Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc, num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages.c:395 395 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) where #0 0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc, num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages.c:395 #1 0x00007fd4c2be434a in msg_dgm_ref_recv (ev=0x562c18d05890, msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc, num_fds=0, private_data=<optimized out>) at ../../source3/lib/messages_dgm_ref.c:144 #2 0x00007fd4c2be3094 in messaging_dgm_read_handler (ev=0x562c18d05890, fde=0x562c18d1c160, flags=<optimized out>, private_data=<optimized out>) at ../../source3/lib/messages_dgm.c:1294 #3 0x00007fd4c32550de in tevent_common_invoke_fd_handler (fde=fde@entry=0x562c18d1c160, flags=<optimized out>, removed=removed@entry=0x0) at ../../tevent_fd.c:138 #4 0x00007fd4c325a8c1 in epoll_event_loop (epoll_ev=0x562c18d1bcc0, tvalp=0x7ffd31fced40) at ../../tevent_epoll.c:736 #5 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:937 #6 0x00007fd4c32595f8 in std_event_loop_once (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359") at ../../tevent_standard.c:110 #7 0x00007fd4c32543a8 in _tevent_loop_once (ev=ev@entry=0x562c18d05890, location=location@entry=0x562c17636b90 "../../source3/smbd/server.c:1359") at ../../tevent.c:772 #8 0x00007fd4c3254602 in tevent_common_loop_wait (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359") at ../../tevent.c:895 #9 0x00007fd4c3259658 in std_event_loop_wait (ev=0x562c18d05890, location=0x562c17636b90 "../../source3/smbd/server.c:1359") at ../../tevent_standard.c:141 #10 0x0000562c1762d688 in smbd_parent_loop (ev_ctx=ev_ctx@entry=0x562c18d05890, parent=<optimized out>) at ../../source3/smbd/server.c:1359 #11 0x0000562c1762cb6d in main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2197 Reproducible: Always build use flag: [ebuild R ] net-fs/samba-4.12.9-r1::gentoo USE="acl ldap pam python syslog system-mitkrb5 systemd -addc -addns -ads -ceph -client -cluster -cups -debug (-dmapi) (-fam) -gpg -iprint -json -profiling-data -quota (-selinux) -snapper (-system-heimdal) (-test) -winbind -zeroconf" ABI_X86="(64) -32 (-x32)" PYTHON_SINGLE_TARGET="python3_8 -python3_7" 0 KiB # gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/9.3.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-9.3.0-r2/work/gcc-9.3.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/9.3.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/include/g++-v9 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/python --enable-languages=c,c++,jit,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 9.3.0-r2 p4' --enable-esp --enable-libstdcxx-time --disable-libstdcxx-pch --enable-host-shared --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-fixed-point --enable-targets=all --enable-libgomp --disable-libssp --disable-libada --enable-systemtap --enable-vtable-verify --enable-lto --without-isl --enable-default-pie --enable-default-ssp Thread model: posix gcc version 9.3.0 (Gentoo Hardened 9.3.0-r2 p4) # clang -v clang version 11.0.0 Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/lib/llvm/11/bin Selected GCC installation: /usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0 Candidate multilib: .;@m64 Candidate multilib: 32;@m32 Selected multilib: .;@m64
Created attachment 686460 [details] asm of source3/lib/messages.c from clang
Created attachment 686463 [details] asm of source3/lib/messages.c from gcc
> Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x00007fd4c369760b in messaging_recv_cb (ev=0x562c18d05890, > msg=0x7ffd31fce8c8 "\251\312\001", msg_len=52, fds=0x7ffd31fce8bc, > num_fds=0, private_data=<optimized out>) at > ../../source3/lib/messages.c:395 > 395 int64_t fds64[MIN(num_fds, INT8_MAX)]; line 395 should be 394, I add a printf before the original line.
build w/ clang after apply following patch: diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 63d6362..af508bc 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -391,6 +391,9 @@ static void messaging_recv_cb(struct tevent_context *ev, private_data, struct messaging_context); struct server_id_buf idbuf; struct messaging_rec rec; + #include <unistd.h> + printf("%s:%d %d\n", __FILE__, __LINE__, getpid()); + sleep(10); int64_t fds64[MIN(num_fds, INT8_MAX)]; size_t i; then gdb attach to the pid, and stepi see what happens. a infited loop found: (gdb)stepi 0x00007f0eaeb77845 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77833 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb7783b 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77842 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77845 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77833 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb7783b 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77842 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; (gdb) 0x00007f0eaeb77845 397 int64_t fds64[MIN(num_fds, INT8_MAX)]; disassemble shows: => 0x00007f0eaeb77833 <+163>: movq $0x0,(%rsp) 0x00007f0eaeb7783b <+171>: sub $0x1000,%rsp 0x00007f0eaeb77842 <+178>: cmp %rsp,%rax 0x00007f0eaeb77845 <+181>: jge 0x7f0eaeb77833 <messaging_recv_cb+163> this might be a bug of clang compiler?
problem disappeared after upgrade clang to v11.0.1