Bug 1665 - SEGV in smbd on solaris
Summary: SEGV in smbd on solaris
Status: RESOLVED DUPLICATE of bug 1857
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.6
Hardware: Sparc Solaris
: P3 regression
Target Milestone: none
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-25 06:34 UTC by Joerg Moellenkamp
Modified: 2004-11-09 06:01 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joerg Moellenkamp 2004-08-25 06:34:13 UTC 
Hello,



the report should speak for itself. With 3.0.4 no problems (besides of corrupted
 locking.tdb)... with 3.0.6 the followin messages. 

linux:/usr/local/smb/bin # ./smbclient -U bench001 //xxx.xxx.xxx.xxx/bench001
Password:
session setup failed: Call returned zero bytes (EOF)
linux:/usr/local/smb/bin #

[2004/08/25 15:25:04, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194)
  Unable to open/create TDB passwd
[2004/08/25 15:25:04, 0] passdb/pdb_tdb.c:tdbsam_getsampwnam(433)
  pdb_getsampwnam: Unable to open TDB passwd (/usr/local/smb/p
rivate/passdb.tdb)!
[2004/08/25 15:25:04, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/08/25 15:25:04, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 21968 (3.0.6)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/08/25 15:25:04, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/08/25 15:25:04, 0] lib/util.c:smb_panic2(1385)
  PANIC: internal error


try to change password via smbpasswd for an acount in ldap:

open64("/usr/local/smb/private/secrets.tdb", O_RDWR|O_CREAT, 0600) = 3
fcntl(3, F_SETLKW64, 0xFFBEF388)                = 0
read(3, " T D B   f i l e\n\0\0\0".., 168)      = 168
fstat64(3, 0xFFBEF430)                          = 0
mmap64(0x00000000, 8192, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0xFEE40000
fcntl(3, F_SETLKW64, 0xFFBEF388)                = 0
open64("/dev/urandom", O_RDONLY)                = 4
read(4, "\0", 1)                                = 1
fcntl(3, F_SETLKW64, 0xFFBEF1F0)                = 0
fcntl(3, F_SETLKW64, 0xFFBEF268)                = 0
sigfillset(0xFF1428C8)                          = 0
sigaction(SIGINT, 0xFFBEF618, 0xFFBEF698)       = 0
open64("/dev/tty", O_RDWR|O_CREAT|O_TRUNC, 0666) = 5
ioctl(5, TCGETS, 0x0015F8E8)                    = 0
ioctl(5, TCSETSF, 0x0015F8E8)                   = 0
write(5, " N e w   S M B   p a s s".., 17)      = 17
read(5, 0xFF13FBC4, 1)          (sleeping...)
read(5, " t", 1)                                = 1
read(5, " e", 1)                                = 1
read(5, " s", 1)                                = 1
read(5, " t", 1)                                = 1
read(5, "\n", 1)                                = 1
ioctl(5, TCSETS, 0x0015F8E8)                    = 0
write(5, "\n", 1)                               = 1
write(5, "\n", 1)                               = 1
close(5)                                        = 0
sigaction(SIGINT, 0xFFBEF618, 0xFFBEF698)       = 0
sigaction(SIGINT, 0xFFBEF618, 0xFFBEF698)       = 0
open64("/dev/tty", O_RDWR|O_CREAT|O_TRUNC, 0666) = 5
ioctl(5, TCGETS, 0x0015F8E8)                    = 0
ioctl(5, TCSETSF, 0x0015F8E8)                   = 0
write(5, " R e t y p e   n e w   S".., 24)      = 24
read(5, " t", 1)                                = 1
read(5, " e", 1)                                = 1
read(5, " s", 1)                                = 1
read(5, " t", 1)                                = 1
read(5, "\n", 1)                                = 1
ioctl(5, TCSETS, 0x0015F8E8)                    = 0
write(5, "\n", 1)                               = 1
write(5, "\n", 1)                               = 1
close(5)                                        = 0
sigaction(SIGINT, 0xFFBEF618, 0xFFBEF698)       = 0
    Incurred fault #6, FLTBOUNDS  %pc = 0xFF0B31F0
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
        *** process killed ***

results in logfile :

[2004/08/25 15:30:33, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194)
  Unable to open/create TDB passwd
[2004/08/25 15:30:33, 0] passdb/pdb_tdb.c:tdbsam_getsampwnam(433)
  pdb_getsampwnam: Unable to open TDB passwd
(/usr/local/smb/system/opensamba3/private/passdb.tdb)!
[2004/08/25 15:30:33, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/08/25 15:30:33, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 22125 (3.0.6)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/08/25 15:30:33, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/08/25 15:30:33, 0] lib/util.c:smb_panic2(1385)
  PANIC: internal error
Comment 1 Joerg Moellenkamp 2004-08-25 07:03:41 UTC 
exerpts from truss -f from the rc-script starting samba 3.0.6

28670:  getuid()                                        = 0 [0]
28670:  write(26, "     U N I X   t o k e n".., 23)     = 23
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     P r i m a r y   g r".., 57)     = 57
28670:  getuid()                                        = 0 [0]
28670:  getgid()                                        = 0 [0]
28670:  setgroups(0, 0x00000000)                        = 0
28670:  setregid(-1, 0)                                 = 0
28670:  getgid()                                        = 0 [0]
28670:  setreuid(-1, 0)                                 = 0
28670:  getuid()                                        = 0 [0]
28670:  open64("/usr/local/smb/system/opensamba3/private/passdb.tdb", O_RDONLY) = 18
28670:  read(18, 0x00334FEC, 168)                       = 0
28670:  close(18)                                       = 0
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 62)     = 62
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     U n a b l e   t o  ".., 35)     = 35
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 66)     = 66
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     p d b _ g e t s a m".., 100)    = 100
28670:      Incurred fault #6, FLTBOUNDS  %pc = 0xFF0B31F0
28670:        siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
28670:      Received signal #11, SIGSEGV [caught]
28670:        siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 54)     = 54
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     = = = = = = = = = =".., 66)     = 66
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 54)     = 54
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     I N T E R N A L   E".., 49)     = 49
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     P l e a s e   r e a".., 62)     = 62
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 54)     = 54
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     = = = = = = = = = =".., 66)     = 66
28670:  time()                                          = 1093442430
28670:  getuid()                                        = 0 [0]
28670:  write(26, " [ 2 0 0 4 / 0 8 / 2 5  ".., 53)     = 53
28670:  getuid()                                        = 0 [0]
28670:  write(26, "     P A N I C :   i n t".., 24)     = 24
28670:  getuid()                                        = 0 [0]
28670:  sigaction(SIGABRT, 0xFFBED910, 0xFFBED990)      = 0
28670:  sigaction(SIGABRT, 0x00000000, 0xFFBED9C0)      = 0
28670:  llseek(0, 0, SEEK_CUR)                          = 0
28670:  sigaction(SIGABRT, 0xFFBED890, 0xFFBED910)      = 0
28670:  sigprocmask(SIG_UNBLOCK, 0xFFBED940, 0x00000000) = 0
28670:  getpid()                                        = 28670 [28548]
28670:  kill(28670, SIGABRT)                            = 0
28670:      Received signal #6, SIGABRT [default]
28670:        siginfo: SIGABRT pid=28670 uid=0
28670:          *** process killed ***
28548:      Received signal #18, SIGCLD, in poll() [caught]
28548:        siginfo: SIGCLD CLD_KILLED pid=28670 status=0x0006
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-08-25 07:08:23 UTC 
Joerg, please attach a level 10 debug log with this report.  Thanks.

jeremy, could you give this a quick look once Joerg gets the 
log file uploaded.  If you need me to test on Solaris, let me know.
Comment 3 Joerg Moellenkamp 2004-09-01 01:25:56 UTC 
[2004/08/25 16:47:38, 6] param/loadparm.c:lp_file_list_changed(2695)
  lp_file_list_changed()
  file /<configdirectory>/smb3.pdc.conf -> /<configdirectory>/smb3.pdc.conf 
last mod_time: Wed Aug 25 16:47:16 2004
  
[2004/08/25 16:47:38, 5] auth/auth_util.c:make_user_info_map(225)
  make_user_info_map: Mapping user [<domainname>T229]\[bench001] from
workstation [PDC2-<customerlocation>]
[2004/08/25 16:47:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/08/25 16:47:38, 3] smbd/uid.c:push_conn_ctx(364)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/08/25 16:47:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/08/25 16:47:38, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/08/25 16:47:38, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/08/25 16:47:38, 5] auth/auth_util.c:is_trusted_domain(1436)
  is_trusted_domain: Checking for domain trust with [<domainname>T229]
[2004/08/25 16:47:38, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(334)
  secrets_fetch failed!
[2004/08/25 16:47:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/08/25 16:47:38, 10] lib/gencache.c:gencache_get(286)
  Cache entry with key = TDOM/<domainname>T229 couldn't be found
[2004/08/25 16:47:38, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
  no entry for trusted domain <domainname>T229 found.
[2004/08/25 16:47:38, 5] auth/auth_util.c:make_user_info(133)
  attempting to make a user_info for bench001 (bench001)
[2004/08/25 16:47:38, 5] auth/auth_util.c:make_user_info(143)
  making strings for bench001's user_info struct
[2004/08/25 16:47:38, 5] auth/auth_util.c:make_user_info(185)
  making blobs for bench001's user_info struct
[2004/08/25 16:47:38, 10] auth/auth_util.c:make_user_info(201)
  made an encrypted user_info for bench001 (bench001)
[2004/08/25 16:47:38, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[<domainname>T229]\[bench001]@[PDC2-<customerlocation>] with the new password
interface
[2004/08/25 16:47:38, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is:
[<domainname>TEST3]\[bench001]@[PDC2-<customerlocation>]
[2004/08/25 16:47:38, 10] auth/auth.c:check_ntlm_password(231)
  check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
[2004/08/25 16:47:38, 10] auth/auth.c:check_ntlm_password(233)
  challenge is: 
[2004/08/25 16:47:38, 5] lib/util.c:dump_data(1839)
  [000] D0 23 32 36 4E 60 6B B6                           .#26N`k. 
[2004/08/25 16:47:38, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: guest had nothing to say
[2004/08/25 16:47:38, 8] lib/util.c:is_myname(1702)
  is_myname("<domainname>TEST3") returns 0
[2004/08/25 16:47:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/08/25 16:47:38, 3] smbd/uid.c:push_conn_ctx(364)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/08/25 16:47:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/08/25 16:47:38, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/08/25 16:47:38, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/08/25 16:47:38, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194)
  Unable to open/create TDB passwd
[2004/08/25 16:47:38, 0] passdb/pdb_tdb.c:tdbsam_getsampwnam(433)
  pdb_getsampwnam: Unable to open TDB passwd
(/usr/local/smb/system/opensamba306/private/passdb.tdb)!
[2004/08/25 16:47:38, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2004/08/25 16:47:38, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 19680 (3.0.6)
  Please read the appendix Bugs of the Samba HOWTO collection
[2004/08/25 16:47:38, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2004/08/25 16:47:38, 0] lib/util.c:smb_panic2(1385)
  PANIC: internal error
Comment 4 Joerg Moellenkamp 2004-11-09 03:34:03 UTC 
The followin item in the debian-Bug-List describes exactly the problem i encounter an propose a fix:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274155

Will try it at customer site on thursday ....
Comment 5 Gerald (Jerry) Carter (dead mail address) 2004-11-09 06:01:29 UTC 
that particular fix was rejected IIRC.  But the bug should be fixed 
in 3.0.8 anyways.  See bug 1857

*** This bug has been marked as a duplicate of 1857 ***