Description of problem: Version-Release number of selected component: samba-4.5.0-0.0.rc1.fc25 Additional info: reporter: libreport-2.8.0 backtrace_rating: 4 cmdline: /usr/sbin/smbd crash_function: dump_core executable: /usr/sbin/smbd global_pid: 7295 kernel: 4.8.0-0.rc5.git1.1.fc25.x86_64 pkg_fingerprint: 4089 D8F2 FDB1 9C98 pkg_vendor: Fedora Project runlevel: N 3 type: CCpp uid: 0 Truncated backtrace: Thread no. 1 (10 frames) #2 dump_core at ../source3/lib/dumpcore.c:322 #3 smb_panic_s3 at ../source3/lib/util.c:814 #4 smb_panic at ../lib/util/fault.c:166 #5 fault_report at ../lib/util/fault.c:83 #6 sig_fault at ../lib/util/fault.c:94 #8 tevent_debug at ../tevent_debug.c:89 #9 tevent_common_loop_timer_delay at ../tevent_timed.c:330 #10 run_events_poll at ../source3/lib/events.c:199 #11 s3_event_loop_once at ../source3/lib/events.c:303 #12 _tevent_loop_once at ../tevent.c:680 Potential duplicate: bug 1186771
Created attachment 1200792 [details] File: backtrace
Created attachment 1200793 [details] File: cgroup
Created attachment 1200794 [details] File: core_backtrace
Created attachment 1200795 [details] File: dso_list
Created attachment 1200796 [details] File: environ
Created attachment 1200797 [details] File: limits
Created attachment 1200798 [details] File: maps
Created attachment 1200799 [details] File: mountinfo
Created attachment 1200800 [details] File: namespaces
Created attachment 1200801 [details] File: open_fds
Created attachment 1200802 [details] File: proc_pid_status
Created attachment 1200803 [details] File: var_log_messages
The crash happens right away when the smbd service is started. It's apparently independent of the contents of smb.conf - testparam reports that the config is OK, and I've tried starting smb with the default smb.conf with the same result.
Could you please try with https://bodhi.fedoraproject.org/updates/FEDORA-2016-72793a0d3c
Not much of a diffence, unfortunately: Sep 16 16:51:51 server2.tala.local systemd[1]: Starting Samba SMB Daemon... Sep 16 16:51:51 server2.tala.local systemd[1]: smb.service: Supervising process 7912 which is not our child. We'll most likely not notice when it exits. Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.464308, 0] ../lib/util/fault.c:78(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7913]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.465599, 0] ../lib/util/fault.c:79(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7913]: INTERNAL ERROR: Signal 11 in pid 7913 (4.5.0) Sep 16 16:51:51 server2.tala.local smbd[7913]: Please read the Trouble-Shooting section of the Samba HOWTO Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.467113, 0] ../lib/util/fault.c:81(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7913]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.468174, 0] ../source3/lib/util.c:791(smb_panic_s3) Sep 16 16:51:51 server2.tala.local smbd[7913]: PANIC (pid 7913): internal error Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.469674, 0] ../source3/lib/util.c:902(log_stack_trace) Sep 16 16:51:51 server2.tala.local smbd[7913]: BACKTRACE: 14 stack frames: Sep 16 16:51:51 server2.tala.local smbd[7913]: #0 /lib64/libsmbconf.so.0(log_stack_trace+0x1c) [0x7fc6b199380c] Sep 16 16:51:51 server2.tala.local smbd[7913]: #1 /lib64/libsmbconf.so.0(smb_panic_s3+0x20) [0x7fc6b19938e0] Sep 16 16:51:51 server2.tala.local smbd[7913]: #2 /lib64/libsamba-util.so.0(smb_panic+0x2f) [0x7fc6b3e8782f] Sep 16 16:51:51 server2.tala.local smbd[7913]: #3 /lib64/libsamba-util.so.0(+0x22a46) [0x7fc6b3e87a46] Sep 16 16:51:51 server2.tala.local smbd[7913]: #4 /lib64/libpthread.so.0(+0x115c0) [0x7fc6b40eb5c0] Sep 16 16:51:51 server2.tala.local smbd[7913]: #5 /lib64/libtevent.so.0(tevent_debug+0x56) [0x7fc6b03ccf06] Sep 16 16:51:51 server2.tala.local smbd[7913]: #6 /lib64/libtevent.so.0(tevent_common_loop_timer_delay+0xba) [0x7fc6b03d14ea] Sep 16 16:51:51 server2.tala.local smbd[7913]: #7 /lib64/libsmbconf.so.0(run_events_poll+0x1a9) [0x7fc6b19ab2b9] Sep 16 16:51:51 server2.tala.local smbd[7913]: #8 /lib64/libsmbconf.so.0(+0x36457) [0x7fc6b19ab457] Sep 16 16:51:51 server2.tala.local systemd[1]: Started Samba SMB Daemon. Sep 16 16:51:51 server2.tala.local smbd[7913]: #9 /lib64/libtevent.so.0(_tevent_loop_once+0x9d) [0x7fc6b03ccabd] Sep 16 16:51:51 server2.tala.local smbd[7913]: #10 /lib64/libtevent.so.0(tevent_req_poll+0x23) [0x7fc6b03cde23] Sep 16 16:51:51 server2.tala.local smbd[7913]: #11 /usr/sbin/smbd(main+0x860) [0x55c8653406b0] Sep 16 16:51:51 server2.tala.local smbd[7913]: #12 /lib64/libc.so.6(__libc_start_main+0xf1) [0x7fc6b0022401] Sep 16 16:51:51 server2.tala.local smbd[7913]: #13 /usr/sbin/smbd(_start+0x2a) [0x55c8653416ba] Sep 16 16:51:51 server2.tala.local smbd[7913]: [2016/09/16 16:51:51.470044, 0] ../source3/lib/dumpcore.c:303(dump_core) Sep 16 16:51:51 server2.tala.local smbd[7913]: dumping core in /var/log/samba/cores/smbd Sep 16 16:51:51 server2.tala.local smbd[7913]: Sep 16 16:51:51 server2.tala.local smbd[7915]: [2016/09/16 16:51:51.471692, 0] ../lib/util/fault.c:78(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7915]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7915]: [2016/09/16 16:51:51.471834, 0] ../lib/util/fault.c:79(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7915]: INTERNAL ERROR: Signal 11 in pid 7915 (4.5.0) Sep 16 16:51:51 server2.tala.local smbd[7915]: Please read the Trouble-Shooting section of the Samba HOWTO Sep 16 16:51:51 server2.tala.local smbd[7915]: [2016/09/16 16:51:51.471891, 0] ../lib/util/fault.c:81(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7915]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7915]: [2016/09/16 16:51:51.471932, 0] ../source3/lib/util.c:791(smb_panic_s3) Sep 16 16:51:51 server2.tala.local smbd[7915]: PANIC (pid 7915): internal error Sep 16 16:51:51 server2.tala.local smbd[7915]: [2016/09/16 16:51:51.472744, 0] ../source3/lib/util.c:902(log_stack_trace) Sep 16 16:51:51 server2.tala.local smbd[7915]: BACKTRACE: 5 stack frames: Sep 16 16:51:51 server2.tala.local smbd[7915]: #0 /lib64/libsmbconf.so.0(log_stack_trace+0x1c) [0x7fc6b199380c] Sep 16 16:51:51 server2.tala.local smbd[7915]: #1 /lib64/libsmbconf.so.0(smb_panic_s3+0x20) [0x7fc6b19938e0] Sep 16 16:51:51 server2.tala.local smbd[7915]: #2 /lib64/libsamba-util.so.0(smb_panic+0x2f) [0x7fc6b3e8782f] Sep 16 16:51:51 server2.tala.local smbd[7915]: #3 /lib64/libsamba-util.so.0(+0x22a46) [0x7fc6b3e87a46] Sep 16 16:51:51 server2.tala.local smbd[7915]: #4 /lib64/libpthread.so.0(+0x115c0) [0x7fc6b40eb5c0] Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.480123, 0] ../lib/util/become_daemon.c:124(daemon_ready) Sep 16 16:51:51 server2.tala.local smbd[7912]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.540217, 0] ../lib/util/fault.c:78(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7912]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.540343, 0] ../lib/util/fault.c:79(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7912]: INTERNAL ERROR: Signal 11 in pid 7912 (4.5.0) Sep 16 16:51:51 server2.tala.local smbd[7912]: Please read the Trouble-Shooting section of the Samba HOWTO Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.540416, 0] ../lib/util/fault.c:81(fault_report) Sep 16 16:51:51 server2.tala.local smbd[7912]: =============================================================== Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.540460, 0] ../source3/lib/util.c:791(smb_panic_s3) Sep 16 16:51:51 server2.tala.local smbd[7912]: PANIC (pid 7912): internal error Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.540968, 0] ../source3/lib/util.c:902(log_stack_trace) Sep 16 16:51:51 server2.tala.local smbd[7912]: BACKTRACE: 19 stack frames: Sep 16 16:51:51 server2.tala.local smbd[7912]: #0 /lib64/libsmbconf.so.0(log_stack_trace+0x1c) [0x7fc6b199380c] Sep 16 16:51:51 server2.tala.local smbd[7912]: #1 /lib64/libsmbconf.so.0(smb_panic_s3+0x20) [0x7fc6b19938e0] Sep 16 16:51:51 server2.tala.local smbd[7912]: #2 /lib64/libsamba-util.so.0(smb_panic+0x2f) [0x7fc6b3e8782f] Sep 16 16:51:51 server2.tala.local smbd[7912]: #3 /lib64/libsamba-util.so.0(+0x22a46) [0x7fc6b3e87a46] Sep 16 16:51:51 server2.tala.local smbd[7912]: #4 /lib64/libpthread.so.0(+0x115c0) [0x7fc6b40eb5c0] Sep 16 16:51:51 server2.tala.local smbd[7912]: #5 /lib64/libtevent.so.0(tevent_timeval_compare+0) [0x7fc6b03d10a0] Sep 16 16:51:51 server2.tala.local smbd[7912]: #6 /lib64/libtevent.so.0(+0x9251) [0x7fc6b03d1251] Sep 16 16:51:51 server2.tala.local smbd[7912]: #7 /lib64/libtevent.so.0(tevent_common_add_timer+0x13) [0x7fc6b03d1403] Sep 16 16:51:51 server2.tala.local smbd[7912]: #8 /lib64/libtevent.so.0(tevent_req_set_endtime+0x60) [0x7fc6b03cdef0] Sep 16 16:51:51 server2.tala.local smbd[7912]: #9 /lib64/libtevent.so.0(tevent_wakeup_send+0x55) [0x7fc6b03d17a5] Sep 16 16:51:51 server2.tala.local smbd[7912]: #10 /usr/sbin/smbd(+0xaebe) [0x55c865344ebe] Sep 16 16:51:51 server2.tala.local smbd[7912]: #11 /lib64/libtevent.so.0(tevent_common_check_signal+0x278) [0x7fc6b03d0a58] Sep 16 16:51:51 server2.tala.local smbd[7912]: #12 /lib64/libsmbconf.so.0(run_events_poll+0x24) [0x7fc6b19ab134] Sep 16 16:51:51 server2.tala.local smbd[7912]: #13 /lib64/libsmbconf.so.0(+0x364f7) [0x7fc6b19ab4f7] Sep 16 16:51:51 server2.tala.local smbd[7912]: #14 /lib64/libtevent.so.0(_tevent_loop_once+0x9d) [0x7fc6b03ccabd] Sep 16 16:51:51 server2.tala.local smbd[7912]: #15 /lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fc6b03ccceb] Sep 16 16:51:51 server2.tala.local smbd[7912]: #16 /usr/sbin/smbd(main+0x1642) [0x55c865341492] Sep 16 16:51:51 server2.tala.local smbd[7912]: #17 /lib64/libc.so.6(__libc_start_main+0xf1) [0x7fc6b0022401] Sep 16 16:51:51 server2.tala.local smbd[7912]: #18 /usr/sbin/smbd(_start+0x2a) [0x55c8653416ba] Sep 16 16:51:51 server2.tala.local smbd[7912]: [2016/09/16 16:51:51.541426, 0] ../source3/lib/dumpcore.c:303(dump_core) Sep 16 16:51:51 server2.tala.local smbd[7912]: dumping core in /var/log/samba/cores/smbd
Could you please post the full backtrace?
Created attachment 1202464 [details] New backtrace
Could you start smbd with valgrind: valgrind --tool=memcheck -v --num-callers=20 --track-origins=yes --log-file=smbd-valgrind.log /usr/sbin/smbd and upload the logfile?
Created attachment 1203601 [details] Valgrind log file
Could you please run valgrind with debuginfo installed for samba and tevent?
The command is: debuginfo-install samba libtevent
Created attachment 1203844 [details] Valgrind Log with Debug Info Does look to be failing in libtevent, something is corrupting the memory because its trying to return to 0xb0 address. Also, compiling to an earlier version of libtevent seems to fix the problem.
Compiled and installed libtevent-0.9.29 into /usr/local/lib and pointed /usr/lib64/libtevent.so.0 -> /usr/local/lib/libtevent.so.0.9.29 and systemctl restart smb.service works perfectly and I can log in with no Signal 11.
diff of version 0.9.29 and 0.9.30, seems the developer converted a lot of normal code into pthread code. I guess some of that code is corrupting the stack.
The problem is that smbd uses internal tevent structures! The internal structures changed with 0.9.30, but Samba 4.5.x is build with interal structures and has the information of 0.9.29. So accessing the structure leads to segfault. There is a patchset to not use internal tevent structures in Samba anymore. This will fix the issue. Patches are under review.
(In reply to Andreas Schneider from comment #25) > The problem is that smbd uses internal tevent structures! The internal > structures changed with 0.9.30, but Samba 4.5.x is build with interal > structures and has the information of 0.9.29. So accessing the structure > leads to segfault. > > There is a patchset to not use internal tevent structures in Samba anymore. > This will fix the issue. Patches are under review. Hi Andreas Is there any updates about the patches being reviewed? Thanks, Pablo
*** Bug 1384337 has been marked as a duplicate of this bug. ***
*** Bug 1385327 has been marked as a duplicate of this bug. ***
Looks like the bodhi <-> bugzilla conntion is not working ... https://bodhi.fedoraproject.org/updates/FEDORA-2016-c46eda651e
samba-4.5.0-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c46eda651e
I can confirm, that samba-4.5.0-3.fc25 fixes the problem here. Thanks.
samba-4.5.0-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1387517 has been marked as a duplicate of this bug. ***
Got sent here after reporting a crash in samba-4.5.10-0.fc25.x86_64 but unable to report as it is a duplicate of this closed bug. Any ideas how I can force a new report in abrt?
See comment #31
Comment 31 is about 4.5.0-3.fc25, cube00 is talking about 4.5.10-0.fc25.
Manually reported in 1465523.