Created attachment 698409 [details] Samba config file Description of problem: Samba server is entering into an endless loop while sending "Search Request" packets to a FreeDos mapped driver: Z:\> dir Volume in drive Z: is INSTALL Directory of z:\ . <DIR> 02-16-13 11:53p .. <DIR> 02-16-13 1:43p BIN <DIR> 02-16-13 1:36p BIN <DIR> 02-16-13 1:36p BIN <DIR> 02-16-13 1:36p ... PS.: I double checked that a shared folder on a Windows XP and FreeDos worked as expected. Version-Release number of selected component (if applicable): samba-winbind-clients-4.0.3-1.fc18.x86_64 samba-4.0.3-1.fc18.x86_64 samba-common-4.0.3-1.fc18.x86_64 samba-client-4.0.3-1.fc18.x86_64 samba-libs-4.0.3-1.fc18.x86_64 How reproducible: Always Steps to Reproduce: 1. Boot a FreeDos floppy image with 3COM UNDI driver 2. net use z: \\server\install 3. dir z: Additional info: That's the traffic at the interface: $ tshark -R "ip.addr == 192.168.30.177" -i em1 -n -T text -x Capturing on em1 10.521810 192.168.30.177 -> 192.168.30.170 SMB 115 Search Request, File: \????????.??? 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 65 15 7e 00 00 1e 06 c8 69 c0 a8 1e b1 c0 a8 .e.~.....i...... 0020 1e aa b9 01 00 8b 00 05 7a 26 a0 a3 10 2e 50 18 ........z&....P. 0030 05 aa d8 64 00 00 00 00 00 39 ff 53 4d 42 81 00 ...d.....9.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 08 00 12 ..=.h........... 0060 00 04 5c 3f 3f 3f 3f 3f 3f 3f 3f 2e 3f 3f 3f 00 ..\????????.???. 0070 05 00 00 ... 10.522635 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 8b 40 00 40 06 90 41 c0 a8 1e aa c0 a8 ....@.@..A...... 0020 1e b1 00 8b b9 01 a0 a3 10 2e 00 05 7a 63 50 18 ............zcP. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 08 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0d 00 +..???????????.. 0070 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 ................ 0080 49 4e 53 54 41 4c 4c 00 00 00 00 00 00 INSTALL...... 10.523795 192.168.30.177 -> 192.168.30.170 SMB 115 Search Request, File: \????????.??? 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 65 15 7f 00 00 1e 06 c8 68 c0 a8 1e b1 c0 a8 .e.......h...... 0020 1e aa b9 01 00 8b 00 05 7a 63 a0 a3 10 85 50 18 ........zc....P. 0030 05 aa d7 a7 00 00 00 00 00 39 ff 53 4d 42 81 00 .........9.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 31 00 12 ..=.h........1.. 0060 00 04 5c 3f 3f 3f 3f 3f 3f 3f 3f 2e 3f 3f 3f 00 ..\????????.???. 0070 05 00 00 ... 10.524020 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 8c 40 00 40 06 90 40 c0 a8 1e aa c0 a8 ....@.@..@...... 0020 1e b1 00 8b b9 01 a0 a3 10 85 00 05 7a a0 50 18 ............z.P. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 00 +..???????????.. 0070 00 00 00 00 00 00 00 10 ac be 50 42 00 00 00 00 ..........PB.... 0080 2e 00 00 00 00 00 00 00 00 00 00 00 00 ............. 10.527914 192.168.30.177 -> 192.168.30.170 SMB 123 Search Request, File: 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 6d 15 80 00 00 1e 06 c8 5f c0 a8 1e b1 c0 a8 .m......._...... 0020 1e aa b9 01 00 8b 00 05 7a a0 a0 a3 10 dc 50 18 ........z.....P. 0030 05 aa 51 e3 00 00 00 00 00 41 ff 53 4d 42 81 00 ..Q......A.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 2e 00 1a ..=.h........... 0060 00 04 00 05 15 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f .......????????? 0070 3f 3f 0e 00 00 00 00 00 f0 05 01 ??......... 10.527977 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 8d 40 00 40 06 90 3f c0 a8 1e aa c0 a8 ....@.@..?...... 0020 1e b1 00 8b b9 01 a0 a3 10 dc 00 05 7a e5 50 18 ............z.P. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 00 +..???????????.. 0070 00 00 80 00 f0 05 01 11 7c 6d 50 42 00 00 00 00 ........|mPB.... 0080 2e 2e 00 00 00 00 00 00 00 00 00 00 00 ............. 10.529222 192.168.30.177 -> 192.168.30.170 SMB 123 Search Request, File: 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 6d 15 81 00 00 1e 06 c8 5e c0 a8 1e b1 c0 a8 .m.......^...... 0020 1e aa b9 01 00 8b 00 05 7a e5 a0 a3 11 33 50 18 ........z....3P. 0030 05 aa d1 46 00 00 00 00 00 41 ff 53 4d 42 81 00 ...F.....A.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 2e 00 1a ..=.h........... 0060 00 04 00 05 15 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f .......????????? 0070 3f 3f 0e 00 00 00 80 00 f0 05 01 ??......... 10.529306 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 8e 40 00 40 06 90 3e c0 a8 1e aa c0 a8 ....@.@..>...... 0020 1e b1 00 8b b9 01 a0 a3 11 33 00 05 7b 2a 50 18 .........3..{*P. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 71 +..???????????.q 0070 ac c9 f7 00 f0 05 01 10 85 6c 50 42 00 00 00 00 .........lPB.... 0080 42 49 4e 00 00 00 00 00 00 00 00 00 00 BIN.......... 10.530633 192.168.30.177 -> 192.168.30.170 SMB 123 Search Request, File: 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 6d 15 82 00 00 1e 06 c8 5d c0 a8 1e b1 c0 a8 .m.......]...... 0020 1e aa b9 01 00 8b 00 05 7b 2a a0 a3 11 8a 50 18 ........{*....P. 0030 05 aa ac 6f 00 00 00 00 00 41 ff 53 4d 42 81 00 ...o.....A.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 2e 00 1a ..=.h........... 0060 00 04 00 05 15 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f .......????????? 0070 3f 3f 0e 71 ac c9 f7 00 f0 05 01 ??.q....... 10.530701 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 8f 40 00 40 06 90 3d c0 a8 1e aa c0 a8 ....@.@..=...... 0020 1e b1 00 8b b9 01 a0 a3 11 8a 00 05 7b 6f 50 18 ............{oP. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 71 +..???????????.q 0070 ac c9 f7 00 f0 05 01 10 85 6c 50 42 00 00 00 00 .........lPB.... 0080 42 49 4e 00 00 00 00 00 00 00 00 00 00 BIN.......... 10.531933 192.168.30.177 -> 192.168.30.170 SMB 123 Search Request, File: 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 6d 15 83 00 00 1e 06 c8 5c c0 a8 1e b1 c0 a8 .m.......\...... 0020 1e aa b9 01 00 8b 00 05 7b 6f a0 a3 11 e1 50 18 ........{o....P. 0030 05 aa ab d3 00 00 00 00 00 41 ff 53 4d 42 81 00 .........A.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 2e 00 1a ..=.h........... 0060 00 04 00 05 15 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f .......????????? 0070 3f 3f 0e 71 ac c9 f7 00 f0 05 01 ??.q....... 10.531999 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 90 40 00 40 06 90 3c c0 a8 1e aa c0 a8 ....@.@..<...... 0020 1e b1 00 8b b9 01 a0 a3 11 e1 00 05 7b b4 50 18 ............{.P. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 71 +..???????????.q 0070 ac c9 f7 00 f0 05 01 10 85 6c 50 42 00 00 00 00 .........lPB.... 0080 42 49 4e 00 00 00 00 00 00 00 00 00 00 BIN.......... 10.533236 192.168.30.177 -> 192.168.30.170 SMB 123 Search Request, File: 0000 00 21 9b 32 d8 4c 00 90 f5 d6 4b c1 08 00 45 00 .!.2.L....K...E. 0010 00 6d 15 84 00 00 1e 06 c8 5b c0 a8 1e b1 c0 a8 .m.......[...... 0020 1e aa b9 01 00 8b 00 05 7b b4 a0 a3 12 38 50 18 ........{....8P. 0030 05 aa ab 37 00 00 00 00 00 41 ff 53 4d 42 81 00 ...7.....A.SMB.. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 02 01 00 2e 00 1a ..=.h........... 0060 00 04 00 05 15 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f .......????????? 0070 3f 3f 0e 71 ac c9 f7 00 f0 05 01 ??.q....... 10.533302 192.168.30.170 -> 192.168.30.177 SMB 141 Search Response 0000 00 90 f5 d6 4b c1 00 21 9b 32 d8 4c 08 00 45 00 ....K..!.2.L..E. 0010 00 7f eb 91 40 00 40 06 90 3b c0 a8 1e aa c0 a8 ....@.@..;...... 0020 1e b1 00 8b b9 01 a0 a3 12 38 00 05 7b f9 50 18 .........8..{.P. 0030 39 08 bf 1d 00 00 00 00 00 53 ff 53 4d 42 81 00 9........S.SMB.. 0040 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 3d d7 68 05 dc 14 00 00 01 01 00 2e 00 05 ..=.h........... 0060 2b 00 11 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 0e 71 +..???????????.q 0070 ac c9 f7 00 f0 05 01 10 85 6c 50 42 00 00 00 00 .........lPB.... 0080 42 49 4e 00 00 00 00 00 00 00 00 00 00 BIN.......... ...
While digging into SMB debug info, I noticed those weird offsets: smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 0 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 2147483648 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 142035543298518129 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 1952345212624879808 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 2425744465653811700 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 3200144091137350574 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 3596873718882431553 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 5619232270515810678 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 6888499595765883358 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 6906211484561104785 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 7205246910709080119 hash2_name_to_8_3: search-win-drivers.pl -> 7A9B04EE -> SY0O7O~U.PL (cache=0) smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 7799119287255854897 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 8304329316708685680 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 8740906011817565787 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset 9223372036854775807 smbd_dirptr_get_entry: dirptr 0xac5cc0 now at offset -1 I suspect that this is related to the bug, as some parts of the driver expects 32 bits signed integers: smbd_dirptr_get_entry: dirptr 0xacf8a0 now at offset 2147483648 dos_mode: ./.. dos_mode_from_sbuf returning rd filter_mode_by_protocol: filtering result 0x11 to 0x11 dos_mode returning rd Could not fetch share entry smbd_dirptr_get_entry mask=[????????.???] found ./.. fname=.. (..) put name [..] from [..] into dir struct fill on key 2 dirptr 0xac94e0 now at -2147483648 (the last message got overflowed) smbd_dirptr_get_entry: dirptr 0xacf8a0 now at offset 142035543298518129 dos_mode: ./bin dos_mode_from_sbuf returning d filter_mode_by_protocol: filtering result 0x10 to 0x10 dos_mode returning d Could not fetch share entry smbd_dirptr_get_entry mask=[????????.???] found ./bin fname=bin (bin) put name [BIN] from [bin] into dir struct fill on key 2 dirptr 0xac94e0 now at -137778063 SMBsearch mask=????????.??? path=. dtype=49 nument=1 of 1 (the above keeps looping forever)
I think your assessment is right. If you are using ext4 maybe the hint in https://bugzilla.redhat.com/show_bug.cgi?id=843765#c15 might help. This bug is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=843765 but since they are filed against different products we might want to track them independently.
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.