Bug 830 - Samba crashes with signal 11
Summary: Samba crashes with signal 11
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
: 360 (view as bug list)
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-11-27 08:59 UTC by Olaf Fraczyk
Modified: 2005-11-14 09:24 UTC (History)
1 user (show)

See Also:


Attachments
Sample log against win2K SP2 PL client (154.94 KB, text/plain)
2003-11-27 09:03 UTC, Olaf Fraczyk
no flags Details
directory listing with iso-8859-2 (1.89 KB, text/plain)
2003-12-09 06:04 UTC, Olaf Fraczyk
no flags Details
log with debug level 10 (45.22 KB, application/gzip)
2003-12-09 06:05 UTC, Olaf Fraczyk
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Fraczyk 2003-11-27 08:59:40 UTC
Installed from source rpm samba-3.0.0-2
built with default setting + ACL support
Kernel 2.4.21 + XFS 1.3.0
RedHat 8.0
gcc-3.2-7
glibc-2.2.93-5
Clients: Win2KSP2, Win2KSP4+all security fixes

In logs I get:

[2003/11/13 16:17:14, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/11/13 16:17:14, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 11177 (3.0.0)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/11/13 16:17:14, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/11/13 16:17:14, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/11/13 16:17:14, 0] lib/util.c:smb_panic(1407)
  BACKTRACE: 23 stack frames:
   #0 smbd(smb_panic+0x11c) [0x81be2dc]
   #1 smbd [0x81ace52]
   #2 smbd [0x42028c48]
   #3 smbd [0x42073ab7]
   #4 smbd(malloc+0x95) [0x42073155]
   #5 smbd(Realloc+0xd7) [0x81bd8b7]
   #6 smbd(convert_string_allocate+0x42f) [0x81aac5f]
   #7 smbd(push_ucs2_allocate+0x49) [0x81ab4e9]
   #8 smbd(unix_strupper+0x24) [0x81aada4]
   #9 smbd(strupper_m+0x42) [0x81b7812]
   #10 smbd [0x80d126a]
   #11 smbd [0x80d1ce2]
   #12 smbd(mangle_map+0x82) [0x80cfbe2]
   #13 smbd [0x80ab436]
   #14 smbd [0x80ac3ee]
   #15 smbd(reply_trans2+0x68c) [0x80b438c]
   #16 smbd [0x80c77d3]
   #17 smbd [0x80c79c9]
   #18 smbd(process_smb+0x89) [0x80c7bd9]
   #19 smbd(smbd_process+0x167) [0x80c8817]
   #20 smbd(main+0x4c0) [0x82278a0]
   #21 smbd(__libc_start_main+0xa4) [0x420158d4]
   #22 smbd(fsetxattr+0x31) [0x80769b1]

I attache sample log (client: Win2K SP2)

Regards,

Olaf
Comment 1 Olaf Fraczyk 2003-11-27 09:03:32 UTC
Created attachment 280 [details]
Sample log against win2K SP2 PL client

All clients mentioned above are PL (Polish version of Win2K Professional)
Comment 2 Andrew Bartlett 2003-11-28 04:52:00 UTC
Can you reproduce this on demand?

Can you reproduce this under valgrind?

Can you reproduce this on 3.0.1pre3, compiled with the --enable-developer
configure option?

Comment 3 Olaf Fraczyk 2003-11-28 07:03:26 UTC
I found that it happened mostly when user logs in (I have it configured as PDC
with roaming profiles).

Now, I have compiled 3.0.1-pre3 (but not enabled --enable-developer)
I'll let it run, and will check logs on Monday.
If the problem is still here I will recompile with --enable-developer
Comment 4 Olaf Fraczyk 2003-12-04 02:52:01 UTC
Today I got (however I don't know if it is related to the previous)
I'm sorry, I can't give more info now, but I have catched a terrible chill, and
will be back in office in next week:
[2003/12/04 08:33:31, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/12/04 08:33:31, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 758 (3.0.1pre3)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/12/04 08:33:31, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/12/04 08:33:31, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/12/04 08:33:31, 0] lib/util.c:smb_panic(1408)
  BACKTRACE: 23 stack frames:
   #0 smbd(smb_panic+0x11c) [0x81bda0c]
   #1 smbd [0x81ac3f2]
   #2 smbd [0x42028c48]
   #3 smbd [0x42073ab7]
   #4 smbd(malloc+0x95) [0x42073155]
   #5 smbd(Realloc+0xd7) [0x81bcfe7]
   #6 smbd(convert_string_allocate+0x42f) [0x81aa1ff]
   #7 smbd(push_ucs2_allocate+0x49) [0x81aaa89]
   #8 smbd(unix_strupper+0x24) [0x81aa344]
   #9 smbd(strupper_m+0x42) [0x81b6f42]
   #10 smbd [0x80d14aa]
   #11 smbd [0x80d1f12]
   #12 smbd(mangle_map+0x82) [0x80cfe22]
   #13 smbd [0x80abfc6]
   #14 smbd [0x80acf7e]
   #15 smbd(reply_trans2+0x6c7) [0x80b5197]
   #16 smbd [0x80c85e3]
   #17 smbd [0x80c87d9]
   #18 smbd(process_smb+0x89) [0x80c89e9]
   #19 smbd(smbd_process+0x167) [0x80c9627]
   #20 smbd(main+0x4c0) [0x8229310]
   #21 smbd(__libc_start_main+0xa4) [0x420158d4]
   #22 smbd(ldap_msgfree+0x7d) [0x8076ec1]
[2003/12/04 08:47:44, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/12/04 08:47:44, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 1673 (3.0.1pre3)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/12/04 08:47:44, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/12/04 08:47:44, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/12/04 08:47:44, 0] lib/util.c:smb_panic(1408)
  BACKTRACE: 15 stack frames:
   #0 smbd(smb_panic+0x11c) [0x81bda0c]
   #1 smbd [0x81ac3f2]
   #2 smbd [0x42028c48]
   #3 smbd [0x42073ab7]
   #4 smbd(malloc+0x95) [0x42073155]
   #5 smbd(Realloc+0xd7) [0x81bcfe7]
   #6 smbd [0x80ad501]
   #7 smbd(reply_trans2+0x709) [0x80b51d9]
   #8 smbd [0x80c85e3]
   #9 smbd [0x80c87d9]
   #10 smbd(process_smb+0x89) [0x80c89e9]
   #11 smbd(smbd_process+0x167) [0x80c9627]
   #12 smbd(main+0x4c0) [0x8229310]
   #13 smbd(__libc_start_main+0xa4) [0x420158d4]
   #14 smbd(ldap_msgfree+0x7d) [0x8076ec1]
[2003/12/04 10:06:24, 0] smbd/service.c:make_connection(857)
  mercury (192.168.1.11) couldn't find service olek
[2003/12/04 10:06:24, 0] smbd/service.c:make_connection(857)
  mercury (192.168.1.11) couldn't find service olek
[2003/12/04 10:06:58, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/12/04 10:06:58, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 9497 (3.0.1pre3)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/12/04 10:06:58, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/12/04 10:06:58, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/12/04 10:06:58, 0] lib/util.c:smb_panic(1408)
  BACKTRACE: 14 stack frames:
   #0 smbd(smb_panic+0x11c) [0x81bda0c]
   #1 smbd [0x81ac3f2]
   #2 smbd [0x42028c48]
   #3 smbd(__libc_free+0x7c) [0x42074a2c]
   #4 smbd(file_free+0xac) [0x807fa7c]
   #5 smbd [0x80baf82]
   #6 smbd(reply_close+0xe5) [0x80a2845]
   #7 smbd [0x80c85e3]
   #8 smbd [0x80c87d9]
   #9 smbd(process_smb+0x89) [0x80c89e9]
   #10 smbd(smbd_process+0x167) [0x80c9627]
   #11 smbd(main+0x4c0) [0x8229310]
   #12 smbd(__libc_start_main+0xa4) [0x420158d4]
   #13 smbd(ldap_msgfree+0x7d) [0x8076ec1]
Comment 5 Olaf Fraczyk 2003-12-09 06:00:16 UTC
Hi,

This is reproducible.
I think it is caused by problems with UTF/ISO-8859-2 handling:

My current setup is to have UTF-8 on Linux side.
However we have old files with names which contain ISO-8859-2 characters.
I am able to PANIC samba if I search for a file, and the directory contains
files with ISO-8859-2 characters. The PANIC is about 1 time for 10 searches.
I attache directory listing, and samba log with debug 10.
The listing is encoded with ISO-8859-2.
Comment 6 Olaf Fraczyk 2003-12-09 06:04:04 UTC
Created attachment 309 [details]
directory listing with iso-8859-2
Comment 7 Olaf Fraczyk 2003-12-09 06:05:20 UTC
Created attachment 310 [details]
log with debug level 10
Comment 8 Gerald (Jerry) Carter (dead mail address) 2004-01-14 13:09:29 UTC
you will need to convert the old file names to UTF format.
I don't believe there is any way around this.
Comment 9 Olaf Fraczyk 2004-02-02 01:23:57 UTC
Converting filenames is not the correct solution.
It only hides the bug.
You want to treat filenames as trusted data. But they are not.

With your solution every user will be able to crash samba creating filenames
with encoding other than UTF-8. And any local (linux) user is able to do it.

Samba should return an error, but not crash.

Comment 10 Andrew Bartlett 2004-02-03 23:38:07 UTC
*** Bug 360 has been marked as a duplicate of this bug. ***
Comment 11 Jeremy Allison 2004-02-05 11:32:16 UTC
I'm pretty sure I have fixed this with my recent changes to lib/charcnv.c and
lib/util_str.c in the SAMBA_3_0 CVS (4th Feb 2004). I am closing this bug. This
code change may make 3.0.2 (depends on Jerry) - will definately be in 3.0.3.
Jeremy.
Comment 12 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:20:34 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 13 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:24:13 UTC
database cleanup