Bug 4444 - smbd crashing with from the function api_rpcTNP
Summary: smbd crashing with from the function api_rpcTNP
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.24
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-03-13 05:22 UTC by Alan Hourihane
Modified: 2019-06-11 21:49 UTC (History)
2 users (show)

See Also:

log for panic crash (5.56 KB, text/plain)
2007-03-22 08:08 UTC, Alan Hourihane
no flags Details
Here's another. (4.99 KB, text/plain)
2007-03-22 09:46 UTC, Alan Hourihane
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Hourihane 2007-03-13 05:22:18 UTC
I've had 3.0.24 installed for a short while now and not experienced any trouble. 

I rarely shutdown my WindowsPC too and usually just hibernate, but an application crashed so I had to reboot. Now when I login to the samba domain controller, the smbd process is crashing when getting my profile. 

Here's various outputs from it....
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(41)
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 20077 (3.0.24)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(44)
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/03/13 10:08:53, 0] lib/fault.c:fault_report(45)
[2007/03/13 10:08:53, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 20077): internal error
[2007/03/13 10:08:53, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 17 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x25) [0x8018d32c]
   #1 /usr/sbin/smbd(smb_panic+0x5d) [0x8018d41e]
   #2 /usr/sbin/smbd(getsmbpass+0) [0x8017ddd4]
   #3 [0xb7fa9420]
   #4 /usr/sbin/smbd [0x800c911b]
   #5 /usr/sbin/smbd(api_rpcTNP+0x22d) [0x80113d4f]
   #6 /usr/sbin/smbd(api_pipe_request+0x1c6) [0x801141bc]
   #7 /usr/sbin/smbd [0x8010ee4f]
   #8 /usr/sbin/smbd(write_to_pipe+0xfd) [0x8010d8b2]
   #9 /usr/sbin/smbd [0x80053ebf]
   #10 /usr/sbin/smbd [0x8005440b]
   #11 /usr/sbin/smbd(reply_trans+0x520) [0x80054de5]
   #12 /usr/sbin/smbd [0x80091e52]
   #13 /usr/sbin/smbd(smbd_process+0x7c7) [0x80092f39]
   #14 /usr/sbin/smbd(main+0x1337) [0x801fb290]
   #15 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7d0b83c]
   #16 /usr/sbin/smbd [0x8003dad1]

And another...

[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 20079 (3.0.24)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(44)
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/03/13 10:08:54, 0] lib/fault.c:fault_report(45)
[2007/03/13 10:08:54, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 20079): internal error
[2007/03/13 10:08:54, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 19 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x25) [0x8018d32c]
   #1 /usr/sbin/smbd(smb_panic+0x5d) [0x8018d41e]
   #2 /usr/sbin/smbd(getsmbpass+0) [0x8017ddd4]
   #3 [0xb7fa9420]
   #4 /usr/sbin/smbd [0x8011ad0b]
   #5 /usr/sbin/smbd(lsa_io_r_lookup_sids2+0x95) [0x8011be2b]
   #6 /usr/sbin/smbd [0x800c734e]
   #7 /usr/sbin/smbd(api_rpcTNP+0x22d) [0x80113d4f]
   #8 /usr/sbin/smbd(api_pipe_request+0x1c6) [0x801141bc]
   #9 /usr/sbin/smbd [0x8010ee4f]
   #10 /usr/sbin/smbd(write_to_pipe+0xfd) [0x8010d8b2]
   #11 /usr/sbin/smbd [0x80053ebf]
   #12 /usr/sbin/smbd [0x8005440b]
   #13 /usr/sbin/smbd(reply_trans+0x520) [0x80054de5]
   #14 /usr/sbin/smbd [0x80091e52]
   #15 /usr/sbin/smbd(smbd_process+0x7c7) [0x80092f39]
   #16 /usr/sbin/smbd(main+0x1337) [0x801fb290]
   #17 /lib/libc.so.6(__libc_start_main+0xdc) [0xb7d0b83c]
   #18 /usr/sbin/smbd [0x8003dad1]

I'm not sure what's happened to cause this either.

I'm going to try 3.0.22 and see if that works.
Comment 1 Alan Hourihane 2007-03-13 05:28:44 UTC
Yes, it works with 3.0.22.
Comment 2 Volker Lendecke 2007-03-13 06:08:40 UTC
Can you please post your smb.conf, a debug level 10 log of smbd leading to that crash? Did you compile Samba on your own? If yes, can you please recompile after doing ./configure.developer so that -g is added to the compile flags? This way we get line numbers in the backtrace. And, if you're really brave, can you run that smbd under valgrind for a test? This makes Samba about 10-20 times slower, but it provides enough info to be very sure the bug gets fixed.


Comment 3 Alan Hourihane 2007-03-13 07:18:28 UTC
Actually, I'm using samba from Gentoo at the moment, so I didn't build it myself.

But I'll reinstall 3.0.24 and get the deeper logs next.
Comment 4 Alan Hourihane 2007-03-14 10:37:34 UTC
Ugh. I've recompiled 3.0.24 (but with acl) and my profile must have gotten trashed as well, as I've had to re-create it.

And unfortunately the bug doesn't trigger now. 

If I can get it to happen again, I'll reopen this.
Comment 5 Alan Hourihane 2007-03-22 07:22:52 UTC
O.k. I've recompiled and I've got a log level 10 report with this in, but I just want to check...

Is there any decipherable data in these logs that would pose a security problem ?
Comment 6 Alan Hourihane 2007-03-22 08:08:20 UTC
Created attachment 2342 [details]
log for panic crash

Here's the last part of the log leading up to the crash.
Comment 7 Alan Hourihane 2007-03-22 09:46:42 UTC
Created attachment 2343 [details]
Here's another.

Another report based on the original comments.
Comment 8 Volker Lendecke 2007-03-22 13:53:10 UTC
In case you are using SuSE packages you might want to take a brief look at Bug number 4434. This is a known bug in OpenSUSE that was recently fixed.

If the updated packages fix your problem, please close this bug.

If you are using other packages, please let us know.

Comment 9 Alan Hourihane 2007-03-22 14:05:55 UTC
As mentioned in comment #3 - I'm using Gentoo.

But if you can add the patch as an attachment here - I can try it on 3.0.24.

Thanks for the reply.
Comment 10 Alan Hourihane 2007-03-22 14:06:54 UTC
Oh, actually I see the patch there. I'll try it.

Comment 11 Volker Lendecke 2007-03-22 14:28:28 UTC
Re-reading your report I'm afraid that the hint to 4434 was wrong. Sorry for the confusion, I was misled by the reference to lookup_sids.


Comment 12 Alan Hourihane 2007-03-22 14:41:34 UTC
O.k. Looks as though that patch doesn't apply cleanly to 3.0.24 anyway.
Comment 13 Andrew Bartlett 2019-06-11 21:49:25 UTC
Without much (line number level) detail and in code that has been well reworked in the meantime (new RPC infrustructure etc) I think it is safe to close this as likely FIXED.