Bug 4444 - smbd crashing with from the function api_rpcTNP
Summary: smbd crashing with from the function api_rpcTNP
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.24
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-13 05:22 UTC by Alan Hourihane
Modified: 2019-06-11 21:49 UTC (History)
2 users (show)

See Also:

Attachments
log for panic crash (5.56 KB, text/plain)
2007-03-22 08:08 UTC, Alan Hourihane 		no flags Details
Here's another. (4.99 KB, text/plain)
2007-03-22 09:46 UTC, Alan Hourihane 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Hourihane 2007-03-13 05:22:18 UTC 
I've had 3.0.24 installed for a short while now and not experienced any trouble. 

I rarely shutdown my WindowsPC too and usually just hibernate, but an application crashed so I had to reboot. Now when I login to the samba domain controller, the smbd process is crashing when getting my profile. 

Here's various outputs from it....
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 20077 (3.0.24)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(44)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/03/13 10:08:53, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 20077): internal error
[2007/03/13 10:08:53, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 17 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x25) [0x8018d32c]
   #1 /usr/sbin/smbd(smb_panic+0x5d) [0x8018d41e]
   #2 /usr/sbin/smbd(getsmbpass+0) [0x8017ddd4]
   #3 [0xb7fa9420]
   #4 /usr/sbin/smbd [0x800c911b]
   #5 /usr/sbin/smbd(api_rpcTNP+0x22d) [0x80113d4f]
   #6 /usr/sbin/smbd(api_pipe_request+0x1c6) [0x801141bc]
   #7 /usr/sbin/smbd [0x8010ee4f]
   #8 /usr/sbin/smbd(write_to_pipe+0xfd) [0x8010d8b2]
   #9 /usr/sbin/smbd [0x80053ebf]
   #10 /usr/sbin/smbd [0x8005440b]
   #11 /usr/sbin/smbd(reply_trans+0x520) [0x80054de5]
   #12 /usr/sbin/smbd [0x80091e52]
   #13 /usr/sbin/smbd(smbd_process+0x7c7) [0x80092f39]
   #14 /usr/sbin/smbd(main+0x1337) [0x801fb290]
   #15 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7d0b83c]
   #16 /usr/sbin/smbd [0x8003dad1]

And another...


[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 20079 (3.0.24)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(44)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/03/13 10:08:54, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 20079): internal error
[2007/03/13 10:08:54, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 19 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x25) [0x8018d32c]
   #1 /usr/sbin/smbd(smb_panic+0x5d) [0x8018d41e]
   #2 /usr/sbin/smbd(getsmbpass+0) [0x8017ddd4]
   #3 [0xb7fa9420]
   #4 /usr/sbin/smbd [0x8011ad0b]
   #5 /usr/sbin/smbd(lsa_io_r_lookup_sids2+0x95) [0x8011be2b]
   #6 /usr/sbin/smbd [0x800c734e]
   #7 /usr/sbin/smbd(api_rpcTNP+0x22d) [0x80113d4f]
   #8 /usr/sbin/smbd(api_pipe_request+0x1c6) [0x801141bc]
   #9 /usr/sbin/smbd [0x8010ee4f]
   #10 /usr/sbin/smbd(write_to_pipe+0xfd) [0x8010d8b2]
   #11 /usr/sbin/smbd [0x80053ebf]
   #12 /usr/sbin/smbd [0x8005440b]
   #13 /usr/sbin/smbd(reply_trans+0x520) [0x80054de5]
   #14 /usr/sbin/smbd [0x80091e52]
   #15 /usr/sbin/smbd(smbd_process+0x7c7) [0x80092f39]
   #16 /usr/sbin/smbd(main+0x1337) [0x801fb290]
   #17 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7d0b83c]
   #18 /usr/sbin/smbd [0x8003dad1]


I'm not sure what's happened to cause this either.

I'm going to try 3.0.22 and see if that works.
Comment 1 Alan Hourihane 2007-03-13 05:28:44 UTC 
Yes, it works with 3.0.22.
Comment 2 Volker Lendecke 2007-03-13 06:08:40 UTC 
Can you please post your smb.conf, a debug level 10 log of smbd leading to that crash? Did you compile Samba on your own? If yes, can you please recompile after doing ./configure.developer so that -g is added to the compile flags? This way we get line numbers in the backtrace. And, if you're really brave, can you run that smbd under valgrind for a test? This makes Samba about 10-20 times slower, but it provides enough info to be very sure the bug gets fixed.

Thanks,

Volker
Comment 3 Alan Hourihane 2007-03-13 07:18:28 UTC 
Actually, I'm using samba from Gentoo at the moment, so I didn't build it myself.

But I'll reinstall 3.0.24 and get the deeper logs next.
Comment 4 Alan Hourihane 2007-03-14 10:37:34 UTC 
Ugh. I've recompiled 3.0.24 (but with acl) and my profile must have gotten trashed as well, as I've had to re-create it.

And unfortunately the bug doesn't trigger now. 

If I can get it to happen again, I'll reopen this.
Comment 5 Alan Hourihane 2007-03-22 07:22:52 UTC 
O.k. I've recompiled and I've got a log level 10 report with this in, but I just want to check...

Is there any decipherable data in these logs that would pose a security problem ?
Comment 6 Alan Hourihane 2007-03-22 08:08:20 UTC 
Created attachment 2342 [details]
log for panic crash

Here's the last part of the log leading up to the crash.
Comment 7 Alan Hourihane 2007-03-22 09:46:42 UTC 
Created attachment 2343 [details]
Here's another.

Another report based on the original comments.
Comment 8 Volker Lendecke 2007-03-22 13:53:10 UTC 
In case you are using SuSE packages you might want to take a brief look at Bug number 4434. This is a known bug in OpenSUSE that was recently fixed.

If the updated packages fix your problem, please close this bug.

If you are using other packages, please let us know.

Volker
Comment 9 Alan Hourihane 2007-03-22 14:05:55 UTC 
As mentioned in comment #3 - I'm using Gentoo.

But if you can add the patch as an attachment here - I can try it on 3.0.24.

Thanks for the reply.
Comment 10 Alan Hourihane 2007-03-22 14:06:54 UTC 
Oh, actually I see the patch there. I'll try it.

Thanks.
Comment 11 Volker Lendecke 2007-03-22 14:28:28 UTC 
Re-reading your report I'm afraid that the hint to 4434 was wrong. Sorry for the confusion, I was misled by the reference to lookup_sids.

Looking.

Volker
Comment 12 Alan Hourihane 2007-03-22 14:41:34 UTC 
O.k. Looks as though that patch doesn't apply cleanly to 3.0.24 anyway.
Comment 13 Andrew Bartlett 2019-06-11 21:49:25 UTC 
Without much (line number level) detail and in code that has been well reworked in the meantime (new RPC infrustructure etc) I think it is safe to close this as likely FIXED.