[Samba] segfault when tdb_mutex_unlock

Rowland Penny rpenny at samba.org
Mon Jul 1 08:15:52 UTC 2024 

On Mon, 1 Jul 2024 07:41:14 +0000
chin housin via samba <samba at lists.samba.org> wrote:

> Server runs samba for months,suddenly the share can't access,but '
> systemctl  status ' sees samba.service running and winbind.service
> running。Finally restart samba and winbind fixed the issue.The samba
> version 4.15.8,glibc version 2.28 During the time can't access share
> before restart, system log shows below: 1、net ads join continuing
> success 2、smbd coredump many times 3、winbind logs full of :
> check_winbind_security: winbindd not running - but required as domain
> member: NT_STATUS_NO_LOGON_SERVERS
> 
> Here is the smb.conf:
> 
> [global]
>    realm = ns.com
>    security = ads
>    server string = ""
>    getwd cache = no
>    workgroup = ns
>    idmap gid = 1000000-2000000
>    idmap uid = 1000000-2000000
>    log file = /var/log/samba/log.%m
>    max log size = 50
>    cache directory = /dev/shm/samba
>    state directory = /var/lib/samba
>    lock directory = /dev/shm/samba
>    idmap backend = tdb2
>    winbind separator = /
>    winbind use default domain = true
>    winbind offline logon = false
>    winbind enum users = yes
>    winbind enum groups = yes
>    passdb backend = tdbsam
>    get quota command = /quota_get.sh %U %G %d
>    nt acl support = yes
>    lanman auth = yes
>    ntlm auth = yes
>    wide links = no
>    disable spoolss = yes
>    template shell = /bin/bash
>    private dir = /var/lib/samba/private
>    rpc_server:netlogon = disabled
>    root preexec = /quota.sh %u %g %d %I
>    server min protocol = NT1
>    client min protocol = NT1
>    winbind max clients = 2000
> 
> [share1]
>    comment = ""
>    path = /share1
>    read only = no
>    writable = yes
>    browseable = yes
>    valid users =ns1/u1, @ns/u2, ns/u3, @ns/u4
>    write list = ns/u1, ns/u2, @ns/u3
>    create mask = 0777
>    directory mask = 0777
>    read list = @ns/u4
>    oplocks = yes
>    store dos attributes = yes
>    access based share enum = no
> 
> Here is the coredumps ( #0 ~ #18 is the same,segfault in #7):
> 
> coredump1(with gdb):
> #0  0x00007f7e2c4197ff in raise () from /lib64/libc.so.6
> #1  0x00007f7e2c403c35 in abort () from /lib64/libc.so.6
> #2  0x00007f7e2e2a1589 in dump_core () at
> ../../source3/lib/dumpcore.c:338 #3  0x00007f7e2e2b410c in
> smb_panic_s3 (why=0x7ffd55c954d0 "Signal 11: Segmentation fault") at
> ../../source3/lib/util.c #4  0x00007f7e3017cadf in smb_panic
> (why=0x7ffd55c954d0 "Signal 11: Segmentation fault") at
> ../../lib/util/fault.c:197 #5  0x00007f7e3017c5f8 in fault_report
> (sig=11) at ../../lib/util/fault.c:81 #6  0x00007f7e3017c60d in
> sig_fault (sig=11) at ../../lib/util/fault.c:92 #7  <signal handler
> called> #8  0x00007f7e2c7b0e6c in __pthread_mutex_unlock_full () from
> called> /lib64/libpthread.so.0 #9  0x00007f7e29be1294 in
> called> tdb_mutex_unlock (tdb=0x556b2a2ddf10, rw=0, off=17388, len=1,
> called> pret=0x7ffd55c95bcc) at ../../l #10 0x00007f7e29bd5a15 in
> called> fcntl_unlock (tdb=0x556b2a2ddf10, rw=0, off=17388, len=1) at
> called> ../../lib/tdb/common/lock.c:125
> #11 0x00007f7e29bd5c1b in tdb_brunlock (tdb=0x556b2a2ddf10,
> rw_type=0, offset=17388, len=1) at ../../lib/tdb/common/loc #12
> 0x00007f7e29bd655c in tdb_nest_unlock (tdb=0x556b2a2ddf10,
> offset=17388, ltype=0, mark_lock=false) at ../../lib/tdb #13
> 0x00007f7e29bd6623 in tdb_unlock (tdb=0x556b2a2ddf10, list=4305,
> ltype=0) at ../../lib/tdb/common/lock.c:579 #14 0x00007f7e29bd3040 in
> tdb_parse_record (tdb=0x556b2a2ddf10, key=..., parser=0x7f7e2e2a8cc6
> <gencache_parse_fn>, pri at ../../lib/tdb/common/tdb.c:331 #15
> 0x00007f7e2e2a8e02 in gencache_parse (keystr=0x556b2a297c00
> "IDMAP/SID2XID/S-1-5-21-3114039025-1376293423-562224231
> parser=0x7f7e2e2a8f07 <gencache_get_data_blob_parser>,
> private_data=0x7ffd55c95da0) at ../../source3/lib/gencache.c #16
> 0x00007f7e2e2a900f in gencache_get_data_blob (keystr=0x556b2a297c00
> "IDMAP/SID2XID/S-1-5-21-3114039025-1376293423-5
> mem_ctx=0x556b2a339890, blob=0x7ffd55c95e10, timeout=0x7ffd55c95e68,
> was_expired=0x0) at ../../source3/lib/gencache #17 0x00007f7e2e2a90e3
> in gencache_get (keystr=0x556b2a297c00
> "IDMAP/SID2XID/S-1-5-21-3114039025-1376293423-562224231-5
> value=0x7ffd55c95e78, ptimeout=0x7ffd55c95e68) at
> ../../source3/lib/gencache.c:563 #18 0x00007f7e2e2aca02 in
> idmap_cache_find_sid2unixid (sid=0x556b2a3119b0, id=0x7ffd55c95f90,
> expired=0x7ffd55c9608a) at ../../source3/lib/idmap_cache.c:53
> 
> #19 0x00007f7e2e2acf70 in idmap_cache_find_sid2gid
> (sid=0x556b2a3119b0, pgid=0x7ffd55c96410, expired=0x7ffd55c9608a) at
> ../../source3/lib/idmap_cache.c:180 #20 0x00007f7e2d5ac035 in
> sid_to_gid (psid=0x556b2a3119b0, pgid=0x7ffd55c96410) at
> ../../source3/passdb/lookup_sid.c:15 #21 0x00007f7e2faaabf3 in
> unpack_nt_owners (conn=0x556b2a306ff0, puser=0x7ffd55c96414,
> pgrp=0x7ffd55c96410, security_in psd=0x556b2a3e72a0) at
> ../../source3/smbd/posix_acls.c:1133 #22 0x00007f7e2fab15a2 in
> set_nt_acl (fsp=0x556b2a3c85e0, security_info_sent=7,
> psd_orig=0x556b2a3765c0) at ../../sourc #23 0x00007f7e2fb6ba4a in
> vfswrap_fset_nt_acl (handle=0x556b2a306970, fsp=0x556b2a3c85e0,
> security_info_sent=7, psd=0x5 at
> ../../source3/modules/vfs_default.c:3402 #24 0x00007f7e2faa59ab in
> smb_vfs_call_fset_nt_acl (handle=0x556b2a306970, fsp=0x556b2a3c85e0,
> security_info_sent=7, ps at ../../source3/smbd/vfs.c:2558 #25
> 0x00007f7e2fb63995 in set_underlying_acl (handle=0x556b2a2fc160,
> fsp=0x556b2a3c85e0, psd=0x556b2a3765c0, security_i
> chown_needed=false) at ../../source3/modules/vfs_acl_common.c:737 #26
> 0x00007f7e2fb641d1 in fset_nt_acl_common
> (fget_acl_blob_fn=0x7f7e151b6244 <fget_acl_blob>,
> store_acl_blob_fsp_fn=0x7f7e151b63df <store_acl_blob_fsp>,
> module_name=0x7f7e151b6e4a "acl_xattr", handle=0x556b2a2
> security_info_sent=7, orig_psd=0x556b2a2ab620) at
> ../../source3/modules/vfs_acl_common.c:925 #27 0x00007f7e151b6cb9 in
> acl_xattr_fset_nt_acl (handle=0x556b2a2fc160, fsp=0x556b2a3c85e0,
> security_info_sent=7, psd=0 at
> ../../source3/modules/vfs_acl_xattr.c:291 #28 0x00007f7e2faa59ab in
> smb_vfs_call_fset_nt_acl (handle=0x556b2a2fc160, fsp=0x556b2a3c85e0,
> security_info_sent=7, ps at ../../source3/smbd/vfs.c:2558 #29
> 0x00007f7e2fa96312 in inherit_new_acl
> (parent_dir_fname=0x556b2a3faf70, fsp=0x556b2a3c85e0) at
> ../../source3/smbd/o #30 0x00007f7e2fa97c4a in create_file_unixpath
> (conn=0x556b2a306ff0, req=0x556b2a4152e0, smb_fname=0x556b2a3c9390,
> acce share_access=0, create_disposition=2, create_options=68,
> file_attributes=32, oplock_request=256, lease=0x556b2a4150
> private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffd55c96b30,
> pinfo=0x7ffd55c96b3c) at ../../source3/smbd/open.c:608 #31
> 0x00007f7e2fa983e0 in create_file_default (conn=0x556b2a306ff0,
> req=0x556b2a4152e0, smb_fname=0x556b2a3c9390, acces share_access=0,
> create_disposition=2, create_options=68, file_attributes=32,
> oplock_request=256, lease=0x556b2a4150 private_flags=0, sd=0x0,
> ea_list=0x0, result=0x556b2a414fd8, pinfo=0x556b2a414fec,
> in_context_blobs=0x7ffd55c96e78, out_context_blobs=0x556b2a415200) at
> ../../source3/smbd/open.c:6278 #32 0x00007f7e2fb661f8 in
> vfswrap_create_file (handle=0x556b2a306970, req=0x556b2a4152e0,
> smb_fname=0x556b2a3c9390, acc share_access=0, create_disposition=2,
> create_options=68, file_attributes=32, oplock_request=256,
> lease=0x556b2a4150 private_flags=0, sd=0x0, ea_list=0x0,
> result=0x556b2a414fd8, pinfo=0x556b2a414fec,
> in_context_blobs=0x7ffd55c96e78, out_context_blobs=0x556b2a415200) at
> ../../source3/modules/vfs_default.c:755 #33 0x00007f7e2faa3a6b in
> smb_vfs_call_create_file (handle=0x556b2a306970, req=0x556b2a4152e0,
> smb_fname=0x556b2a3c9390 share_access=0, create_disposition=2,
> create_options=68, file_attributes=32, oplock_request=256,
> lease=0x556b2a4150 private_flags=0, sd=0x0, ea_list=0x0,
> result=0x556b2a414fd8, pinfo=0x556b2a414fec,
> in_context_blobs=0x7ffd55c96e78, out_context_blobs=0x556b2a415200) at
> ../../source3/smbd/vfs.c:1714
> 
> coredump2(sorry for spelling mistakes ):
> #6 0x00007f65dd73e60d in sig_ fault () from
> /usr/lib64/libsamba-util.so.0 #7 <s ignal handler called>
> #8 0x0007f65d9d72e6c in_ pthread_ mutex_ unlock_ full ( ) from
> /usr/lib64/libpthread.so.0 #9 0x0007f65d71a3294 in tdb_ mutex_ unlock
> ( ) from /usr/lib64/samba/libtdb .so.1 #10 0x00007 f65d7197a15 in
> fcntl_ unLock ( ) from /usr/lib64/s amba/libtdb.so. #11
> 0x00007f65d7197c1b in tdb_ brunlock from /usr/lib64/samba/libtdb.so.1
> #12 0x00007f65d719855c in tdb_ nest_ unlock ( ) from /usr/
> ib64/samba/libtdb.so.1 #13 0x0007f65d7198623 in tdb_ unlock ( ) from
> /usr/l ib64/samba/libtdb.so.1 #14 0x00007 f65d7 195040 in tdb_ parse_
> record ( ) from /usr/l ib64/samba/ libtdb.so.1 #15 0x00007
> f65db86ae02 in gencache_ parse ( ) from /lib64/libsmbconf .50.0 #16
> 0x0007f65db86b0Of in gencache_ get_ data_ blob_ ( ) from
> /lib64/libsmbconf.so.0 #17 0x00007f65db86b0e3 in gencache_ get ( )
> from /lib64/libsmbconf .so.0 #18 0x00007 f65db86ea02 in idmap_ cache_
> f ind_ sid2unixid ( ) from /libib64/libsmbconf .s0.0
> 
> #19 0x00007 f65dab6d5c1 in sids_ to_ unixids ( ) from
> /lib64/libsamba-passdb.so.0 #20 0x00007f65da5ce8d9 in create_ local_
> token ( ) from /usr/lib64/samba/l ibauth- samba4.so #21 0x00007
> f65da5c6ca3 in auth3_ generate_ session_ info ( ) from
> /usr/lib64/samba/libauth-samba4. so #22 0x00007 f65d49ecd52 in
> gensec_ ntlmssp_ session_ info ( ) from /usr/lib64/samba/libgensec
> -samba4. so #23 0x00007 f65d49f66c0 in gensec_ session_ info ( ) from
> /usr/lib64/samba/libgensec-samba4. so #24 0x00007f65d49fa5b6 in
> gensec_ child_ session_ info from /usr/lib64/ samba/libgensec -
> samba4.so #25 0x00007f65d49f66c0 in gensec session_ info () from
> /usr/l ib64/s amba/l ibgensec-samba4. so #26 0x00007 f65ddoa5bc1 in
> smbd_ smb2_ session_ setup_ gensec_ done ( ) from /usr/lib64/
> samba/libsmbd-base-samba4. #27 0x00007f65dc4cf4d2 in_ tevent_ req_
> notify_ callback ( ) from /usr/lib64/samba/libtevent.so.0 #28 0x00007
> f65dc4cf631 in tevent_ req_ finish ( ) from
> /usr/lib64/samba/libtevent.so.0 #29 0x00007f65dc4cf65d in_ tevent_
> req_ done ( ) from /usr/lib64/samba/libtevent.so.0 #30
> 0x00007f65d49f714e in gensec_ update_ done ( ) from
> /usr/lib64/samba/libgensec -samba4.so #31 0x0007f65dc4cf4d2 in_
> tevent_ req_ notify_ callback ( ) from /usr/lib64/samba/libtevent
> .so.0 #32 0x00007f65dc4cf631 in tevent_ req_ finish ( ) from
> /usr/lib64/samba/libtevent.so.0 #33 0x00007f65dc4cf65d in_ tevent_
> req_ done ( ) from /usr/lib64/s amba/libtevent.so.0 #34
> 0x00007f65d49f508b in gensec_ spnego_ update_ post ( ) from /usr/l
> ib64/s amba/ libgensec -samba4. so #35 0x0007f65d49f4bf6 in gensec_
> spnego_ update_ done() from /usr/lib64/samba/libgensec -S amba4.so
> #36 0x00007 f65dc4cf4d2 in_ tevent_ req_ notify_ callback ( ) from
> /usr/ lib64/samba/ l ibtevent.so.0 #37 0x00007f65dc4cf631 in tevent_
> req_finish () from /usr/lib64/ samba/libtevent. so.0 #38
> 0x0007f65dc4cf65d in_ tevent_ req_ done ( ) from
> /usr/lib64/samba/libtevent.so.0 #39 0x0007f65d49f714e in gensec_
> _update_ done ( ) from /usr/lib64/samba/l ibgensec -samba4.so #40
> 0x00007f65dc4cf4d2 in_ tevent_ req_ notify_ callback ( ) from
> /usr/lib64/s amba/libtevent.so.0 #41 0x00007f65dc4cf631 in tevent_
> req_ finish ( ) from /usr/lib64/samba/libtevent.so.0 #42
> 0x00007f65dc4cf65d in_ tevent_ req_ done ( ) from /usr/lib64/s amba/l
> ibtevent.so.0 #43 0x0007f65d49e2b0c in gensec_ ntlmssp_ _update_ done
> ( ) from /usr/lib64/samba/l ibgensec -samba4. so #44
> 0x00007f65dc4cf4d2 in_ tevent_ req_ notify_ callback () from
> /usr/lib64/s amba/l ibtevent.so.0 #45 0x00007f65dc4cf631 in tevent_
> req_ finish ( ) from /usr/lib64/samba/libtevent.so.0 #46
> 0x0007f65dc4cf65d in_ tevent_ req_ done ( ) from
> /usr/lib64/samba/libtevent.so.0 #470x00007f65d49e9205 in ntlmssp_
> server_ auth_ done ( ) from /usr/lib64/s amba/l ibgensec - samba4.so
> #48 0x00007f65dc4cf4d2 in_ tevent_ req_ notify_ callback () from
> /usr/lib64/s amba/l ibtevent.so.0 #49 0x00007 f65dc4cf631 in tevent_
> req_ finish ( ) from /usr/lib64/samba/libtevent. so.0 #50
> 0x00007f65dc4cf75b in tevent_ req_ trigger () from /usr/lib64/samba/
> libtevent.so.0 #51 0x00007 f65dc4ce385 in tevent_ common_ invoke_
> immediate_ handler ( ) from /usr/lib64/samba/libtevent .so.0
> #520x00007f65dc4ce4d4 in tevent_ common _loop_ immediate ( ) from
> /usr/lib64/samba/libtevent.so.0 #53 0x00007f65dc4d88e9 in epoll_
> event_ loop_ once ( ) from /usr/lib64/samba/libtevent.so.0 #54
> 0x00007f65dc4d5304 in std_ event_ loop_ once ( ) from
> /usr/lib64/samba/libtevent.so.0
> 
> Is this tdb_unlock's bug? Or  idmap_ cache_ find_ sid2unixid's ?Or
> the pthread_mutex_unlock's provided by glibc ?and what's causality
> between smbd's error and winbind's?

First, Samba shouldn't crash like that, but Samba 4.15.8 is EOL from
the Samba point of view, so can you try with a much later, Samba
supported version, your problem may already have been fixed. 

Can I also suggest you fix your smb.conf .
All your users are being added to the Default '*' domain, rather than
the 'NS' domain (this is because there are no 'idmap config' lines for
the 'NS' domain). 
The tdb2 idmap backend is really meant for a ctdb clustered
environment. 
Finally, do you still really need SMBv1 ?

Rowland

More information about the samba mailing list