Panic in Samba when creating session

Bug #1829843 reported by Anthony Matthews
This bug report is a duplicate of:  Bug #1827924: Panic or segfault in Samba . Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Incomplete
High
Unassigned

Bug Description

This happens on an up-to-date Ubunto 16.04 machine about once an hour. It also happens on a system running Debian Jessie.

Another similar machines running the same version of Ubuntu has not shown any problems.

Debug trace of the an incident.
===============================
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f1f7b4ce07a in __GI___waitpid (pid=6274, stat_loc=stat_loc@entry=0x7fff9c81ced0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#0 0x00007f1f7b4ce07a in __GI___waitpid (pid=6274, stat_loc=stat_loc@entry=0x7fff9c81ced0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#1 0x00007f1f7b446fbb in do_system (line=line@entry=0x55986403a460 "/usr/share/samba/panic-action 6272") at ../sysdeps/posix/system.c:148
#2 0x00007f1f7b44739a in __libc_system (line=line@entry=0x55986403a460 "/usr/share/samba/panic-action 6272") at ../sysdeps/posix/system.c:184
#3 0x00007f1f7def28d1 in smb_panic_s3 (why=<optimised out>) at ../source3/lib/util.c:802
#4 0x00007f1f7ec65f1f in smb_panic (why=why@entry=0x7f1f7eca9ab8 "internal error") at ../lib/util/fault.c:166
#5 0x00007f1f7ec66136 in fault_report (sig=<optimised out>) at ../lib/util/fault.c:83
#6 sig_fault (sig=<optimised out>) at ../lib/util/fault.c:94
#7 <signal handler called>
#8 smbXsrv_session_create (conn=conn@entry=0x5598640237b0, now=now@entry=132029055841769190, _session=_session@entry=0x7fff9c81d740) at ../source3/smbd/smbXsrv_session.c:1158
#9 0x00007f1f7e7f7643 in reply_sesssetup_and_X (req=req@entry=0x559864038df0) at ../source3/smbd/sesssetup.c:953
#10 0x00007f1f7e833e67 in switch_message (type=<optimised out>, req=req@entry=0x559864038df0) at ../source3/smbd/process.c:1649
#11 0x00007f1f7e835bb3 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=76, inbuf=0x0, xconn=0x5598640237b0) at ../source3/smbd/process.c:1685
#12 process_smb (xconn=xconn@entry=0x5598640237b0, inbuf=<optimised out>, nread=76, unread_bytes=0, seqnum=0, encrypted=<optimised out>, deferred_pcd=0x0) at ../source3/smbd/process.c:1932
#13 0x00007f1f7e83721c in smbd_server_connection_read_handler (xconn=0x5598640237b0, fd=39) at ../source3/smbd/process.c:2531
#14 0x00007f1f7cb85917 in run_events_poll (ev=0x559864021020, pollrtn=<optimised out>, pfds=0x5598640363b0, num_pfds=4) at ../source3/lib/events.c:257
#15 0x00007f1f7cb85b77 in s3_event_loop_once (ev=0x559864021020, location=<optimised out>) at ../source3/lib/events.c:326
#16 0x00007f1f7b7cfd3d in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#17 0x00007f1f7b7cfedb in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#18 0x00007f1f7e838578 in smbd_process (ev_ctx=0x559864021020, msg_ctx=<optimised out>, sock_fd=39, interactive=<optimised out>) at ../source3/smbd/process.c:4032
#19 0x0000559863aeee12 in smbd_accept_connection (ev=0x559864021020, fde=<optimised out>, flags=<optimised out>, private_data=<optimised out>) at ../source3/smbd/server.c:646
#20 0x00007f1f7cb85917 in run_events_poll (ev=0x559864021020, pollrtn=<optimised out>, pfds=0x5598640363b0, num_pfds=6) at ../source3/lib/events.c:257
#21 0x00007f1f7cb85b77 in s3_event_loop_once (ev=0x559864021020, location=<optimised out>) at ../source3/lib/events.c:326
#22 0x00007f1f7b7cfd3d in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#23 0x00007f1f7b7cfedb in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/libtevent.so.0
#24 0x0000559863aed099 in smbd_parent_loop (parent=0x559864021330, ev_ctx=0x559864021020) at ../source3/smbd/server.c:1011
#25 main (argc=<optimised out>, argv=<optimised out>) at ../source3/smbd/server.c:1663
A debugging session is active.

 Inferior 1 [process 6272] will be detached.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:
* Is that a new issue/did it start after some updates?
* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?

This will help us to find and resolve the problem.

Changed in samba (Ubuntu):
importance: Undecided → High
status: New → Incomplete
Revision history for this message
Anthony Matthews (tonym-at-trio) wrote : Re: [Bug 1829843] Re: Panic in Samba when creating session
Download full text (3.7 KiB)

Hello Sebastien,

The problem did start after applying some upgrades, see log below.

It appears to be caused by receiving SMB requests from the Internet.
This was happening due to a misconfigured router. Correcting the router
configuration has stopped the problem happening. This also explains why
I was only seeing he problem on two machines.

------start upgrade log------

Log started: 2019-05-02  16:19:12
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 363216 files and directories currently installed.)
Preparing to unpack .../ldap-utils_2.4.42+dfsg-2ubuntu3.5_amd64.deb ...
Unpacking ldap-utils (2.4.42+dfsg-2ubuntu3.5) over
(2.4.42+dfsg-2ubuntu3.4) ...
Preparing to unpack .../slapd_2.4.42+dfsg-2ubuntu3.5_amd64.deb ...
Unpacking slapd (2.4.42+dfsg-2ubuntu3.5) over (2.4.42+dfsg-2ubuntu3.4) ...
Preparing to unpack .../libldap-2.4-2_2.4.42+dfsg-2ubuntu3.5_amd64.deb ...
Unpacking libldap-2.4-2:amd64 (2.4.42+dfsg-2ubuntu3.5) over
(2.4.42+dfsg-2ubuntu3.4) ...
Preparing to unpack .../iproute2_4.3.0-1ubuntu3.16.04.5_amd64.deb ...
Unpacking iproute2 (4.3.0-1ubuntu3.16.04.5) over
(4.3.0-1ubuntu3.16.04.4) ...
Preparing to unpack .../ureadahead_0.100.0-19.1_amd64.deb ...
Unpacking ureadahead (0.100.0-19.1) over (0.100.0-19) ...
Preparing to unpack .../unity_7.4.5+16.04.20190312-0ubuntu1_amd64.deb ...
Unpacking unity (7.4.5+16.04.20190312-0ubuntu1) over
(7.4.5+16.04.20180221-0ubuntu1) ...
Preparing to unpack
.../libunity-core-6.0-9_7.4.5+16.04.20190312-0ubuntu1_amd64.deb ...
Unpacking libunity-core-6.0-9:amd64 (7.4.5+16.04.20190312-0ubuntu1) over
(7.4.5+16.04.20180221-0ubuntu1) ...
Preparing to unpack
.../unity-schemas_7.4.5+16.04.20190312-0ubuntu1_all.deb ...
Unpacking unity-schemas (7.4.5+16.04.20190312-0ubuntu1) over
(7.4.5+16.04.20180221-0ubuntu1) ...
Preparing to unpack
.../unity-services_7.4.5+16.04.20190312-0ubuntu1_amd64.deb ...
Unpacking unity-services (7.4.5+16.04.20190312-0ubuntu1) over
(7.4.5+16.04.20180221-0ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu11) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
Processing triggers for systemd (229-4ubuntu21.21) ...
Processing triggers for libglib2.0-0:amd64 (2.48.2-0ubuntu4.1) ...
Setting up libldap-2.4-2:amd64 (2.4.42+dfsg-2ubuntu3.5) ...
Setting up ldap-utils (2.4.42+dfsg-2ubuntu3.5) ...
Setting up slapd (2.4.42+dfsg-2ubuntu3.5) ...

------end upgrade log------

Best Regards,

Email signature

Tony Matthews

IT Manager

Trio Motion Technology Ltd Logo

Trio Motion Technology Ltd
Shannon Way
Tewkesbury
Gloucestershire
GL20 8ND
United Kingdom

Tel: +44 (0) 1684 292333
Fax: +44 (0) 1684 297929
eMail: tmatthews@triomotion...

Read more...

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This may be https://bugzilla.samba.org/show_bug.cgi?id=13315, found also in https://bugzilla.samba.org/show_bug.cgi?id=13315, but we don't even have the crash file and I can't reproduce it at the moment by just connecting using SMB1: it won't crash.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.