Bug 1309 - Signal 11 panic smbd crash
Signal 11 panic smbd crash
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Printing
3.0.3
All Linux
: P3 critical
: none
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-30 02:32 UTC by David Anderson
Modified: 2005-11-14 09:25 UTC (History)
1 user (show)

See Also:


Attachments
log.smbd (40.44 KB, text/plain)
2004-05-04 10:33 UTC, Florian Effenberger
no flags Details
log.nmbd (84.96 KB, text/plain)
2004-05-04 10:33 UTC, Florian Effenberger
no flags Details
fix missing check for NULL pointer before copy (444 bytes, patch)
2004-05-04 19:57 UTC, Gerald (Jerry) Carter
no flags Details
additional patch to fix security = share (328 bytes, patch)
2004-05-06 08:26 UTC, Gerald (Jerry) Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Anderson 2004-04-30 02:32:28 UTC
We have a Samba 3.0.2a server (Red Hat 9) on which the only accessible service 
is a public printer, which interfaces with CUPS on the same machine. CUPS is 
using the RPM from Fedora Core 1, as the RH9 one had problems. 
 
Today I applied the 3.0.3 update, using the RPM on the Samba site. 
 
Almost straight away, users complained that they couldn't print. The logs 
showed the same error repeated (/var/log/messages): 
Apr 30 10:30:47 murray smbd[20229]: [2004/04/30 10:30:47, 0] 
lib/fault.c:fault_report(36) 
Apr 30 10:30:47 murray smbd[20229]:   
=============================================================== 
Apr 30 10:30:47 murray smbd[20229]: [2004/04/30 10:30:47, 0] 
lib/fault.c:fault_report(37) 
Apr 30 10:30:47 murray smbd[20229]:   INTERNAL ERROR: Signal 11 in pid 20229 
(3.0.3) 
Apr 30 10:30:47 murray smbd[20229]:   Please read the appendix Bugs of the 
Samba HOWTO collection 
Apr 30 10:30:47 murray smbd[20229]: [2004/04/30 10:30:47, 0] 
lib/fault.c:fault_report(39) 
Apr 30 10:30:47 murray smbd[20229]:   
=============================================================== 
Apr 30 10:30:47 murray smbd[20229]: [2004/04/30 10:30:47, 0] 
lib/util.c:smb_panic2(1398) 
Apr 30 10:30:47 murray smbd[20229]:   PANIC: internal error 
Apr 30 10:30:47 murray smbd[20229]: [2004/04/30 10:30:47, 0] 
lib/util.c:smb_panic2(1406) 
Apr 30 10:30:47 murray smbd[20229]:   BACKTRACE: 18 stack frames: 
Apr 30 10:30:48 murray smbd[20229]:    #0 smbd(smb_panic2+0x128) [0x81cdb88] 
Apr 30 10:30:48 murray smbd[20229]:    #1 smbd(smb_panic+0x19) [0x81cda59] 
Apr 30 10:30:49 murray smbd[20229]:    #2 smbd [0x81bbbd2] 
Apr 30 10:30:49 murray smbd[20229]:    #3 /lib/tls/libc.so.6 [0x420277b8] 
Apr 30 10:30:49 murray smbd[20229]:    #4 smbd(authorise_login+0x24) 
[0x8087e14] 
Apr 30 10:30:49 murray smbd[20229]:    #5 smbd [0x80cf498] 
Apr 30 10:30:49 murray smbd[20229]:    #6 smbd(make_connection+0xf4) 
[0x80cf934] 
Apr 30 10:30:49 murray smbd[20229]:    #7 smbd(reply_tcon_and_X+0x1af) 
[0x809d08f] 
Apr 30 10:30:49 murray smbd[20229]:    #8 smbd [0x80cc81c] 
Apr 30 10:30:49 murray smbd[20229]:    #9 smbd(chain_reply+0x178) [0x80cd0a8] 
Apr 30 10:30:49 murray smbd[20229]:    #10 smbd(reply_sesssetup_and_X+0x4f2) 
[0x80ab2c2] 
Apr 30 10:30:49 murray smbd[20229]:    #11 smbd [0x80cc81c] 
Apr 30 10:30:49 murray smbd[20229]:    #12 smbd [0x80cc9e9] 
Apr 30 10:30:49 murray smbd[20229]:    #13 smbd(process_smb+0x8f) [0x80ccbff] 
Apr 30 10:30:49 murray smbd[20229]:    #14 smbd(smbd_process+0x167) [0x80cd847] 
Apr 30 10:30:49 murray smbd[20229]:    #15 smbd(main+0x4d9) [0x823c449] 
Apr 30 10:30:49 murray smbd[20229]:    #16 /lib/tls/libc.so.6
(__libc_start_main+0xe4) [0x42015704] 
Apr 30 10:30:49 murray smbd[20229]:    #17 smbd(ldap_msgfree+0x8d) [0x8077ae1] 
Apr 30 10:30:49 murray smbd[20229]: 
 
I've downgraded to 3.0.2a, which continues to work without any problems!
Comment 1 David Anderson 2004-04-30 02:35:57 UTC
P.S. I looked for the Bug Appendix, but I must be going nuts, because I 
couldn't find it. 
Comment 2 Florian Effenberger 2004-04-30 08:41:07 UTC
Same problem in here on Debian 3.0, two systems have the same problem. 3.0.2a
went fine, 3.0.3 only prints:

[2004/04/30 17:40:14, 0] smbd/server.c:main(757)
  smbd version 3.0.3 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 1224 (3.0.3)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/04/30 17:40:20, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
[2004/04/30 17:40:20, 0] lib/util.c:smb_panic2(1406)
  BACKTRACE: 19 stack frames:
   #0 /usr/local/samba/sbin/smbd(smb_panic2+0x19d) [0x818a451]
   #1 /usr/local/samba/sbin/smbd(smb_panic+0x13) [0x818a2af]
   #2 /usr/local/samba/sbin/smbd [0x817a17b]
   #3 /usr/local/samba/sbin/smbd [0x817a1e5]
   #4 /lib/libc.so.6 [0x4009d6b8]
   #5 /usr/local/samba/sbin/smbd(authorise_login+0x25) [0x8083f95]
   #6 /usr/local/samba/sbin/smbd [0x80c11db]
   #7 /usr/local/samba/sbin/smbd(make_connection+0x5af) [0x80c27ff]
   #8 /usr/local/samba/sbin/smbd(reply_tcon_and_X+0x241) [0x80967d5]
   #9 /usr/local/samba/sbin/smbd [0x80bf7d8]
   #10 /usr/local/samba/sbin/smbd(chain_reply+0x151) [0x80bfe45]
   #11 /usr/local/samba/sbin/smbd(reply_sesssetup_and_X+0xd3d) [0x80a2569]
   #12 /usr/local/samba/sbin/smbd [0x80bf7d8]
   #13 /usr/local/samba/sbin/smbd [0x80bf86e]
   #14 /usr/local/samba/sbin/smbd(process_smb+0x1be) [0x80bfb5e]
   #15 /usr/local/samba/sbin/smbd(smbd_process+0x14f) [0x80c058f]
   #16 /usr/local/samba/sbin/smbd(main+0x753) [0x81dc12f]
   #17 /lib/libc.so.6(__libc_start_main+0xbb) [0x4008d14f]
   #18 /usr/local/samba/sbin/smbd(yp_get_default_domain+0x61) [0x8074cb1]
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 1225 (3.0.3)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/04/30 17:40:20, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/04/30 17:40:20, 0] lib/util.c:smb_panic2(1398)
  PANIC: internal error
[2004/04/30 17:40:20, 0] lib/util.c:smb_panic2(1406)
  BACKTRACE: 19 stack frames:
   #0 /usr/local/samba/sbin/smbd(smb_panic2+0x19d) [0x818a451]
   #1 /usr/local/samba/sbin/smbd(smb_panic+0x13) [0x818a2af]
   #2 /usr/local/samba/sbin/smbd [0x817a17b]
   #3 /usr/local/samba/sbin/smbd [0x817a1e5]
   #4 /lib/libc.so.6 [0x4009d6b8]
   #5 /usr/local/samba/sbin/smbd(authorise_login+0x25) [0x8083f95]
   #6 /usr/local/samba/sbin/smbd [0x80c11db]
   #7 /usr/local/samba/sbin/smbd(make_connection+0x5af) [0x80c27ff]
   #8 /usr/local/samba/sbin/smbd(reply_tcon_and_X+0x241) [0x80967d5]
   #9 /usr/local/samba/sbin/smbd [0x80bf7d8]
   #10 /usr/local/samba/sbin/smbd(chain_reply+0x151) [0x80bfe45]
   #11 /usr/local/samba/sbin/smbd(reply_sesssetup_and_X+0xd3d) [0x80a2569]
   #12 /usr/local/samba/sbin/smbd [0x80bf7d8]
   #13 /usr/local/samba/sbin/smbd [0x80bf86e]
   #14 /usr/local/samba/sbin/smbd(process_smb+0x1be) [0x80bfb5e]
   #15 /usr/local/samba/sbin/smbd(smbd_process+0x14f) [0x80c058f]
   #16 /usr/local/samba/sbin/smbd(main+0x753) [0x81dc12f]
   #17 /lib/libc.so.6(__libc_start_main+0xbb) [0x4008d14f]
   #18 /usr/local/samba/sbin/smbd(yp_get_default_domain+0x61) [0x8074cb1]

Compile settings were
./configure --with-pam --with-pam_smbpass --with-quotas --with-sys-quotas
Comment 3 Florian Effenberger 2004-04-30 08:44:03 UTC
I consider it:

Priority 1
Severity Critical
Comment 4 Gerald (Jerry) Carter 2004-05-04 07:38:09 UTC
could one you of provide a level 10 debug log of the crash?
You can either add it as an attachment to the bug report 
or mail it to me directly.  Thanks.
Comment 5 Florian Effenberger 2004-05-04 10:33:38 UTC
Created attachment 486 [details]
log.smbd
Comment 6 Florian Effenberger 2004-05-04 10:33:47 UTC
Created attachment 487 [details]
log.nmbd
Comment 7 Florian Effenberger 2004-05-04 10:33:53 UTC
Attached ;-)
Comment 8 Gerald (Jerry) Carter 2004-05-04 19:57:17 UTC
Created attachment 489 [details]
fix missing check for NULL pointer before copy

This fixes the seg fault on my test system.
Comment 9 Gerald (Jerry) Carter 2004-05-04 20:06:19 UTC
fix checked into SVN
Comment 10 Florian Effenberger 2004-05-05 08:43:11 UTC
Now with the following smb.conf:

===
[global]
        workgroup = MYWORKGROUP
        server string =
        interfaces = eth1
        security = SHARE
        guest account = samba
        os level = 255
        preferred master = Yes

[pool]
        path = /home/samba/pool
        read only = No
        guest ok = Yes
===

Windows XP always asks for a password when accessing \\server ;-(
Comment 11 Florian Effenberger 2004-05-05 08:48:51 UTC
Addition:

/usr/local/samba/bin/smbclient -L //server
with no password works fine, as
/usr/local/samba/bin/smbclient //server/pool
does.

Within Windows XP Professional SP1, I can access
\\server\pool
without username and password, but
\\server
requires one. If I open first
\\server\pool
and afterwards connect to
\\server
no password is required.

Confirmed with Windows 2000 Professional SP4 (both OS identify as guest users to
the Samba share). Seems to be a bug in the patch?
Comment 12 Gerald (Jerry) Carter 2004-05-06 08:26:50 UTC
Created attachment 494 [details]
additional patch to fix security = share
Comment 13 Gerald (Jerry) Carter 2004-05-06 08:27:10 UTC
Here's part #2 of the patch to fixe security = share.
Works correctly with my tests using smbclient.
Comment 14 Florian Effenberger 2004-05-06 12:30:36 UTC
Works fine! Patch should be contributed into CVS now ;)
Comment 15 Gerald (Jerry) Carter 2004-05-06 14:02:41 UTC
already done.  Will be in 3.0.4 soming up tomorrow.
Comment 16 Florian Effenberger 2004-05-07 06:13:23 UTC
Thanks a lot for your quick bugfixing, I really appreciate and respect that! ;)
Comment 17 Gerald (Jerry) Carter 2005-08-24 10:16:29 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 18 Gerald (Jerry) Carter 2005-11-14 09:25:42 UTC
database cleanup