Ubuntu
glibc package

Bug #216358
Comment #3

Comment 3 for bug 216358

Revision history for this message

berni123 (bernd-bernd--zimmermann) wrote on 2008-10-05:

I can confirm this kind of bug!
On a new installed Hardy, Samab crashes not everytime but often:

Log from the per Host logfile:
[2008/10/04 20:09:57, 0] lib/util_sec.c:set_effective_uid(205)
  setresuid failed with EAGAIN. uid(1001) might be over its NPROC limit
[2008/10/04 20:09:57, 0] lib/util_sec.c:assert_uid(101)
  Failed to set uid privileges to (-1,1001) now set to (0,0)
[2008/10/04 20:09:57, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 23366): failed to set uid
[2008/10/04 20:09:57, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x613b1c]
   #1 /usr/sbin/smbd(smb_panic+0x43) [0x613c03]
   #2 /usr/sbin/smbd [0x618cc1]
   #3 /usr/sbin/smbd [0x4ba57e]
   #4 /usr/sbin/smbd(pop_sec_ctx+0x96) [0x4ba6f6]
   #5 /usr/sbin/smbd(unbecome_root+0x9) [0x4afec9]
   #6 /usr/sbin/smbd(gid_to_sid+0x168) [0x5d36b8]
   #7 /usr/sbin/smbd(get_nt_acl+0x44a) [0x4c432a]
   #8 /usr/sbin/smbd(is_visible_file+0x26e) [0x46e06e]
   #9 /usr/sbin/smbd [0x46e5f0]
   #10 /usr/sbin/smbd(dptr_ReadDirName+0x54) [0x46e664]
   #11 /usr/sbin/smbd [0x4a54b4]
   #12 /usr/sbin/smbd [0x4a8ae3]
   #13 /usr/sbin/smbd(handle_trans2+0x1be) [0x4a927e]
   #14 /usr/sbin/smbd(reply_trans2+0x6ea) [0x4afc3a]
   #15 /usr/sbin/smbd [0x4c879e]
   #16 /usr/sbin/smbd(smbd_process+0x7e2) [0x4c9b92]
   #17 /usr/sbin/smbd(main+0x8cd) [0x6c5f6d]
   #18 /lib/libc.so.6(__libc_start_main+0xf4) [0x7f02cab011c4]
   #19 /usr/sbin/smbd [0x45a869]
[2008/10/04 20:09:57, 0] lib/util.c:smb_panic(1638)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 23366]
[2008/10/04 20:09:59, 0] lib/util.c:smb_panic(1646)
  smb_panic(): action returned status 0
[2008/10/04 20:09:59, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd

Panic-Action output:
[Thread debugging using libthread_db enabled]
[New Thread 0x7f02cd972700 (LWP 23366)]
0x00007f02cab804a5 in waitpid () from /lib/libc.so.6
#0 0x00007f02cab804a5 in waitpid () from /lib/libc.so.6
#1 0x00007f02cab21461 in ?? () from /lib/libc.so.6
#2 0x0000000000613c4b in smb_panic (why=<value optimized out>)
    at lib/util.c:1639
#3 0x0000000000618cc1 in assert_uid (ruid=4294967295, euid=1001)
    at lib/util_sec.c:102
#4 0x00000000004ba57e in become_id (uid=1001, gid=100) at smbd/sec_ctx.c:57
#5 0x00000000004ba6f6 in pop_sec_ctx () at smbd/sec_ctx.c:345
#6 0x00000000004afec9 in unbecome_root () at smbd/uid.c:400
#7 0x00000000005d36b8 in gid_to_sid (psid=0x7fffd5990990, gid=100)
    at passdb/lookup_sid.c:1202
#8 0x00000000004c432a in get_nt_acl (fsp=0xb407a0, security_info=7,
    ppdesc=0x7fffd5990ac8) at smbd/posix_acls.c:2809
#9 0x000000000046e06e in is_visible_file (conn=0xaa6da0,
    dir_path=0xa72060 "./", name=<value optimized out>, pst=0x7fffd5991490,
    use_veto=1) at smbd/dir.c:897
#10 0x000000000046e5f0 in dptr_normal_ReadDirName (dptr=0xa05440,
    poffset=0x7fffd5991558, pst=0x7fffd5991490) at smbd/dir.c:562
#11 0x000000000046e664 in dptr_ReadDirName (dptr=0xa05440,
    poffset=0x7fffd5991558, pst=0x7fffd5991490) at smbd/dir.c:642
#12 0x00000000004a54b4 in get_lanman2_dir_entry (conn=0xaa6da0,
    inbuf=<value optimized out>, outbuf=0xadf130 "",
    path_mask=0x7fffd5992770 "*", dirtype=22, info_level=260,
    requires_resume_key=4, dont_descend=0, ppdata=0x7fffd5992740,
    base_data=0xb17410 "`", end_data=0xb1c40f "", space_remaining=7728,
    out_of_space=0x7fffd5992764, got_exact_match=0x7fffd599274c,
    last_entry_off=0x7fffd599276c, name_list=0x0, ea_ctx=0x0)
    at smbd/trans2.c:1149
#13 0x00000000004a8ae3 in call_trans2findfirst (conn=0xaa6da0,
    inbuf=0xabece0 "", outbuf=0xadf130 "", bufsize=131072, pparams=0xaa5ce0,
    total_params=<value optimized out>, ppdata=0xaa5cf0, total_data=0,
    max_data_bytes=16384) at smbd/trans2.c:1859
#14 0x00000000004a927e in handle_trans2 (conn=0xaa6da0, state=0xaa5b90,
    inbuf=0xabece0 "", outbuf=0xadf130 "", size=<value optimized out>,
    bufsize=131072) at smbd/trans2.c:6433
#15 0x00000000004afc3a in reply_trans2 (conn=0xaa6da0, inbuf=0xabece0 "",
    outbuf=0xadf130 "", size=90, bufsize=131072) at smbd/trans2.c:6703
#16 0x00000000004c879e in switch_message (type=50, inbuf=0xabece0 "",
    outbuf=0xadf130 "", size=90, bufsize=131072) at smbd/process.c:1004
#17 0x00000000004c9b92 in smbd_process () at smbd/process.c:1031
#18 0x00000000006c5f6d in main (argc=<value optimized out>,
    argv=0x7fffd59946f8) at smbd/server.c:1120

Unfortunately I got no core dump file.

I can confirm this kind of bug!
On a new installed Hardy, Samab crashes not everytime but often:

Log from the per Host logfile:
[2008/10/04 20:09:57, 0] lib/util_sec.c:set_effective_uid(205)
  setresuid failed with EAGAIN. uid(1001) might be over its NPROC limit
[2008/10/04 20:09:57, 0] lib/util_sec.c:assert_uid(101)
  Failed to set uid privileges to (-1,1001) now set to (0,0)
[2008/10/04 20:09:57, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 23366): failed to set uid 
[2008/10/04 20:09:57, 0] lib/util.c:log_stack_trace(1737)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x613b1c]
   #1 /usr/sbin/smbd(smb_panic+0x43) [0x613c03]
   #2 /usr/sbin/smbd [0x618cc1]
   #3 /usr/sbin/smbd [0x4ba57e]
   #4 /usr/sbin/smbd(pop_sec_ctx+0x96) [0x4ba6f6]
   #5 /usr/sbin/smbd(unbecome_root+0x9) [0x4afec9]
   #6 /usr/sbin/smbd(gid_to_sid+0x168) [0x5d36b8]
   #7 /usr/sbin/smbd(get_nt_acl+0x44a) [0x4c432a]
   #8 /usr/sbin/smbd(is_visible_file+0x26e) [0x46e06e]
   #9 /usr/sbin/smbd [0x46e5f0]
   #10 /usr/sbin/smbd(dptr_ReadDirName+0x54) [0x46e664]
   #11 /usr/sbin/smbd [0x4a54b4]
   #12 /usr/sbin/smbd [0x4a8ae3]
   #13 /usr/sbin/smbd(handle_trans2+0x1be) [0x4a927e]
   #14 /usr/sbin/smbd(reply_trans2+0x6ea) [0x4afc3a]
   #15 /usr/sbin/smbd [0x4c879e]
   #16 /usr/sbin/smbd(smbd_process+0x7e2) [0x4c9b92]
   #17 /usr/sbin/smbd(main+0x8cd) [0x6c5f6d]
   #18 /lib/libc.so.6(__libc_start_main+0xf4) [0x7f02cab011c4]
   #19 /usr/sbin/smbd [0x45a869]
[2008/10/04 20:09:57, 0] lib/util.c:smb_panic(1638)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 23366]
[2008/10/04 20:09:59, 0] lib/util.c:smb_panic(1646)
  smb_panic(): action returned status 0
[2008/10/04 20:09:59, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd

Panic-Action output:
[Thread debugging using libthread_db enabled]
[New Thread 0x7f02cd972700 (LWP 23366)]
0x00007f02cab804a5 in waitpid () from /lib/libc.so.6
#0  0x00007f02cab804a5 in waitpid () from /lib/libc.so.6
#1  0x00007f02cab21461 in ?? () from /lib/libc.so.6
#2  0x0000000000613c4b in smb_panic (why=<value optimized out>)
    at lib/util.c:1639
#3  0x0000000000618cc1 in assert_uid (ruid=4294967295, euid=1001)
    at lib/util_sec.c:102
#4  0x00000000004ba57e in become_id (uid=1001, gid=100) at smbd/sec_ctx.c:57
#5  0x00000000004ba6f6 in pop_sec_ctx () at smbd/sec_ctx.c:345
#6  0x00000000004afec9 in unbecome_root () at smbd/uid.c:400
#7  0x00000000005d36b8 in gid_to_sid (psid=0x7fffd5990990, gid=100)
    at passdb/lookup_sid.c:1202
#8  0x00000000004c432a in get_nt_acl (fsp=0xb407a0, security_info=7, 
    ppdesc=0x7fffd5990ac8) at smbd/posix_acls.c:2809
#9  0x000000000046e06e in is_visible_file (conn=0xaa6da0, 
    dir_path=0xa72060 "./", name=<value optimized out>, pst=0x7fffd5991490, 
    use_veto=1) at smbd/dir.c:897
#10 0x000000000046e5f0 in dptr_normal_ReadDirName (dptr=0xa05440, 
    poffset=0x7fffd5991558, pst=0x7fffd5991490) at smbd/dir.c:562
#11 0x000000000046e664 in dptr_ReadDirName (dptr=0xa05440, 
    poffset=0x7fffd5991558, pst=0x7fffd5991490) at smbd/dir.c:642
#12 0x00000000004a54b4 in get_lanman2_dir_entry (conn=0xaa6da0, 
    inbuf=<value optimized out>, outbuf=0xadf130 "", 
    path_mask=0x7fffd5992770 "*", dirtype=22, info_level=260, 
    requires_resume_key=4, dont_descend=0, ppdata=0x7fffd5992740, 
    base_data=0xb17410 "`", end_data=0xb1c40f "", space_remaining=7728, 
    out_of_space=0x7fffd5992764, got_exact_match=0x7fffd599274c, 
    last_entry_off=0x7fffd599276c, name_list=0x0, ea_ctx=0x0)
    at smbd/trans2.c:1149
#13 0x00000000004a8ae3 in call_trans2findfirst (conn=0xaa6da0, 
    inbuf=0xabece0 "", outbuf=0xadf130 "", bufsize=131072, pparams=0xaa5ce0, 
    total_params=<value optimized out>, ppdata=0xaa5cf0, total_data=0, 
    max_data_bytes=16384) at smbd/trans2.c:1859
#14 0x00000000004a927e in handle_trans2 (conn=0xaa6da0, state=0xaa5b90, 
    inbuf=0xabece0 "", outbuf=0xadf130 "", size=<value optimized out>, 
    bufsize=131072) at smbd/trans2.c:6433
#15 0x00000000004afc3a in reply_trans2 (conn=0xaa6da0, inbuf=0xabece0 "", 
    outbuf=0xadf130 "", size=90, bufsize=131072) at smbd/trans2.c:6703
#16 0x00000000004c879e in switch_message (type=50, inbuf=0xabece0 "", 
    outbuf=0xadf130 "", size=90, bufsize=131072) at smbd/process.c:1004
#17 0x00000000004c9b92 in smbd_process () at smbd/process.c:1031
#18 0x00000000006c5f6d in main (argc=<value optimized out>, 
    argv=0x7fffd59946f8) at smbd/server.c:1120

Unfortunately I got no core dump file.

Ubuntuglibc package

Comment 3 for bug 216358

Ubuntu
glibc package