Bug 6733 - OpenBSD 4.6-current nmbd panic INTERNAL ERROR: Signal 11
OpenBSD 4.6-current nmbd panic INTERNAL ERROR: Signal 11
Status: NEW
Product: Samba 3.4
Classification: Unclassified
Component: Nmbd
3.4.1
x64 OpenBSD
: P3 normal
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-15 22:34 UTC by Ian McWilliam
Modified: 2009-09-26 21:56 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian McWilliam 2009-09-15 22:34:04 UTC
While porting samba 3.4.1 to OpenBSD to replace to old outdated 3.0 samba series the following issue
has been identified.

Sep 16 13:21:05 kallasjarvi nmbd[8206]: [2009/09/16 13:21:05,  0] /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/fault.c:41(fault_report) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   =============================================================== 
Sep 16 13:21:05 kallasjarvi nmbd[8206]: [2009/09/16 13:21:05,  0] /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/fault.c:42(fault_report) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   INTERNAL ERROR: Signal 11 in pid 8206 (3.4.1) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   Please read the Trouble-Shooting section of the Samba3-HOWTO 
Sep 16 13:21:05 kallasjarvi nmbd[8206]: [2009/09/16 13:21:05,  0] /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/fault.c:44(fault_report) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:    
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf 
Sep 16 13:21:05 kallasjarvi nmbd[8206]: [2009/09/16 13:21:05,  0] /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/fault.c:45(fault_report) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   =============================================================== 
Sep 16 13:21:05 kallasjarvi nmbd[8206]: [2009/09/16 13:21:05,  0] /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/util.c:1480(smb_panic) 
Sep 16 13:21:05 kallasjarvi nmbd[8206]:   PANIC (pid 8206): internal error

0x00001eb446412c47 in getframeaddr () from /usr/local/lib/libexecinfo.so.0.0
(gdb) bt
#0  0x00001eb446412c47 in getframeaddr ()
   from /usr/local/lib/libexecinfo.so.0.0
#1  0x00001eb44640be20 in backtrace () from /usr/local/lib/libexecinfo.so.0.0
#2  0x00001eb2455614ea in log_stack_trace ()
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/util.c:1580
#3  0x00001eb24556138d in smb_panic (why=0x1eb245755ab0 "internal error")
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/util.c:1481
#4  0x00001eb245552c0c in fault_report (sig=11)
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/fault.c:47
#5  <signal handler called>
#6  0x00001eb245549584 in _get_interfaces (mem_ctx=0x1eb44a4baff8, 
    pifaces=0x7f7ffffbbc78)
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/interfaces.c:159
#7  0x00001eb245549795 in get_interfaces (mem_ctx=0x1eb44a4bb000, 
    pifaces=0x7f7ffffbbca8)
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/interfaces.c:278
#8  0x00001eb2455542d6 in interfaces_changed ()
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/lib/interface.c:577
#9  0x00001eb24544fe7e in reload_interfaces (t=1246474240)
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/nmbd/nmbd.c:226
#10 0x00001eb24545069a in process ()
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/nmbd/nmbd.c:666
#11 0x00001eb245451053 in main (argc=2, argv=0x7f7ffffbbfc0)
---Type <return> to continue, or q <return> to quit---
    at /usr/ports/obj/samba-3.4.1/samba-3.4.1/source3/nmbd/nmbd.c:994


smb.conf

#======================= Global Settings =====================================
[global]
panic action = /bin/sleep 999999

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = MCW

# server string is the equivalent of the NT Description field
   server string = Kalasjarvi Samba Server

# Security mode. Defines in which mode Samba will operate. Possible 
# values are share, user, server, domain and ads. Most people will want 
# user level security. See the Samba-HOWTO-Collection for details.
   security = user

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.1. 127.0.0.1

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/smbd.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24 
;interfaces = nfe0

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
   domain master = no

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = no

# Enable this if you want Samba to be a domain logon server for 
# Windows95 workstations. 
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no 

# These scripts are used on a domain controller or stand-alone 
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   veto files = /:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder?/TheFindByContentFolder?/Temporary Items/Network Trash Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon?.icns/Icon?/.AppleDouble?/.AppleDesktop?/desktop.ini/RECYCLER/
   delete veto files = Yes


-----------------------

lib/interfaces.c

 memset(&ifaces[total], '\0', sizeof(ifaces[total]));

is the culprit causing the panic as total is out of bounds.

The following patch though probably not the correct solution identifies the issue and stops the panic.

--- lib/interfaces.c.orig       Mon Aug 10 21:30:18 2009
+++ lib/interfaces.c    Mon Aug 10 22:06:44 2009
@@ -154,7 +154,7 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct
        }
 
        /* Loop through interfaces, looking for given IP address */
-       for (ifptr = iflist; ifptr != NULL; ifptr = ifptr->ifa_next) {
+       for (ifptr = iflist; ifptr != NULL && total < count; ifptr = ifptr->ifa_next) {
 
                memset(&ifaces[total], '\0', sizeof(ifaces[total]));
Comment 1 Guenther Deschner 2009-09-24 09:19:57 UTC
Hm, wasn't that fixed already with the fix from bug #6707 ?
Comment 2 Guenther Deschner 2009-09-24 09:23:21 UTC
(In reply to comment #1)
> Hm, wasn't that fixed already with the fix from bug #6707 ?

Ian, could you please try if the fix from bug 6707 resolves the problem you are seeing ?


Comment 3 Ian McWilliam 2009-09-26 21:56:57 UTC
Yes, the fix from bug 6707 resolves the problem. Thanx.