Ubuntu
samba package

Old libtalloc2 version dependency

Bug #1605209 reported by Sitsofe Wheeler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
New
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
talloc (Ubuntu)
New
Undecided
Unassigned
Trusty
New
Undecided
Marc Deslauriers

Bug Description

Description of the problem:
Samba crashes if libtalloc2 is not installed when a share is accessed by a non-Linux system.

Steps to reproduce:
1. Install KUbuntu 14.04.
2. Get a root terminal up and type
apt-get update
apt-get install samba
3. Add the following to end of /etc/samba/smb.conf :
[tmp]
   path = /tmp
   browseable = yes
   read only = no
   guest ok = yes
4. Run
service smbd reload
5. Connect to the share using something other than Linux (e.g. Windows 7 Explorer, Windows 2012 Explorer, OS X 10.9.5 Finder).

Expected result:
Contents of /tmp to be displayed.

Actual result:
The client hangs because the samba server has core dumped.

How reproducible is the issue:
It is reproducible every time.

Additional information:
Connecting to the share using Linux (e.g. using smbclient or Nautilus on another system) always works without issue.

Looking in /var/log/samba/cores shows are core with the following backtrace:
#0 0x00007ff3d014ccc9 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ff3d01500d8 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ff3d187d64b in dump_core ()
   from /usr/lib/x86_64-linux-gnu/libsmbconf.so.0
#3 0x00007ff3d2bed287 in smb_panic_s3 ()
   from /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0
#4 0x00007ff3d39648df in smb_panic ()
   from /usr/lib/x86_64-linux-gnu/libsamba-util.so.0
#5 0x00007ff3d06ebb5f in _talloc_zero ()
   from /usr/lib/x86_64-linux-gnu/libtalloc.so.2
#6 0x00007ff3d06f27b3 in talloc_set_memlimit ()
   from /usr/lib/x86_64-linux-gnu/libtalloc.so.2
#7 0x0000000000000000 in ?? ()

Looking in /var/log/samba/log.* shows the following:
[2016/07/21 11:31:48.763178, 0] ../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn)
  talloc: access after free error - first free may be at ../source3/smbd/open.c:3715
[2016/07/21 11:31:48.763218, 0] ../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn)
  Bad talloc magic value - access after free
[2016/07/21 11:31:48.763222, 0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 5987): Bad talloc magic value - access after free
[2016/07/21 11:31:48.763833, 0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 29 stack frames:
   #0 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_stack_trace+0x1a) [0x7ff3d2bed14a]
   #1 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(smb_panic_s3+0x20) [0x7ff3d2bed220]
   #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7ff3d39648df]
   #3 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(+0x1b5f) [0x7ff3d06ebb5f]
   #4 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(_talloc_steal_loc+0xab) [0x7ff3d06f277b]
   #5 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(_talloc_move+0x13) [0x7ff3d06f27b3]
   #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x18a9d8) [0x7ff3d35a59d8]
   #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(get_share_mode_lock+0x17e) [0x7ff3d35a660e]
   #8 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0xfbbfe) [0x7ff3d3516bfe]
   #9 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x10020c) [0x7ff3d351b20c]
   #10 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(create_file_default+0x1cf) [0x7ff3d351c69f]
   #11 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1d8cce) [0x7ff3d35f3cce]
   #12 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smb_vfs_call_create_file+0xd8) [0x7ff3d3522ed8]
   #13 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_process_create+0x1a24) [0x7ff3d3551994]
   #14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_dispatch+0xc4d) [0x7ff3d354943d]
   #15 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12f0c2) [0x7ff3d354a0c2]
   #16 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x16c) [0x7ff3d1885a2c]
   #17 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x25c80) [0x7ff3d1885c80]
   #18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7ff3d04ded5d]
   #19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7ff3d04deefb]
   #20 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x6c9) [0x7ff3d35385b9]
   #21 smbd(+0x96b6) [0x7ff3d3ffe6b6]
   #22 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x16c) [0x7ff3d1885a2c]
   #23 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x25c80) [0x7ff3d1885c80]
   #24 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7ff3d04ded5d]
   #25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7ff3d04deefb]
   #26 smbd(main+0x15b4) [0x7ff3d3ffc6c4]
   #27 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ff3d0137ec5]
   #28 smbd(+0x7a96) [0x7ff3d3ffca96]
[2016/07/21 11:31:48.763882, 0] ../source3/lib/util.c:801(smb_panic_s3)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 5987]
[2016/07/21 11:31:48.766436, 0] ../source3/lib/util.c:809(smb_panic_s3)
  smb_panic(): action returned status 0
[2016/07/21 11:31:48.766470, 0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd

Running
apt-get install libtalloc2
service smbd restart

resolves the problem.

Version information:
Ubuntu 14.04.3 LTS
libsmbclient 2:4.3.9+dfsg-0ubuntu0.14.04.3
libwbclient0 2:4.1.6+dfsg-1ubuntu2.14.04.8
python-samba 2:4.3.9+dfsg-0ubuntu0.14.04.3
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3 install ok installed
samba-common 2:4.3.9+dfsg-0ubuntu0.14.04.3
samba-common-bin 2:4.3.9+dfsg-0ubuntu0.14.04.3
samba-dsdb-modules 2:4.3.9+dfsg-0ubuntu0.14.04.3
samba-libs 2:4.3.9+dfsg-0ubuntu0.14.04.3
samba-vfs-modules 2:4.3.9+dfsg-0ubuntu0.14.04.3
smbclient 2:4.3.9+dfsg-0ubuntu0.14.04.3

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Others appear to be seeing the same issue too: https://answers.launchpad.net/ubuntu/+question/291448 .

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Another report of the same problem: http://askubuntu.com/questions/772730/samba-software-caused-connection-abort .

Sitsofe Wheeler (sitsofe)
summary: - Missing libtalloc2 dependency
+ Missing libtalloc2 version dependency
Revision history for this message
Sitsofe Wheeler (sitsofe) wrote : Re: Missing libtalloc2 version dependency

Closer inspection shows that the problem is the *version* of libtalloc2 installed - the samba packages already have a dependency on libtalloc2 itself but only require 2.0.4~git20101213 or newer. The problem occurred because the version of libtalloc wasn't upgraded but Samba seemingly requires it. The currently installed version is:
libtalloc2 2.1.0-1

Here is what it could have been upgraded to:
libtalloc2 2.1.5-0ubuntu0.14.04.1

so it looks like the ABI changed. As such, the required libtalloc2 version should be updated on packages linking against libtalloc 2.1.5...

Sitsofe Wheeler (sitsofe)
summary: - Missing libtalloc2 version dependency
+ Old libtalloc2 version dependency
Revision history for this message
Steve Langasek (vorlon) wrote :

If packages linking against the new libtalloc wind up requiring the new version without having a dependency on the new version, that's a bug in libtalloc. Opening a task on that package.

Changed in talloc (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
tags: added: regression-update
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.