Debian Bug report logs - #302378
samba: smbd exits with SIGABRT

version graph

Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>; Source for samba is src:samba.

Reported by: "Rasmus Bøg Hansen" <moffe@amagerkollegiet.dk>

Date: Thu, 31 Mar 2005 14:48:08 UTC

Severity: grave

Tags: patch, woody

Merged with 305043

Found in version 2.2.3a-14.2

Fixed in version samba/2.2.3a-15

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to "Rasmus B�g Hansen" <moffe@amagerkollegiet.dk>:
New Bug report received and forwarded. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Rasmus Bøg Hansen" <moffe@amagerkollegiet.dk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: samba: smbd exits with SIGABRT
Date: Thu, 31 Mar 2005 16:40:44 +0200
Package: samba
Version: 2.2.3a-14.2
Severity: grave
Justification: renders package unusable

In this security update of samba, smbd exits with SIGABRT on my two
samba servers. Both of the are running as domain masters. On a third
server, not running as domain master, this new version works well.

Downgrading to 2.2.3a-14.1 resolves the problem entirely, which is why
the problem was probably introduced with the fix for #286023.

strace of "smbd -i" is to be found here:

http://www.amagerkollegiet.dk/~moffe/samba-strace.log

If I can I will gladly help more.

Regards
/Rasmus

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux carlsberg 2.4.29 #1 tir mar 15 11:25:56 CET 2005 i586
Locale: LANG=C, LC_CTYPE=da_DK

Versions of packages samba depends on:
ii  debconf                  1.2.35          Debian configuration management sy
ii  libc6                    2.2.5-11.8      GNU C Library: Shared libraries an
ii  libcupsys2               1.1.14-5woody12 Common UNIX Printing System(tm) - 
ii  libpam0g                 0.72-35         Pluggable Authentication Modules l
ii  logrotate                3.5.9-8         Log rotation utility
ii  netbase                  4.07            Basic TCP/IP networking system
ii  samba-common             2.2.3a-14.2     Samba common files used by both th




Tags added: woody Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #12 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: moffe@amagerkollegiet.dk, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Thu, 31 Mar 2005 16:50:37 -0800
[Message part 1 (text/plain, inline)]
Rasmus,

[Please do not use non-ascii DEBFULLNAME values with the reportbug from
woody; the From: header in your message violates the SMTP RFCs by including
literal non-ascii characters, and requires me to manually input an address
when replying.]

On Thu, Mar 31, 2005 at 04:40:44PM +0200, Rasmus B�g Hansen wrote:
> Package: samba
> Version: 2.2.3a-14.2
> Severity: grave
> Justification: renders package unusable

> In this security update of samba, smbd exits with SIGABRT on my two
> samba servers. Both of the are running as domain masters. On a third
> server, not running as domain master, this new version works well.

> Downgrading to 2.2.3a-14.1 resolves the problem entirely, which is why
> the problem was probably introduced with the fix for #286023.

> strace of "smbd -i" is to be found here:

> http://www.amagerkollegiet.dk/~moffe/samba-strace.log

> If I can I will gladly help more.

If you run without -i, does this crash result in a crash entry being written
to your samba log files?  If so, can you send us a copy?  If not, can you
run smbd under gdb instead of strace and send us the backtrace from there?

-- 
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to moffe@amagerkollegiet.dk (Rasmus Bøg Hansen):
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #17 received at 302378@bugs.debian.org (full text, mbox):

From: moffe@amagerkollegiet.dk (Rasmus Bøg Hansen)
To: Steve Langasek <vorlon@debian.org>
Cc: 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 01 Apr 2005 10:16:28 +0200
Steve Langasek <vorlon@debian.org> hit the keyboard.
Afterwards the following was on the screen:

> Rasmus,
>
> [Please do not use non-ascii DEBFULLNAME values with the reportbug from
> woody; the From: header in your message violates the SMTP RFCs by including
> literal non-ascii characters, and requires me to manually input an address
> when replying.]

Sorry, I was not aware of that - I better go change it!

> On Thu, Mar 31, 2005 at 04:40:44PM +0200, Rasmus B�g Hansen wrote:
>> Package: samba
>> Version: 2.2.3a-14.2
>> Severity: grave
>> Justification: renders package unusable
>
>> In this security update of samba, smbd exits with SIGABRT on my two
>> samba servers. Both of the are running as domain masters. On a third
>> server, not running as domain master, this new version works well.
>
>> Downgrading to 2.2.3a-14.1 resolves the problem entirely, which is why
>> the problem was probably introduced with the fix for #286023.
>
>> strace of "smbd -i" is to be found here:
>
>> http://www.amagerkollegiet.dk/~moffe/samba-strace.log
>
>> If I can I will gladly help more.
>
> If you run without -i, does this crash result in a crash entry being written
> to your samba log files?  If so, can you send us a copy?  If not, can you
> run smbd under gdb instead of strace and send us the backtrace from there?

I sure can:


[2005/03/31 16:27:14, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-14.2 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2005/03/31 16:27:14, 1] lib/debug.c:debug_message(250)
  INFO: Debug class all level = 2   (pid 14163 from pid 14163)
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[homes]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[Public]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[Upload]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[itudvalg]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[bestyrelse]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[introudvalg]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[fest-kultur]"
[2005/03/31 16:27:14, 2] param/loadparm.c:do_section(2973)
  Processing section "[centerledelse]"
[2005/03/31 16:27:14, 2] lib/interface.c:add_interface(81)
  added interface ip=172.16.0.3 bcast=172.31.255.255 nmask=255.240.0.0
[2005/03/31 16:27:14, 0] smbd/server.c:main(744)
  standard input is not a socket, assuming -D option
[2005/03/31 16:27:14, 2] smbd/server.c:open_sockets(198)
  waiting for a connection
[2005/03/31 16:27:14, 0] lib/fault.c:fault_report(38)
  ===============================================================
[2005/03/31 16:27:14, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 14164 (2.2.3a-14.2 for Debian)
  Please read the file BUGS.txt in the distribution
[2005/03/31 16:27:14, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2005/03/31 16:27:14, 0] lib/util.c:smb_panic(1105)
  PANIC: internal error

Again, if you need more info, let me know and I wil try to send it!

Regards
/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
UNIX is user-friendly;
it's just particular about who it chooses to be friends with!
----------------------------------------------[ moffe at zz9 dot dk ] --




Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #22 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Rasmus Bøg Hansen <moffe@amagerkollegiet.dk>
Cc: 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 1 Apr 2005 00:43:17 -0800
[Message part 1 (text/plain, inline)]
On Fri, Apr 01, 2005 at 10:16:28AM +0200, Rasmus Bøg Hansen wrote:
> > If you run without -i, does this crash result in a crash entry being written
> > to your samba log files?  If so, can you send us a copy?  If not, can you
> > run smbd under gdb instead of strace and send us the backtrace from there?

> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(38)
>   ===============================================================
> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(39)
>   INTERNAL ERROR: Signal 11 in pid 14164 (2.2.3a-14.2 for Debian)
>   Please read the file BUGS.txt in the distribution
> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(41)
>   ===============================================================
> [2005/03/31 16:27:14, 0] lib/util.c:smb_panic(1105)
>   PANIC: internal error

> Again, if you need more info, let me know and I wil try to send it!

I'm afraid that the above doesn't actually count as a useful crash entry.
Please run smbd under gdb instead (gdb smbd; run -i; bt) and send us the
results.

Thanks,
-- 
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to moffe@zz9.dk (Rasmus Bøg Hansen):
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #27 received at 302378@bugs.debian.org (full text, mbox):

From: moffe@zz9.dk (Rasmus Bøg Hansen)
To: Steve Langasek <vorlon@debian.org>
Cc: 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 01 Apr 2005 11:20:35 +0200
Steve Langasek <vorlon@debian.org> hit the keyboard.
Afterwards the following was on the screen:

> On Fri, Apr 01, 2005 at 10:16:28AM +0200, Rasmus Bøg Hansen wrote:
>> > If you run without -i, does this crash result in a crash entry being written
>> > to your samba log files?  If so, can you send us a copy?  If not, can you
>> > run smbd under gdb instead of strace and send us the backtrace from there?
>
>> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(38)
>>   ===============================================================
>> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(39)
>>   INTERNAL ERROR: Signal 11 in pid 14164 (2.2.3a-14.2 for Debian)
>>   Please read the file BUGS.txt in the distribution
>> [2005/03/31 16:27:14, 0] lib/fault.c:fault_report(41)
>>   ===============================================================
>> [2005/03/31 16:27:14, 0] lib/util.c:smb_panic(1105)
>>   PANIC: internal error
>
>> Again, if you need more info, let me know and I wil try to send it!
>
> I'm afraid that the above doesn't actually count as a useful crash entry.
> Please run smbd under gdb instead (gdb smbd; run -i; bt) and send us the
> results.

I was afraid so.

The binary in the samba package is stripped, so I downloaded the
source (apt-get source samba), built it (debuild) and ran the
unstripped binary (samba-2.2.3a/source/bin/smbd):

--- gdb backtrace begin ---
root@carlsberg:~# gdb /tmp/samba-2.2.3a/source/bin/smbd 
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...(no debugging symbols found)...
(gdb) r -i
Starting program: /tmp/samba-2.2.3a/source/bin/smbd -i
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
smbd version 2.2.3a-14.2 for Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2002
INFO: Debug class all level = 2   (pid 808 from pid 808)
Processing section "[homes]"
Processing section "[Public]"
Processing section "[Upload]"
Processing section "[itudvalg]"
Processing section "[bestyrelse]"
Processing section "[introudvalg]"
Processing section "[fest-kultur]"
Processing section "[centerledelse]"
added interface ip=172.16.0.3 bcast=172.31.255.255 nmask=255.240.0.0
waiting for a connection
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x400bebd4 in free () from /lib/libc.so.6
(gdb) bt
#0  0x400bebd4 in free () from /lib/libc.so.6
#1  0x400beaa3 in free () from /lib/libc.so.6
#2  0x0811df7c in talloc_destroy ()
#3  0x08089455 in lp_talloc_free ()
#4  0x0804bd4d in open_sockets ()
#5  0x0804cc7b in main ()
#6  0x4006914f in __libc_start_main () from /lib/libc.so.6
(gdb) c
Continuing.
===============================================================
INTERNAL ERROR: Signal 11 in pid 808 (2.2.3a-14.2 for Debian)
Please read the file BUGS.txt in the distribution
===============================================================
PANIC: internal error

Program received signal SIGABRT, Aborted.
0x40079781 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40079781 in kill () from /lib/libc.so.6
#1  0x40079464 in raise () from /lib/libc.so.6
#2  0x4007abe1 in abort () from /lib/libc.so.6
#3  0x0811a42f in smb_panic ()
#4  0x08109e42 in fault_report ()
#5  0x08109e95 in sig_fault ()
#6  0x400796b8 in sigaction () from /lib/libc.so.6
#7  0x400beaa3 in free () from /lib/libc.so.6
#8  0x0811df7c in talloc_destroy ()
#9  0x08089455 in lp_talloc_free ()
#10 0x0804bd4d in open_sockets ()
#11 0x0804cc7b in main ()
#12 0x4006914f in __libc_start_main () from /lib/libc.so.6
(gdb)
--- gdb backtrace end ---

I hope this will help more!

Regards
/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
The reason we come up with new versions is not to fix bugs.
                                              -- Bill Gates
----------------------------------------------[ moffe at zz9 dot dk ] --




Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Tóth Nándor <nug@sch.bme.hu>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #32 received at 302378@bugs.debian.org (full text, mbox):

From: Tóth Nándor <nug@sch.bme.hu>
To: 302378@bugs.debian.org
Subject: bug confirmed
Date: Mon, 04 Apr 2005 08:34:04 +0200
Hi!

I have exactly the same problem on my 2 servers. After upgrading to 
2.2.3a-14.2 samba crashes once a day.

I have just downgraded to 2.2.3a-14.1, because it is a production 
envirement.

-- 
Udv,
  Nandor



Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Andrew Bartlett <abartlet@samba.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #37 received at 302378@bugs.debian.org (full text, mbox):

From: Andrew Bartlett <abartlet@samba.org>
To: Tóth Nándor <nug@sch.bme.hu>, 302378@bugs.debian.org
Subject: Re: Bug#302378: bug confirmed
Date: Mon, 04 Apr 2005 17:17:39 +1000
[Message part 1 (text/plain, inline)]
On Mon, 2005-04-04 at 08:34 +0200, Tóth Nándor wrote:
> Hi!
> 
> I have exactly the same problem on my 2 servers. After upgrading to 
> 2.2.3a-14.2 samba crashes once a day.
> 
> I have just downgraded to 2.2.3a-14.1, because it is a production 
> envirement.

Clearly there is a double-free() in the changed behaviour of the Debian
patch.  If you care about security and your production environment I
strongly suggest that in line with team policy, the latest stable
version of Samba is 3.0.13.  (We don't support 2.2 any more).

To fix this in Debian the Debian maintainer will at least need a
valgrind trace of the deamon crashing, to find where the double-free is.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Systeembeheer Open Office <s.openoffice@amsterdamscheschool.nl>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #42 received at 302378@bugs.debian.org (full text, mbox):

From: Systeembeheer Open Office <s.openoffice@amsterdamscheschool.nl>
To: Debian Bug Tracking System <302378@bugs.debian.org>
Subject: samba log, debug level 10
Date: Tue, 05 Apr 2005 11:15:33 +0200
Package: samba
Version: 2.2.3a-14.2
Followup-For: Bug #302378


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux mail 2.6.3-oo-server #4 Wed Feb 18 12:01:50 CET 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages samba depends on:
ii  debconf   1.2.35                         Debian configuration management sy
ii  libc6     2.2.5-11.8                     GNU C Library: Shared libraries an
ii  libcupsys 1.1.20final-12.backports.org.1 Common UNIX Printing System(tm) - 
ii  libpam0g  0.72-35                        Pluggable Authentication Modules l
ii  logrotate 3.5.9-8                        Log rotation utility
ii  netbase   4.07                           Basic TCP/IP networking system
ii  samba-com 2.2.3a-14.2                    Samba common files used by both th

I noticed that #302378 didn't have a loglevel=10 log file attached:
[2005/04/05 10:46:56, 3] param/params.c:pm_process(577)
  params.c:pm_process() - Processing configuration file
  "/etc/samba/smb.conf"
[2005/04/05 10:46:56, 3] param/loadparm.c:do_section(2955)
  Processing section "[global]"
  doing parameter panic action = /usr/share/samba/panic-action %d
[2005/04/05 10:46:56, 0] lib/fault.c:fault_report(38)
===============================================================
[2005/04/05 10:46:56, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 9641 (2.2.3a-14.2 for Debian)
  Please read the file BUGS.txt in the distribution
[2005/04/05 10:46:56, 0] lib/fault.c:fault_report(41)
===============================================================
[2005/04/05 10:46:56, 0] lib/util.c:smb_panic(1105)
  PANIC: internal error

Please note that Samba will start, but Panics when a "samba reload"
command is given on the command line.





Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #47 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Andrew Bartlett <abartlet@samba.org>, 302378@bugs.debian.org
Cc: Tóth Nándor <nug@sch.bme.hu>
Subject: Re: Bug#302378: bug confirmed
Date: Wed, 6 Apr 2005 18:14:36 -0700
[Message part 1 (text/plain, inline)]
Hi Tóth,

On Mon, Apr 04, 2005 at 05:17:39PM +1000, Andrew Bartlett wrote:
> On Mon, 2005-04-04 at 08:34 +0200, Tóth Nándor wrote:
> > Hi!
> > 
> > I have exactly the same problem on my 2 servers. After upgrading to 
> > 2.2.3a-14.2 samba crashes once a day.
> > 
> > I have just downgraded to 2.2.3a-14.1, because it is a production 
> > envirement.

> Clearly there is a double-free() in the changed behaviour of the Debian
> patch.  If you care about security and your production environment I
> strongly suggest that in line with team policy, the latest stable
> version of Samba is 3.0.13.  (We don't support 2.2 any more).

> To fix this in Debian the Debian maintainer will at least need a
> valgrind trace of the deamon crashing, to find where the double-free is.

Is there any chance you'll be able to get us the valgrind trace that Andrew
asks for?  I have so far been unable to reproduce these crashes on my own
systems.

Thanks,
-- 
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to moffe@zz9.dk (Rasmus Bøg Hansen):
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #52 received at 302378@bugs.debian.org (full text, mbox):

From: moffe@zz9.dk (Rasmus Bøg Hansen)
To: Steve Langasek <vorlon@debian.org>
Cc: 302378@bugs.debian.org,Andrew Bartlett <abartlet@samba.org>
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 08 Apr 2005 01:08:16 +0200
Hi again

Valgrind is not in woody, so I installed it from backports, and made
the following trace:

valgrind -v -- smbd -i > /tmp/valgrind.log 2>&1

Output is here:

http://www.amagerkollegiet.dk/~moffe/valgrind.log

Hopefully this is better...

Regards
/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
The reason we come up with new versions is not to fix bugs.
                                              -- Bill Gates
----------------------------------------------[ moffe at zz9 dot dk ] --




Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Andrew Bartlett <abartlet@samba.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #57 received at 302378@bugs.debian.org (full text, mbox):

From: Andrew Bartlett <abartlet@samba.org>
To: Rasmus Bøg Hansen <moffe@zz9.dk>
Cc: Steve Langasek <vorlon@debian.org>, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 08 Apr 2005 09:21:11 +1000
[Message part 1 (text/plain, inline)]
On Fri, 2005-04-08 at 01:08 +0200, Rasmus Bøg Hansen wrote:
> Hi again
> 
> Valgrind is not in woody, so I installed it from backports, and made
> the following trace:
> 
> valgrind -v -- smbd -i > /tmp/valgrind.log 2>&1
> 
> Output is here:
> 
> http://www.amagerkollegiet.dk/~moffe/valgrind.log

Sorry, that doesn't help.  We will probably need --num-callers=32, and
we need to show it crashing, not just running and exiting once (which is
what -i does).

Internally, Samba has been modified to assist in this, so if you run
with the valgrind --trace-children option, but not smbd's -i, the
valgrind errors will end up in the normal Samba logfiles (we redirect
stderr).

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to moffe@zz9.dk (Rasmus Bøg Hansen):
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #62 received at 302378@bugs.debian.org (full text, mbox):

From: moffe@zz9.dk (Rasmus Bøg Hansen)
To: Andrew Bartlett <abartlet@samba.org>
Cc: Steve Langasek <vorlon@debian.org>, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Fri, 08 Apr 2005 09:48:53 +0200
Andrew Bartlett <abartlet@samba.org> hit the keyboard.
Afterwards the following was on the screen:

> On Fri, 2005-04-08 at 01:08 +0200, Rasmus Bøg Hansen wrote:
>> Hi again
>> 
>> Valgrind is not in woody, so I installed it from backports, and made
>> the following trace:
>> 
>> valgrind -v -- smbd -i > /tmp/valgrind.log 2>&1
>> 
>> Output is here:
>> 
>> http://www.amagerkollegiet.dk/~moffe/valgrind.log
>
> Sorry, that doesn't help.  We will probably need --num-callers=32, and
> we need to show it crashing, not just running and exiting once (which is
> what -i does).
>
> Internally, Samba has been modified to assist in this, so if you run
> with the valgrind --trace-children option, but not smbd's -i, the
> valgrind errors will end up in the normal Samba logfiles (we redirect
> stderr).

Ok, I now did:

valgrind -v --num-callers=32 --trace-children=yes --log-file=valgrind.log -- smbd

I do not really understand (perhaps due to my limited knowledge of
valgrind) why smbd crashes when run normally; when run through
valgrind it seems to run without crashing.

Nonetheless, the valgrind logfile is here:

http://www.amagerkollegiet.dk/~moffe/valgrind.log.pid2456

Regards
/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
42.3454% of statistics are completely made up
                               - Matt Benneke
----------------------------------------------[ moffe at zz9 dot dk ] --




Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Jan Braun <janbraun@gmx.net>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #67 received at 302378@bugs.debian.org (full text, mbox):

From: Jan Braun <janbraun@gmx.net>
To: Debian Bug Tracking System <302378@bugs.debian.org>
Subject: samba: It's SIGHUP's fault
Date: Sun, 10 Apr 2005 20:01:49 +0200
Package: samba
Version: 2.2.3a-14.2
Followup-For: Bug #302378

Hi,
it seems this is the same bug I'm encountering. Since the security
update, smbd occasionally exited with an internal error. Turning on
debugging revealed a preceding SIGHUP, and sure enough, sending smbd a
SIGHUP makes it segfault. (I have no idea where the SIGHUPs came from,
however: the server was idle and I certainly didn't modify the config
file.) Log and gdb backtrace follow:

[2005/04/10 19:09:17, 0] smbd/server.c:sig_hup(384)
  Got SIGHUP
[2005/04/10 19:09:17, 3] smbd/sec_ctx.c:set_sec_ctx(314)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/04/10 19:09:17, 5] smbd/uid.c:change_to_root_user(216)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/04/10 19:09:17, 1] smbd/server.c:open_sockets(220)
  Reloading services after SIGHUP
[2005/04/10 19:09:17, 5] param/loadparm.c:free_service(1786)
  free_service: Freeing service cdrom
[2005/04/10 19:09:17, 5] param/loadparm.c:free_service(1786)
  free_service: Freeing service IPC$
[2005/04/10 19:09:17, 5] param/loadparm.c:free_service(1786)
  free_service: Freeing service ADMIN$
[2005/04/10 19:09:17, 3] param/loadparm.c:init_globals(1227)
  Initialising global parameters
[2005/04/10 19:09:17, 3] param/params.c:pm_process(577)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2005/04/10 19:09:17, 3] param/loadparm.c:do_section(2955)
  Processing section "[global]"
  doing parameter bind interfaces only = yes
  doing parameter interfaces = 127.0.0.1 eth1 192.168.0.0/16
[2005/04/10 19:09:22, 0] lib/fault.c:fault_report(38)
  ===============================================================
[2005/04/10 19:09:23, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 20491 (2.2.3a-14.2 for Debian)
  Please read the file BUGS.txt in the distribution
[2005/04/10 19:09:23, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2005/04/10 19:09:23, 0] lib/util.c:smb_panic(1105)
  PANIC: internal error


Program received signal SIGHUP, Hangup.
0x4011a7ee in select () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x400bebd4 in free () from /lib/libc.so.6
(gdb) bt
#0  0x400bebd4 in free () from /lib/libc.so.6
#1  0x400beaa3 in free () from /lib/libc.so.6
#2  0x081147c2 in chroot ()
#3  0x081147e7 in chroot ()
#4  0x0808ce54 in chroot ()
#5  0x0808cfd0 in chroot ()
#6  0x0808e7fc in chroot ()
#7  0x0808e86e in chroot ()
#8  0x0808ea59 in chroot ()
#9  0x0808dbaf in chroot ()
#10 0x0804c0b1 in chroot ()
#11 0x0804bde6 in chroot ()
#12 0x0804cc7b in chroot ()
#13 0x4006914f in __libc_start_main () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGABRT, Aborted.
0x40079781 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40079781 in kill () from /lib/libc.so.6
#1  0x40079464 in raise () from /lib/libc.so.6
#2  0x4007abe1 in abort () from /lib/libc.so.6
#3  0x0811a42f in chroot ()
#4  0x08109e42 in chroot ()
#5  0x08109e95 in chroot ()
#6  0x400796b8 in sigaction () from /lib/libc.so.6
#7  0x400beaa3 in free () from /lib/libc.so.6
#8  0x081147c2 in chroot ()
#9  0x081147e7 in chroot ()
#10 0x0808ce54 in chroot ()
#11 0x0808cfd0 in chroot ()
#12 0x0808e7fc in chroot ()
#13 0x0808e86e in chroot ()
#14 0x0808ea59 in chroot ()
#15 0x0808dbaf in chroot ()
#16 0x0804c0b1 in chroot ()
#17 0x0804bde6 in chroot ()
#18 0x0804cc7b in chroot ()
#19 0x4006914f in __libc_start_main () from /lib/libc.so.6
(gdb) c
Continuing.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb)


Please tell me if you need more info.
regards,
	Jan

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux fera 2.4.18fera.4 #1 Mon Apr 19 22:19:59 CEST 2004 i586
Locale: LANG=C, LC_CTYPE=C

Versions of packages samba depends on:
ii  debconf                  1.2.35          Debian configuration management sy
ii  libc6                    2.2.5-11.8      GNU C Library: Shared libraries an
ii  libcupsys2               1.1.14-5woody12 Common UNIX Printing System(tm) - 
ii  libpam0g                 0.72-35         Pluggable Authentication Modules l
ii  logrotate                3.5.9-8         Log rotation utility
ii  netbase                  4.07            Basic TCP/IP networking system
ii  samba-common             2.2.3a-14.2     Samba common files used by both th






Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Werner Ammon <chaot@chaos.de>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #72 received at 302378@bugs.debian.org (full text, mbox):

From: Werner Ammon <chaot@chaos.de>
To: 302378@bugs.debian.org
Subject: samba: It's SIGHUP's fault
Date: Mon, 11 Apr 2005 10:11:52 +0200
Package: samba
Version: 2.2.3a-14.2
Followup-For: Bug #302378

Hi,
3 Networks, 4 Machines, same Problem.

> I have no idea where the SIGHUPs came from

They came from logrotate:
/etc/logrotate.d/samba
--- cut ---
postrotate
killall -q -HUP smbd || true
--- cut ---


Log and gdb backtrace follow:

[2005/04/11 09:57:54, 0] smbd/server.c:main(698)
  smbd version 2.2.3a-14.2 for Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2005/04/11 10:06:44, 0] smbd/server.c:sig_hup(384)
  Got SIGHUP
[2005/04/11 10:06:52, 0] lib/fault.c:fault_report(38)
  ===============================================================
[2005/04/11 10:06:52, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 5826 (2.2.3a-14.2 for Debian)
  Please read the file BUGS.txt in the distribution
[2005/04/11 10:06:52, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2005/04/11 10:06:52, 0] lib/util.c:smb_panic(1105)
  PANIC: internal error


Program received signal SIGHUP, Hangup.
0x401197ee in select () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x400bdbd4 in free () from /lib/libc.so.6
(gdb) bt
#0  0x400bdbd4 in free () from /lib/libc.so.6
#1  0x400bdaa3 in free () from /lib/libc.so.6
#2  0x081147c2 in chroot ()
#3  0x081147e7 in chroot ()
#4  0x08088f8b in chroot ()
#5  0x0808db5e in chroot ()
#6  0x0804c0b1 in chroot ()
#7  0x0804bde6 in chroot ()
#8  0x0804cc7b in chroot ()
#9  0x4006814f in __libc_start_main () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGABRT, Aborted.
0x40078781 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x40078781 in kill () from /lib/libc.so.6
#1  0x40078464 in raise () from /lib/libc.so.6
#2  0x40079be1 in abort () from /lib/libc.so.6
#3  0x0811a42f in chroot ()
#4  0x08109e42 in chroot ()
#5  0x08109e95 in chroot ()
#6  0x400786b8 in sigaction () from /lib/libc.so.6
#7  0x400bdaa3 in free () from /lib/libc.so.6
#8  0x081147c2 in chroot ()
#9  0x081147e7 in chroot ()
#10 0x08088f8b in chroot ()
#11 0x0808db5e in chroot ()
#12 0x0804c0b1 in chroot ()
#13 0x0804bde6 in chroot ()
#14 0x0804cc7b in chroot ()
#15 0x4006814f in __libc_start_main () from /lib/libc.so.6
(gdb) c
Continuing.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.


Please tell me if you need more info.

regards,
Werner



Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Olivier Sessink <olivier@pkedu.fbt.eitn.wau.nl>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #77 received at 302378@bugs.debian.org (full text, mbox):

From: Olivier Sessink <olivier@pkedu.fbt.eitn.wau.nl>
To: 302378@bugs.debian.org
Subject: logrotate "killall -q -HUP smbd" crashes samba servers
Date: Mon, 11 Apr 2005 14:50:07 +0200
Hi all,

same problem here, last morning all our servers did a logrotate, and 
they all went down... This is quite a severe problem, how severe was the 
security issue this fix was supposed to fix? worse or less? (should I 
downgrade?)

regards,
	Olivier Sessink







Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #82 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Rasmus Bøg Hansen <moffe@zz9.dk>, Tomas Cernaj <tcernaj@gmx.de>
Cc: 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Mon, 18 Apr 2005 02:43:58 -0700
[Message part 1 (text/plain, inline)]
severity 305043 grave
merge 302378 305043
thanks

Rasmus, Tomas,

It would help me to be able to track down this problem if I could reproduce
it locally.  Could one of you send me a copy of your smb.conf file?  There
must be something about your configurations that's triggering this bug, and
I don't know what it is.

Thanks,
-- 
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]

Merged 302378 305043. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Valentijn Sessink <v.sessink@openoffice.nl>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #89 received at 302378@bugs.debian.org (full text, mbox):

From: Valentijn Sessink <v.sessink@openoffice.nl>
To: 302378@bugs.debian.org
Subject: smb.conf
Date: Mon, 18 Apr 2005 15:27:39 +0200
[Message part 1 (text/plain, inline)]
Hello,

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302378&msg=49&att=0 asks
for an smb.conf, here it comes (see attachment).

Valentijn
-- 
-- Holland Open Software Congres, 30/31 mei 2005: http://hollandopen.nl --
http://www.openoffice.nl/   Open Office - Linux Office Solutions
Valentijn Sessink  valentyn+sessink@nospam.openoffice.nl
[smb.conf (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Olivier Sessink <olivier@pkedu.fbt.eitn.wau.nl>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #94 received at 302378@bugs.debian.org (full text, mbox):

From: Olivier Sessink <olivier@pkedu.fbt.eitn.wau.nl>
To: 302378@bugs.debian.org
Subject: possible workaround
Date: Tue, 19 Apr 2005 10:39:38 +0200
Hi,

a possible workaround is to have logrotate do a samba restart instead of 
a reload. This will disconnect all users, but it that is not an issue at 
the time logrorate is running, this might be an improvement over crashing...

appended is an smb.conf of an affected server

regards,
	Olivier Sessink

----------------- smb.conf -----------------------------------
[global]
  printing = bsd
  printcap name = /etc/printcap
  load printers = yes
  guest account = nobody
  invalid users = root
  security = share
  workgroup = fbt.wau
  netbios name = FBT_LINUX
  netbios aliases = linux1 serv.wu
  server string = FBT Linux server
  remote announce = 137.224.178.217/pk.wau 137.224.178.222
  syslog only = no
  syslog = 0;
  socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
  encrypt passwords = yes
  wins support = no
  wins server = 137.224.145.16
  os level = 50
  name resolve order = lmhosts host wins bcast
  dns proxy = no
  preserve case = yes
  short preserve case = yes
  unix password sync = false
  max log size = 1000
[homes]
	comment = Home Directories
	browseable = no
	read only = no
	create mask = 0700
	directory mask = 0700
[htdocs]
        comment = webroot
        browseable = yes
        path = /var/www
        public = no
        writable = yes
        force group = wwwauthors
        create mask=0666
        directory mode=0777
        username = hylke, olivier, bertjan
[intern]
        comment = webroot
        browseable = yes
        path = /var/www/intern
        public = no
        writable = yes
        force group = pk
        create mask=0666
        directory mode=0777
        username = hylke, olivier
        force user = hylke, olivier
[smart]
        comment = smart project
        browseable = yes
        path = /home/smart
        public = no
        writable = yes
        force group = smart
        create mask=0666
        directory mode=0775
        force user = smart











Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #99 received at 302378@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 302378@bugs.debian.org
Subject: Re: Bug#302378: possible workaround
Date: Tue, 19 Apr 2005 09:27:37 -0400
[Message part 1 (text/plain, inline)]
And here is another.
-- 
 -----------------------------------------------------------------
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |
 -----------------------------------------------------------------
[smb.conf (text/plain, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to <joris@jorismooij.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #104 received at 302378@bugs.debian.org (full text, mbox):

From: <joris@jorismooij.org>
To: <302378@bugs.debian.org>
Subject: another smb.conf
Date: Tue, 19 Apr 2005 16:46:59 +0200 (CEST)
[Message part 1 (text/plain, inline)]
And here is my smb.conf, I hope it helps.

An interesting observation is that the smbd crash occurs every Sunday
around 6:30 AM, some minutes after my /etc/cron.daily has run (which is
scheduled at 6:25 AM).

Greetings,
Joris
[smb.conf (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #109 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Rasmus Bøg Hansen <moffe@zz9.dk>
Cc: Andrew Bartlett <abartlet@samba.org>, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Tue, 19 Apr 2005 22:33:45 -0700
[Message part 1 (text/plain, inline)]
tags 302378 patch pending
thanks

And valgrind reveals all in the end.  Attached is a patch which fixes up a
rounding error in the use of malloc_array(); this is probably a bit wasteful
compared to the original code, but at least it never allocates too little and
gives us malloc corruption.

I'll get this over to the security team asap; in the meantime, the patch is
here for people who can't wait for the official builds.

Cheers,
-- 
Steve Langasek
postmodern programmer

On Fri, Apr 08, 2005 at 09:48:53AM +0200, Rasmus Bøg Hansen wrote:
> Andrew Bartlett <abartlet@samba.org> hit the keyboard.
> Afterwards the following was on the screen:
> 
> > On Fri, 2005-04-08 at 01:08 +0200, Rasmus Bøg Hansen wrote:
> >> Hi again
> >> 
> >> Valgrind is not in woody, so I installed it from backports, and made
> >> the following trace:
> >> 
> >> valgrind -v -- smbd -i > /tmp/valgrind.log 2>&1
> >> 
> >> Output is here:
> >> 
> >> http://www.amagerkollegiet.dk/~moffe/valgrind.log
> >
> > Sorry, that doesn't help.  We will probably need --num-callers=32, and
> > we need to show it crashing, not just running and exiting once (which is
> > what -i does).
> >
> > Internally, Samba has been modified to assist in this, so if you run
> > with the valgrind --trace-children option, but not smbd's -i, the
> > valgrind errors will end up in the normal Samba logfiles (we redirect
> > stderr).
> 
> Ok, I now did:
> 
> valgrind -v --num-callers=32 --trace-children=yes --log-file=valgrind.log -- smbd
> 
> I do not really understand (perhaps due to my limited knowledge of
> valgrind) why smbd crashes when run normally; when run through
> valgrind it seems to run without crashing.
> 
> Nonetheless, the valgrind logfile is here:
> 
> http://www.amagerkollegiet.dk/~moffe/valgrind.log.pid2456
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #114 received at 302378@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Rasmus Bøg Hansen <moffe@zz9.dk>
Cc: Andrew Bartlett <abartlet@samba.org>, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Tue, 19 Apr 2005 22:43:05 -0700
[Message part 1 (text/plain, inline)]
And now... the patch. :)

Cheers,
-- 
Steve Langasek
postmodern programmer

On Tue, Apr 19, 2005 at 10:33:44PM -0700, Steve Langasek wrote:
> And valgrind reveals all in the end.  Attached is a patch which fixes up a
> rounding error in the use of malloc_array(); this is probably a bit wasteful
> compared to the original code, but at least it never allocates too little and
> gives us malloc corruption.
> 
> I'll get this over to the security team asap; in the meantime, the patch is
> here for people who can't wait for the official builds.
> 
> Cheers,
> -- 
> Steve Langasek
> postmodern programmer
> 
> On Fri, Apr 08, 2005 at 09:48:53AM +0200, Rasmus Bøg Hansen wrote:
> > Andrew Bartlett <abartlet@samba.org> hit the keyboard.
> > Afterwards the following was on the screen:
> > 
> > > On Fri, 2005-04-08 at 01:08 +0200, Rasmus Bøg Hansen wrote:
> > >> Hi again
> > >> 
> > >> Valgrind is not in woody, so I installed it from backports, and made
> > >> the following trace:
> > >> 
> > >> valgrind -v -- smbd -i > /tmp/valgrind.log 2>&1
> > >> 
> > >> Output is here:
> > >> 
> > >> http://www.amagerkollegiet.dk/~moffe/valgrind.log
> > >
> > > Sorry, that doesn't help.  We will probably need --num-callers=32, and
> > > we need to show it crashing, not just running and exiting once (which is
> > > what -i does).
> > >
> > > Internally, Samba has been modified to assist in this, so if you run
> > > with the valgrind --trace-children option, but not smbd's -i, the
> > > valgrind errors will end up in the normal Samba logfiles (we redirect
> > > stderr).
> > 
> > Ok, I now did:
> > 
> > valgrind -v --num-callers=32 --trace-children=yes --log-file=valgrind.log -- smbd
> > 
> > I do not really understand (perhaps due to my limited knowledge of
> > valgrind) why smbd crashes when run normally; when run through
> > valgrind it seems to run without crashing.
> > 
> > Nonetheless, the valgrind logfile is here:
> > 
> > http://www.amagerkollegiet.dk/~moffe/valgrind.log.pid2456


[samba-302378.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: patch, pending Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, peloy@debian.org (Eloy A. Paris):
Bug#302378; Package samba. Full text and rfc822 format available.

Acknowledgement sent to moffe@zz9.dk (Rasmus Bøg Hansen):
Extra info received and forwarded to list. Copy sent to peloy@debian.org (Eloy A. Paris). Full text and rfc822 format available.

Message #121 received at 302378@bugs.debian.org (full text, mbox):

From: moffe@zz9.dk (Rasmus Bøg Hansen)
To: Steve Langasek <vorlon@debian.org>
Cc: Andrew Bartlett <abartlet@samba.org>, 302378@bugs.debian.org
Subject: Re: Bug#302378: samba: smbd exits with SIGABRT
Date: Wed, 20 Apr 2005 12:02:38 +0200
Steve Langasek <vorlon@debian.org> hit the keyboard.
Afterwards the following was on the screen:

> And valgrind reveals all in the end.  Attached is a patch which fixes up a
> rounding error in the use of malloc_array(); this is probably a bit wasteful
> compared to the original code, but at least it never allocates too little and
> gives us malloc corruption.
>
> I'll get this over to the security team asap; in the meantime, the patch is
> here for people who can't wait for the official builds.

I manually installed packages with this patch applied. It solves the
problem entirely. The "working" machine actually segfaulted when
receiving HUP (as described in the other bug report) - this is also
solved.

Thank you very much.

Regards
/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
Anything is possible given the willpower and sufficient pizza.
                             -- Gusty on alt.fan.douglas-adams
----------------------------------------------[ moffe at zz9 dot dk ] --




Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Rasmus Bøg Hansen" <moffe@amagerkollegiet.dk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #126 received at 302378-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 302378-close@bugs.debian.org
Subject: Bug#302378: fixed in samba 2.2.3a-15
Date: Thu, 21 Apr 2005 12:32:13 -0400
Source: samba
Source-Version: 2.2.3a-15

We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:

libpam-smbpass_2.2.3a-15_arm.deb
  to pool/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb
libsmbclient-dev_2.2.3a-15_arm.deb
  to pool/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb
libsmbclient_2.2.3a-15_arm.deb
  to pool/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
samba-common_2.2.3a-15_arm.deb
  to pool/main/s/samba/samba-common_2.2.3a-15_arm.deb
samba-doc_2.2.3a-15_all.deb
  to pool/main/s/samba/samba-doc_2.2.3a-15_all.deb
samba_2.2.3a-15.diff.gz
  to pool/main/s/samba/samba_2.2.3a-15.diff.gz
samba_2.2.3a-15.dsc
  to pool/main/s/samba/samba_2.2.3a-15.dsc
samba_2.2.3a-15_arm.deb
  to pool/main/s/samba/samba_2.2.3a-15_arm.deb
smbclient_2.2.3a-15_arm.deb
  to pool/main/s/samba/smbclient_2.2.3a-15_arm.deb
smbfs_2.2.3a-15_arm.deb
  to pool/main/s/samba/smbfs_2.2.3a-15_arm.deb
swat_2.2.3a-15_arm.deb
  to pool/main/s/samba/swat_2.2.3a-15_arm.deb
winbind_2.2.3a-15_arm.deb
  to pool/main/s/samba/winbind_2.2.3a-15_arm.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 302378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated samba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 19 Apr 2005 18:14:36 -0700
Source: samba
Binary: smbfs libpam-smbpass smbclient winbind libsmbclient-dev samba swat samba-common libsmbclient samba-doc
Architecture: source arm all
Version: 2.2.3a-15
Distribution: stable-security
Urgency: medium
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libpam-smbpass - pluggable authentication module for SMB password database
 libsmbclient - Shared library that allows applications to talk to SMB servers
 libsmbclient-dev - libsmbclient static libraries and headers
 samba      - A LanManager like file and printer server for Unix.
 samba-common - Samba common files used by both the server and the client.
 samba-doc  - Samba documentation.
 smbclient  - A LanManager like simple client for Unix.
 smbfs      - mount and umount commands for the smbfs (for kernels >= than 2.2.
 swat       - Samba Web Administration Tool
 winbind    - Service to resolve user and group information from Windows NT ser
Closes: 302378
Changes: 
 samba (2.2.3a-15) stable-security; urgency=medium
 .
   * Acknowledge the Security Team's NMUs; thanks again for all your
     work, Joey.
   * Fix a rounding error introduced in the patch to bitmap_alloc() that
     causes crashes on reload.  Closes: #302378. [src/bitmap.c]
Files: 
 a830503053c010eaf927e278aa9bee46 771 net optional samba_2.2.3a-15.dsc
 5019368376bf7e7021d6fac84b4ebb41 128578 net optional samba_2.2.3a-15.diff.gz
 bddbd51cdb1ad5caa110da59fa1befd7 2447132 doc optional samba-doc_2.2.3a-15_all.deb
 d5c3bc06031f7e1a8f318f7044c4c065 2557616 net optional samba_2.2.3a-15_arm.deb
 707cdd665ed01bd65ab3992de8ec3022 1024430 net optional samba-common_2.2.3a-15_arm.deb
 0f101fceeb6ce6c9d0fbe04b36be629d 1004790 net optional smbclient_2.2.3a-15_arm.deb
 c8a4da7264d07c97d12163e70c2340f9 558620 net optional swat_2.2.3a-15_arm.deb
 89b7d54917cd90ec1960e091e1bff8c6 833456 otherosfs optional smbfs_2.2.3a-15_arm.deb
 59a8c97c404bad26b39d31eaadc4e4d5 397722 admin extra libpam-smbpass_2.2.3a-15_arm.deb
 3614ee47d7fa5c1c647528789f5d67b0 462276 libs extra libsmbclient_2.2.3a-15_arm.deb
 259e4f9bec3d35c1fa9114d62519d3ac 548498 devel extra libsmbclient-dev_2.2.3a-15_arm.deb
 86a5de52d3f680adb949606fb0837cbb 976218 net optional winbind_2.2.3a-15_arm.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCZm0yW5ql+IAeqTIRAgU3AJ9xcb251QYp/7AsqJHnT0W5ga+XUgCgt/FI
diqCf7QGgaC3d4sm9jxKmpw=
=2p0j
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:13:59 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.