segfault on Samba v4.3.11-Ubuntu

Bug #1818638 reported by Frederic BUISSON on 2019-03-05
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Medium
Andreas Hasenack

Bug Description

Samba crash sometimes with this message :
I don't understand what is the event which make it crash.
The clients for Samba are on Windows 7 and 10.

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007fb966bc607a in __GI___waitpid (pid=4502, stat_loc=stat_loc@entry=0x7ffd1e1b7a10, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#0 0x00007fb966bc607a in __GI___waitpid (pid=4502, stat_loc=stat_loc@entry=0x7ffd1e1b7a10, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#1 0x00007fb966b3efbb in do_system (line=line@entry=0x559a1fdfc200 "/usr/share/samba/panic-action 4501") at ../sysdeps/posix/system.c:148
#2 0x00007fb966b3f39a in __libc_system (line=line@entry=0x559a1fdfc200 "/usr/share/samba/panic-action 4501") at ../sysdeps/posix/system.c:184
#3 0x00007fb9695ea8d1 in smb_panic_s3 (why=<optimized out>) at ../source3/lib/util.c:802
#4 0x00007fb96a35df1f in smb_panic (why=why@entry=0x7fb96a3a1ab8 "internal error") at ../lib/util/fault.c:166
#5 0x00007fb96a35e136 in fault_report (sig=<optimized out>) at ../lib/util/fault.c:83
#6 sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
#7 <signal handler called>
#8 smbXsrv_session_create (conn=conn@entry=0x559a1fddd850, now=now@entry=131962556254820770, _session=_session@entry=0x7ffd1e1b83c0) at ../source3/smbd/smbXsrv_session.c:1158
#9 0x00007fb969eef643 in reply_sesssetup_and_X (req=req@entry=0x559a1fdfa5f0) at ../source3/smbd/sesssetup.c:953
#10 0x00007fb969f2be67 in switch_message (type=<optimized out>, req=req@entry=0x559a1fdfa5f0) at ../source3/smbd/process.c:1649
#11 0x00007fb969f2dbb3 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=76, inbuf=0x0, xconn=0x559a1fddd850) at ../source3/smbd/process.c:1685
#12 process_smb (xconn=xconn@entry=0x559a1fddd850, inbuf=<optimized out>, nread=76, unread_bytes=0, seqnum=0, encrypted=<optimized out>, deferred_pcd=0x0) at ../source3/smbd/process.c:1932
#13 0x00007fb969f2f21c in smbd_server_connection_read_handler (xconn=0x559a1fddd850, fd=40) at ../source3/smbd/process.c:2531
#14 0x00007fb96827d917 in run_events_poll (ev=0x559a1fddd120, pollrtn=<optimized out>, pfds=0x559a1fdf7870, num_pfds=4) at ../source3/lib/events.c:257
#15 0x00007fb96827db77 in s3_event_loop_once (ev=0x559a1fddd120, location=<optimized out>) at ../source3/lib/events.c:326
#16 0x00007fb966ec7d3d in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#17 0x00007fb966ec7edb in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#18 0x00007fb969f30578 in smbd_process (ev_ctx=0x559a1fddd120, msg_ctx=<optimized out>, sock_fd=40, interactive=<optimized out>) at ../source3/smbd/process.c:4032
#19 0x0000559a1ea83e12 in smbd_accept_connection (ev=0x559a1fddd120, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../source3/smbd/server.c:646
#20 0x00007fb96827d917 in run_events_poll (ev=0x559a1fddd120, pollrtn=<optimized out>, pfds=0x559a1fdf7870, num_pfds=6) at ../source3/lib/events.c:257
#21 0x00007fb96827db77 in s3_event_loop_once (ev=0x559a1fddd120, location=<optimized out>) at ../source3/lib/events.c:326
#22 0x00007fb966ec7d3d in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#23 0x00007fb966ec7edb in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#24 0x0000559a1ea82099 in smbd_parent_loop (parent=0x559a1fddf700, ev_ctx=0x559a1fddd120) at ../source3/smbd/server.c:1011
#25 main (argc=<optimized out>, argv=<optimized out>) at ../source3/smbd/server.c:1663
A debugging session is active.

Description: Ubuntu 16.04.6 LTS
Release: 16.04

syslog :
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.439809, 0] ../source3/smbd/negprot.c:686(reply_negprot)
Mar 5 11:33:45 ServeurDev smbd[4501]: No protocol supported !
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.483363, 0] ../lib/util/fault.c:78(fault_report)
Mar 5 11:33:45 ServeurDev smbd[4501]: ===============================================================
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.483416, 0] ../lib/util/fault.c:79(fault_report)
Mar 5 11:33:45 ServeurDev smbd[4501]: INTERNAL ERROR: Signal 11 in pid 4501 (4.3.11-Ubuntu)
Mar 5 11:33:45 ServeurDev smbd[4501]: Please read the Trouble-Shooting section of the Samba HOWTO
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.483441, 0] ../lib/util/fault.c:81(fault_report)
Mar 5 11:33:45 ServeurDev smbd[4501]: ===============================================================
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.483458, 0] ../source3/lib/util.c:789(smb_panic_s3)
Mar 5 11:33:45 ServeurDev smbd[4501]: PANIC (pid 4501): internal error
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.484348, 0] ../source3/lib/util.c:900(log_stack_trace)
Mar 5 11:33:45 ServeurDev smbd[4501]: BACKTRACE: 23 stack frames:
Mar 5 11:33:45 ServeurDev smbd[4501]: #0 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_stack_trace+0x1a) [0x7fb9695ea7aa]
Mar 5 11:33:45 ServeurDev smbd[4501]: #1 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(smb_panic_s3+0x20) [0x7fb9695ea880]
Mar 5 11:33:45 ServeurDev smbd[4501]: #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7fb96a35df1f]
Mar 5 11:33:45 ServeurDev smbd[4501]: #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1b136) [0x7fb96a35e136]
Mar 5 11:33:45 ServeurDev smbd[4501]: #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x11390) [0x7fb96a5bc390]
Mar 5 11:33:45 ServeurDev smbd[4501]: #5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbXsrv_session_create+0x3f) [0x7fb969f56c6f]
Mar 5 11:33:45 ServeurDev smbd[4501]: #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_sesssetup_and_X+0x923) [0x7fb969eef643]
Mar 5 11:33:45 ServeurDev smbd[4501]: #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x112e67) [0x7fb969f2be67]
Mar 5 11:33:45 ServeurDev smbd[4501]: #8 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x114bb3) [0x7fb969f2dbb3]
Mar 5 11:33:45 ServeurDev smbd[4501]: #9 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x11621c) [0x7fb969f2f21c]
Mar 5 11:33:45 ServeurDev smbd[4501]: #10 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x167) [0x7fb96827d917]
Mar 5 11:33:45 ServeurDev smbd[4501]: #11 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x2cb77) [0x7fb96827db77]
Mar 5 11:33:45 ServeurDev smbd[4501]: #12 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fb966ec7d3d]
Mar 5 11:33:45 ServeurDev smbd[4501]: #13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fb966ec7edb]
Mar 5 11:33:45 ServeurDev smbd[4501]: #14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7fb969f30578]
Mar 5 11:33:45 ServeurDev smbd[4501]: #15 /usr/sbin/smbd(+0x8e12) [0x559a1ea83e12]
Mar 5 11:33:45 ServeurDev smbd[4501]: #16 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x167) [0x7fb96827d917]
Mar 5 11:33:45 ServeurDev smbd[4501]: #17 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x2cb77) [0x7fb96827db77]
Mar 5 11:33:45 ServeurDev smbd[4501]: #18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fb966ec7d3d]
Mar 5 11:33:45 ServeurDev smbd[4501]: #19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fb966ec7edb]
Mar 5 11:33:45 ServeurDev smbd[4501]: #20 /usr/sbin/smbd(main+0x1899) [0x559a1ea82099]
Mar 5 11:33:45 ServeurDev smbd[4501]: #21 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7fb966b1a830]
Mar 5 11:33:45 ServeurDev smbd[4501]: #22 /usr/sbin/smbd(_start+0x29) [0x559a1ea82199]
Mar 5 11:33:45 ServeurDev smbd[4501]: [2019/03/05 11:33:45.484530, 0] ../source3/lib/util.c:801(smb_panic_s3)
Mar 5 11:33:45 ServeurDev smbd[4501]: smb_panic(): calling panic action [/usr/share/samba/panic-action 4501]
Mar 5 11:33:46 ServeurDev smbd[4501]: [2019/03/05 11:33:46.928620, 0] ../source3/lib/util.c:809(smb_panic_s3)
Mar 5 11:33:46 ServeurDev smbd[4501]: smb_panic(): action returned status 0
Mar 5 11:33:46 ServeurDev smbd[4501]: [2019/03/05 11:33:46.928743, 0] ../source3/lib/dumpcore.c:303(dump_core)
Mar 5 11:33:46 ServeurDev smbd[4501]: dumping core in /var/log/samba/cores/smbd
Mar 5 11:33:46 ServeurDev smbd[4501]:

configuration :
 obey pam restrictions = yes
 unix password sync = yes

package :

Paquet : samba
État: installé
Automatiquement installé: non
Version : 2:4.3.11+dfsg-0ubuntu0.16.04.18
Priorité : optionnel
Section : net
Responsable : Ubuntu Developers <email address hidden>
Architecture : amd64
Taille décompressée : 11,5 M
Dépend: adduser, libpam-modules, libpam-runtime (>= 1.0.1-11), lsb-base (>= 4.1+Debian11ubuntu7), procps, python (>= 2.7), python-dnspython, python-samba, samba-common (= 2:4.3.11+dfsg-0ubuntu0.16.04.18), samba-common-bin (=
        2:4.3.11+dfsg-0ubuntu0.16.04.18), tdb-tools, update-inetd, python (< 2.8), python2.7:any, libbsd0 (>= 0.0), libc6 (>= 2.14), libldb1 (>= 0.9.21), libpopt0 (>= 1.14), libpython2.7 (>= 2.7), libtalloc2 (>= 2.0.4~git20101213),
        libtdb1 (>= 1.2.7+git20101214), libtevent0 (>= 0.9.16), libwbclient0 (= 2:4.3.11+dfsg-0ubuntu0.16.04.18), samba-libs (= 2:4.3.11+dfsg-0ubuntu0.16.04.18)
Pré-dépend: dpkg (>= 1.15.6~)
Recommande: attr, logrotate, samba-dsdb-modules, samba-vfs-modules
Suggère: bind9 (>= 1:9.5.1), bind9utils, ctdb, ldb-tools, ntp, smbldap-tools, winbind, ufw
Est en conflit: libldb1 (< 1:1.1.15), libldb1:i386 (< 1:1.1.15), samba (< 2:3.3.0~rc2-5), samba:i386 (< 2:3.3.0~rc2-5), samba-ad-dc, samba-doc (< 2:4.0.5~), samba-tools, samba4 (< 4.0.0~alpha6-2), samba:i386
Casse: qtsmbstatus-server (< 2.2.1-3~), qtsmbstatus-server:i386 (< 2.2.1-3~)
Remplace: libsamdb0 (< 4.0.0~alpha17~), python-samba (< 2:4.1.4+dfsg-3), python-samba:i386 (< 2:4.1.4+dfsg-3), samba-ad-dc, samba-common (<= 2.0.5a-2), samba-common:i386 (<= 2.0.5a-2), samba-doc (< 2:4.0.5~), samba-libs (<
          2:4.1.4+dfsg-2), samba-libs:i386 (< 2:4.1.4+dfsg-2), samba4
Améliore: bind9, ntp

Changed in samba (Ubuntu):
status: New → Triaged
tags: added: server-next
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:
* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?

This will help us to find and resolve the problem.

Changed in samba (Ubuntu):
importance: Undecided → High
status: Triaged → Incomplete
Frederic BUISSON (fbu31) wrote :

Hi,
This problem happens some days and I don't know how to reproduce it.
Since January, I had the segfault 8 times.
We are 4 users for this server only and we use it daily.
I have noticed the crash came from during office hours only and I know we have mapped the samba drive as network drive. Maybe samba crash during connection, disconnection or refresh of the network drive?

Changed in samba (Ubuntu):
status: Incomplete → New
tags: removed: server-next
Paride Legovini (legovini) wrote :

Thank you for the additional information you provided.

While we acknowledge you are experiencing a problem, there isn't really enough information here for a developer to begin working on it, so I am marking this bug Incomplete for now.

If you can provide exact steps so that a developer can reproduce the original problem, then please add them to this bug and change the status back to New.

Changed in samba (Ubuntu):
status: New → Incomplete
importance: High → Medium
Andreas Hasenack (ahasenack) wrote :

Can you please attach the crash file that you probably have on the server? I would look in /var/crash/*, and /var/log/samba/cores/*/*

Andreas Hasenack (ahasenack) wrote :

Mar 5 11:33:46 ServeurDev smbd[4501]: dumping core in /var/log/samba/cores/smbd

^^^ that should have the core file(s)

Frederic BUISSON (fbu31) wrote :

Andreas,
You can find the files attached.

I don't know if it's important, but for the connection I used this configuration in smd.conf:
client min protocol = SMB2
client max protocol = SMB3_11
server min protocol = SMB2
server max protocol = SMB3_11

Frederic BUISSON (fbu31) wrote :

Files inside crash directory

Andreas Hasenack (ahasenack) wrote :

Thanks. Unfortunately I couldn't get more info from the crash file.

I also did a quick test with a windows 10 machine, but it connected just fine to the samba shares I prepared on xenial, with and without authentication, and your smb.conf changes. It used protocol 3.11. I don't have a win7 vm to test atm.

If you can reproduce the crash somewhat reliably, I would appreciate a test with the packages available in this ppa:

https://launchpad.net/~ahasenack/+archive/ubuntu/samba-no-protocol-segfault-1818638

It's still building as I write this. You can check the build status in this page:

https://launchpad.net/~ahasenack/+archive/ubuntu/samba-no-protocol-segfault-1818638/+packages

This package has the patch from the samba upstream bug https://bugzilla.samba.org/show_bug.cgi?id=12610

Frederic BUISSON (fbu31) wrote :

Thanks for bug tracking.
I raised the samba log level to 3, maybe it will help you for the next crash.

Andreas Hasenack (ahasenack) wrote :

Have you tried with the packages in the PPA I mentioned in comment #9?

Frederic BUISSON (fbu31) wrote :

No. I didn't have a crash since the last time.

Frederic BUISSON (fbu31) wrote :
Download full text (4.4 KiB)

Hi,
A few minutes ago (10:15), I had a crash.
This is the trace :

The Samba 'panic action' script, /usr/share/samba/panic-action, was called for PID 20037 (/usr/sbin/smbd).

This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows the state of the program at the time the error occurred. The Samba log files may contain additional information about the problem.

If the problem persists, you are encouraged to first install the samba-dbg package, which contains the debugging symbols for the Samba binaries. Then submit the provided information as a bug report to Ubuntu by visiting this link:
https://launchpad.net/ubuntu/+source/samba/+filebug

[Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f5f9a37a07a in __GI___waitpid (pid=20038, stat_loc=stat_loc@entry=0x7fffd405d190, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#0 0x00007f5f9a37a07a in __GI___waitpid (pid=20038, stat_loc=stat_loc@entry=0x7fffd405d190, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#1 0x00007f5f9a2f2fbb in do_system (line=line@entry=0x55ae6bc2b610 "/usr/share/samba/panic-action 20037") at ../sysdeps/posix/system.c:148
#2 0x00007f5f9a2f339a in __libc_system (line=line@entry=0x55ae6bc2b610 "/usr/share/samba/panic-action 20037") at ../sysdeps/posix/system.c:184
#3 0x00007f5f9cd9e8d1 in smb_panic_s3 (why=<optimized out>) at ../source3/lib/util.c:802
#4 0x00007f5f9db11f1f in smb_panic (why=why@entry=0x7f5f9db55ab8 "internal error") at ../lib/util/fault.c:166
#5 0x00007f5f9db12136 in fault_report (sig=<optimized out>) at ../lib/util/fault.c:83
#6 sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
#7 <signal handler called>
#8 smbXsrv_session_create (conn=conn@entry=0x55ae6bc18c80, now=now@entry=131983244855041970, _session=_session@entry=0x7fffd405db40) at ../source3/smbd/smbXsrv_session.c:1158
#9 0x00007f5f9d6a3643 in reply_sesssetup_and_X (req=req@entry=0x55ae6bc29a00) at ../source3/smbd/sesssetup.c:953
#10 0x00007f5f9d6dfe67 in switch_message (type=<optimized out>, req=req@entry=0x55ae6bc29a00) at ../source3/smbd/process.c:1649
#11 0x00007f5f9d6e1bb3 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=76, inbuf=0x0, xconn=0x55ae6bc18c80) at ../source3/smbd/process.c:1685
#12 process_smb (xconn=xconn@entry=0x55ae6bc18c80, inbuf=<optimized out>, nread=76, unread_bytes=0, seqnum=0, encrypted=<optimized out>, deferred_pcd=0x0) at ../source3/smbd/process.c:1932
#13 0x00007f5f9d6e321c in smbd_server_connection_read_handler (xconn=0x55ae6bc18c80, fd=40) at ../source3/smbd/process.c:2531
#14 0x00007f5f9ba31917 in run_events_poll (ev=0x55ae6bc0c120, pollrtn=<optimized out>, pfds=0x55ae6bc20b00, num_pfds=4) at ../source3/lib/events.c:257
#15 0x00007f5f9ba31b77 in s3_event_loop_once (ev=0x55ae6bc0c120, location=<optimized out>) at ../source3/lib/events.c:326
#16 0x00007f5f9a67bd3d in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#17 0x00007f5f9a67bedb in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/lib...

Read more...

Frederic BUISSON (fbu31) wrote :

I have done the upgrade asked on #9 for the next time.

Andreas Hasenack (ahasenack) wrote :

Thanks for the info and for installing the test packages

Changed in samba (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Incomplete → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.