[Samba] smbd and pdbedit segfault
Marc Casillo
mcasillo at finite-tech.com
Mon Aug 27 05:36:54 GMT 2007
Greetings!
I've got a Debian server running Samba that has a rather odd problem I
was hoping someone out there could help with.
Whenever a particular user is referenced, either in in smbd or pdbedit,
a segfault or security context stack overflow is generated.
Here is what I have tried to fix the problem:
Used tdbbackup on all the *.tdb files I could find and replaced the
current ones with those backups
Used tdbtool from a more recent version of samba to check all the
tdb files
Upgraded the kernel to the most recent Debian etch kernel
Linux egm-server 2.6.18-5-686 #1 SMP Sun Aug 12 21:57:02
UTC 2007 i686 GNU/Linux
Run strace on the pdbedit binary - The good user works fine, the bad
user loops forever and then cores.
fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=312, len=1}, 0xbfa3f984) = 0
fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET,
start=584, len=1}, 0xbfa3f714) = 0
Run gdb on the binary :
dies here with -L:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211454912 (LWP 6863)]
0xb7dfa623 in vfprintf () from
/lib/tls/i686/cmov/libc.so.6
dies here with the 'bad username' (ktcccarthy) as the
argument
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211786688 (LWP 6870)]
0x080addd2 in strchr_m (src=0x85c8978 "\\\\%N\\%U",
c=37 '%') at lib/util_str.c:1298
1298 {
Help!
Marc
------------------------
This works :
egm-server:/var/log/samba# pdbedit lpinkey
lpinkley:1002:Lorrie Pinkey
This does not (the bad user) :
eqm-server:/var/log/samba# pdbedit ktccarthey
Segmentation fault
Here is the output of the pdbedit -L:
egm-server:/var/log/samba# pdbedit -L
games:5:games
nobody:65534:nobody
egm:1004:Mangement container user
proxy:13:proxy
bharris:1010:Brian Harris
www-data:33:www-data
root:0:root
news:9:news
Segmentation fault
And here are the stack dumps listed in /var/log/samba/log.workstationname:
[2007/08/26 06:01:13, 0] smbd/sec_ctx.c:push_sec_ctx(194)
Security context stack overflow!
[2007/08/26 06:01:13, 0] lib/util.c:smb_panic(1599)
PANIC (pid 28277): Security context stack overflow!
[2007/08/26 06:01:13, 0] lib/util.c:log_stack_trace(1706)
BACKTRACE: 63 stack frames:
#0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c293]
#1 /usr/sbin/smbd(smb_panic+0x46) [0x822c386]
#2 /usr/sbin/smbd(push_sec_ctx+0x1cb) [0x80db8db]
#3 /usr/sbin/smbd(become_root+0xb) [0x80d140b]
#4 /usr/sbin/smbd(sid_to_gid+0xd8) [0x81eec98]
#5 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#6 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#7 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#8 /usr/sbin/smbd [0x82082d6]
#9 /usr/sbin/smbd [0x820bfb3]
#10 /usr/sbin/smbd [0x820c3fa]
#11 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#12 /usr/sbin/smbd [0x81ec7ca]
#13 /usr/sbin/smbd [0x81eccb0]
#14 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#15 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#16 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#17 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#18 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#19 /usr/sbin/smbd [0x82082d6]
#20 /usr/sbin/smbd [0x820bfb3]
#21 /usr/sbin/smbd [0x820c3fa]
#22 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#23 /usr/sbin/smbd [0x81ec7ca]
#24 /usr/sbin/smbd [0x81eccb0]
#25 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#26 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#27 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#28 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#29 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#30 /usr/sbin/smbd [0x82082d6]
#31 /usr/sbin/smbd [0x820bfb3]
#32 /usr/sbin/smbd [0x820c3fa]
#33 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#34 /usr/sbin/smbd [0x81ec7ca]
#35 /usr/sbin/smbd [0x81eccb0]
#36 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#37 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#38 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#39 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#40 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#41 /usr/sbin/smbd [0x82082d6]
#42 /usr/sbin/smbd [0x820bfb3]
#43 /usr/sbin/smbd [0x820c3fa]
#44 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#45 /usr/sbin/smbd [0x81ec7ca]
#46 /usr/sbin/smbd(pdb_default_lookup_rids+0x1cb) [0x81ecbdb]
#47 /usr/sbin/smbd(pdb_lookup_rids+0x42) [0x81eb232]
#48 /usr/sbin/smbd(lookup_sids+0x312) [0x81efbc2]
#49 /usr/sbin/smbd [0x8135e6a]
#50 /usr/sbin/smbd(_lsa_lookup_sids+0x11f) [0x81365cf]
#51 /usr/sbin/smbd [0x813269b]
#52 /usr/sbin/smbd(api_rpcTNP+0x15f) [0x818b5ff]
#53 /usr/sbin/smbd(api_pipe_request+0x183) [0x818bbe3]
#54 /usr/sbin/smbd [0x8185f1e]
#55 /usr/sbin/smbd [0x809bced]
#56 /usr/sbin/smbd [0x809c1dc]
#57 /usr/sbin/smbd(reply_trans+0x56f) [0x809ce4f]
#58 /usr/sbin/smbd [0x80ea5b4]
#59 /usr/sbin/smbd(smbd_process+0x6f8) [0x80eb778]
#60 /usr/sbin/smbd(main+0x10df) [0x82c372f]
#61 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7bd6ea8]
#62 /usr/sbin/smbd [0x8082b11]
[2007/08/26 06:01:13, 0] lib/util.c:smb_panic(1607)
smb_panic(): calling panic action [/usr/share/samba/panic-action 28277]
Failed to read a valid object file image from memory.
[2007/08/26 06:01:14, 0] lib/util.c:smb_panic(1615)
smb_panic(): action returned status 0
[2007/08/26 06:01:14, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/smbd
[2007/08/26 06:01:15, 0] smbd/sec_ctx.c:push_sec_ctx(194)
Security context stack overflow!
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1599)
PANIC (pid 2307): Security context stack overflow!
[2007/08/26 06:01:15, 0] lib/util.c:log_stack_trace(1706)
BACKTRACE: 63 stack frames:
#0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c293]
#1 /usr/sbin/smbd(smb_panic+0x46) [0x822c386]
#2 /usr/sbin/smbd(push_sec_ctx+0x1cb) [0x80db8db]
#3 /usr/sbin/smbd(become_root+0xb) [0x80d140b]
#4 /usr/sbin/smbd(sid_to_gid+0xd8) [0x81eec98]
#5 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#6 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#7 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#8 /usr/sbin/smbd [0x82082d6]
#9 /usr/sbin/smbd [0x820bfb3]
#10 /usr/sbin/smbd [0x820c3fa]
#11 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#12 /usr/sbin/smbd [0x81ec7ca]
#13 /usr/sbin/smbd [0x81eccb0]
#14 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#15 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#16 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#17 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#18 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#19 /usr/sbin/smbd [0x82082d6]
#20 /usr/sbin/smbd [0x820bfb3]
#21 /usr/sbin/smbd [0x820c3fa]
#22 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#23 /usr/sbin/smbd [0x81ec7ca]
#24 /usr/sbin/smbd [0x81eccb0]
#25 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#26 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#27 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#28 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#29 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#30 /usr/sbin/smbd [0x82082d6]
#31 /usr/sbin/smbd [0x820bfb3]
#32 /usr/sbin/smbd [0x820c3fa]
#33 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#34 /usr/sbin/smbd [0x81ec7ca]
#35 /usr/sbin/smbd [0x81eccb0]
#36 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
#37 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
#38 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
#39 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
#40 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
#41 /usr/sbin/smbd [0x82082d6]
#42 /usr/sbin/smbd [0x820bfb3]
#43 /usr/sbin/smbd [0x820c3fa]
#44 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
#45 /usr/sbin/smbd [0x81ec7ca]
#46 /usr/sbin/smbd(pdb_default_lookup_rids+0x1cb) [0x81ecbdb]
#47 /usr/sbin/smbd(pdb_lookup_rids+0x42) [0x81eb232]
#48 /usr/sbin/smbd(lookup_sids+0x312) [0x81efbc2]
#49 /usr/sbin/smbd [0x8135e6a]
#50 /usr/sbin/smbd(_lsa_lookup_sids+0x11f) [0x81365cf]
#51 /usr/sbin/smbd [0x813269b]
#52 /usr/sbin/smbd(api_rpcTNP+0x15f) [0x818b5ff]
#53 /usr/sbin/smbd(api_pipe_request+0x183) [0x818bbe3]
#54 /usr/sbin/smbd [0x8185f1e]
#55 /usr/sbin/smbd [0x809bced]
#56 /usr/sbin/smbd [0x809c1dc]
#57 /usr/sbin/smbd(reply_trans+0x56f) [0x809ce4f]
#58 /usr/sbin/smbd [0x80ea5b4]
#59 /usr/sbin/smbd(smbd_process+0x6f8) [0x80eb778]
#60 /usr/sbin/smbd(main+0x10df) [0x82c372f]
#61 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7bd6ea8]
#62 /usr/sbin/smbd [0x8082b11]
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1607)
smb_panic(): calling panic action [/usr/share/samba/panic-action 2307]
Failed to read a valid object file image from memory.
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1615)
smb_panic(): action returned status 0
[2007/08/26 06:01:15, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/smbd
[2007/08/26 06:01:15, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.41.11. Error =
Connection reset by peer
More information about the samba
mailing list