Created attachment 16989 [details] samba.rb (Usage: `brew install --build-from-source ./samba.rb && brew test ./samba.rb`) Samba 4.15.2 on macOS segfaults intermittently during `strcpy` in `tdbsam_getsampwnam`. Samba 4.15.1 does not hit this issue. Seems a regression in 4.15.2. > =============================================================== > INTERNAL ERROR: Signal 11: Segmentation fault: 11 in pid 45847 (4.15.2) > If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting > =============================================================== > PANIC (pid 45847): Signal 11: Segmentation fault: 11 in 4.15.2 > BACKTRACE: 34 stack frames: > #0 0 libsamba-util.0.0.1.dylib 0x000000010f4521ef log_stack_trace + 52 > #1 1 libsamba-util.0.0.1.dylib 0x000000010f4522be smb_panic + 14 > #2 2 libsamba-util.0.0.1.dylib 0x000000010f4524e0 BlockSignals + 0 > #3 3 libsamba-util.0.0.1.dylib 0x000000010f452058 smb_panic_log + 0 > #4 4 libsystem_platform.dylib 0x00007ff808c66e2d _sigtramp + 29 > #5 5 ??? 0x0000000000000001 0x0 + 1 > #6 6 libsystem_platform.dylib 0x00007ff808c65008 _platform_strlcpy + 28 > #7 7 libsystem_c.dylib 0x00007ff808b22cd8 __strlcpy_chk + 30 > #8 8 libsamba-passdb.0.28.0.dylib 0x000000010fdea642 tdbsam_getsampwnam + 81 > #9 9 libsamba-passdb.0.28.0.dylib 0x000000010fde907a pdb_default_id_to_sid + 97 > #10 10 libsamba-passdb.0.28.0.dylib 0x000000010fde6ab2 pdb_id_to_sid + 36 > #11 11 libsamba-passdb.0.28.0.dylib 0x000000010fde20dd xid_to_sid + 326 > #12 12 libsamba-passdb.0.28.0.dylib 0x000000010fde22c1 uid_to_sid + 43 > #13 13 libsmbd-base-samba4.dylib 0x000000010f7e8363 posix_fget_nt_acl + 563 > #14 14 libsmbd-base-samba4.dylib 0x000000010f7d2114 smbd_check_access_rights_fsp + 184 > #15 15 libsmbd-base-samba4.dylib 0x000000010f7d8146 open_file_ntcreate + 2831 > #16 16 libsmbd-base-samba4.dylib 0x000000010f7d5a5a create_file_unixpath + 3519 > #17 17 libsmbd-base-samba4.dylib 0x000000010f7d4ace create_file_default + 580 > #18 18 libsmbd-base-samba4.dylib 0x000000010f80efe0 smbd_smb2_request_process_create + 5461 > #19 19 libsmbd-base-samba4.dylib 0x000000010f804d35 smbd_smb2_request_dispatch + 3339 > #20 20 libsmbd-base-samba4.dylib 0x000000010f8083d9 smbd_smb2_connection_handler + 1387 > #21 21 libtevent.0.11.0.dylib 0x000000010f573d9d tevent_common_invoke_fd_handler + 153 > #22 22 libtevent.0.11.0.dylib 0x000000010f5764a4 poll_event_loop_once + 1615 > #23 23 libtevent.0.11.0.dylib 0x000000010f57308b _tevent_loop_once + 204 > #24 24 libtevent.0.11.0.dylib 0x000000010f5732ab tevent_common_loop_wait + 39 > #25 25 libsmbd-base-samba4.dylib 0x000000010f7f45a8 smbd_process + 1923 > #26 26 samba-dot-org-smbd 0x000000010f27a4fd smbd_accept_connection + 541 > #27 27 libtevent.0.11.0.dylib 0x000000010f573d9d tevent_common_invoke_fd_handler + 153 > #28 28 libtevent.0.11.0.dylib 0x000000010f5764a4 poll_event_loop_once + 1615 > #29 29 libtevent.0.11.0.dylib 0x000000010f57308b _tevent_loop_once + 204 > #30 30 libtevent.0.11.0.dylib 0x000000010f5732ab tevent_common_loop_wait + 39 > #31 31 samba-dot-org-smbd 0x000000010f278c3d smbd_parent_loop + 76 > #32 32 samba-dot-org-smbd 0x000000010f2776d5 main + 4855 > #33 33 dyld 0x000000011c2e94fe start + 462 > dumping core in /private/tmp/samba-test-20211110-45828-liw7zf/samba/state/cores/smbd Test instructions: 1. Download the attachment file `samba.rb`. This file contains the entire configure flags and the test script. 2. Run `brew install --build-from-source ./samba.rb` 3. Run `brew test ./samba.rb` several times. On my local environment (macOS 12 Intel), 5 of 30 experiments segfaulted. This issue was originally found in https://github.com/Homebrew/homebrew-core/pull/89142 .
Is it possible to get real line numbers from the core dump on this platform ? That would help enormously in tracking this down.
This seems still an issue (Samba 4.15.5). I can't find core although the log says "dumping core in /private/tmp/samba-test-20211110-45828-liw7zf/samba/state/cores/smbd". Tried `ulimit -c unlimited`, but still no success.
Created attachment 17147 [details] possible patch for testing Can you try the attached (completely untested!) patch?
(In reply to Volker Lendecke from comment #3) Thank you Volker, that patch seems to work. Tested 30 times locally.
This bug was referenced in samba master: 929ccd3d1afb864ea715fa4d3d8af8f997e5d2aa
Created attachment 17165 [details] Patch cherry-picked from master
Comment on attachment 17165 [details] Patch cherry-picked from master Applied cleanly to 4.16.rcNext, 4.15.next.
Re-assigning to Jule for inclusion in 4.16.rcNext, 4.15.next.
This bug was referenced in samba v4-16-test: 1bbb3677ae5b95ea12bf9037b3a74725452382dc
Also pushed to autobuild-v4-15-test.
This bug was referenced in samba v4-16-stable (Release samba-4.16.0rc3): 1bbb3677ae5b95ea12bf9037b3a74725452382dc
This bug was referenced in samba v4-15-test: 3bb0efcdded566e9788479e2b903adbf22af49fb
Closing out bug report. Thanks!
This bug was referenced in samba v4-15-stable (Release samba-4.15.6): 3bb0efcdded566e9788479e2b903adbf22af49fb