** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and justification - for backporting the fix to the stable release. - - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + samba-gpupdate is a command run periodically by winbind to refresh + group policies on a machine joined to the domain. + + It has been reported to crash with a segfault. The exact conditions for + the crash were not reproduced in a test system, but it happens reliably + on the affected server. This environment can be somewhat complex to + replicate, involving windows servers, specific GPOs and permissions, + etc. [ Test Plan ] - * detailed instructions how to reproduce the bug - - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package - fixes the problem. - - * if other testing is appropriate to perform before landing this - update, this should also be described here. + Given the difficulty in setting up an environment which can replicate the crash, this SRU will rely on the reporter's system to verify the fix. Essentially, that will be: + - run "sudo samba-gpupdate" before and after the update. Before, it should segfault. And after the update is applied, it should not crash, and relevant policies should be updated and applied as expected. + [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the - change is wrong or breaks something else: how would this show up? - - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the event - of a regression. - - * This must never be "None" or "Low", or entirely an argument as to why - your upload is low risk. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + The fix is adding NULL check and exiting a function. If that is + incorrect, it could be exiting early, or incorrectly, meaning one or + more policies would not be refreshed. At least in the case of this bug, + exiting early is already the case, given that the tool is crashing. [ Other Info ] - * Anything else you think is useful to include - - * Make sure to explain any deviation from the norm, to save the SRU - reviewer from having to infer your reasoning, possibly incorrectly. - This should also help reduce review iterations, particularly when the - reason for the deviation is not obvious. - - * Anticipate questions from users, SRU, +1 maintenance, security teams - and the Technical Board and address these questions in advance + While fixing this bug, we found other lurking ones that are also being + fixed in the same upload, all involving the samba-tool application. I + wouldn't be surprised if more are found, but that is out of scope of + this fix and shouldn't block this update, as it is already an + improvement. [ Original Description ] When I try to run samba-gpupdate as root it falls with segmentation fault: $ sudo samba-gpupdate =============================================================== INTERNAL ERROR: Signal 11: Segmentation fault in () () pid 269490 (4.19.5-Ubuntu) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting =============================================================== PANIC (pid 269490): Signal 11: Segmentation fault in 4.19.5-Ubuntu BACKTRACE: 19 stack frames: #0 /usr/lib/x86_64-linux-gnu/samba/libgenrand-samba4.so.0(log_stack_trace+0x37) [0x75f438833517] #1 /usr/lib/x86_64-linux-gnu/samba/libgenrand-samba4.so.0(smb_panic+0x15) [0x75f438833d25] #2 /usr/lib/x86_64-linux-gnu/samba/libgenrand-samba4.so.0(+0x2dca) [0x75f438833dca] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x45320) [0x75f439645320] #4 /usr/lib/x86_64-linux-gnu/samba/libsamba-security-samba4.so.0(ndr_push_security_descriptor+0x195) [0x75f435735545] #5 /lib/x86_64-linux-gnu/libndr.so.3(ndr_push_struct_blob+0x3f) [0x75f437591e4f] #6 /usr/lib/x86_64-linux-gnu/samba/libsamba-security-samba4.so.0(marshall_sec_desc+0x3f) [0x75f43573d5af] #7 /usr/lib/python3/dist-packages/samba/gpo.cpython-312-x86_64-linux-gnu.so(+0x4034) [0x75f43452c034] #8 /usr/bin/python3(_PyEval_EvalFrameDefault+0x3640) [0x5d9cb0] #9 /usr/bin/python3(PyEval_EvalCode+0x15b) [0x5d560b] #10 /usr/bin/python3() [0x608812] #11 /usr/bin/python3() [0x6b50e3] #12 /usr/bin/python3(_PyRun_SimpleFileObject+0x1aa) [0x6b4e4a] #13 /usr/bin/python3(_PyRun_AnyFileObject+0x4f) [0x6b4c7f] #14 /usr/bin/python3(Py_RunMain+0x3b5) [0x6bcd35] #15 /usr/bin/python3(Py_BytesMain+0x2d) [0x6bc81d] #16 /lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca) [0x75f43962a1ca] #17 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b) [0x75f43962a28b] #18 /usr/bin/python3(_start+0x25) [0x657ca5] smb_panic(): calling panic action [/usr/share/samba/panic-action 269490] smb_panic(): action returned status 0 Can not dump core: corepath not set up $ sudo lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04.1 LTS Release: 24.04 $ apt-cache policy samba samba: Installed: 2:4.19.5+dfsg-4ubuntu9 Candidate: 2:4.19.5+dfsg-4ubuntu9 Version table: *** 2:4.19.5+dfsg-4ubuntu9 500 500 http://cy.archive.ubuntu.com/ubuntu noble/main amd64 Packages 100 /var/lib/dpkg/status samba configuration: $ sudo cat /etc/samba/smb.conf: # Global parameters [global] apply group policies = Yes idmap gid = 10000-20000 idmap uid = 10000-20000 log file = /var/log/samba/log.%m logging = file map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u realm = LAN.PSYNET.SU restrict anonymous = 2 security = ADS server role = standalone server server string = %h server (Samba, Ubuntu) template shell = /bin/bash unix password sync = Yes usershare allow guests = Yes winbind enum groups = Yes winbind enum users = Yes winbind refresh tickets = Yes winbind use default domain = Yes workgroup = LAN [printers] browseable = No comment = All Printers create mask = 0700 path = /var/spool/samba printable = Yes [cifs-storage] comment = CIFS Storage for all purposes path = /storage/cifs read list = @unix_admin read only = No write list = @unix_admin [print$] comment = Printer Drivers path = /var/lib/samba/printers $ sudo net ads info LDAP server: 192.168.13.3 LDAP server name: LIM-WIN-DC1.lan.psynet.su Realm: LAN.PSYNET.SU Bind Path: dc=LAN,dc=PSYNET,dc=SU LDAP port: 389 Server time: Tue, 03 Sep 2024 21:13:09 EEST KDC server: 192.168.13.3 Server time offset: 3 Last machine account password change: Mon, 02 Sep 2024 12:27:02 EEST Additional info: Dependencies: adduser 3.137ubuntu1 ca-certificates 20240203 dbus 1.14.10-4ubuntu4.1 dbus-bin 1.14.10-4ubuntu4.1 dbus-daemon 1.14.10-4ubuntu4.1 dbus-session-bus-common 1.14.10-4ubuntu4.1 dbus-system-bus-common 1.14.10-4ubuntu4.1 debconf 1.5.86ubuntu1 dirmngr 2.4.4-2ubuntu17 dpkg 1.22.6ubuntu6.1 gcc-14-base 14-20240412-0ubuntu1 gnupg 2.4.4-2ubuntu17 gnupg-l10n 2.4.4-2ubuntu17 gnupg-utils 2.4.4-2ubuntu17 gpg 2.4.4-2ubuntu17 gpg-agent 2.4.4-2ubuntu17 gpg-wks-client 2.4.4-2ubuntu17 gpgconf 2.4.4-2ubuntu17 gpgsm 2.4.4-2ubuntu17 gpgv 2.4.4-2ubuntu17 init-system-helpers 1.66ubuntu1 keyboxd 2.4.4-2ubuntu17 krb5-locales 1.20.1-6ubuntu2.1 libacl1 2.3.2-1build1 libapparmor1 4.0.1really4.0.0-beta3-0ubuntu0.1 libassuan0 2.5.6-1build1 libaudit-common 1:3.1.2-2.1build1 libaudit1 1:3.1.2-2.1build1 libavahi-client3 0.8-13ubuntu6 libavahi-common-data 0.8-13ubuntu6 libavahi-common3 0.8-13ubuntu6 libbsd0 0.12.1-1build1 libbz2-1.0 1.0.8-5.1build0.1 libc6 2.39-0ubuntu8.3 libcap-ng0 0.8.4-2build2 libcap2 1:2.66-5ubuntu2 libcom-err2 1.47.0-2.4~exp1ubuntu4.1 libcrypt1 1:4.4.36-4build1 libdb5.3t64 5.3.28+dfsg2-7 libdbus-1-3 1.14.10-4ubuntu4.1 libexpat1 2.6.1-2build1 libffi8 3.4.6-1build1 libgcc-s1 14-20240412-0ubuntu1 libgcrypt20 1.10.3-2build1 libgmp10 2:6.3.0+dfsg-2ubuntu6 libgnutls30t64 3.8.3-1.1ubuntu3.2 libgpg-error0 1.47-3build2 libgpgme11t64 1.18.0-4.1ubuntu4 libgpm2 1.20.7-11 libgssapi-krb5-2 1.20.1-6ubuntu2.1 libhogweed6t64 3.9.1-2.2build1.1 libicu74 74.2-1ubuntu3.1 libidn2-0 2.3.7-2build1 libjansson4 2.14-2build2 libk5crypto3 1.20.1-6ubuntu2.1 libkeyutils1 1.6.3-3build1 libkrb5-3 1.20.1-6ubuntu2.1 libkrb5support0 1.20.1-6ubuntu2.1 libksba8 1.6.6-1build1 libldap-common 2.6.7+dfsg-1~exp1ubuntu8 libldap2 2.6.7+dfsg-1~exp1ubuntu8 libldb2 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 liblmdb0 0.9.31-1build1 liblz4-1 1.9.4-1build1.1 liblzma5 5.6.1+really5.4.5-1build0.1 libmd0 1.1.0-2build1 libncursesw6 6.4+20240113-1ubuntu2 libnettle8t64 3.9.1-2.2build1.1 libnpth0t64 1.6-3.1build1 libp11-kit0 0.25.3-4ubuntu2.1 libpam-modules 1.5.3-5ubuntu5.1 libpam-modules-bin 1.5.3-5ubuntu5.1 libpam0g 1.5.3-5ubuntu5.1 libpcre2-8-0 10.42-4ubuntu2 libpopt0 1.19+dfsg-1build1 libpython3-stdlib 3.12.3-0ubuntu2 libpython3.12-minimal 3.12.3-1ubuntu0.1 libpython3.12-stdlib 3.12.3-1ubuntu0.1 libpython3.12t64 3.12.3-1ubuntu0.1 libreadline8t64 8.2-4build1 libsasl2-2 2.1.28+dfsg1-5ubuntu3.1 libsasl2-modules 2.1.28+dfsg1-5ubuntu3.1 libsasl2-modules-db 2.1.28+dfsg1-5ubuntu3.1 libselinux1 3.5-2ubuntu2 libsemanage-common 3.5-1build5 libsemanage2 3.5-1build5 libsepol2 3.5-2build1 libsqlite3-0 3.45.1-1ubuntu2 libssl3t64 3.0.13-0ubuntu3.4 libstdc++6 14-20240412-0ubuntu1 libsystemd0 255.4-1ubuntu8.4 libtalloc2 2.4.2-1build2 libtasn1-6 4.19.0-3build1 libtdb1 1.4.10-1build1 libtevent0t64 0.16.1-2build1 libtinfo6 6.4+20240113-1ubuntu2 libtirpc-common 1.3.4+ds-1.1build1 libtirpc3t64 1.3.4+ds-1.1build1 libunistring5 1.1-2build1 libwbclient0 2:4.19.5+dfsg-4ubuntu9 libyaml-0-2 0.2.5-1build1 libzstd1 1.5.5+dfsg2-2build1.1 media-types 10.1.0 netbase 6.4 openssl 3.0.13-0ubuntu3.4 passwd 1:4.13+dfsg1-4ubuntu3 pinentry-curses 1.2.1-3ubuntu5 python3 3.12.3-0ubuntu2 python3-gpg 1.18.0-4.1ubuntu4 python3-ldb 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 python3-markdown 3.5.2-1 python3-minimal 3.12.3-0ubuntu2 python3-pkg-resources 68.1.2-2ubuntu1 python3-pygments 2.17.2+dfsg-1 python3-talloc 2.4.2-1build2 python3-tdb 1.4.10-1build1 python3-yaml 6.0.1-2build2 python3.12 3.12.3-1ubuntu0.1 python3.12-minimal 3.12.3-1ubuntu0.1 readline-common 8.2-4build1 samba-libs 2:4.19.5+dfsg-4ubuntu9 sensible-utils 0.0.22 tar 1.35+dfsg-3build1 tzdata 2024a-3ubuntu1.1 zlib1g 1:1.3.dfsg-3.1ubuntu2.1 DistroRelease: Ubuntu 24.04 Package: python3-samba 2:4.19.5+dfsg-4ubuntu9 PackageArchitecture: amd64 ProcCpuinfoMinimal: processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 71 model name : Intel(R) Core(TM) i5-5675C CPU @ 3.10GHz stepping : 1 microcode : 0x22 cpu MHz : 3099.996 cache size : 16384 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 20 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi umip md_clear arch_capabilities vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest shadow_vmcs pml bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa srbds mmio_unknown bhi bogomips : 6199.99 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcVersionSignature: Ubuntu 6.8.0-38.38-generic 6.8.8 RebootRequiredPkgs: Error: path contained symlinks. SambaClientRegression: Yes SambaInstalledVersions: samba 2:4.19.5+dfsg-4ubuntu9 samba-common-bin 2:4.19.5+dfsg-4ubuntu9 samba-common 2:4.19.5+dfsg-4ubuntu9 samba-tools N/A smbclient N/A swat N/A samba-doc N/A samba-doc-pdf N/A smbfs N/A libpam-smbpass N/A libsmbclient N/A libsmbclient-dev N/A winbind 2:4.19.5+dfsg-4ubuntu9 samba-dbg N/A libwbclient0 2:4.19.5+dfsg-4ubuntu9 SourcePackage: samba Tags: noble Uname: Linux 6.8.0-38-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) _MarkForUpload: True
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078854 Title: samba-gpupdate drops segmentation fault To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/2078854/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
