smbd crashed with SIGABRT in dump_core()/setgroups being passed a -1 group is causing crashes.

Bug #1016895 reported by Dheepan Iyyampillai on 2012-06-23
196
This bug affects 35 people
Affects Status Importance Assigned to Milestone
samba
Fix Released
Unknown
samba (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned

Bug Description

[Impact]
12.04.2 users cannot share dirs with Samba due to smbd crashing with "sys_setgroups failed".
With 12.04.2 shipping linux-generic-lts-quantal, Samba is now completely unusable due to this bug, so an SRU is justified.
The fix has been included upstream and is Fix-Released in the current development versions of Ubuntu (Quantal+).

[Test Case]
Right click on a folder, e.g. ~/share, from nautilus, and select to share it.
If prompted to install Samba, do so, then logout/login and start over the test case.
Then run `nautilus-connect-server`, select
Type: Windows share,
Server: localhost,
Share: share,
Domain name: WORKGROUP,
User name: your unix username,
Password: your unix password.

and press the [Connect] button. It will fail, and /var/log/samba/log.hostname will contain an smbd crash with the following lines among others:
[2013/02/18 12:51:16.500421, 0] lib/util.c:1117(smb_panic)
  PANIC (pid 7594): sys_setgroups failed

[Regression Potential]
Since the bug was fixed upstream, and since Samba is now completely unusable, regressions are not very likely.

[Original bug description]
Sorry for not being of any help here. I don't really know what happened. There was suddenly a report about a system problem. and apport started. just updated a few hours ago.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: samba 2:3.6.5-3ubuntu2
ProcVersionSignature: Ubuntu 3.5.0-1.1-generic 3.5.0-rc3
Uname: Linux 3.5.0-1-generic i686
ApportVersion: 2.2.5-0ubuntu1
Architecture: i386
CrashCounter: 1
Date: Sun Jun 24 19:37:16 2012
ExecutablePath: /usr/sbin/smbd
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha i386 (20120509)
NmbdLog:

ProcCmdline: smbd -F
ProcEnviron:
 PATH=(custom, no user)
 TERM=linux
SambaServerRegression: Yes
Signal: 6
SmbConfIncluded: Yes
SmbLog:

SourcePackage: samba
StacktraceTop:
 raise () from /lib/i386-linux-gnu/libc.so.6
 abort () from /lib/i386-linux-gnu/libc.so.6
 dump_core ()
 smb_panic ()
 ?? ()
Title: smbd crashed with SIGABRT in raise()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

WindowsFailedConnect: Yes

StacktraceTop:
 dump_core () at lib/fault.c:391
 smb_panic (why=why@entry=0xb747eb6b "sys_setgroups failed") at lib/util.c:1133
 set_unix_security_ctx (uid=uid@entry=65534, gid=gid@entry=65534, ngroups=ngroups@entry=1, groups=groups@entry=0xb94e21f0) at smbd/sec_ctx.c:250
 set_sec_ctx (uid=uid@entry=65534, gid=gid@entry=65534, ngroups=ngroups@entry=1, groups=0xb94e21f0, token=0xb94e2228) at smbd/sec_ctx.c:320
 change_to_user_internal (conn=0xb94eaf70, conn@entry=0x64, session_info=<optimized out>, vuid=100) at smbd/uid.c:304

affects: ubuntu → samba (Ubuntu)
Changed in samba (Ubuntu):
importance: Undecided → Medium
summary: - smbd crashed with SIGABRT in raise()
+ smbd crashed with SIGABRT in dump_core()
tags: removed: need-i386-retrace

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
tags: added: precise
TJ (tj) on 2012-07-31
Changed in samba (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → TJ (intuitivenipple)
TJ (tj) wrote :

source3/auth/auth_util.c::create_local_token() will sometimes add an erroneous GID token for the group ID -1, which is treated as an 'unsigned int' and converted to 4294967295 (S-1-22-2-4294967295) , resulting in a crash in the syscall to Linux's setgroups().

Additional DEBUG() statements in the source reveal the issue. I'm still working on a fix:

setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Security token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-22-2-0]
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
create_local_token(i=1, server_info->utok.ngroups=0, sid=S-1-22-2-0)
create_local_token(i=2, server_info->utok.ngroups=1, sid=S-1-1-0)
create_local_token(i=3, server_info->utok.ngroups=2, sid=S-1-5-2) // SID_NT_NETWORK
create_local_token(i=4, server_info->utok.ngroups=2, sid=S-1-5-11)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-1-0)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-2-0)
add_sid_to_array_unique(S-1-22-2-4294967295)
Security token SIDs (6):
  SID[ 0]: S-1-22-1-0
  SID[ 1]: S-1-22-2-0
  SID[ 2]: S-1-1-0
  SID[ 3]: S-1-5-2
  SID[ 4]: S-1-5-11
  SID[ 5]: S-1-22-2-4294967295
 Privileges (0x 0):
 Rights (0x 0):
UNIX token of user 0
Primary group is 0 and contains 2 supplementary groups
Group[ 0]: 0
Group[ 1]: 4294967295

TJ (tj) wrote :

The attached debdiff modifies source3/auth/auth_utils.c::create_local_token()

When samba SIDs are being converted to local Linux group IDs (GIDs) some samba groups (id.type == WBC_ID_TYPE_GID) do not have associated Linux groups, e.g. NTLM\Domain Users (-513).

Unmatched SIDs had their associated GID set to (int)-1 despite the fact that Linux group IDs are unsigned, which was translated to (unsigned)4294967295.

Checks are added to avoid adding to the GID array or creating related local tokens when the GID is -1.

setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
Security token SIDs (16):
  SID[ 0]: S-1-5-21-3351122084-3488288528-2342995061-1002
  SID[ 1]: S-1-5-21-3351122084-3488288528-2342995061-513
  SID[ 2]: S-1-22-2-1000
  SID[ 3]: S-1-22-2-4
  SID[ 4]: S-1-22-2-20
  SID[ 5]: S-1-22-2-24
  SID[ 6]: S-1-22-2-46
  SID[ 7]: S-1-22-2-100
  SID[ 8]: S-1-22-2-116
  SID[ 9]: S-1-22-2-118
  SID[ 10]: S-1-22-2-124
  SID[ 11]: S-1-22-2-128
  SID[ 12]: S-1-1-0
  SID[ 13]: S-1-5-2
  SID[ 14]: S-1-5-11
  SID[ 15]: S-1-22-1-1000
 Privileges (0x 0):
 Rights (0x 0):
UNIX token of user 1000
Primary group is 1000 and contains 10 supplementary groups
Group[ 0]: 1000
Group[ 1]: 4
Group[ 2]: 20
Group[ 3]: 24
Group[ 4]: 46
Group[ 5]: 100
Group[ 6]: 116
Group[ 7]: 118
Group[ 8]: 124
Group[ 9]: 128
Impersonated user: uid=(0,1000), gid=(0,1000)

TJ (tj) on 2012-08-01
Changed in samba (Ubuntu):
status: In Progress → Triaged
assignee: TJ (intuitivenipple) → nobody

The attachment "Precise debdiff - ignore GIDs == -1 to prevent syscall setgroups panic" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch

Thank you for submitting a patch and helping to make Ubuntu better. The patch currently lacks DEP-3 comments, so its origins cannot be verified. If you wrote this patch yourself, please submit it upstream and to Debian, adding the URL to this bug. If this patch is already fixed upstream, please update the patch with appropriate DEP-3 comments. Unsubscribing ubuntu-sponsors for now. After making the above changes, please feel free to subscribe ubuntu-sponsors for review. Thanks again!

booble (yashin-vladimir) wrote :

This bug is already in samba's bugzilla.
Look at these related bugs:
https://bugzilla.samba.org/show_bug.cgi?id=8646
https://bugzilla.samba.org/show_bug.cgi?id=8952

The problem is solved in samba trunk, so we can build samba from current sources or wait for version 3.6.6 release and it's acceptance in ubuntu.

booble (yashin-vladimir) wrote :

For those who are interested: there is a PPA with fresh samba:
add-apt-repository ppa:nathan-renniewaldock/ppa
apt-get update
apt-get install samba

This will install samba 3.6.7-1~ppa~precise.

James Page (james-page) wrote :

TJ - thanks for preparing the patch.

As this is fixed upstream we should cherry pick the fix from 3.6-stable and use that instead.

Approved nominations for Precise/Quantal and marked 'Fix Released' for quantal which now has samba 3.6.6.

Changed in samba (Ubuntu Quantal):
status: Triaged → Fix Released
Changed in samba (Ubuntu Precise):
status: New → Triaged
Changed in samba (Ubuntu Quantal):
importance: Medium → High
Changed in samba (Ubuntu Precise):
importance: Undecided → High
milestone: none → precise-updates
summary: - smbd crashed with SIGABRT in dump_core()
+ smbd crashed with SIGABRT in dump_core()/setgroups being passed a -1
+ group is causing crashes.
Daniel Lee (longinus00) wrote :

I have a bug 1075670 that is apparently a duplicate of this one. Normally you shouldn't be hitting this bug in precise which runs 3.2 but with the rolling release plan 3.5 is now in the precise repos and is intended to be made default. It's been several a couple months now with no update to samba in precise so hopefully this comment will put this issue back on the radar.

Changed in samba:
status: Unknown → Fix Released
Carsten Menke (carsten-menke) wrote :

This is a very annoying bug, when can we expect the fix for 12.04 as a fix for Quantal is already released?

Ian Kumlien (pomac) wrote :

Just finding this error takes too long, it should really have been merged since it's a LTS release.

Alkis Georgopoulos (alkisg) wrote :

With the 12.04.2 CD shipping linux-generic-lts-quantal, Samba is now completely unusable due to this bug.

Is someone working on SRU'ing it, or we're waiting for someone to do the bureaucratic stuff like updating the bug description as per https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template etc etc?

description: updated
Adam Conrad (adconrad) wrote :

Uploaded the cherrypick to the queue.

Changed in samba (Ubuntu Precise):
status: Triaged → In Progress
mogorvabb (andokan) wrote :

Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise
3.5.0-23-generic
updated samba 3.6.7-1~ppa~precise solved problem

there is a PPA with fresh samba:
add-apt-repository ppa:nathan-renniewaldock/ppa
apt-get update
apt-get install samba

Hello Dheepan, or anyone else affected,

Accepted samba into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in samba (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
trythinking (trythinking) wrote :

Tested 2:3.6.3-2ubuntu2.4 on kernel "3.5.0-23-generic #35~precise1-Ubuntu SMP" and it appears to have solved the "sys_setgroups failed" issue.

tags: added: verification-done
removed: verification-needed
mogorvabb (andokan) wrote :

works fine ---> another client connecting to the server problem solved /tested connection client xp and linux/

tested version

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Samba: Verzió: 2:3.6.3-2ubuntu2.4 /proposed updates/
Architektúra: amd64
Függőségek: samba-common (= 2:3.6.3-2ubuntu2.4), libwbclient0 (=
               2:3.6.3-2ubuntu2.4), libacl1 (>= 2.2.51-5), libattr1 (>=
               1:2.4.46-5), libc6 (>= 2.15), libcap2 (>= 2.10), libcomerr2 (>=
               1.01), libcups2 (>= 1.4.0), libgssapi-krb5-2 (>= 1.10+dfsg~),
               libk5crypto3 (>= 1.6.dfsg.2), libkrb5-3 (>= 1.10+dfsg~),
               libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), libpopt0 (>=
               1.14), libtalloc2 (>= 2.0.4~git20101213), libtdb1 (>=
               1.2.7+git20101214), zlib1g (>= 1:1.1.4), debconf (>= 0.5) |
               debconf-2.0, upstart-job, libpam-runtime (>= 1.0.1-11),
               libpam-modules, lsb-base (>= 3.2-13), procps, update-inetd,
               adduser, samba-common-bin

Jake O (hellfire51) wrote :

No longer getting 'sys_setgroups failed' in my Samba logs and random disconnects of my file shares. Appears to have fixed the problem.

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Nick Brennan (profnick) wrote :

The package in -proposed seems to have resolved the 'sys_setgroups failed' issue for me as well.

3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:15:33 UTC 2013 i686 i686 i386 GNU/Linux

Package: samba
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 22380
Maintainer: Ubuntu Developers <email address hidden>
Architecture: i386
Version: 2:3.6.3-2ubuntu2.4
Replaces: samba-common (<= 2.0.5a-2)
Depends: samba-common (= 2:3.6.3-2ubuntu2.4), libwbclient0 (= 2:3.6.3-2ubuntu2.4), libacl1 (>= 2.2.51-5), libattr1 (>= 1:2.4.46-5), libc6 (>= 2.15), libcap2 (>= 2.10), libcomerr2 (>= 1.01), libcups2 (>= 1.4.0), libgssapi-krb5-2 (>= 1.10+dfsg~), libk5crypto3 (>= 1.6.dfsg.2), libkrb5-3 (>= 1.10+dfsg~), libldap-2.4-2 (>= 2.4.7), libpam0g (>= 0.99.7.1), libpopt0 (>= 1.14), libtalloc2 (>= 2.0.4~git20101213), libtdb1 (>= 1.2.7+git20101214), zlib1g (>= 1:1.1.4), debconf (>= 0.5) | debconf-2.0, upstart-job, libpam-runtime (>= 1.0.1-11), libpam-modules, lsb-base (>= 3.2-13), procps, update-inetd, adduser, samba-common-bin

Harm van Bakel (hvbakel) wrote :

The fix solves the problem for me as well.

Linux 3.5.0-26-generic #42~precise1-Ubuntu SMP Mon Mar 11 22:17:58 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Package: samba
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 22862
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Version: 2:3.6.3-2ubuntu2.4
Replaces: samba-common (<= 2.0.5a-2)

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:3.6.3-2ubuntu2.4

---------------
samba (2:3.6.3-2ubuntu2.4) precise; urgency=low

  [ Olly Betts ]
  * Change "net share allowedusers" to use RPC call that works with
    Microsoft Windows 2008 r2. (LP: #1061244)

  [ Louis Bouchard ]
  * Fix issue with Windows XP / 7 (LP: #967410) where a USB
    connected printer shared on Ubuntu cannot be added to Windows
    using the "Find a printer in the directory" functionalty.

  [ Adam Conrad ]
  * Cherrypick patch from upstream to resolve a SIGABRT when passing
    setgroups a -1 gid, fixing samba with 3.5 kernels (LP: #1016895)
 -- Adam Conrad <email address hidden> Tue, 19 Feb 2013 22:22:12 -0700

Changed in samba (Ubuntu Precise):
status: Fix Committed → Fix Released
roemer2201 (roemer2201) wrote :

Just in case someone stumbles over this:
I just installed a fresh ubuntu 12.04.2 64bit server and I installed samba in the ubuntu installer.
Unfortunately this seems to install a buggy version. After spending two hours of search I just tried to remove samba and it told me, that it is not installed... so I just installed it and now the bugfixed version seems to be installed and is working.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.