samba4 RC3 RPC server process crashing!

Greg Dickie greg at justaguy.ca
Tue Oct 23 14:52:56 MDT 2012 

Could it be a buffer overflow?
Warning: 60 extra bytes in incoming RPC request

Any ideas? please?


On Tue, Oct 23, 2012 at 1:46 PM, Greg Dickie <greg at justaguy.ca> wrote:

> More info. Looks like replication. I got a core file:
> (gdb) bt
> #0  0x00007f8e52bdf885 in raise () from /lib64/libc.so.6
> #1  0x00007f8e52be1065 in abort () from /lib64/libc.so.6
> #2  0x00007f8e5575ac32 in smb_panic_default (why=0x7f8e5576da75 "internal
> error") at ../lib/util/fault.c:149
> #3  0x00007f8e5575ac70 in smb_panic (why=0x7f8e5576da75 "internal error")
> at ../lib/util/fault.c:162
> #4  0x00007f8e5575a97b in fault_report (sig=11) at ../lib/util/fault.c:77
> #5  0x00007f8e5575a990 in sig_fault (sig=11) at ../lib/util/fault.c:88
> #6  <signal handler called>
> #7  0x00007f8e50fa3235 in ndr_push_drsuapi_DsNameInfo1 (ndr=0x28aa5b0,
> ndr_flags=256, r=0xed) at default/librpc/gen_ndr/ndr_drsuapi.c:6132
> #8  0x00007f8e50fa3f5b in ndr_push_drsuapi_DsNameCtr1 (ndr=0x28aa5b0,
> ndr_flags=768, r=0x2f64d60) at default/librpc/gen_ndr/ndr_drsuapi.c:6250
> #9  0x00007f8e50fa484a in ndr_push_drsuapi_DsNameCtr (ndr=0x28aa5b0,
> ndr_flags=768, r=0x2796030) at default/librpc/gen_ndr/ndr_drsuapi.c:6347
> #10 0x00007f8e50fdd1d1 in ndr_push_drsuapi_DsCrackNames (ndr=0x28aa5b0,
> flags=32, r=0x2965890) at default/librpc/gen_ndr/ndr_drsuapi.c:15633
> #11 0x00007f8e42393f30 in drsuapi__op_ndr_push (dce_call=0x2553df0,
> mem_ctx=0x2553df0, push=0x28aa5b0, r=0x2965890) at
> default/librpc/gen_ndr/ndr_drsuapi_s.c:705
> #12 0x000000000040c9c0 in dcesrv_reply (call=0x2553df0) at
> ../source4/rpc_server/common/reply.c:175
> #13 0x00007f8e423adef6 in dcesrv_request (call=0x2553df0) at
> ../source4/rpc_server/dcerpc_server.c:981
> #14 0x00007f8e423ae37f in dcesrv_process_ncacn_packet (dce_conn=0x268d1a0,
> pkt=0x2b65530, blob=...) at ../source4/rpc_server/dcerpc_server.c:1110
> #15 0x00007f8e423af344 in dcesrv_read_fragment_done (subreq=0x0) at
> ../source4/rpc_server/dcerpc_server.c:1488
> #16 0x00007f8e555368c7 in _tevent_req_notify_callback (req=0x23d43a0,
> location=0x7f8e53161200 "../librpc/rpc/dcerpc_util.c:295") at
> ../lib/tevent/tevent_req.c:101
> #17 0x00007f8e555368f9 in tevent_req_finish (req=0x23d43a0,
> state=TEVENT_REQ_DONE, location=0x7f8e53161200
> "../librpc/rpc/dcerpc_util.c:295")
>     at ../lib/tevent/tevent_req.c:110
> #18 0x00007f8e55536920 in _tevent_req_done (req=0x23d43a0,
> location=0x7f8e53161200 "../librpc/rpc/dcerpc_util.c:295") at
> ../lib/tevent/tevent_req.c:116
> #19 0x00007f8e5315d117 in dcerpc_read_ncacn_packet_done (subreq=0x0) at
> ../librpc/rpc/dcerpc_util.c:295
> #20 0x00007f8e555368c7 in _tevent_req_notify_callback (req=0x20bac90,
> location=0x7f8e50313c60 "../lib/tsocket/tsocket_helpers.c:231") at
> ../lib/tevent/tevent_req.c:101
> #21 0x00007f8e555368f9 in tevent_req_finish (req=0x20bac90,
> state=TEVENT_REQ_DONE, location=0x7f8e50313c60
> "../lib/tsocket/tsocket_helpers.c:231")
>     at ../lib/tevent/tevent_req.c:110
> #22 0x00007f8e55536920 in _tevent_req_done (req=0x20bac90,
> location=0x7f8e50313c60 "../lib/tsocket/tsocket_helpers.c:231") at
> ../lib/tevent/tevent_req.c:116
> #23 0x00007f8e5030bc09 in tstream_readv_pdu_ask_for_next_vector
> (req=0x20bac90) at ../lib/tsocket/tsocket_helpers.c:231
> #24 0x00007f8e5030bdfe in tstream_readv_pdu_readv_done (subreq=0x2d34c70)
> at ../lib/tsocket/tsocket_helpers.c:290
> #25 0x00007f8e555368c7 in _tevent_req_notify_callback (req=0x2d34c70,
> location=0x7f8e50313753 "../lib/tsocket/tsocket.c:604") at
> ../lib/tevent/tevent_req.c:101
> #26 0x00007f8e555368f9 in tevent_req_finish (req=0x2d34c70,
> state=TEVENT_REQ_DONE, location=0x7f8e50313753
> "../lib/tsocket/tsocket.c:604")
>     at ../lib/tevent/tevent_req.c:110
> #27 0x00007f8e55536920 in _tevent_req_done (req=0x2d34c70,
> location=0x7f8e50313753 "../lib/tsocket/tsocket.c:604") at
> ../lib/tevent/tevent_req.c:116
> #28 0x00007f8e5030b13d in tstream_readv_done (subreq=0x0) at
> ../lib/tsocket/tsocket.c:604
> #29 0x00007f8e555368c7 in _tevent_req_notify_callback (req=0x32b4950,
> location=0x7f8e50314da8 "../lib/tsocket/tsocket_bsd.c:1700") at
> ../lib/tevent/tevent_req.c:101
> #30 0x00007f8e555368f9 in tevent_req_finish (req=0x32b4950,
> state=TEVENT_REQ_DONE, location=0x7f8e50314da8
> "../lib/tsocket/tsocket_bsd.c:1700")
>     at ../lib/tevent/tevent_req.c:110
> #31 0x00007f8e55536a17 in tevent_req_trigger (ev=0x1e6dfa0, im=0x23f79c0,
> private_data=0x32b4950) at ../lib/tevent/tevent_req.c:166
> #32 0x00007f8e55535de4 in tevent_common_loop_immediate (ev=0x1e6dfa0) at
> ../lib/tevent/tevent_immediate.c:135
> #33 0x00007f8e5553a5f1 in std_event_loop_once (ev=0x1e6dfa0,
> location=0x7f8e49d37880 "../source4/smbd/process_standard.c:186") at
> ../lib/tevent/tevent_standard.c:555
> ---Type <return> to continue, or q <return> to quit---
> #34 0x00007f8e55534ee4 in _tevent_loop_once (ev=0x1e6dfa0,
> location=0x7f8e49d37880 "../source4/smbd/process_standard.c:186") at
> ../lib/tevent/tevent.c:507
> #35 0x00007f8e55535121 in tevent_common_loop_wait (ev=0x1e6dfa0,
> location=0x7f8e49d37880 "../source4/smbd/process_standard.c:186") at
> ../lib/tevent/tevent.c:608
> #36 0x00007f8e555351ec in _tevent_loop_wait (ev=0x1e6dfa0,
> location=0x7f8e49d37880 "../source4/smbd/process_standard.c:186") at
> ../lib/tevent/tevent.c:627
> #37 0x00007f8e49d374cd in standard_new_task (ev=0x1e6dfa0,
> lp_ctx=0x1e59810, service_name=0x7f8e4263ac75 "rpc",
> new_task=0x7f8e55daa4b0 <task_server_callback>,
>     private_data=0x201f300) at ../source4/smbd/process_standard.c:186
> #38 0x00007f8e55daa65f in task_server_startup (event_ctx=0x1e6dfa0,
> lp_ctx=0x1e59810, service_name=0x7f8e4263ac75 "rpc",
> model_ops=0x7f8e49f37b40,
>     task_init=0x7f8e4263aa7c <dcesrv_task_init>) at
> ../source4/smbd/service_task.c:110
> #39 0x00007f8e55da8c5e in server_service_init (name=0x1e5a900 "rpc",
> event_context=0x1e6dfa0, lp_ctx=0x1e59810, model_ops=0x7f8e49f37b40)
>     at ../source4/smbd/service.c:63
> #40 0x00007f8e55da8d9f in server_service_startup (event_ctx=0x1e6dfa0,
> lp_ctx=0x1e59810, model=0x40f415 "standard", server_services=0x1e60cd0)
>     at ../source4/smbd/service.c:95
> #41 0x000000000040b64a in binary_smbd_main (binary_name=0x40f25b "samba",
> argc=1, argv=0x7fff023a6548) at ../source4/smbd/server.c:477
> #42 0x000000000040b718 in main (argc=1, argv=0x7fff023a6548) at
> ../source4/smbd/server.c:497
>
>
>
> On Tue, Oct 23, 2012 at 11:38 AM, Greg Dickie <greg at justaguy.ca> wrote:
>
>> Hi,
>>
>>   I have a new problem. The process serving RPC is suddenly dying with a
>> Signal 11. This AD has been running for a couple of months with no issues
>> and suddenly boom. I don't see anything interesting in the logs.
>>
>> On another note the win2008R2 DC we joined as another ADS is not running
>> global catalog or other sort of essential services. How can that happen?
>> Effectively when samba crashes there is no more AD.
>>
>> Any idea how to debug this, we are kind of down here?
>>
>> Thanks,
>> Greg
>>
>> --
>>
>>
>> Greg Dickie
>> just a guy
>>
>
>
>
> --
>
>
> Greg Dickie
> just a guy
>



-- 


Greg Dickie
just a guy

More information about the samba-technical mailing list