Bug 5848 - smbd crashes when trying to connect
smbd crashes when trying to connect
Status: CLOSED INVALID
Product: Samba 3.2
Classification: Unclassified
Component: File services
unspecified
x86 Solaris
: P3 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-23 12:17 UTC by mchugh19@yahoo.com
Modified: 2012-10-02 06:05 UTC (History)
1 user (show)

See Also:


Attachments
log files (12.95 KB, application/x-gzip)
2008-10-23 12:18 UTC, mchugh19@yahoo.com
no flags Details
smb.conf used (987 bytes, application/octet-stream)
2008-11-04 09:39 UTC, mchugh19@yahoo.com
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description mchugh19@yahoo.com 2008-10-23 12:17:09 UTC
Opening a new bug about some problems reported in bug 5806.

When trying to connect to a samba server, smbd dies.
Comment 1 mchugh19@yahoo.com 2008-10-23 12:18:59 UTC
Created attachment 3685 [details]
log files

Log files from starting samba and then running

root@egr214-01:/usr/local/samba/var$ smbclient -L //localhost -k -d 3
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
Processing section "[global]"
added interface ip=134.114.9.64 bcast=134.114.9.255 nmask=255.255.255.0
Client started (version 3.0.28).
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=136)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/egr214-01.students.froot.nau.edu@STUDENTS.FROOT.NAU.EDU
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Fri, 24 Oct 2008 10:13:48 GMT-7
OS=[Unix] Server=[Samba 3.4.0-GIT-353aaf2-devel]
Receiving SMB: Server stopped responding
tree connect failed: Call returned zero bytes (EOF)
Comment 2 mchugh19@yahoo.com 2008-11-03 15:24:41 UTC
Samba still crashes as of today's git checkout.
Comment 3 Jeremy Allison 2008-11-03 19:39:20 UTC
Add the following to the [global] section of your smb.conf :

panic action = "/bin/sleep 90000"

build smbd with symbols and reproduce the crash. smbd will be blocked at the crash point waiting for the sleep. Attach to the crashed smbd process with gdb and type "bt" (backtrace). Please post the output of this command.

Jeremy.
Comment 4 mchugh19@yahoo.com 2008-11-04 09:37:07 UTC
Ok. Here's what I've got...

(gdb) bt                                                                                                                          
#0  0xd0ca5a15 in __pollsys () from /lib/libc.so.1                                                                                
#1  0xd0c99fc8 in _pollsys () from /lib/libc.so.1                                                                                 
#2  0xd0c52f52 in pselect () from /lib/libc.so.1                                                                                  
#3  0xd0c53248 in select () from /lib/libc.so.1                                                                                   
#4  0x082d5622 in sys_select (maxfd=0, readfds=0x8046280, writefds=0x8046180, errorfds=0x0, tval=0x0) at lib/select.c:93          
#5  0x084db577 in open_sockets_smbd (is_daemon=true, interactive=false, smb_ports=0x0) at smbd/server.c:643                       
#6  0x084dc95b in main (argc=2, argv=0x8047620) at smbd/server.c:1370                                 

and

(gdb) bt
#0  0xd0ca63f5 in _waitid () from /lib/libc.so.1
#1  0xd0c586a3 in _waitpid () from /lib/libc.so.1
#2  0xd0c9a3fb in waitpid () from /lib/libc.so.1
#3  0xd0c8e767 in system () from /lib/libc.so.1
#4  0x082cc370 in smb_panic (why=0x850012a "sys_setgroups failed") at lib/util.c:1672
#5  0x08105a23 in set_unix_security_ctx (uid=62107, gid=10000, ngroups=17, groups=0x8616b98) at smbd/sec_ctx.c:260
#6  0x08105ae7 in set_sec_ctx (uid=62107, gid=10000, ngroups=17, groups=0x8616b98, token=0x8616ae0) at smbd/sec_ctx.c:330
#7  0x080f85a3 in change_to_user (conn=0x860f4b0, vuid=101) at smbd/uid.c:279
#8  0x08119c92 in make_connection_snum (snum=2, vuser=0x86125c8, password={data = 0x8609f50 "", length = 1, free = 0},
    pdev=0x8046fec "?????", pstatus=0x804728c) at smbd/service.c:982
#9  0x0811aa12 in make_connection (service_in=0x8609f9c "IPC$", password={data = 0x8609f50 "", length = 1, free = 0}, pdev=0x860a030 "?????",
    vuid=101, status=0x804728c) at smbd/service.c:1288
#10 0x080d80e2 in reply_tcon_and_X (req=0x8609f00) at smbd/reply.c:685
#11 0x08116c5e in switch_message (type=117 'u', req=0x8609f00, size=88) at smbd/process.c:1479
#12 0x08116cff in construct_reply (inbuf=0x8609e70 "", size=88, unread_bytes=0, encrypted=false) at smbd/process.c:1502
#13 0x08116f8b in process_smb (inbuf=0x8609e70 "", nread=88, unread_bytes=0, encrypted=false) at smbd/process.c:1578
#14 0x08117991 in smbd_process () at smbd/process.c:2070
#15 0x084dcce3 in main (argc=2, argv=0x8047620) at smbd/server.c:1465

Comment 5 mchugh19@yahoo.com 2008-11-04 09:39:14 UTC
Created attachment 3709 [details]
smb.conf used

Since the error mentioned "sys_setgroups failed", here's my smb.conf using the idmap_adex winbind module
Comment 6 Volker Lendecke 2008-11-04 09:46:43 UTC
Oh, Björn Jacke just yesterday mentioned to me that Samba now panics if you hit the 16-groups per user limit. Is it possible that your user is in more than 16 groups, the hard limit on Solaris?

Volker
Comment 7 mchugh19@yahoo.com 2008-11-04 10:14:44 UTC
Looks like my username is only a member of 15 groups. (anymore and I have problems with solaris and nfs as you mentioned)

Also it looks like winbind does not yet work with the groups command on solaris.
Winbind host:
root@egr214-01:/$ groups NAU-STUDENTS\\mcm75
10000

Centrify'ed host:
root@kashyyyk:~$ groups mcm75
cefnsunix cefns_test cefns_meweb cefns_qspweb cefns_eppweb cefns_ceneweb cefns_gcsweb cefns_it cefns_cmweb cefns_chmweb cefns_envsci_gradweb cefns_bioweb cefns_taiweb cefns_cpcesuweb cefns_hetpweb
Comment 8 Gerald (Jerry) Carter 2008-11-04 10:32:16 UTC
(In reply to comment #7)
> Looks like my username is only a member of 15 groups. (anymore and I have
> problems with solaris and nfs as you mentioned)
> 
> Also it looks like winbind does not yet work with the groups command on
> solaris.
> Winbind host:
> root@egr214-01:/$ groups NAU-STUDENTS\\mcm75
> 10000

I expect this is just due to the fact that "winbind enum groups" is disabled by default 
for performance concerns.
Comment 9 mchugh19@yahoo.com 2008-11-04 11:47:03 UTC
That's what I heard in a previous bug report, so it has been enabled here since.
Comment 10 mchugh19@yahoo.com 2008-11-18 10:45:40 UTC
As of todays git checkout, I'm still getting smbd crashes when I attempt a cifs connection.

root@egr214-01:/usr/local/samba/var$ tail -f log.smbd 
[2008/11/18 23:43:29,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/18 23:43:29,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (62107, 10000) - sec_ctx_stack_ndx = 0
[2008/11/18 23:43:29,  0] lib/util.c:smb_panic(1666)
  PANIC (pid 7456): sys_setgroups failed
[2008/11/18 23:43:29,  0] lib/util.c:log_stack_trace(1820)
  unable to produce a stack trace on this platform
[2008/11/18 23:43:29,  0] lib/util.c:smb_panic(1671)
  smb_panic(): calling panic action [/bin/sleep 900000]


Looks to still be occurring. Since this is a test machine for idmap_adex, I'm guessing the sys_setgroups message has something to do with that.
Comment 11 Björn Jacke 2008-11-19 09:31:19 UTC
I'm pretty sure you have the above mentioned setgroups() problem. Your Solaris tells you that you are in 16 groups (15 plus your primary gid = 16 groups). And actually I guesss you are in more than 16 groups, can you ask your directory administrators how many groups you're in to make that sure?

http://www.j3e.de/ngroups.html tells you how to enhance the group limit to 32. If you need a higher group limit you may not use Solaris.
Comment 12 mchugh19@yahoo.com 2008-11-19 10:20:11 UTC
That seems to have done it. My account was in more than 16 groups, but our centrify client would only show the first 16. Removing my account to under 16 groups allows me to connect without crashing. Any idea on an ETA for the fix?
Comment 13 Volker Lendecke 2008-11-19 10:51:41 UTC
Ask SUN or use Linux :-)

Volker
Comment 14 Björn Jacke 2008-11-19 11:53:53 UTC
Solaris limitation, no Samba bug
Comment 15 mchugh19@yahoo.com 2008-11-19 12:34:52 UTC
I don't mind it being a solaris issue, but shouldn't smbd not crash?
Comment 16 Jeremy Allison 2008-11-19 12:55:11 UTC
It's deliberate. It's not safe to continue if we can't honor the user's groups.
Jeremy.
Comment 17 Volker Lendecke 2008-11-19 13:35:11 UTC
Maybe a panic including stack trace is a bit strong. What about a normal, clean server exit with a clear debug level 0 message?

Volker
Comment 18 Jeremy Allison 2008-11-19 13:36:52 UTC
Oh the voice of reason..... :-). Works for me (so long as I don't have to add the patch :-).
Jeremy.
Comment 19 Chris Wilson 2012-09-19 14:06:14 UTC
I'm getting this same panic on Ubuntu 12.04 with Linux 3.6.0-030600rc6-generic, so the number of groups should not be a problem. Any ideas?

uid=1000(chris) gid=1000(installuser) groups=1000(installuser),4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),105(lpadmin),119(admin),122(sambashare),130(vboxusers),131(libvirtd)

Could there be anything else causing this problem?
Comment 20 Volker Lendecke 2012-10-02 06:05:05 UTC
(In reply to comment #19)
> I'm getting this same panic on Ubuntu 12.04 with Linux 3.6.0-030600rc6-generic,
> so the number of groups should not be a problem. Any ideas?
> 
> uid=1000(chris) gid=1000(installuser)
> groups=1000(installuser),4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),105(lpadmin),119(admin),122(sambashare),130(vboxusers),131(libvirtd)
> 
> Could there be anything else causing this problem?

Could you please upload a debug level 10 log leading up to this panic?