[Samba] smbd and pdbedit segfault

Marc Casillo mcasillo at finite-tech.com
Mon Aug 27 05:36:54 GMT 2007


Greetings!

I've got a Debian server running Samba that has a rather odd problem I 
was hoping someone out there could help with.

Whenever a particular user is referenced, either in in smbd or pdbedit, 
a segfault or security context stack overflow is generated.

Here is what I have tried to fix the problem:
    Used tdbbackup on all the *.tdb files I could find and replaced the 
current ones with those backups
    Used tdbtool from a more recent version of samba to check all the 
tdb files
    Upgraded the kernel to the most recent Debian etch kernel
                Linux egm-server 2.6.18-5-686 #1 SMP Sun Aug 12 21:57:02 
UTC 2007 i686 GNU/Linux
    Run strace on the pdbedit binary - The good user works fine, the bad 
user loops forever and then cores.
               fcntl64(3, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, 
start=312, len=1}, 0xbfa3f984) = 0
               fcntl64(3, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, 
start=584, len=1}, 0xbfa3f714) = 0
    Run gdb on the binary :
                dies here with -L:
                    Program received signal SIGSEGV, Segmentation fault.
                    [Switching to Thread -1211454912 (LWP 6863)]
                    0xb7dfa623 in vfprintf () from 
/lib/tls/i686/cmov/libc.so.6
                dies here with the 'bad username' (ktcccarthy) as the 
argument
                    Program received signal SIGSEGV, Segmentation fault.
                    [Switching to Thread -1211786688 (LWP 6870)]
                    0x080addd2 in strchr_m (src=0x85c8978 "\\\\%N\\%U", 
c=37 '%') at lib/util_str.c:1298
                    1298    {

Help!

Marc
------------------------

This works :
egm-server:/var/log/samba# pdbedit lpinkey
lpinkley:1002:Lorrie Pinkey

This does not (the bad user) :
eqm-server:/var/log/samba# pdbedit ktccarthey
Segmentation fault

Here is the output of the pdbedit -L:
egm-server:/var/log/samba# pdbedit -L
games:5:games
nobody:65534:nobody
egm:1004:Mangement container user
proxy:13:proxy
bharris:1010:Brian Harris
www-data:33:www-data
root:0:root
news:9:news
Segmentation fault

And here are the stack dumps listed in /var/log/samba/log.workstationname:

[2007/08/26 06:01:13, 0] smbd/sec_ctx.c:push_sec_ctx(194)
  Security context stack overflow!
[2007/08/26 06:01:13, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 28277): Security context stack overflow!
 
[2007/08/26 06:01:13, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 63 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c293]
   #1 /usr/sbin/smbd(smb_panic+0x46) [0x822c386]
   #2 /usr/sbin/smbd(push_sec_ctx+0x1cb) [0x80db8db]
   #3 /usr/sbin/smbd(become_root+0xb) [0x80d140b]
   #4 /usr/sbin/smbd(sid_to_gid+0xd8) [0x81eec98]
   #5 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
 #6 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #7 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #8 /usr/sbin/smbd [0x82082d6]
   #9 /usr/sbin/smbd [0x820bfb3]
   #10 /usr/sbin/smbd [0x820c3fa]
   #11 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #12 /usr/sbin/smbd [0x81ec7ca]
   #13 /usr/sbin/smbd [0x81eccb0]
   #14 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #15 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #16 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #17 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #18 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #19 /usr/sbin/smbd [0x82082d6]
   #20 /usr/sbin/smbd [0x820bfb3]
   #21 /usr/sbin/smbd [0x820c3fa]
   #22 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #23 /usr/sbin/smbd [0x81ec7ca]
   #24 /usr/sbin/smbd [0x81eccb0]
   #25 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #26 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #27 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #28 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #29 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #30 /usr/sbin/smbd [0x82082d6]
   #31 /usr/sbin/smbd [0x820bfb3]
   #32 /usr/sbin/smbd [0x820c3fa]
   #33 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #34 /usr/sbin/smbd [0x81ec7ca]
   #35 /usr/sbin/smbd [0x81eccb0]
   #36 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #37 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #38 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #39 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #40 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #41 /usr/sbin/smbd [0x82082d6]
   #42 /usr/sbin/smbd [0x820bfb3]
   #43 /usr/sbin/smbd [0x820c3fa]
   #44 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #45 /usr/sbin/smbd [0x81ec7ca]
   #46 /usr/sbin/smbd(pdb_default_lookup_rids+0x1cb) [0x81ecbdb]
   #47 /usr/sbin/smbd(pdb_lookup_rids+0x42) [0x81eb232]
   #48 /usr/sbin/smbd(lookup_sids+0x312) [0x81efbc2]
   #49 /usr/sbin/smbd [0x8135e6a]
   #50 /usr/sbin/smbd(_lsa_lookup_sids+0x11f) [0x81365cf]
   #51 /usr/sbin/smbd [0x813269b]
   #52 /usr/sbin/smbd(api_rpcTNP+0x15f) [0x818b5ff]
   #53 /usr/sbin/smbd(api_pipe_request+0x183) [0x818bbe3]
   #54 /usr/sbin/smbd [0x8185f1e]
   #55 /usr/sbin/smbd [0x809bced]
   #56 /usr/sbin/smbd [0x809c1dc]
   #57 /usr/sbin/smbd(reply_trans+0x56f) [0x809ce4f]
   #58 /usr/sbin/smbd [0x80ea5b4]
   #59 /usr/sbin/smbd(smbd_process+0x6f8) [0x80eb778]
   #60 /usr/sbin/smbd(main+0x10df) [0x82c372f]
   #61 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7bd6ea8]
   #62 /usr/sbin/smbd [0x8082b11]
[2007/08/26 06:01:13, 0] lib/util.c:smb_panic(1607)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 28277]
Failed to read a valid object file image from memory.
[2007/08/26 06:01:14, 0] lib/util.c:smb_panic(1615)
  smb_panic(): action returned status 0
[2007/08/26 06:01:14, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/smbd
[2007/08/26 06:01:15, 0] smbd/sec_ctx.c:push_sec_ctx(194)
  Security context stack overflow!
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 2307): Security context stack overflow!
 
[2007/08/26 06:01:15, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 63 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822c293]
   #1 /usr/sbin/smbd(smb_panic+0x46) [0x822c386]
   #2 /usr/sbin/smbd(push_sec_ctx+0x1cb) [0x80db8db]
   #3 /usr/sbin/smbd(become_root+0xb) [0x80d140b]
   #4 /usr/sbin/smbd(sid_to_gid+0xd8) [0x81eec98]
   #5 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #6 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #7 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #8 /usr/sbin/smbd [0x82082d6]
   #9 /usr/sbin/smbd [0x820bfb3]
   #10 /usr/sbin/smbd [0x820c3fa]
   #11 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #12 /usr/sbin/smbd [0x81ec7ca]
   #13 /usr/sbin/smbd [0x81eccb0]
   #14 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #15 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #16 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #17 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
 #18 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #19 /usr/sbin/smbd [0x82082d6]
   #20 /usr/sbin/smbd [0x820bfb3]
   #21 /usr/sbin/smbd [0x820c3fa]
   #22 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #23 /usr/sbin/smbd [0x81ec7ca]
   #24 /usr/sbin/smbd [0x81eccb0]
   #25 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #26 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #27 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #28 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #29 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #30 /usr/sbin/smbd [0x82082d6]
   #31 /usr/sbin/smbd [0x820bfb3]
   #32 /usr/sbin/smbd [0x820c3fa]
   #33 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #34 /usr/sbin/smbd [0x81ec7ca]
   #35 /usr/sbin/smbd [0x81eccb0]
   #36 /usr/sbin/smbd(pdb_sid_to_id+0x29) [0x81eb079]
   #37 /usr/sbin/smbd(sid_to_gid+0xee) [0x81eecae]
   #38 /usr/sbin/smbd(pdb_set_group_sid+0x4d) [0x81e55cd]
   #39 /usr/sbin/smbd(pdb_set_group_sid_from_rid+0x67) [0x81ee287]
   #40 /usr/sbin/smbd(init_sam_from_buffer_v3+0x8f1) [0x81e7ed1]
   #41 /usr/sbin/smbd [0x82082d6]
   #42 /usr/sbin/smbd [0x820bfb3]
   #43 /usr/sbin/smbd [0x820c3fa]
   #44 /usr/sbin/smbd(pdb_getsampwsid+0x7d) [0x81ec69d]
   #45 /usr/sbin/smbd [0x81ec7ca]
   #46 /usr/sbin/smbd(pdb_default_lookup_rids+0x1cb) [0x81ecbdb]
   #47 /usr/sbin/smbd(pdb_lookup_rids+0x42) [0x81eb232]
   #48 /usr/sbin/smbd(lookup_sids+0x312) [0x81efbc2]
   #49 /usr/sbin/smbd [0x8135e6a]
   #50 /usr/sbin/smbd(_lsa_lookup_sids+0x11f) [0x81365cf]
   #51 /usr/sbin/smbd [0x813269b]
   #52 /usr/sbin/smbd(api_rpcTNP+0x15f) [0x818b5ff]
   #53 /usr/sbin/smbd(api_pipe_request+0x183) [0x818bbe3]
   #54 /usr/sbin/smbd [0x8185f1e]
   #55 /usr/sbin/smbd [0x809bced]
   #56 /usr/sbin/smbd [0x809c1dc]
   #57 /usr/sbin/smbd(reply_trans+0x56f) [0x809ce4f]
   #58 /usr/sbin/smbd [0x80ea5b4]
   #59 /usr/sbin/smbd(smbd_process+0x6f8) [0x80eb778]
   #60 /usr/sbin/smbd(main+0x10df) [0x82c372f]
   #61 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7bd6ea8]
   #62 /usr/sbin/smbd [0x8082b11]
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1607)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 2307]
Failed to read a valid object file image from memory.
[2007/08/26 06:01:15, 0] lib/util.c:smb_panic(1615)
  smb_panic(): action returned status 0
[2007/08/26 06:01:15, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/smbd
[2007/08/26 06:01:15, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.41.11. Error = 
Connection reset by peer


More information about the samba mailing list