6907 – smbd crashes with signal 11 (domain security)

Bug 6907 - smbd crashes with signal 11 (domain security)

Summary: smbd crashes with signal 11 (domain security)

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 3.3
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	3.3.9
Hardware:	x86 FreeBSD

Importance:	P3 normal
Target Milestone:	---
Assignee:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-11-19 04:23 UTC by Alex Masterov
Modified:	2020-12-15 17:44 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Masterov 2009-11-19 04:23:50 UTC

smbd crashes several times per day
in log file:
[2009/11/19 15:13:16,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/11/19 15:13:16,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 77025 (3.3.9)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/11/19 15:13:16,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/11/19 15:13:16,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/11/19 15:13:16,  0] lib/util.c:smb_panic(1667)
  smb_panic: clobber_region() last called from [cli_session_setup_guest(211)]
[2009/11/19 15:13:16,  0] lib/util.c:smb_panic(1673)
  PANIC (pid 77025): internal error
[2009/11/19 15:13:16,  0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 20 stack frames:
   #0 0x2d424c <smb_panic+175> at /usr/local/sbin/smbd
   #1 0x2bd6cd <dump_core_setup+1957> at /usr/local/sbin/smbd
   #2 0xbfbfffb4
   #3 0x2cbc76 <safe_strcpy_fn+89> at /usr/local/sbin/smbd
   #4 0x105735 <cli_session_setup+3717> at /usr/local/sbin/smbd
   #5 0x105e42 <cli_full_connection+219> at /usr/local/sbin/smbd
   #6 0x326fa1 <enumerate_domain_trusts+309> at /usr/local/sbin/smbd
   #7 0x326d0d <update_trustdom_cache+237> at /usr/local/sbin/smbd
   #8 0x31b397 <is_trusted_domain+87> at /usr/local/sbin/smbd
   #9 0x31fa1f <make_user_info_map+358> at /usr/local/sbin/smbd
   #10 0x321ed8 <auth_ntlmssp_start+550> at /usr/local/sbin/smbd
   #11 0x12a734 <ntlmssp_set_username+1675> at /usr/local/sbin/smbd
   #12 0x129f74 <ntlmssp_update+659> at /usr/local/sbin/smbd
   #13 0x321c39 <auth_ntlmssp_update+60> at /usr/local/sbin/smbd
   #14 0xb2d3d <parse_spnego_mechanisms+2733> at /usr/local/sbin/smbd
   #15 0xb4268 <reply_sesssetup_and_X+2723> at /usr/local/sbin/smbd
   #16 0xe983c <remove_deferred_open_smb_message+2068> at /usr/local/sbin/smbd
   #17 0xebaee <smbd_process+2402> at /usr/local/sbin/smbd
   #18 0x500064 <main+8982> at /usr/local/sbin/smbd
   #19 0x69053 <_start+131> at /usr/local/sbin/smbd

Backtrace with gdb:
(gdb) bt
#0  0x209dc721 in wait4 () from /lib/libc.so.7
#1  0x209a22f5 in system () from /lib/libc.so.7
#2  0x2096e4cb in system () from /lib/libthr.so.3
#3  0x002d42b0 in smb_panic (why=0x56d9fe "internal error") at lib/util.c:1679
#4  0x002bd6cd in sig_fault (sig=Could not find the frame base for "sig_fault".
) at lib/fault.c:46
#5  <signal handler called>
#6  rep_strnlen (s=0x80555fc1 <Error reading address 0x80555fc1: Bad address>,
    max=256) at lib/replace/replace.c:330
#7  0x002cbc76 in safe_strcpy_fn (fn=0x51ad41 "cli_session_setup_guest",
    line=211, dest=0x20ce0254 '<9F>' <repeats 200 times>...,
    src=0x80555fc1 <Error reading address 0x80555fc1: Bad address>,
    maxlength=255) at lib/util_str.c:702
#8  0x00105735 in cli_session_setup (cli=0x20ce0030, user=0x555fc1 "",
    pass=0x555fc1 "", passlen=1, ntpass=0x555fc1 "", ntpasslen=1,
    workgroup=0x555fc1 "") at libsmb/cliconnect.c:211
#9  0x00105e42 in cli_full_connection (output_cli=0xbfbfc580,
    my_name=0x20c21fb0 "ZPL", dest_host=0xbfbfc3e0 "CENTER",
    dest_ss=0xbfbfc4e0, port=0, service=0x500ecd "IPC$",
    service_type=0x5b343f "IPC", user=0x555fc1 "", domain=0x555fc1 "",
    password=0x555fc1 "", flags=0, signing_state=-1, retry=0xbfbfc58b)
    at libsmb/cliconnect.c:1748
#10 0x00326fa1 in enumerate_domain_trusts (mem_ctx=0x2149bab0,
    domain=0x20c21a40 "HELMI", domain_names=0xbfbfc5c8,
    num_domains=0xbfbfc5c0, sids=0xbfbfc5c4) at libsmb/trusts_util.c:128
#11 0x00326d0d in update_trustdom_cache () at libsmb/trustdom_cache.c:321
#12 0x0031b397 in is_trusted_domain (dom_name=0x20c21a40 "HELMI")
    at auth/auth_util.c:2199
#13 0x0031fa1f in make_user_info_map (user_info=0xbfbfc7fc,
    smb_name=0x2149ba70 "", client_domain=0x2149bbb0 "",
    wksta_name=0x2149b970 "FINCOM5", lm_pwd=0x20ce1878, nt_pwd=0x0,
    lm_interactive_pwd=0x0, nt_interactive_pwd=0x0, plaintext=0x0,
    encrypted=true) at auth/auth_util.c:220
#14 0x00321ed8 in auth_ntlmssp_check_password (ntlmssp_state=0x20ce1830,
    user_session_key=0xbfbfc924, lm_session_key=0xbfbfc918)
    at auth/auth_ntlmssp.c:99
#15 0x0012a734 in ntlmssp_server_auth (ntlmssp_state=0x20ce1830, request=
      {data = 0x2149fe80 "NTLMSSP", length = 103, free = 0x2d123d <free_data_blob>}, reply=0xbfbfcd84) at libsmb/ntlmssp.c:798
#16 0x00129f74 in ntlmssp_update (ntlmssp_state=0x20ce1830, in=
      {data = 0x2149fe80 "NTLMSSP", length = 103, free = 0x2d123d <free_data_blob>}, out=0xbfbfcd84) at libsmb/ntlmssp.c:342
#17 0x00321c39 in auth_ntlmssp_update (auth_ntlmssp_state=0x2149bcb0, request=
      {data = 0x2149fe80 "NTLMSSP", length = 103, free = 0x2d123d <free_data_blob>}, reply=0xbfbfcd84) at auth/auth_ntlmssp.c:213
#18 0x000b2d3d in reply_sesssetup_and_X_spnego (req=0x213a61c0)
    at smbd/sesssetup.c:941
#19 0x000b4268 in reply_sesssetup_and_X (req=0x213a61c0)
    at smbd/sesssetup.c:1433
#20 0x000e983c in switch_message (type=115 's', req=0x213a61c0, size=276)
    at smbd/process.c:1500
#21 0x000ebaee in smbd_process () at smbd/process.c:1524
#22 0x00500064 in main (argc=Error accessing memory address 0x80555fc1: Bad address.
) at smbd/server.c:1526


My smb.conf (testparm):
[global]
        dos charset = cp866
        unix charset = koi8-r
        display charset = koi8-r
        workgroup = HELMI
        server string = Zarplata Server
        security = DOMAIN
        log file = /var/log/samba/log.%m
        max log size = 50000
        local master = No
        domain master = No
        dns proxy = No
        wins server = center.bit.ab.ru
        admin users = alex, van, kta
        inherit acls = Yes
        map acl inherit = Yes
        printing = bsd
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j
        map archive = No
        store dos attributes = Yes
        oplocks = No
        level2 oplocks = No

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[disk_k]
        comment = Disk K:
        path = /shared/disk_k
        read only = No
        acl check permissions = No
        create mask = 0664
        directory mask = 0775
        dos filemode = Yes

FreeBSD 7.2-RELEASE-p4
RAM 1G 
CPU: Intel(R) Pentium(R) 4 CPU 2.53GHz
Hardware was changed w/o result.
This server is domain member. Domain controller is samba 3.0.28

Clients (Windows XP) uses large database (DBF, FoxPro) on server.
I'll try give any additional information if you need it.
Thanks!

Comment 1 Björn Jacke 2020-12-15 17:44:29 UTC

this is not a generic problem in recent versions, if you see crashes with 4.12 or newer, please file a new bug for that.