SIGBUS Panic in smbd

Ken Weaverling weave at hopi.dtcc.edu
Mon Jun 28 20:54:10 GMT 1999 

On Tue, 29 Jun 1999, Michael Stockman wrote:

> Hello,
> 
> I do apologize for the following, but it is motivated.
> username.c is crap in regards to _Get_Pwnam and the passwd struct!
> 

> The reason for the crashes the this thread started with is that
> ret->pw_passwd is __most__ likely a pointer to a static area and
> calling free on that can cause a crash.

I've seen this myself. I just upgraded to 2.04b from 2.03 on a box that
serves thousands of users.  The panics started to occur.  This is 
a debugger dump.


Frame 0, pc 0x800535c4 (kill+12)
Frame 1, pc 0x80043ca8 (abort+80)
Frame 2, line 2386, routine smb_panic(why=0x001cfd38 -> "internal error"), file util.c
Frame 3, line 47, routine fault_report(sig=11), file fault.c
Error: General register 2 is not readable.
Frame 4, line 66, routine sig_fault(sig=), file fault.c
Frame 5, pc 0x8007e6f8 (__sigacthandler2+64)
Frame 6, pc 0x80060bbc (realloc+2356)
Frame 7, pc 0x80060a1c (realloc+1940)
Frame 8, pc 0x800606c0 (realloc+1080)
Frame 9, pc 0x80060eb4 (realloc+3116)
Frame 10, pc 0x800600f0 (free+544)
Frame 11, pc 0x8005fe94 (malloc+76)
Frame 12, pc 0x80061240 (_findbuf+152)
Frame 13, pc 0x80056ea4 (fgets+172)
Frame 14, pc 0x80068cfc (getpwnam+92)
Error: General register 2 is not readable.
Frame 15, line 169, routine _Get_Pwnam(s=), file username.c
Frame 16, line 195, routine Get_Pwnam(user=0xefffd298 -> "usertemp", allow_change=1), file username.c
Error: General register 3 is not readable.
Frame 17, line 298, routine add_session_user(user=), file password.c
Frame 18, line 267, routine make_connection(service=0xefffebd8 -> "usertemp", user=0xefffefd8 -> "", password=0xeffff3d8 -> "", pwlen=0, dev=0xeffff7d8 -> "A:", vuid=101u, ecode=0xeffffbd8), file service.c
Frame 19, line 316, routine reply_tcon_and_X(conn=0x0021dfe1, inbuf=0x0021dfb1 -> "", outbuf=0x0022e3c1 -> "", length=73, bufsize=61440), file reply.c
Frame 20, line 539, routine switch_message(type=0, inbuf=0x0021dfb1 -> "", outbuf=0x0022e3c1 -> "", size=73, bufsize=61440), file process.c
Frame 21, line 574, routine construct_reply(inbuf=0x0021dfb1 -> "", outbuf=0x0022e3c1 -> "", size=73, bufsize=61440), file process.c
Frame 22, line 642, routine process_smb(inbuf=0x0021dfb1 -> "", outbuf=0x0022e3c1 -> ""), file process.c
Frame 23, line 1027, routine smbd_process(), file process.c
Frame 24, line 717, routine main(argc=2, argv=0xeffffe20), file server.c
Frame 25, pc 0x104104 (_start+416)

This is from a DG/UX m88k system. 

Please consider this a serious problem. SIGBUS isn't a nice thing!

More information about the samba-technical mailing list