1e6]
   #6 /lib/libc.so.6(getmntent+0x6d) [0x402cd07d]
   #7 /usr/sbin/smbd [0x80dd53a]
   #8 /usr/sbin/smbd(sys_get_quota+0xa0) [0x80dde5c]
   #9 /usr/sbin/smbd(disk_quotas+0x46) [0x80e1392]
   #10 /usr/sbin/smbd [0x808e60b]
   #11 /usr/sbin/smbd(sys_disk_free+0x2d) [0x808e861]
   #12 /usr/sbin/smbd(vfswrap_disk_free+0x2d) [0x80cf244]
   #13 /usr/sbin/smbd [0x80bbbd5]
   #14 /usr/sbin/smbd(reply_trans2+0x8e4) [0x80c3ca4]
   #15 /usr/sbin/smbd [0x80d9079]
   #16 /usr/sbin/smbd [0x80d9129]
   #17 /usr/sbin/smbd(process_smb+0x1eb) [0x80d946e]
   #18 /usr/sbin/smbd(smbd_process+0x170) [0x80da043]
   #19 /usr/sbin/smbd(main+0x7d6) [0x8248464]
   #20 /lib/libc.so.6(__libc_start_main+0xce) [0x402068ae]
   #21 /usr/sbin/smbd(ldap_msgfree+0x71) [0x80814f1]


Could this be perhaps related to 2xCPU kernel/oplocks?


Version 3.0.2 still works fine, by the way. All versions after that exhibit 
this problem.
Comment 16 Andrei Nazarenko 2004-09-27 06:12:00 UTC
Tried Samba 3.0.7 today. It is getting better, but not there yet...
Maybe this bug should be closed and another open instead, because the Signal 11 
Panic is gone, however Samba is still unusable.

Same setup and config as in the comment #15.
Somewhat different results (similar to #11, but not exactly the same):

What is OK:
- No more Signal 11 Panic
- Browsing the share is OK
- Creating, copying, moving, renaming, deleting files/folders is OK

What is not OK:
the following sequence of actions gives a strange new error:
 1) create new text file (0 bytes length)  - OK
 2) open this file with the Windows Notepad - OK
 3) type text ("test test test") and save the file - OK
    (the byte length changes correctly)
 4) try to open this file AGAIN with Notepad - NOT OK:
    after a long waiting time (~1 minute) the file is opened,
    but instead of the original contents there is a string:
    "   IÿSMB.    ˆ"  (without quotes)
    If other string is used, the first letter changes,
    but "ÿSMB." is always present.
    During the opening time the "smbstatus" command  gives the following output:

    
Samba version 3.0.7-SUSE
PID     Username      Group         Machine
-------------------------------------------------------------------
 1329   nazaand       FERM          pc35632      (172.17.27.106)

Service      pid     machine       Connected at
-------------------------------------------------------
IPC$          1329   pc35632       Mon Sep 27 15:00:31 2004
htdocs        1329   pc35632       Mon Sep 27 14:54:58 2004
Locked files:
Pid    DenyMode   Access      R/W        Oplock           Name
--------------------------------------------------------------
1329   DENY_NONE  0x20089     RDONLY     EXCLUSIVE+BATCH  /srv/www/test.txt   
Mon Sep 27 15:00:47 2004

After the file is "open" (in a corrupt manner), the "IPC$" share is not present 
and there are no "Locked files".
  
 5) If one tries to save this wrongly opened file, Windows gives an 
error "Delayed Write Failed", after 1 minute waiting time and the "smbstatus" 
shows the same file being in "1355 DENY_WRITE 0x2019f  RDWR EXCLUSIVE+BATCH" 
lock mode.

 6) Every time the ~1 minute wait is experienced, the log file has the 
following entries:

[2004/09/27 15:02:05, 1] smbd/service.c:make_connection_snum(648)
  pc35632 (172.17.27.106) connect to service htdocs initially as user wwwrun 
(uid=30, gid=8) (pid 1355)
[2004/09/27 15:07:33, 0] lib/util_sock.c:read_socket_data(384)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/09/27 15:07:33, 1] smbd/service.c:close_cnum(837)
  pc35632 (172.17.27.106) closed connection to service htdocs
Comment 17 Andrei Nazarenko 2004-12-01 14:16:57 UTC
Tried Samba 3.0.9 today with the same H/W and OS as in Comment #15.
The results are the same as in comment #15.

Why on Earth it is just me having this problem??
Are there any people out there who have 2xCPUs Intel machines running Linux on them?


Here is the log file....


[2004/12/01 22:07:58, 1] smbd/service.c:make_connection_snum(648)
  abx-eurex2 (172.17.27.106) connect to service htdocs initially as user wwwrun
(uid=30, gid=8) (pid 5695)
[2004/12/01 22:08:38, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/12/01 22:08:38, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 5695 (3.0.9-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/12/01 22:08:38, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/12/01 22:08:38, 0] lib/util.c:smb_panic2(1403)
  PANIC: internal error
[2004/12/01 22:08:38, 0] lib/util.c:smb_panic2(1411)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81d7e0c]
   #1 /usr/sbin/smbd(smb_panic+0x19) [0x81d7c54]
   #2 /usr/sbin/smbd [0x81c5c85]
   #3 /usr/sbin/smbd [0x81c5cfa]
   #4 /lib/libc.so.6 [0x4021a5c8]
   #5 /lib/libc.so.6(__getmntent_r+0x56) [0x402cd1e6]
   #6 /lib/libc.so.6(getmntent+0x6d) [0x402cd07d]
   #7 /usr/sbin/smbd [0x80dd512]
   #8 /usr/sbin/smbd(sys_get_quota+0xa0) [0x80dde34]
   #9 /usr/sbin/smbd(disk_quotas+0x46) [0x80e136a]
   #10 /usr/sbin/smbd [0x808e6d3]
   #11 /usr/sbin/smbd(sys_disk_free+0x2d) [0x808e929]
   #12 /usr/sbin/smbd(vfswrap_disk_free+0x2d) [0x80cf1cc]
   #13 /usr/sbin/smbd [0x80bbbeb]
   #14 /usr/sbin/smbd(reply_trans2+0x907) [0x80c3ca4]
   #15 /usr/sbin/smbd [0x80d9015]
   #16 /usr/sbin/smbd [0x80d90c5]
   #17 /usr/sbin/smbd(process_smb+0x1eb) [0x80d940a]
   #18 /usr/sbin/smbd(smbd_process+0x170) [0x80d9fed]
   #19 /usr/sbin/smbd(main+0x7e8) [0x824b057]
   #20 /lib/libc.so.6(__libc_start_main+0xce) [0x402068ae]
   #21 /usr/sbin/smbd(ldap_msgfree+0x75) [0x8081561]
[2004/12/01 22:08:39, 1] smbd/service.c:make_connection_snum(648)
  abx-eurex2 (172.17.27.106) connect to service htdocs initially as user wwwrun
(uid=30, gid=8) (pid 5696)
Comment 18 Andrei Nazarenko 2004-12-01 14:47:41 UTC
Created attachment 815 [details]
Here is level 10 log 

Here is level 10 log in which:
* started smbd on Linux machine
* opened existing file "New Text Document.txt" with Notepad from the XP client
* typed a test string and tried to save the file
* immediately experienced Signal 11 panic
* stopped smbd
Comment 19 Bo 2004-12-21 13:06:18 UTC
(In reply to comment #17)
> Tried Samba 3.0.9 today with the same H/W and OS as in Comment #15.
> The results are the same as in comment #15.
> 
> Why on Earth it is just me having this problem??
> Are there any people out there who have 2xCPUs Intel machines running Linux on
them?
> 

You are not the only one. After having installed Samba 3.0.7 and 3.0.10, we are
having almost the same problems. 

As you can see in the log printout, it's the same error message.
Our problem is that if we follow your wordpad example, we can not save the file.
We can create it, delete it, rename it but we can't save it with a new content.

In some of the other bug rapports, I have seen a user solving, what looks like a
related problem, by implementing quotas on the harddrive. Have you tried it.
We have also other problems with Samba, like disconnecting shares, unability to
save more the mayde 1GB data to a share before it disconnets etc.

We tried to moved our old Samba 2.2.8a installation to a new system (SuSE9.2),
but we have had to go back to the old system, while we try to figure out, what's
 wrong. It doesn't look to promising though.


Our system is a single CPU machine with SuSE9.2 and W2K SP4 clients.

################
#  Log printout
################

[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 5733 (3.0.10-0.1-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1482)
  PANIC: internal error
[2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1490)
  BACKTRACE: 18 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x120) [0x8202000]
   #1 /usr/sbin/smbd(smb_panic+0x26) [0x82021d6]
   #2 /usr/sbin/smbd [0x81ed0b0]
   #3 [0xffffe420]
   #4 /lib/tls/libc.so.6(getmntent+0x54) [0x4035ad84]
   #5 /usr/sbin/smbd [0x80e1058]
   #6 /usr/sbin/smbd(sys_get_quota+0xed) [0x80e1a7d]
   #7 /usr/sbin/smbd(disk_quotas+0x4d) [0x80e5aed]
   #8 /usr/sbin/smbd(sys_disk_free+0xcb) [0x8088bcb]
   #9 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80d2329]
   #10 /usr/sbin/smbd [0x80ba8fb]
   #11 /usr/sbin/smbd(reply_trans2+0x13cb) [0x80c09cb]
   #12 /usr/sbin/smbd [0x80dccf0]
   #13 /usr/sbin/smbd(process_smb+0x19a) [0x80dd27a]
   #14 /usr/sbin/smbd(smbd_process+0x16f) [0x80dd6df]
   #15 /usr/sbin/smbd(main+0x530) [0x8283310]
   #16 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x402bdb14]
   #17 /usr/sbin/smbd [0x8079701]
[2004/12/21 15:54:59, 1] smbd/service.c:make_connection_snum(647)
  bopc2 (192.168.7.43) connect to service diverse initially as user bo
(uid=1000, gid=100) (pid 5751)
[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 5751 (3.0.10-0.1-SUSE)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/12/21 15:54:59, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1482)
  PANIC: internal error
[2004/12/21 15:54:59, 0] lib/util.c:smb_panic2(1490)
  BACKTRACE: 18 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x120) [0x8202000]
   #1 /usr/sbin/smbd(smb_panic+0x26) [0x82021d6]
   #2 /usr/sbin/smbd [0x81ed0b0]
   #3 [0xffffe420]
   #4 /lib/tls/libc.so.6(getmntent+0x54) [0x4035ad84]
   #5 /usr/sbin/smbd [0x80e1058]
   #6 /usr/sbin/smbd(sys_get_quota+0xed) [0x80e1a7d]
   #7 /usr/sbin/smbd(disk_quotas+0x4d) [0x80e5aed]
   #8 /usr/sbin/smbd(sys_disk_free+0xcb) [0x8088bcb]
   #9 /usr/sbin/smbd(vfswrap_disk_free+0x39) [0x80d2329]
   #10 /usr/sbin/smbd [0x80b9d15]
   #11 /usr/sbin/smbd(reply_trans2+0x13cb) [0x80c09cb]
   #12 /usr/sbin/smbd [0x80dccf0]
   #13 /usr/sbin/smbd(process_smb+0x19a) [0x80dd27a]
   #14 /usr/sbin/smbd(smbd_process+0x16f) [0x80dd6df]
   #15 /usr/sbin/smbd(main+0x530) [0x8283310]
   #16 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x402bdb14]
   #17 /usr/sbin/smbd [0x8079701]
Comment 20 Jeremy Allison 2004-12-21 17:28:25 UTC
What I need to fix this is a good stack backtrace including symbols.
I need a smbd compiled with -g, and an smb.conf panic action set to :

panic action = /bin/sleep 90000

When it crashes, attach to the parent process of the sleep with gdb and
type "bt" at the gdb prompt.

Then paste that into the bug report. The problem is I don't know where in the
quota code it's crashing, and I won't until I get this.

Thanks,

Jeremy.
Comment 21 Gerald (Jerry) Carter 2005-02-05 07:57:48 UTC
please retest against 3.0.11 and reopen if necessary.  Also reset 
the version if you reopen the bug report.  Thanks.
Comment 22 Andrei Nazarenko 2005-02-10 10:08:44 UTC
Thank you for trying to fix the issue!

3.0.11 is a lot better but still produces same problem from time to time. 
Previous releases 3.0.4-3.0.10 were much worse, crashing almost immediately, as
soon as any write operation was performed on Samba share.
3.0.11 works  for some time, and then gives the following error:

[2005/02/10 17:50:25, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2005/02/10 17:50:25, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 4738 (3.0.11)
  Please read the appendix Bugs of the Samba HOWTO collection
[2005/02/10 17:50:25, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2005/02/10 17:50:25, 0] lib/util.c:smb_panic2(1495)
  PANIC: internal error
[2005/02/10 17:50:25, 0] lib/util.c:smb_panic2(1503)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x1b6) [0x81de7c5]
   #1 /usr/sbin/smbd(smb_panic+0x19) [0x81de60d]
   #2 /usr/sbin/smbd [0x81cc311]
   #3 /usr/sbin/smbd [0x81cc386]
   #4 /lib/libc.so.6 [0x4021a5c8]
   #5 /lib/libc.so.6(__getmntent_r+0x56) [0x402cd1e6]
   #6 /lib/libc.so.6(getmntent+0x6d) [0x402cd07d]
   #7 /usr/sbin/smbd [0x80e00ca]
   #8 /usr/sbin/smbd(sys_get_quota+0xa0) [0x80e09ec]
   #9 /usr/sbin/smbd(disk_quotas+0x46) [0x80e3f22]
   #10 /usr/sbin/smbd [0x808f0bb]
   #11 /usr/sbin/smbd(sys_disk_free+0x2d) [0x808f311]
   #12 /usr/sbin/smbd(vfswrap_disk_free+0x2d) [0x80d0a5c]
   #13 /usr/sbin/smbd [0x80bd04e]
   #14 /usr/sbin/smbd(reply_trans2+0x907) [0x80c54f9]
   #15 /usr/sbin/smbd [0x80dbca1]
   #16 /usr/sbin/smbd [0x80dbd51]
   #17 /usr/sbin/smbd(process_smb+0x1eb) [0x80dc096]
   #18 /usr/sbin/smbd(smbd_process+0x170) [0x80dcc83]
   #19 /usr/sbin/smbd(main+0x7f1) [0x8253cde]
   #20 /lib/libc.so.6(__libc_start_main+0xce) [0x402068ae]
   #21 /usr/sbin/smbd(ldap_msgfree+0x71) [0x8081f01]

As before, when panic 11 appears just once it "spoils everything": restarting
smbd does not help -- even after "/etc/init.d/smb restart" Samba keeps
genereating panic 11 every time the write operation is performed or even when I
simply highlight Samba share name on a Windows client! (In "My Computer" view).
The machine needs to be rebooted completely for it to work properly again.

It is really quite hard to say what exactly causes this panic. I was not able to
reproduce the problem manually as it happens spontaneously.

If you still want me to test Samba using the directions in Comment #20, please
tell me so. And just in case here is my smb.conf again:



[global]
        server string = Samba
        map to guest = Bad User
        guest account = nobody
        syslog = 3
        interfaces = eth0, lo
        bind interfaces only = Yes
        socket options = IPTOS_LOWDELAY TCP_NODELAY
        write cache size = 262144
        unix charset = ISO8859-1
        display charset = ISO8859-1

[rsm]
        path = /srv/www/htdocs/rsm
        valid users = elkanis, nazaand
        write list = elkanis, nazaand
        force group = RSM
        create mask = 0660
        directory mask = 0770
        browseable = No

[ferm]
        path = /srv/www/htdocs/ferm
        valid users = nazaand
        write list = nazaand
        force group = FERM
        create mask = 0660
        directory mask = 0770
        browseable = No
Comment 23 Andrei Nazarenko 2005-02-10 14:34:53 UTC
And here is what I hope to be a good stack backtrace, obtained as described in
Comment #20:

GNU gdb 5.3
Copyright... [skipped]
This GDB was configured as "i586-suse-linux".
Attaching to process 1224
Reading symbols from /usr/local/samba/sbin/smbd...done.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/gconv/UTF-16.so...done.
Loaded symbols for /usr/lib/gconv/UTF-16.so
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
Reading symbols from /usr/lib/gconv/IBM850.so...done.
Loaded symbols for /usr/lib/gconv/IBM850.so
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
0x40127c17 in waitpid () from /lib/libc.so.6
(gdb) bt

#0  0x40127c17 in waitpid () from /lib/libc.so.6
#1  0x400ba0f4 in do_system () from /lib/libc.so.6
#2  0x081eac14 in smb_panic2 (why=0x82ae2be "internal error",
decrement_pid_count=1) at lib/util.c:1486
#3  0x081eab20 in smb_panic (why=0x82ae2be "internal error") at lib/util.c:1445
#4  0x081d59c2 in fault_report (sig=11) at lib/fault.c:41
#5  0x081d5a29 in sig_fault (sig=11) at lib/fault.c:64
#6  <signal handler called>
#7  0x400e5b16 in fgets_unlocked () from /lib/libc.so.6
#8  0x00000807 in ?? ()
#9  0x401531e6 in getmntent_r () from /lib/libc.so.6
#10 0x4015307d in getmntent () from /lib/libc.so.6
#11 0x080e24ae in sys_path_to_bdev (path=0x82622e3 ".", mntpath=0xbfffe908,
bdev=0xbfffe904, fs=0xbfffe900) at lib/sysquotas.c:71
#12 0x080e2f8a in sys_get_quota (path=0x82622e3 ".", qtype=SMB_USER_QUOTA_TYPE,
id={uid = 500, gid = 500}, dp=0xbfffe980) at lib/sysquotas.c:385
#13 0x080e6a77 in disk_quotas (path=0x82622e3 ".", bsize=0xbfffee48,
dfree=0xbfffee50, dsize=0xbfffee40) at smbd/quotas.c:1411
#14 0x0808628c in disk_free (path=0x82622e3 ".", small_query=0,
bsize=0xbffff0e0, dfree=0xbffff0d0, dsize=0xbffff0d8) at smbd/dfree.c:123
#15 0x0808662a in sys_disk_free (path=0x82622e3 ".", small_query=0,
bsize=0xbffff0e0, dfree=0xbffff0d0, dsize=0xbffff0d8) at smbd/dfree.c:163
#16 0x080d047c in vfswrap_disk_free (handle=0x0, conn=0x83ac0b8, path=0x82622e3
".", small_query=0, bsize=0xbffff0e0, dfree=0xbffff0d0, dsize=0xbffff0d8)
    at smbd/vfs-wrap.c:49
#17 0x080b9df8 in call_trans2qfsinfo (conn=0x83ac0b8, inbuf=0x40428008 "",
outbuf=0x40449008 "", length=74, bufsize=131072, pparams=0xbffff21c,
    total_params=2, ppdata=0xbffff218, total_data=0, max_data_bytes=560) at
smbd/trans2.c:1942
#18 0x080c3444 in reply_trans2 (conn=0x83ac0b8, inbuf=0x40428008 "",
outbuf=0x40449008 "", length=74, bufsize=131072) at smbd/trans2.c:4482
#19 0x080dd7a6 in switch_message (type=50, inbuf=0x40428008 "",
outbuf=0x40449008 "", size=74, bufsize=131072) at smbd/process.c:968
#20 0x080dd865 in construct_reply (inbuf=0x40428008 "", outbuf=0x40449008 "",
size=74, bufsize=131072) at smbd/process.c:998
#21 0x080ddbdd in process_smb (inbuf=0x40428008 "", outbuf=0x40449008 "") at
smbd/process.c:1098
#22 0x080dea30 in smbd_process () at smbd/process.c:1558
#23 0x082505b4 in main (argc=3, argv=0xbffff4e4) at smbd/server.c:951
#24 0x4008c8ae in __libc_start_main () from /lib/libc.so.6
Comment 24 Andrei Nazarenko 2005-02-25 08:55:31 UTC
Just to add, that I have tried to implement user and group quota on my Linux
machine as someone suggested above. The quota is on and working but at the
moment all users have no limits set.

Unfortunately the problem is not gone even with the quota management enabled.

I will try to set some quota limits and see if it changes anything in Samba
behaviour.
Comment 25 Andrei Nazarenko 2005-03-10 11:38:27 UTC
First I only added quota limits to groups, and left user quotas unlimited.
I got first segfault after several hours of work, where I was editing and saving
some documents.

After that I added quota limits to users, and Samba behaved fine for 2 or 3
days, but eventually gave a segfault again.

To sum it up: implementing quotas somewhat improved the situation but it is
still far from perfect as the segfaults still occur.
Comment 26 Andrei Nazarenko 2005-03-21 09:34:06 UTC
Not sure if that is connected but when I try to right click on a mounted network
share (in WindowsXP) and select 'Properties' to see the total/occupied disk
space on a share, I get the following error in Samba's log file.

[2005/03/21 17:30:52, 1] smbd/fake_file.c:open_fake_file_shared1(45)
access_denied to service[htdocs] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION]
user[wwwrun]
Comment 27 Andrei Nazarenko 2005-07-14 01:11:57 UTC
Still occures in 3.0.14a
Comment 28 Torsten Roloff 2005-11-29 08:06:48 UTC
Problem still occurs on SuSE9.3 with smbd version 3.0.20b-3.1-SUSE *and* file permission paranoid (which means /etc/fstab and /etc/mtab mode 0600). Otherwise it seems to work fine.

My guess from a quick look at the smbd sources:

The following code
------------------------------------
#include <stdio.h>
#include <mntent.h>

int main ()
{
  FILE *fp;
  struct mntent *mnt;

  fp = setmntent(MOUNTED,"r");
  while ((mnt = getmntent(fp))) {
    /*do something */
  }

  endmntent(fp) ;
  return 0;
}
--------------------------------------

segfaults on my machine, if run as ordinary user. And source/smbd/quotas.c uses a similar code in function "disk_quotas" and maybe others. Maybe there should be a check for fp==null before calling getmntnet(fp)??
Comment 29 Gerald (Jerry) Carter 2005-11-29 08:11:51 UTC
Thanks.  I think Jeremy just fixed this.  Can you retest against 
3.0.21rc1?  And reopen if the bug is not fixed.
Comment 30 Andrei Nazarenko 2005-11-29 18:40:12 UTC
Oh my! I've almost given up on this after 1.5 years!
I just want to confirm that my SuSE installation actually has been running with the paranoid permissions on the above mentioned files.
If it is really the root of this problem Torsten - you are a STAR!
And Geremy and Gerald, thanks for fixing it too!
Comment 31 Gerald (Jerry) Carter 2005-11-30 07:12:46 UTC
*** Bug 3279 has been marked as a duplicate of this bug. ***
Comment 32 Mark Condic 2005-11-30 07:41:59 UTC
Andrei,  Could you please post the part of your smb.conf that you believe allow you to run without crashing Samba (was it limits on disk quota's)?  This might help understand.

Also if you would not mind posting your results from 3.0.21rc1 I will follow this thread instead of the one I created.

Yesterday I noticed a new (related?) issue with samba 3.0.20b-2.1:  the smbd process will terminate without any information in the log.  Since I can't find any log entries, Samba or system (/var/log/warn or /var/log/messages) I can't add more information at this time.  If someone can enlighten me where else I can look, then maybe I can help with this problem.  I am not a SuSE or Linux expert, just a volunteer trying to keep my schools system running.  Thanks.
Comment 33 Andrei Nazarenko 2005-12-01 06:08:34 UTC
Mark,

There is nothing in my smb.conf related to disk quotas. My previous posts about implementing quotas were about installing the 'quota' RPM package and configuring it accordingly with the appropriate utilities from the 'quota' package.

However, I do not think quotas changed anything really when it the problem was the permissions on /etc/fstab and /etc/mtab, as described by Torsten here.

I have changed permissions on the above mentioned files some days ago to 0644 and Samba 3.0.20b.3-2 seems to behave fine so far. I do not have possibility to test the new RC1 version at the moment.
Comment 34 Mark Condic 2005-12-03 09:25:23 UTC
Is it only fstab and mtab that need their permissions changed to 0644?  I just ran SuSEconfig and it changes the permission of fstab back to 0600 on my SuSE 9.2 system.  Does 3.0.21rc2 eliminate the need of manually changing permissions on fstab? (SuSEconfig does not seem to change mtab on my system.)  Thanks.

> However, I do not think quotas changed anything really when it the problem was
> the permissions on /etc/fstab and /etc/mtab, as described by Torsten here.
> I have changed permissions on the above mentioned files some days ago to 0644
> and Samba 3.0.20b.3-2 seems to behave fine so far. 
Comment 35 Andrei Nazarenko 2005-12-03 09:39:39 UTC
> Is it only fstab and mtab that need their permissions changed to 0644?

I do not know for sure but those were the files suggested by Torsten.

> I just ran SuSEconfig and it changes the permission of fstab
> back to 0600 on my  SuSE 9.2 system.

SuSEconfig sets permissions according to the files /etc/permissions.easy /etc/permissions.secure or /etc/permissions.paranoid. Which file is chosen depends on what you have configured in YaST as you security setting. If you want to override the standard files, you can create/edit file called /etc/permissions.local  You should put the entries there in the same format as in the rest of the /etc/permissions.* files.

> Does 3.0.21rc2 eliminate the need of manually changing permissions
> on fstab?

This is a very good question which I also would like to get an answer to.
Comment 36 Gerald (Jerry) Carter 2005-12-03 10:09:56 UTC
Yes.  should be fixed now.  See comment #29
Comment 37 Torsten Roloff 2005-12-05 08:53:21 UTC
I just looked at the samba-3.0.21rc2 sources. The linux version of disk_quotas still doesn't test for (fp = setmntent(MOUNTED,"r")) == NULL) [line 219 of source/smbd/quotas.c]. Since the test is done for Solaris and Cray version of "disk_quotas", I think it be there, too.
Comment 38 Lars Müller 2005-12-05 09:52:05 UTC
Torsten: You're right.  I've added your suggestion with svn rev 12076 and will provide SuSE packages including this later today.
Comment 39 Mark Condic 2005-12-07 10:37:51 UTC
(In reply to comment #38)
> Torsten: You're right.  I've added your suggestion with svn rev 12076 and will
> provide SuSE packages including this later today.

I have noticed new dates, but the same revision number on the SuSE 9.2.

Also the files are not the same size.  samba-client-3.0.21rc2-0.1.i586.rpm is almost 2.5mb smaller.  So now I am confused.  Is 12/04 or 12/05 the correct update?  Shouldn't we change the sub-version if there is any change?  Thanks.
Comment 40 Lars Müller 2005-12-08 05:40:36 UTC
We don't use the code path changed with svn rev 12076 if we have sys quotas.  In this case we use the last function of smbd/quotas.c

Therefore newer packages don't change anything.

The package release numbering is done by our build system with the focus to allow updates from one product to the next.  As we don't provide any build available via Samba.org or ftp.SuSE.com as an official update the release numbers don't chnage with any rebuild.  I'll see if there is a way to solve this in the future.
Comment 41 Lars Müller 2006-02-01 09:28:14 UTC
And just for the record: We fixed the problem with the RPM release of the packages for all SuSE Linux products.  From now on every rebuild will result in an increased release number and users can always update the packages with a simple

rpm -Fvh *.rpm

instead of any evil --force and other options.
Comment 42 Andrei Nazarenko 2006-02-01 09:32:36 UTC
Thank you for taking care about this.