Bug 966 - Internal error (malloc / glibc?)
Summary: Internal error (malloc / glibc?)
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-13 08:00 UTC by Ragnar Holjand Espinosa
Modified: 2005-11-14 09:28 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ragnar Holjand Espinosa 2004-01-13 08:00:01 UTC 
I'm not enterily sure hows that malloc is there (glibc?), so I spent a while
trying to find the code path just in case it helps. Note its manual work as the
binary is optimized, and there's no available corefile.

reply_trans2 -> call_trans2findfirst -> get_lanman2_dir_entry:542 -> mangle_map
-> mangle_map_filename -> lp_mangled_map -> lp_string -> talloc_strdup -> talloc

[0x81c2e94] is fault_setup

[2004/01/12 00:15:57, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/01/12 00:15:57, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 2077 (3.0.0)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/01/12 00:15:57, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/01/12 00:15:57, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2004/01/12 00:15:57, 0] lib/util.c:smb_panic(1407)
  BACKTRACE: 18 stack frames:
   #0 /usr/sbin/smbd(smb_panic+0x11d) [0x81d561d]
   #1 /usr/sbin/smbd [0x81c2e94]
   #2 /lib/libc.so.6 [0x400aadb8]
   #3 /lib/libc.so.6(malloc+0xa1) [0x400f65d1]
   #4 /usr/sbin/smbd(talloc+0x4a) [0x81dc17a]
   #5 /usr/sbin/smbd(talloc_strdup+0x30) [0x81dc840]
   #6 /usr/sbin/smbd [0x807871f]
   #7 /usr/sbin/smbd(mangle_map_filename+0x17) [0x80d1647]
   #8 /usr/sbin/smbd(mangle_map+0x6c) [0x80d05ac]
   #9 /usr/sbin/smbd [0x80b247f]
   #10 /usr/sbin/smbd [0x80aa20d]
   #11 /usr/sbin/smbd(reply_trans2+0x749) [0x80a8119]
   #12 /usr/sbin/smbd [0x80c922f]
   #13 /usr/sbin/smbd(process_smb+0x1d0) [0x80c7b20]
   #14 /usr/sbin/smbd(smbd_process+0x1ab) [0x80c829b]
   #15 /usr/sbin/smbd(main+0x4cd) [0x823d81d]
   #16 /lib/libc.so.6(__libc_start_main+0xc7) [0x400977a7]
   #17 /usr/sbin/smbd(yp_get_default_domain+0x79) [0x8071c21]
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-01-14 20:45:19 UTC 
The crash in malloc would indicate heap corruption
(a double free() somewhere perhaps).  Do you have any 
filenames that are not in the unix charset from smb.conf?
You should also retest 3.0.2pre1 since there has been a lot
or work done since 3.0.0.  Please reopen if you can reproduce 
this against 3.0.2pre1 (or the final 3.0.2 when it is released).
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:24:19 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:19 UTC 
database cleanup