Created attachment 63514 [details]
strace -f smbtree output

Just upgraded samba to latest unstable version 3.0.14a-r1 and it does not work
too. Same crashes as previous stable 3.0.10.

Maybe this is specific problem of my system (due to -ftracer flag (?)). And it
seems that it is not "bug" in Samba but in glibc. See discusion on gentoo-user
(http://thread.gmane.org/gmane.linux.gentoo.user/135549). You can close this bug
as INVALID or WORKSFORME if you decide. Maybe guys from toolchain will want to
look so I added them to CC.

Comment 4 SpanKY 2005-07-17 22:35:43 UTC

works for me ... ftracer isnt really supported in gcc-3.4 ...

iirc it's much more stable in gcc-4

I can reproduce this bug in chrooted environment with fresh gentoo instalation 
from stage3.

The main problem are the environment variables LC_COLLATE and LC_CTYPE which I 
have set to value sk_SK. I did following steps to reproduce the bug (doing from 
current gentoo environment):

1. untar stage3-amd64-2005.0.tar.bz2 and portage snapshot to some empty partion 
(/mnt/gentoo)
2. set USE, CFLAGS, CHOST variables in make.conf (see emerge --info)
3. set variables LC_COLLATE=sk_SK and LC_CTYPE=sk_SK (in new file -
/mnt/gentoo/etc/env.d/000mybasic)
4. chroot to /mnt/gentoo as described in handbook
5. emerge --sync, choose profile, upgrade baselayout as in handbook
6. emerge -u world, emerge samba
7. run some samba command, e.g. smbtree - it should crash

When I remove LC_* variables from 000mybasic and then do:

1. env-update
2. emerge binutils linux-headers glibc

samba works correctly.


emerge --info of chrooted environment:

Portage 2.0.51.22-r1 (default-linux/amd64/2005.0, gcc-3.4.3, glibc-2.3.5-r0, 
2.6.12-gentoo-r4 x86_64)
=================================================================
System uname: 2.6.12-gentoo-r4 x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.6.12
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.10
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=athlon64 -fomit-frame-pointer -fweb -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share
/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/shar
e/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon64 -fomit-frame-pointer -fweb -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo 
http://distfiles.gentoo.org 
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 3dnowex Xaw3d a52 aac aalib aim alsa avi bash-completion berkdb 
bitmap-fonts bluetooth bzlib cdparanoia cdr crypt cups dga dts dv dvd dvdr edl 
encode ethereal exif fbcon ffmpeg flac flash font-server foomaticdb fortran ftp 
gif gimpprint gphoto2 gpm gtk gtk2 iconv icq imagemagic imap imlib ipv6 jabber 
jack jbig jpeg ladcca lcms leim libcaca live lm_sensors lzw lzw-tiff mad 
maildir matroska mikmod mime mng mozsvg mp3 mpeg msn mule ncurses network nls 
nvidia ofx ogg oggvorbis opengl oscar pam pda pdflib perl png pnp portaudio 
ppds python qt quicktime readline real recode rtc samba sdl snmp sockets sox 
speex spell ssl svg tcltk tcpd theora tiff truetype truetype-fonts type1-fonts 
unicode usb userlocales vcd vorbis wmf wxwindows xface xmms xosd xpm xv xvmc 
yahoo zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

I can confirm that this bug is indeed real, as I have the exact same problem
here. I recompiled most of my system due to the hassle with com_err and
mit-krb5, and this came up after recompiling samba & glibc. I now suspect that
glibc is the real culprit, but alas I'm no programmer...

CFLAGS="-O2 -pipe -march=k8", gcc-3.4.4, glibc-2.3.5, binutils-2.16.1,
hardened-sources-2.6.11-r15, 2.6.11-headers

In my case the trace ends with /usr/lib64/gconv/IBM850.so, and replacing that
file with one from stage3 tarball FIXES the problem. That is of course just a
temporary fix, but will work for someone in a pinch.

Additionally, this bug crops up with every samba version now available in
portage (tested), and also with samba-3.0.20pre2 (latest test release).
Replacing glibc files with older versions to fix a problem like this really
seems, well, I dunno :-)

Comment 8 Martin Schlemmer (RETIRED) 2005-08-01 08:35:01 UTC

Two questions:

1) How do you make sure IBM85[02].so is used ?
2) Anybody tried to remerge glibc with gcc-3.4.4 ?  Or maybe upgrade to 2.3.5-r1?

Comment 9 Seemant Kulleen (RETIRED) 2005-08-01 13:11:13 UTC

Mikko, Robert: please see and respond to comment #8

From my posts, you see that I'm using glibc-2.3.5 and gcc-3.4.4 (both hardened).
Upgrading to glibc-2.3.5-r1 does not solve the problem, but (in my case)
replacing the IBM850.so solves it. I have both straced and gdb'd samba's
corefiles many times, compiled with different CFLAGS+debug combinations. The
same crash happens every time.

I started a thread in the forums a while ago about this; there's more info about
how I traced this crash: http://forums.gentoo.org/viewtopic-t-361176.html

How should I proceed to exact the most of debugging information about this?

1. I saw that strace always ends near to

open("/usr/lib64/gconv/IBM852.so", O_RDONLY) = 2

so I've tried to replace it (with the one from live CD) and it works.


2. I did not tried newer versions of glibc/gcc. I've only tried to downgrade to 
glibc-2.3.4.20041102-r1 but it did not work (samba still crashed).

Created attachment 64933 [details]
readelf differences between a broen and working (stage3) file

This is a unified diff of "readelf -a" output between the working (original
stage3 tarball IBM850.so) and broken library in glibc-2.3.5-r1. Don't know if
that helps, but just tell me what to do/debug and I'll do it.

Comment 13 Seemant Kulleen (RETIRED) 2005-08-03 06:37:21 UTC

seems like a hardened toolchain thing, reassigning to hardened, putting
toolchain in cc.

Note that I have normal instalation, not hardened. See comment #5 and original
report.

I prepared a chroot and populated its toolchain + relevant system software with
the exact same versions as are on the host system. I installed from stage3
tarball, but with one exception: I used default-linux/amd64/2004.3 profile. With
that exception the chroot is identical to the host system (same USE and CFLAGS etc).

Compiling glibc-2.3.5 and glibc-2.3.5-r1 in this chroot both produce a working
IBM850.so file. Meaning that samba works if I copy over the file from chroot to
the host system.

This leads me to believe that not everything is yet right with the 2005.0
profile (maybe multilib setup is botched somehow). This, and the inability to
compile glibc-2.3.5-r1 again under itself (long double error during linuxthreads
configure, conftest complains about a corrupted shared library) in my opinion
point to a more fundamental problem (perhaps incorrect 32-bit library handling).

Samba was working fine until I emerged updated to samba-3.0.20-r1 last night,
now I get the same error messages as the original post.

Replacing /usr/lib64/gconv/IBM852.so by the one in stage3 does not work for me.
I'm wondering wether this would not come from what causes from misuses of
pointer to integers. For me, it seems to crash in nt_printing.c
(upgrade_to_version_4)? I found in the callback it uses this:
int32 size_new_sec;
...
make_sec_desc(..., &size_new_sec);
This function requires a size_t* argument, not an int32* and on amd64, this is
not the same thing size_t being unsigned long int i.e. uint64 !
Seems that there are other occurences of such a problem.

Confirmed. If I replace int32 by size_t at nt-printing.c line 345, it does not
crash anymore.
I filed #3084 at bugzilla.samba.org

(In reply to comment #16)
> Samba was working fine until I emerged updated to samba-3.0.20-r1 last night,
> now I get the same error messages as the original post.

Are they going to downgrade Samba 3.0.20 in ~amd64 portage?

Dowgrading would not help. The bug has been fixed upstream.

3.0.20-r1 doesn't work for me either, 3.0.14a-r3 does.
Shouldn't 3.0.20-r1 be masked for amd64?

Comment 22 SpanKY 2005-09-22 12:08:19 UTC

can you post the URL to the bug and/or patch ?

either way, not a bug in toolchain and seems to be a bug which comes up on 64bit
arches, not just amd64

https://bugzilla.samba.org/show_bug.cgi?id=3084

Comment 24 Christian Andreetta (RETIRED) 2005-10-14 06:43:08 UTC

Thanks: I just bumped samba-3.0.20b, which includes the fix. Could you please
check it?

(In reply to comment #24)
> Thanks: I just bumped samba-3.0.20b, which includes the fix. Could you please
> check it?

samba-3.0.20b does NOT fix the problem for me. glibc-2.3.5-r3, gcc-3.4.4,
samba-3.0.20b --> same problem as before. In strace output, as soon as execution
hits "/usr/lib64/gconv/IBM850.so", samba throws a SIGSEGV. As before, replacing
the library with one from stage3 tarball FIXES the crash.

Just let me know what information you need to fix this. I'll help in any way I can.

=======================================
[2005/12/09 07:52:32, 0] lib/util.c:smb_panic2(1548)
  PANIC: internal error
[2005/12/09 07:52:32, 0] lib/util.c:smb_panic2(1556)
  BACKTRACE: 19 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x83) [0xfa7abc82253]
   #1 /usr/sbin/smbd(smb_panic+0x1d) [0xfa7abc8244d]
   #2 /usr/sbin/smbd [0xfa7abc6980f]
   #3 /usr/lib64/tls/libc.so.6 [0x39995e50ec10]
   #4 /usr/lib64/gconv/IBM850.so(gconv+0x1b4) [0x39995e9a79c4]
   #5 /usr/lib64/gconv/UTF-16.so(gconv+0x759) [0x39995e8a4149]
   #6 /usr/lib64/tls/libc.so.6 [0x39995e4fd818]
   #7 /usr/lib64/tls/libc.so.6(iconv+0x6b) [0x39995e4fcddb]
   #8 /usr/sbin/smbd [0xfa7abc91b53]
   #9 /usr/sbin/smbd(smb_iconv+0x11b) [0xfa7abc91cdb]
   #10 /usr/sbin/smbd [0xfa7abc65d53]
   #11 /usr/sbin/smbd(convert_string+0x1d8) [0xfa7abc66338]
   #12 /usr/sbin/smbd(init_doschar_table+0x79) [0xfa7abc7c2f9]
   #13 /usr/sbin/smbd(init_iconv+0x2cb) [0xfa7abc65beb]
   #14 /usr/sbin/smbd(lp_load+0xc52) [0xfa7abae31d2]
   #15 /usr/sbin/smbd(reload_services+0x67) [0xfa7abd0d137]
   #16 /usr/sbin/smbd(main+0x21a) [0xfa7abd0e37a]
   #17 /usr/lib64/tls/libc.so.6(__libc_start_main+0xe4) [0x39995e4fc6a4]
   #18 /usr/sbin/smbd [0xfa7abad6c8a]
=========================================

The bug is still present in samba-3.0.22-r3 and glibc-2.3.6-r4.

(In reply to comment #26)
> The bug is still present in samba-3.0.22-r3 and glibc-2.3.6-r4.
> 

Also have same bug in 3.0.23a

[2006/10/19 12:46:26, 0] lib/util.c:smb_panic(1592)
  PANIC (pid 24409): internal error
[2006/10/19 12:46:26, 0] lib/util.c:log_stack_trace(1699)
  BACKTRACE: 19 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x555555729bec]
   #1 /usr/sbin/smbd(smb_panic+0x43) [0x555555729cd3]
   #2 /usr/sbin/smbd [0x5555557185a2]
   #3 /lib/libc.so.6 [0x2ac8392905d0]
   #4 /usr/lib64/gconv/IBM850.so(gconv+0x1cb) [0x2ac8397b48fb]
   #5 /usr/lib64/gconv/UTF-16.so(gconv+0x30c) [0x2ac8396b0cbc]
   #6 /lib/libc.so.6 [0x2ac83927f078]
   #7 /lib/libc.so.6(iconv+0x6f) [0x2ac83927e68f]
   #8 /usr/sbin/smbd [0x555555736ce0]
   #9 /usr/sbin/smbd(smb_iconv+0x56) [0x555555736316]
   #10 /usr/sbin/smbd [0x555555715c25]
   #11 /usr/sbin/smbd(convert_string+0x1d2) [0x5555557161c2]
   #12 /usr/sbin/smbd(init_doschar_table+0x67) [0x555555725fa7]
   #13 /usr/sbin/smbd(init_iconv+0xe5) [0x555555714e95]
   #14 /usr/sbin/smbd(lp_load+0xca5) [0x5555555b3045]
   #15 /usr/sbin/smbd(reload_services+0x7d) [0x5555557a33ad]
   #16 /usr/sbin/smbd(main+0x49e) [0x5555557a397e]
   #17 /lib/libc.so.6(__libc_start_main+0xf4) [0x2ac83927e134]
   #18 /usr/sbin/smbd [0x5555555aa049]

Comment 28 Jakub Moc (RETIRED) 2007-06-30 23:39:44 UTC

If you still have the problem w/ 3.0.24-r3, then reopen the bug. Cannot reproduce at all.

I can not reproduce it either (with samba 3.0.24-r3 and glibc-2.5-r3). It seems fixed.