[Pkg-samba-maint] Bug#526325: samba: update on segfault in rep_strlcpy

Bogdan do.it at i.ua
Thu Oct 1 20:54:27 UTC 2009 

Package: samba
Version: 2:3.3.4-1
Severity: normal


I've got that panic email again:
0x00007fe12a9eb0b5 in waitpid () from /lib/libc.so.6
#0  0x00007fe12a9eb0b5 in waitpid () from /lib/libc.so.6
#1  0x00007fe12a98c6b1 in ?? () from /lib/libc.so.6
#2  0x00000000006ac780 in smb_panic (why=<value optimized out>)
    at lib/util.c:1679
#3  0x0000000000698a07 in fault_report (sig=11) at lib/fault.c:46
#4  sig_fault (sig=11) at lib/fault.c:69
#5  <signal handler called>
#6  0x0000000000683da9 in rep_strlcpy (d=0x7fff49d3788c "", s=0x0, bufsize=256)
    at lib/replace/replace.c:64
#7  0x00000000006ba12e in connections_fetch_entry (mem_ctx=0x0,
    conn=<value optimized out>, name=0x0) at lib/conn_tdb.c:65
#8  0x000000000048f629 in yield_connection (conn=0x12d9ad0, name=0x0)
    at smbd/connection.c:33
#9  0x00000000004f2b4c in close_cnum (conn=0x12d9ad0, vuid=0)
    at smbd/service.c:1328
#10 0x00000000004b2a65 in reply_tdis (req=0x12d49f0) at smbd/reply.c:4605
#11 0x00000000004f04f7 in switch_message (type=113 'q', req=0x12d49f0,
    size=<value optimized out>) at smbd/process.c:1486
#12 0x00000000004f2895 in construct_reply () at smbd/process.c:1509
#13 process_smb () at smbd/process.c:1566
#14 smbd_process () at smbd/process.c:1934
#15 0x00000000008c2391 in main (argc=<value optimized out>, argv=0x2)
    at smbd/server.c:1523

Grepping by PID took me to log.asteroid file, which ends with these lines:
[2009/10/01 22:54:00,  3] smbd/process.c:process_smb(1554)
  Transaction 3848 of length 45 (0 toread)
[2009/10/01 22:54:00,  3] smbd/process.c:switch_message(1378)
  switch message SMBclose (pid 15974) conn 0x12d9ad0
[2009/10/01 22:54:00,  0] lib/substitute.c:alloc_sub_basic(561)
  alloc_sub_basic: NULL source string!  This should not happen
[2009/10/01 22:54:00,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2009/10/01 22:54:00,  3] smbd/reply.c:reply_close(4353)
  close fd=36 fnum=4699 (numopen=1)
[2009/10/01 22:54:00,  2] smbd/close.c:close_normal_file(606)
  nobody closed file some DVD/Новая папка/Just one last Dance.mp3 (numopen=0) NT_STATUS_OK
[2009/10/01 22:54:00,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/01 22:54:11,  3] smbd/process.c:process_smb(1554)
  Transaction 3849 of length 39 (0 toread)
[2009/10/01 22:54:11,  3] smbd/process.c:switch_message(1378)
  switch message SMBtdis (pid 15974) conn 0x12d9ad0
[2009/10/01 22:54:11,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/01 22:54:11,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/01 22:54:11,  1] smbd/service.c:close_cnum(1323)
[2009/10/01 22:54:11,  0] lib/substitute.c:alloc_sub_basic(561)
  alloc_sub_basic: NULL source string!  This should not happen
  asteroid (::ffff:192.168.1.13) closed connection to service (null)
[2009/10/01 22:54:11,  0] lib/substitute.c:alloc_sub_basic(561)
  alloc_sub_basic: NULL source string!  This should not happen
[2009/10/01 22:54:11,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to (null)
[2009/10/01 22:54:11,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/10/01 22:54:11,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 15974 (3.3.4)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/10/01 22:54:11,  0] lib/fault.c:fault_report(43)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/10/01 22:54:11,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/10/01 22:54:11,  0] lib/util.c:smb_panic(1673)
  PANIC (pid 15974): internal error
[2009/10/01 22:54:11,  0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 14 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x6ac605]
   #1 /usr/sbin/smbd(smb_panic+0x5b) [0x6ac713]
   #2 /usr/sbin/smbd [0x698a07]
   #3 /lib/libpthread.so.0 [0x7fe12c5d3720]
   #4 /usr/sbin/smbd(rep_strlcpy+0x25) [0x683da9]
   #5 /usr/sbin/smbd(connections_fetch_entry+0x64) [0x6ba12e]
   #6 /usr/sbin/smbd(yield_connection+0x66) [0x48f629]
   #7 /usr/sbin/smbd(close_cnum+0x14c) [0x4f2b4c]
   #8 /usr/sbin/smbd(reply_tdis+0x82) [0x4b2a65]
   #9 /usr/sbin/smbd [0x4f04f7]
   #10 /usr/sbin/smbd(smbd_process+0xdaf) [0x4f2895]
   #11 /usr/sbin/smbd(main+0x228d) [0x8c2391]
   #12 /lib/libc.so.6(__libc_start_main+0xe6) [0x7fe12a96c5c6]
   #13 /usr/sbin/smbd [0x47e929]
[2009/10/01 22:54:11,  0] lib/util.c:smb_panic(1678)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 15974]
[2009/10/01 22:54:13,  0] lib/util.c:smb_panic(1686)
  smb_panic(): action returned status 0
[2009/10/01 22:54:13,  0] lib/fault.c:dump_core(231)
  dumping core in /var/log/samba/cores/smbd

The "NULL source string! this shouldn't happen" message seems
to be pretty frequent in the log file, but it doesn't always
lead to samba segfault.

'asteroid' is a Vista laptop.
Another client (WinXP), which was "listening" mp3s from my computer
with several players in parallel for 7+ hours (just for testing)
did not cause any errors.

Let me know if there is anything else I can do.

More information about the Pkg-samba-maint mailing list