Bug #623525 “Panic or segfault in Samba when a windows client tr...” : Bugs : samba package : Ubuntu

Revision history for this message

Mathias Gug (mathiaz) wrote on 2010-08-25:

#1

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.

We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures

At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,
2. the behavior you expected, and
3. the behavior you actually encountered (in as much detail as possible).
Thanks!

Changed in samba (Ubuntu):
importance:	Undecided → Low
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-12-14:

#2

[Expired for samba (Ubuntu) because there has been no activity for 60 days.]

Changed in samba (Ubuntu):
status:	Incomplete → Expired

Revision history for this message

Philipp Lies (philipp-lies) wrote on 2011-11-18:

#3

Download full text (5.0 KiB)

I encountered the same bug today.
When a client (Windows or Mac) connects to the samba server at some point in time (not clearly reproducible, I guess file access or directory listing) the 'panic action' script is executed with the same output as above. The log file tells me:

[2011/11/18 14:45:27.558820, 1] lib/server_mutex.c:64(grab_named_mutex)
  Could not open mutex.tdb: Permission denied
[2011/11/18 14:45:27.561831, 0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  auth/auth_server.c:277: Type mismatch: name[NULL] expected[struct server_security_state]
[2011/11/18 14:45:27.561854, 0] lib/util.c:1465(smb_panic)
  PANIC (pid 15243): auth/auth_server.c:277: Type mismatch: name[NULL] expected[struct server_security_state]
[2011/11/18 14:45:27.566588, 0] lib/util.c:1569(log_stack_trace)
  BACKTRACE: 26 stack frames:
   #0 smbd(log_stack_trace+0x1a) [0x7fa72df9eb6a]
   #1 smbd(smb_panic+0x1f) [0x7fa72df9ec2f]
   #2 /usr/lib/libtalloc.so.2(_talloc_get_type_abort+0x5c) [0x7fa72b7df8cc]
   #3 smbd(+0x3bb46d) [0x7fa72dfec46d]
   #4 smbd(+0x3b6f1b) [0x7fa72dfe7f1b]
   #5 smbd(+0x3c403b) [0x7fa72dff503b]
   #6 smbd(+0x1c04d9) [0x7fa72ddf14d9]
   #7 smbd(ntlmssp_update+0xc4) [0x7fa72ddf36b4]
   #8 smbd(auth_ntlmssp_update+0x16) [0x7fa72dff5536]
   #9 smbd(+0x2faafc) [0x7fa72df2bafc]
   #10 smbd(api_pipe_bind_auth3+0x36f) [0x7fa72df2c20f]
   #11 smbd(np_write_send+0xb53) [0x7fa72df29403]
   #12 smbd(reply_pipe_write_and_X+0x167) [0x7fa72dd4ec87]
   #13 smbd(reply_write_and_X+0x398) [0x7fa72dd58118]
   #14 smbd(+0x167bb5) [0x7fa72dd98bb5]
   #15 smbd(+0x167f57) [0x7fa72dd98f57]
   #16 smbd(+0x1683da) [0x7fa72dd993da]
   #17 smbd(run_events+0x1e3) [0x7fa72dfae303]
   #18 smbd(smbd_process+0x756) [0x7fa72dd9a936]
   #19 smbd(+0x66891e) [0x7fa72e29991e]
   #20 smbd(run_events+0x1e3) [0x7fa72dfae303]
   #21 smbd(+0x37d4f8) [0x7fa72dfae4f8]
   #22 smbd(_tevent_loop_once+0x90) [0x7fa72dfaef90]
   #23 smbd(main+0xad3) [0x7fa72e29a5c3]
   #24 /lib/libc.so.6(__libc_start_main+0xfd) [0x7fa72b044c4d]
   #25 smbd(+0xea8a9) [0x7fa72dd1b8a9]
[2011/11/18 14:45:27.566759, 0] lib/util.c:1470(smb_panic)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 15243]
[2011/11/18 14:45:27.786627, 0] lib/util.c:1478(smb_panic)
  smb_panic(): action returned status 0
[2011/11/18 14:45:27.786698, 0] lib/fault.c:326(dump_core)
  dumping core in /var/log/samba/cores/smbd

Here the smb.conf
#======================= Global Settings =======================
[global]
   workgroup = CAMPUS
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

security = server
password server = [removed for privacy]
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
map to guest = bad user
   socket options = TCP_NODELA...

I encountered the same bug today.
When a client (Windows or Mac) connects to the samba server at some point in time (not clearly reproducible, I guess file access or directory listing) the 'panic action' script is executed with the same output as above. The log file tells me:

[2011/11/18 14:45:27.558820,  1] lib/server_mutex.c:64(grab_named_mutex)
  Could not open mutex.tdb: Permission denied
[2011/11/18 14:45:27.561831,  0] lib/popt_common.c:64(popt_s3_talloc_log_fn)
  auth/auth_server.c:277: Type mismatch: name[NULL] expected[struct server_security_state]
[2011/11/18 14:45:27.561854,  0] lib/util.c:1465(smb_panic)
  PANIC (pid 15243): auth/auth_server.c:277: Type mismatch: name[NULL] expected[struct server_security_state]
[2011/11/18 14:45:27.566588,  0] lib/util.c:1569(log_stack_trace)
  BACKTRACE: 26 stack frames:
   #0 smbd(log_stack_trace+0x1a) [0x7fa72df9eb6a]
   #1 smbd(smb_panic+0x1f) [0x7fa72df9ec2f]
   #2 /usr/lib/libtalloc.so.2(_talloc_get_type_abort+0x5c) [0x7fa72b7df8cc]
   #3 smbd(+0x3bb46d) [0x7fa72dfec46d]
   #4 smbd(+0x3b6f1b) [0x7fa72dfe7f1b]
   #5 smbd(+0x3c403b) [0x7fa72dff503b]
   #6 smbd(+0x1c04d9) [0x7fa72ddf14d9]
   #7 smbd(ntlmssp_update+0xc4) [0x7fa72ddf36b4]
   #8 smbd(auth_ntlmssp_update+0x16) [0x7fa72dff5536]
   #9 smbd(+0x2faafc) [0x7fa72df2bafc]
   #10 smbd(api_pipe_bind_auth3+0x36f) [0x7fa72df2c20f]
   #11 smbd(np_write_send+0xb53) [0x7fa72df29403]
   #12 smbd(reply_pipe_write_and_X+0x167) [0x7fa72dd4ec87]
   #13 smbd(reply_write_and_X+0x398) [0x7fa72dd58118]
   #14 smbd(+0x167bb5) [0x7fa72dd98bb5]
   #15 smbd(+0x167f57) [0x7fa72dd98f57]
   #16 smbd(+0x1683da) [0x7fa72dd993da]
   #17 smbd(run_events+0x1e3) [0x7fa72dfae303]
   #18 smbd(smbd_process+0x756) [0x7fa72dd9a936]
   #19 smbd(+0x66891e) [0x7fa72e29991e]
   #20 smbd(run_events+0x1e3) [0x7fa72dfae303]
   #21 smbd(+0x37d4f8) [0x7fa72dfae4f8]
   #22 smbd(_tevent_loop_once+0x90) [0x7fa72dfaef90]
   #23 smbd(main+0xad3) [0x7fa72e29a5c3]
   #24 /lib/libc.so.6(__libc_start_main+0xfd) [0x7fa72b044c4d]
   #25 smbd(+0xea8a9) [0x7fa72dd1b8a9]
[2011/11/18 14:45:27.566759,  0] lib/util.c:1470(smb_panic)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 15243]
[2011/11/18 14:45:27.786627,  0] lib/util.c:1478(smb_panic)
  smb_panic(): action returned status 0
[2011/11/18 14:45:27.786698,  0] lib/fault.c:326(dump_core)
  dumping core in /var/log/samba/cores/smbd

Here the smb.conf
#======================= Global Settings =======================
[global]
   workgroup = CAMPUS
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

security = server
password server = [removed for privacy]
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
map to guest = bad user
   socket options = TCP_NODELAY
   usershare allow guests = yes

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

[share1]
	comment = [removed for privarcy]
	path = [removed for privarcy]
	writeable = yes
	browseable = yes
	public = no
	delete readonly = yes

[homes] 
        comment = Home Directories
        writeable = Yes
        browseable = No
	delete readonly = yes

[share]
	comment = [removed for privarcy]
	path = [removed for privarcy]
	writeable = yes
	write list = [removed for privarcy]
	force group = [removed for privarcy]
	create mask = 0775
	force create mode = 0775
	directory mask = 2775
	force directory mode = 2775
	browseable = yes
	public = no
	delete readonly = yes
[temp]
	comment = [removed for privarcy]
	path = [removed for privarcy]
	writeable = no
	browseable = no
	public = yes

[share2]
	comment = [removed for privarcy]
	path = [removed for privarcy]
	writeable = yes
	create mask = 0775
	force create mode = 0775
	directory mask = 2775
	force directory mode = 2775
	browseable = yes
	public = no
	delete readonly = yes

TL;DR: samba uses server mode, and the panics seems to happen since an update on the authentication server. 
The samba server is an ubuntu lucid LTS w/ backports but samba 3.5 from natty (I hoped to fix this bug by updating, but it didn't help). The authentication server was a FreeBSD with samba 3.3.13 before and was now (physically) replaced by a FreeBSD 9 server with samba 3.6.1. The samba on the authentication server was manually compiled with LDAP-support, CUPS-support, winbinds-support, acl-support, async-io-support and ipv6-support.

Ubuntu
samba package

Panic or segfault in Samba when a windows client tries to access a share

Bug Description

Other bug subscribers

Remote bug watches

Ubuntusamba package

Panic or segfault in Samba when a windows client tries to access a share

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
samba package