Bug 1253 - smbd crashes when storing profile on logout if /etc/mtab is not readable for current user
Summary: smbd crashes when storing profile on logout if /etc/mtab is not readable for ...
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.1
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-08 09:21 UTC by Jörn Nettingsmeier
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jörn Nettingsmeier 2004-04-08 09:21:37 UTC 
a w2k client logs on to a samba domain controller. profiles are stored on server.
when logging out, the smbd process creates a
/var/lib/samba/profiles/<username>/<machinename> directory, but does not write
the profile. instead, it crashes with this error:

Apr  8 17:41:32 pol-06 smbd[20263]: [2004/04/08 17:41:32, 0]
lib/fault.c:fault_report(37)
Apr  8 17:41:32 pol-06 smbd[20263]:   INTERNAL ERROR: Signal 11 in pid 20263
(3.0.3pre1-SuSE)
Apr  8 17:41:32 pol-06 smbd[20263]:   Please read the appendix Bugs of the Samba
HOWTO collection
Apr  8 17:41:32 pol-06 smbd[20263]: [2004/04/08 17:41:32, 0]
lib/fault.c:fault_report(39)
Apr  8 17:41:32 pol-06 smbd[20263]:  
===============================================================
Apr  8 17:41:32 pol-06 smbd[20263]: [2004/04/08 17:41:32, 0]
lib/util.c:smb_panic2(1398)
Apr  8 17:41:32 pol-06 smbd[20263]:   PANIC: internal error
Apr  8 17:41:32 pol-06 smbd[20263]: [2004/04/08 17:41:32, 0]
lib/util.c:smb_panic2(1406)
Apr  8 17:41:32 pol-06 smbd[20263]:   BACKTRACE: 22 stack frames:
Apr  8 17:41:32 pol-06 smbd[20263]:    #0 /usr/sbin/smbd(smb_panic2+0x1b6)
[0x81d0337]
Apr  8 17:41:32 pol-06 smbd[20263]:    #1 /usr/sbin/smbd(smb_panic+0x19) [0x81d017f]
Apr  8 17:41:32 pol-06 smbd[20263]:    #2 /usr/sbin/smbd [0x81beb49]
Apr  8 17:41:32 pol-06 smbd[20263]:    #3 /usr/sbin/smbd [0x81bebbe]
Apr  8 17:41:32 pol-06 smbd[20263]:    #4 /lib/i686/libc.so.6 [0x40241aa8]
Apr  8 17:41:32 pol-06 smbd[20263]:    #5
/lib/i686/libc.so.6(__getmntent_r+0x56) [0x402ee786]
Apr  8 17:41:32 pol-06 smbd[20263]:    #6 /lib/i686/libc.so.6(getmntent+0x53)
[0x402ee5f3]
Apr  8 17:41:32 pol-06 smbd[20263]:    #7 /usr/sbin/smbd [0x80dc772]
Apr  8 17:41:32 pol-06 smbd[20263]:    #8 /usr/sbin/smbd(sys_get_quota+0xa0)
[0x80dd094]
Apr  8 17:41:32 pol-06 smbd[20263]:    #9 /usr/sbin/smbd(disk_quotas+0x46)
[0x80e05ae]
Apr  8 17:41:32 pol-06 smbd[20263]:    #10 /usr/sbin/smbd [0x808cf47]
Apr  8 17:41:32 pol-06 smbd[20263]:    #11 /usr/sbin/smbd(sys_disk_free+0x2d)
[0x808d19d]
Apr  8 17:41:32 pol-06 smbd[20263]:    #12
/usr/sbin/smbd(vfswrap_disk_free+0x2d) [0x80cdfb4]
Apr  8 17:41:32 pol-06 smbd[20263]:    #13 /usr/sbin/smbd [0x80bc6b7]
Apr  8 17:41:32 pol-06 smbd[20263]:    #14 /usr/sbin/smbd(reply_trans2+0xb63)
[0x80c36fb]
Apr  8 17:41:32 pol-06 smbd[20263]:    #15 /usr/sbin/smbd [0x80d8528]
Apr  8 17:41:32 pol-06 smbd[20263]:    #16 /usr/sbin/smbd [0x80d85d8]
Apr  8 17:41:32 pol-06 smbd[20263]:    #17 /usr/sbin/smbd(process_smb+0x1fb)
[0x80d892d]
Apr  8 17:41:32 pol-06 smbd[20263]:    #18 /usr/sbin/smbd(smbd_process+0x170)
[0x80d946d]
Apr  8 17:41:32 pol-06 smbd[20263]:    #19 /usr/sbin/smbd(main+0x838) [0x823b64d]
Apr  8 17:41:32 pol-06 smbd[20263]:    #20
/lib/i686/libc.so.6(__libc_start_main+0xc7) [0x4022dd17]
Apr  8 17:41:32 pol-06 smbd[20263]:    #21 /usr/sbin/smbd(ldap_msgfree+0x75)
[0x8080351]

an strace of the same smbd process yields:

gettimeofday({1081438892, 347274}, NULL) = 0
stat64("nettings/pol-16", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
send(24, "\0\0\0d\377SMB2\0\0\0\0\210A\310\0\0\0\0\0\0\0\0\0\0\0"..., 104, 0) = 104
time(NULL)                              = 1081438892
select(25, [19 20 24], NULL, NULL, {60, 0}) = 1 (in [24], left {59, 999000})
read(24, "\0\0\0F", 4)                  = 4
read(24, "\377SMB2\0\0\0\0\30\7\310\0\0\0\0\0\0\0\0\0\0\0\0\3\0\264"..., 70) = 70
gettimeofday({1081438892, 348776}, NULL) = 0
stat64(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
statfs(".", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1033725,
f_bfree=988101, f_files=525888, f_ffree=523922, f_namelen=255}) = 0
stat64(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/proc/mounts", O_RDONLY)          = 26
fstat64(26, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4041f000
read(26, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 280
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat64("/boot", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat64("/home", {st_mode=S_IFDIR|0755, st_size=54, ...}) = 0
stat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
close(26)                               = 0
munmap(0x4041f000, 4096)                = 0
geteuid32()                             = 1000
stat64(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/mtab", O_RDONLY)             = -1 EACCES (Permission denied)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
[here follows the write() call that produces a line of ='s for the log]

it turns out that mtab is 600 on this particular system (suse 9.0 w/ 2.6.4).
when changed to 644, the problem goes away.
consequentially, this problem does not occur when logging off as root.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-04-22 20:32:05 UTC 
please retest 3.0.3rc1.  Thanks.  Reopen if you can stil reproduce 
this issue.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:15:34 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:24:14 UTC 
database cleanup