Bug 6179 - smbd segfault when samba built with avahi
smbd segfault when samba built with avahi
Status: RESOLVED WONTFIX
Product: Samba 3.3
Classification: Unclassified
Component: File services
3.3.1
Other Linux
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-10 15:50 UTC by Arkadiusz Miskiewicz
Modified: 2009-05-03 03:59 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arkadiusz Miskiewicz 2009-03-10 15:50:36 UTC
samba 3.3.1 built with 

http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/~checkout~/SPECS/samba.spec?rev=1.435;content-type=text%2Fplain

recipe fails when avahi is enabled (--enable-dnssd):

[2009/03/09 18:49:04,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/03/09 18:49:04,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 21631 (3.3.1)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/03/09 18:49:04,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/03/09 18:49:04,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/03/09 18:49:04,  0] lib/util.c:smb_panic(1673)
  PANIC (pid 21631): internal error
[2009/03/09 18:49:04,  0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 9 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7bd9ca5]
   #1 /usr/sbin/smbd(smb_panic+0x7c) [0xb7bd9dfe]
   #2 /usr/sbin/smbd [0xb7bc497b]
   #3 [0xb78f2400]
   #4 /usr/lib/libtalloc.so.1(talloc_free+0x50) [0xb76eaf25]
   #5 /usr/sbin/smbd(dns_register_close+0x4f) [0xb7a071d9]
   #6 /usr/sbin/smbd [0xb7e41036]
   #7 /usr/sbin/smbd(main+0xb87) [0xb7e41ddc]
   #8 /lib/libc.so.6(__libc_start_main+0xee) [0xb75a16ee]
[2009/03/09 18:49:04,  0] lib/fault.c:dump_core(218)
  Can not dump core: corepath not set up

it happens even if samba is just running and no one connects to it. I start smbd wait few minutes/hours (usually minutes) and smbd dies.

Disabling dnssd fixes the problem it seems (other users of this PLD package confirm this).
Comment 1 Arkadiusz Miskiewicz 2009-03-10 15:53:24 UTC
Tested with avahi 0.6.23 and 0.6.24 - segfaults with both.
Comment 2 Volker Lendecke 2009-03-10 23:54:06 UTC
Can you try http://git.samba.org/?p=samba.git;a=commitdiff;h=4624451b7b7869 ?

Fixed a segfault in that code yesterday.

Thanks,

Volker
Comment 3 Arkadiusz Miskiewicz 2009-03-11 01:20:01 UTC
Patch seems to fix the issue.
Comment 4 Arkadiusz Miskiewicz 2009-03-11 05:27:48 UTC
Or not, got reports from users using smbd with #2 patch applied.

Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/fault.c:fault_report(40)
Mar 11 09:51:19 pingwin smbd[13583]:
===============================================================
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/fault.c:fault_report(41)
Mar 11 09:51:19 pingwin smbd[13583]:   INTERNAL ERROR: Signal 6 in pid
13583 (3.3.1)
Mar 11 09:51:19 pingwin smbd[13583]:   Please read the
Trouble-Shooting section of the Samba3-HOWTO
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/fault.c:fault_report(43)
Mar 11 09:51:19 pingwin smbd[13583]:
Mar 11 09:51:19 pingwin smbd[13583]:   From:
http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/fault.c:fault_report(44)
Mar 11 09:51:19 pingwin smbd[13583]:
===============================================================
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/util.c:smb_panic(1673)
Mar 11 09:51:19 pingwin smbd[13583]:   PANIC (pid 13583): internal error
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/util.c:log_stack_trace(1777)
Mar 11 09:51:19 pingwin smbd[13583]:   BACKTRACE: 9 stack frames:
Mar 11 09:51:19 pingwin smbd[13583]:    #0
/usr/sbin/smbd(log_stack_trace+0x2d) [0xb7c48ca5]
Mar 11 09:51:19 pingwin smbd[13583]:    #1
/usr/sbin/smbd(smb_panic+0x7c) [0xb7c48dfe]
Mar 11 09:51:19 pingwin smbd[13583]:    #2 /usr/sbin/smbd [0xb7c3397b]
Mar 11 09:51:19 pingwin smbd[13583]:    #3 [0xb7961400]
Mar 11 09:51:19 pingwin smbd[13583]:    #4
/usr/lib/libtalloc.so.1(talloc_free+0x3d) [0xb7777f12]
Mar 11 09:51:19 pingwin smbd[13583]:    #5
/usr/sbin/smbd(dns_register_close+0x4f) [0xb7a761d9]
Mar 11 09:51:19 pingwin smbd[13583]:    #6 /usr/sbin/smbd [0xb7eb0046]
Mar 11 09:51:19 pingwin smbd[13583]:    #7 /usr/sbin/smbd(main+0xb87)
[0xb7eb0dec]
Mar 11 09:51:19 pingwin smbd[13583]:    #8
/lib/libc.so.6(__libc_start_main+0xee) [0xb762d6ee]
Mar 11 09:51:19 pingwin smbd[13583]: [2009/03/11 09:51:19,  0]
lib/fault.c:dump_core(218)
Mar 11 09:51:19 pingwin smbd[13583]:   Can not dump core: corepath not set up
Comment 5 Arkadiusz Miskiewicz 2009-03-11 05:28:21 UTC
And:

[2009/03/11 11:14:48,  0] lib/util.c:smb_panic(1673)
   PANIC (pid 6151): internal error
[2009/03/11 11:14:48,  0] lib/util.c:log_stack_trace(1777)
   BACKTRACE: 8 stack frames:
    #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7cd0ca5]
    #1 /usr/sbin/smbd(smb_panic+0x7c) [0xb7cd0dfe]
    #2 /usr/sbin/smbd [0xb7cbb97b]
    #3 [0xb79e9400]
    #4 /usr/sbin/smbd(dns_register_close+0x2b) [0xb7afe1b5]
    #5 /usr/sbin/smbd [0xb7f38046]
    #6 /usr/sbin/smbd(main+0xb87) [0xb7f38dec]
    #7 /lib/libc.so.6(__libc_start_main+0xee) [0xb76b56ee]
Comment 6 Jeremy Allison 2009-03-11 11:51:45 UTC
Can you compile with debug symbols (-g), then add the following to the [global] section of your smb.conf:

panic action = "/bin/sleep 99999"

then reproduce the crash. You'll get a sleep process, whose parent will be the crashed smbd. Attach to the crashed smbd with gdb, and type "bt" to get a full
backtrace (which should include line numbers).

If you can do this today we'll be able to get the fix into 3.3.2 (due tomorrow).

Thanks,
Jeremy.
Comment 7 Arkadiusz Miskiewicz 2009-03-23 05:28:43 UTC
I wasn't able to do that and now I've switched to native avahi backend (bug #6198) so can't reproduce anymore without some effort.
Comment 8 Volker Lendecke 2009-05-03 03:59:47 UTC
Resolving as WONTFIX. The original crash is gone with the new avahi code, and I will not go back fixing dnsregister.c.

I've left the original dnsregister code in, but it's disabled by default. I've left it in because there might be platforms like MacOS/X that don't have avahi around. I think it would be up to Apple to fix up the dnsregister code in case someone is interested.

Volker