Bug 14900 - Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam
Summary: Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in t...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.15.2
Hardware: All Mac OS X
: P5 regression (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-11 07:11 UTC by Akihiro Suda
Modified: 2021-11-11 07:29 UTC (History)
0 users

See Also:


Attachments
samba.rb (Usage: `brew install --build-from-source ./samba.rb && brew test ./samba.rb`) (5.53 KB, text/x-ruby-script)
2021-11-11 07:11 UTC, Akihiro Suda
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Akihiro Suda 2021-11-11 07:11:43 UTC
Created attachment 16989 [details]
samba.rb (Usage: `brew install --build-from-source ./samba.rb && brew test ./samba.rb`)

Samba 4.15.2 on macOS segfaults intermittently during `strcpy` in `tdbsam_getsampwnam`.

Samba 4.15.1 does not hit this issue. Seems a regression in 4.15.2.

> ===============================================================
> INTERNAL ERROR: Signal 11: Segmentation fault: 11 in pid 45847 (4.15.2)
> If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
> ===============================================================
> PANIC (pid 45847): Signal 11: Segmentation fault: 11 in 4.15.2
> BACKTRACE: 34 stack frames:
>  #0 0   libsamba-util.0.0.1.dylib           0x000000010f4521ef log_stack_trace + 52
>  #1 1   libsamba-util.0.0.1.dylib           0x000000010f4522be smb_panic + 14
>  #2 2   libsamba-util.0.0.1.dylib           0x000000010f4524e0 BlockSignals + 0
>  #3 3   libsamba-util.0.0.1.dylib           0x000000010f452058 smb_panic_log + 0
>  #4 4   libsystem_platform.dylib            0x00007ff808c66e2d _sigtramp + 29
>  #5 5   ???                                 0x0000000000000001 0x0 + 1
>  #6 6   libsystem_platform.dylib            0x00007ff808c65008 _platform_strlcpy + 28
>  #7 7   libsystem_c.dylib                   0x00007ff808b22cd8 __strlcpy_chk + 30
>  #8 8   libsamba-passdb.0.28.0.dylib        0x000000010fdea642 tdbsam_getsampwnam + 81
>  #9 9   libsamba-passdb.0.28.0.dylib        0x000000010fde907a pdb_default_id_to_sid + 97
>  #10 10  libsamba-passdb.0.28.0.dylib        0x000000010fde6ab2 pdb_id_to_sid + 36
>  #11 11  libsamba-passdb.0.28.0.dylib        0x000000010fde20dd xid_to_sid + 326
>  #12 12  libsamba-passdb.0.28.0.dylib        0x000000010fde22c1 uid_to_sid + 43
>  #13 13  libsmbd-base-samba4.dylib           0x000000010f7e8363 posix_fget_nt_acl + 563
>  #14 14  libsmbd-base-samba4.dylib           0x000000010f7d2114 smbd_check_access_rights_fsp + 184
>  #15 15  libsmbd-base-samba4.dylib           0x000000010f7d8146 open_file_ntcreate + 2831
>  #16 16  libsmbd-base-samba4.dylib           0x000000010f7d5a5a create_file_unixpath + 3519
>  #17 17  libsmbd-base-samba4.dylib           0x000000010f7d4ace create_file_default + 580
>  #18 18  libsmbd-base-samba4.dylib           0x000000010f80efe0 smbd_smb2_request_process_create + 5461
>  #19 19  libsmbd-base-samba4.dylib           0x000000010f804d35 smbd_smb2_request_dispatch + 3339
>  #20 20  libsmbd-base-samba4.dylib           0x000000010f8083d9 smbd_smb2_connection_handler + 1387
>  #21 21  libtevent.0.11.0.dylib              0x000000010f573d9d tevent_common_invoke_fd_handler + 153
>  #22 22  libtevent.0.11.0.dylib              0x000000010f5764a4 poll_event_loop_once + 1615
>  #23 23  libtevent.0.11.0.dylib              0x000000010f57308b _tevent_loop_once + 204
>  #24 24  libtevent.0.11.0.dylib              0x000000010f5732ab tevent_common_loop_wait + 39
>  #25 25  libsmbd-base-samba4.dylib           0x000000010f7f45a8 smbd_process + 1923
>  #26 26  samba-dot-org-smbd                  0x000000010f27a4fd smbd_accept_connection + 541
>  #27 27  libtevent.0.11.0.dylib              0x000000010f573d9d tevent_common_invoke_fd_handler + 153
>  #28 28  libtevent.0.11.0.dylib              0x000000010f5764a4 poll_event_loop_once + 1615
>  #29 29  libtevent.0.11.0.dylib              0x000000010f57308b _tevent_loop_once + 204
>  #30 30  libtevent.0.11.0.dylib              0x000000010f5732ab tevent_common_loop_wait + 39
>  #31 31  samba-dot-org-smbd                  0x000000010f278c3d smbd_parent_loop + 76
>  #32 32  samba-dot-org-smbd                  0x000000010f2776d5 main + 4855
>  #33 33  dyld                                0x000000011c2e94fe start + 462
> dumping core in /private/tmp/samba-test-20211110-45828-liw7zf/samba/state/cores/smbd

Test instructions:
1. Download the attachment file `samba.rb`. This file contains the entire configure flags and the test script.
2. Run `brew install --build-from-source ./samba.rb`
3. Run `brew test ./samba.rb` several times. On my local environment (macOS 12 Intel), 5 of 30 experiments segfaulted.

This issue was originally found in https://github.com/Homebrew/homebrew-core/pull/89142 .
Comment 1 Jeremy Allison 2021-11-11 07:29:24 UTC
Is it possible to get real line numbers from the core dump on this platform ? That would help enormously in tracking this down.