Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 283919

Summary: net-fs/samba-server-3.3.7 smbd crashes (signal 11) in dns_register_smbd_reply
Product: Gentoo Linux Reporter: Timothy Miller <theosib>
Component: [OLD] ServerAssignee: Gentoo's SAMBA Team <samba>
Severity: critical CC: ashl1future
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Attachments: Patch fixing smbd crashes in dns_register_smbd_reply

Description Timothy Miller 2009-09-07 02:47:01 UTC
For no reason that I can discover, my smb server has started crashing
on me.  The only thing I did was update to 2.6.30-gentoo-r6, and I removed a kernel option related to sysfs.  

This is the relevant portion of the log:

[2009/09/06 22:24:44,  0] smbd/server.c:main(1274)
 smbd version 3.3.7 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2009
[2009/09/06 22:24:44,  0] printing/print_cups.c:cups_connect(103)
 Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No
such file or directory
[2009/09/06 22:24:44,  0] printing/print_cups.c:cups_connect(103)
 Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No
such file or directory
[2009/09/06 22:26:09,  0] smbd/server.c:main(1274)
 smbd version 3.3.7 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2009
[2009/09/06 22:26:09,  0] printing/print_cups.c:cups_connect(103)
 Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No
such file or directory
[2009/09/06 22:26:09,  0] printing/print_cups.c:cups_connect(103)
 Unable to connect to CUPS server /var/run/cups/cups.sock:631 - No
such file or directory
[2009/09/06 22:26:43,  0] lib/fault.c:fault_report(40)
[2009/09/06 22:26:43,  0] lib/fault.c:fault_report(41)
 INTERNAL ERROR: Signal 11 in pid 16066 (3.3.7)
 Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/09/06 22:26:43,  0] lib/fault.c:fault_report(43)

[2009/09/06 22:26:43,  0] lib/fault.c:fault_report(44)
[2009/09/06 22:26:43,  0] lib/util.c:smb_panic(1673)
 PANIC (pid 16066): internal error
[2009/09/06 22:26:43,  0] lib/util.c:log_stack_trace(1777)
 BACKTRACE: 8 stack frames:
  #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x7f4fdfff6b10]
  #1 /usr/sbin/smbd(smb_panic+0x5b) [0x7f4fdfff6c1d]
  #2 /usr/sbin/smbd [0x7f4fdffe3e71]
  #3 /lib/ [0x7f4fde09bef0]
  #4 /usr/sbin/smbd(dns_register_smbd_reply+0x1c) [0x7f4fdfe59e3b]
  #5 /usr/sbin/smbd(main+0x16e8) [0x7f4fe01f05cc]
  #6 /lib/ [0x7f4fdca49a26]
  #7 /usr/sbin/smbd [0x7f4fdfde1339]
[2009/09/06 22:26:43,  0] lib/fault.c:dump_core(231)
 dumping core in /var/log/samba/cores/smbd

I don't get much out of gdb:

#0  0x00007f4fdca5d645 in raise (sig=<value optimized out>) at
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
       in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) where
#0  0x00007f4fdca5d645 in raise (sig=<value optimized out>) at
#1  0x00007f4fdca5eb63 in abort () at abort.c:88
#2  0x00007f4fdffe38db in dump_core () at lib/fault.c:242
#3  0x00007f4fdfff6d3b in smb_panic (why=<value optimized out>) at
#4  0x00007f4fdffe3e71 in sig_fault (sig=11) at lib/fault.c:46
#5  <signal handler called>
#6  dns_register_smbd_reply (dns_state=0x0, lfds=0x7ffff4963ed0,
timeout=0x7ffff4964060) at smbd/dnsregister.c:171
#7  0x00007f4fe01f05cc in main (argc=<value optimized out>,
argv=<value optimized out>) at smbd/server.c:689

Other things:

- I did try stopping and restarting the service
- I ran testparm, and it says my config is fine

Reproducible: Always

Portage (default/linux/amd64/2008.0, gcc-4.4.1, glibc-2.10.1-r0, 2.6.30-gentoo-r6 x86_64)
System uname: Linux-2.6.30-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9450_@_2.66GHz-with-gentoo-2.0.1
Timestamp of tree: Sun, 06 Sep 2009 07:00:20 +0000
app-shells/bash:     4.0_p28
dev-java/java-config: 2.1.9
dev-lang/python:     2.6.2-r1, 3.1.1
dev-util/cmake:      2.6.4-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    2.1
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-O2 -march=core2 -ggdb -pipe"
CONFIG_PROTECT="/etc /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=core2 -ggdb -pipe"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch"
LINGUAS="en en_US"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="X a52 aac acl acpi alsa amd64 apache2 bash-completion berkdb bidi bzip2 cairo cdda cdio cdr cli cracklib crypt ctype cups dbus dri dts dvd dvdr encode fbcon ffmpeg filter flac fortran freetype gcj gd gdbm gnutls gpm hal httpd iconv ipv6 isdnlog jadetex java jpeg jpeg2k kde kde4 kerberos lame lapack ldap live lm_sensors mad matroska mjpeg mmx mng mp3 mpeg mudflap multilib mysql mysqli ncurses nls nptl nptlonly ogg oggvorbis opengl openmp openssl pam pcre perl php png pppd python qt3support qt4 quicktime readline reflection ruby samba session spl sql sse sse2 sse3 ssl stream svg sysfs tcpd theora threads tiff tk truetype unicode utempter vcd vlm vorbis webkit wxwindows x264 xorg xv xvid zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US" USERLAND="GNU" VIDEO_CARDS="radeon radeonhd"
Comment 1 Timothy Miller 2009-09-07 03:04:20 UTC
More info:  

smbd doesn't crash until a client attempts to connect.

And this is apparently where the crash occurs:

#6  dns_register_smbd_reply (dns_state=0x0, lfds=0x7fff36e756e0, timeout=0x7fff36e75870) at smbd/dnsregister.c:171
Comment 2 Timothy Miller 2009-09-07 03:51:35 UTC
I did some more digging, and I think I found the bug.

In server.c, there's this code:

static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ports)
       struct dns_reg_state * dns_reg = NULL;

... nothing that modifies dns_reg ...

               /* process pending nDNS responses */
               if (dns_register_smbd_reply(dns_reg, &r_fds, &idle_timeout)) {

Then the function dns_register_smbd_reply (disregister.c) blindly rereferences the first argument:

bool dns_register_smbd_reply(struct dns_reg_state *dns_state,
               fd_set *lfds, struct timeval *timeout)
       int mdnsd_conn_fd = -1;

       if (dns_state->srv_ref == NULL) {
               return false;

I definitely think this is a bug.  

I don't know what's changed to cause this to pop up now, but can anyone help me to figure out why suddenly this is happening when it didn't before?  Someone suggested a glibc update might have caused this.
Comment 3 Timothy Miller 2009-09-07 04:09:24 UTC
I've filed this report on samba's bugzilla:

However, I expect they'll blow me off since 3.3.7 isn't their latest version, leaving it up to Gentoo devs to bump versions or patch it.
Comment 4 Timothy Miller 2009-09-07 04:49:49 UTC
This "patch" solves the problem:

bool dns_register_smbd_reply(struct dns_reg_state *dns_state,
                fd_set *lfds, struct timeval *timeout)
        int mdnsd_conn_fd = -1;

+        if (!dns_state) return false;
        if (dns_state->srv_ref == NULL) {
                return false;

Comment 5 Wormo (RETIRED) gentoo-dev 2009-09-13 20:03:35 UTC
Thanks for reporting the problem, and providing your fix! Assigning to samba team.
Comment 6 Víctor Ostorga (RETIRED) gentoo-dev 2009-09-14 15:02:30 UTC
Timothy, which were the USE flags used to build samba?
Comment 7 Timothy Miller 2009-09-14 17:28:38 UTC
My emerge info is here, but I think the relevant ones are "acl cups ldap zeroconf".  It didn't initially have "cups", but I added it make it stop complaining about that.

Note that I hadn't changed any of those before the last update.
Comment 8 Víctor Ostorga (RETIRED) gentoo-dev 2009-09-15 15:11:41 UTC
Created attachment 204206 [details, diff]
Patch fixing smbd crashes in dns_register_smbd_reply

This is the patch as shown in samba bugzilla.
Let's wait for its approval to include it in portage
Comment 9 Víctor Ostorga (RETIRED) gentoo-dev 2009-10-08 18:21:22 UTC
Thanks for the heads up!

+  08 Oct 2009; Víctor Ostorga <>
+  samba-server-3.3.7-r1.ebuild,
+  +files/3.3/samba-server-3.3.7-dns-register.patch,
+  samba-server-3.3.8.ebuild:
+  Fixing signal 11 in dns_register_smbd_reply, patch thanks to Timothy
+  Miller <> bug 283919