Ubuntu

smbd crashed with SIGABRT in rep_strlcpy()/null pointer in connections_fetch_entry

Reported by jamie ellis on 2012-01-09
354
This bug affects 49 people
Affects Status Importance Assigned to Milestone
samba
Confirmed
Medium
samba (Ubuntu)
High
Unassigned

Bug Description

connecting from winxp when this occurred

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: samba 2:3.6.1-3ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-8.14-generic 3.2.0
Uname: Linux 3.2.0-8-generic x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Mon Jan 9 09:22:58 2012
ExecutablePath: /usr/sbin/smbd
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcCmdline: smbd -F
ProcEnviron: PATH=(custom, no user)
Signal: 6
SourcePackage: samba
StacktraceTop:
 ?? () from /lib/x86_64-linux-gnu/libc.so.6
 rep_strlcpy ()
 connections_fetch_entry ()
 yield_connection ()
 close_cnum ()
Title: smbd crashed with SIGABRT in rep_strlcpy()
UpgradeStatus: Upgraded to precise on 2012-01-09 (0 days ago)
UserGroups:

jamie ellis (novaserve) wrote :

StacktraceTop:
 rep_strlcpy (d=0x7fffe02c9974 "", s=0x0, bufsize=256) at ../lib/replace/replace.c:70
 connections_fetch_entry (mem_ctx=0x7f3301f943a0, conn=0x7f3301f88e90, name=0x0) at lib/conn_tdb.c:63
 yield_connection (conn=0x7f3301f88e90, name=0x0) at smbd/connection.c:37
 close_cnum (conn=0x7f3301f88e90, vuid=102) at smbd/service.c:1296
 reply_tdis (req=0x7f3301f94480) at smbd/reply.c:5110

Changed in samba (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
tags: added: bugpattern-needed
James Page (james-page) wrote :
visibility: private → public
James Page (james-page) wrote :

Thanks for taking the time to report this bug in Ubuntu.

It would be great if one or more of the reporters of this bug could try to grab a backtrace from smbd when it hits this issue.

Details on how todo this can be found here:

  https://wiki.ubuntu.com/DebuggingProgramCrash
  https://wiki.ubuntu.com/Backtrace

Marking this bug as 'Incomplete' pending further information - please set back to 'New' once a backtrace has been captured and attached to this bug report.

I'm also marking this as importance 'High' due to the number of duplicates.

Thanks

Changed in samba (Ubuntu):
importance: Medium → High
status: Confirmed → Incomplete

Okay, I finally took the time to get a backtrace. It seems that it only takes a few minutes before smbd crashes, I wonder how many tmes it crahes before apport catches.

Btw, I'm running the Quantal Alpha, and smbd crashes the same as it did in Precise.

Changed in samba (Ubuntu):
status: Incomplete → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Ursula Junque (ursinha) on 2012-09-11
tags: added: quantal
Ursula Junque (ursinha) on 2012-09-11
tags: removed: quantal
James Page (james-page) wrote :

Hi Taylor

Thanks for trying to grab a backtrace for this issue; however the trace you provided is not the same as in the original bug report - its actually a trace for normal operation of samba (which uses SIGUSR1 for signaling between processes).

Again the original trace looks similar to http://lists.samba.org/archive/samba-technical/2012-May/083909.html.

I think we can see that a null pointer being passed is causing the issue - but we still need to figure out why this happens.

Please could reporters of this issue set the log level to 5:

    log level 5

in /etc/samba/smb.conf, reload smbd and try to reproduce again - hopefully samba will provide some useful debug messages which might help ID whats going on.

Changed in samba (Ubuntu):
status: Confirmed → Incomplete
James Page (james-page) on 2012-09-11
summary: - smbd crashed with SIGABRT in rep_strlcpy()
+ smbd crashed with SIGABRT in rep_strlcpy()/null pointer in
+ connections_fetch_entry
James Page (james-page) wrote :

The output of:

   sudo testparm -s

would also be helpful.

For anyone who wants a fast fix... samba 3.6.6 from quantal works fine under precise, no more crashes so far!

Eric Biggers (ebiggers3) wrote :

I am experiencing this problem with Samba 3.6.3 on Ubuntu 12.04. I've attached a tarball containing some files that may be useful in diagnosing the problem. They are:

- log.smbd for a SAMBA server session (debug level 5)
- log.127.0.0.1 for a session with the localhost where I mounted a usershare, listed files, then unmounted it.
- smb.conf
- usershares directory (from /var/lib/samba/usershares)

The internal error is near the end of log.127.0.0.1, when the share was unmounted. I think the error might always happen when the connection is closed.

Also, I was unable to reproduce the problem after deleting the usershares and replacing them with sections in smb.conf. (The four usershares had previously been created using Nautilus).

Eric Biggers (ebiggers3) wrote :

gdb backtrace (with debug symbols) attached.

The problem was easy to reproduce; I simply created a usershare (this time from the command line, not Nautilus), mounted it from the localhost from the command line, then unmounted it. The crash happens on the unmount.

Changed in samba (Ubuntu):
status: Incomplete → Confirmed
Changed in samba:
importance: Unknown → Medium
status: Unknown → Confirmed
pjarvi (patrickjarvi) wrote :

Started getting this bug in the last 2 weeks. Only change to my Ubuntu file server was installing gPodder. Does not appear to have any impact on performance or availability of the samba shares. Running 13.04 with all the current updates.

To post a comment you must log in.