[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-494-geba2eb4

Tue Jul 21 12:20:15 MDT 2009

On Tue, Jul 21, 2009 at 08:22:46AM +0200, Stefan (metze) Metzmacher wrote:
> Hi Jeremy,
> 
> >     Move the initialization of smbd_server_conn from smbd/process,
> >     after the accept and fork, to smbd_init_globals(), so it's
> >     done immediately on server startup. This is needed as some
> >     messages are sent to all active smbd processes (including
> >     the master listening daemon). If it gets a message that
> >     forces it to scan it's current connections (ie. conn_find())
> >     then it discovers that sconn->smb1.tcons.Connections dereferences
> >     null (as sconn == NULL in the parent) and crashes. Yes,
> >     I could fix all cases where sconn is used and explicitly
> >     check for NULL but this fix is easier. It means that
> >     the smbd_event_context() is initialized in the master
> >     daemon and then re-initialized after fork, but that
> >     should be being done correctly in every fork call anyway.
> >     Without this change the previous fix 6a9e0039100b57f9626e87defec6720c476b9789
> >     still panics in the reproducible test case for bug
> >     6564, as this is one case where such a message
> >     (MSG_SMB_CONF_UPDATED) is sent to the parent. Metze
> >     please check. This change passes valgrind.
> >     Jeremy.
> 
> I think it is thte wrong approach, smbd_server_connection represents
> the state of a connected client/a smbd child process.
> I added it so that we strictly separate code that runs in the parent
> from code that runs in the child.
> 
> I'd really like to understand what the problem is.
> From reading the code I can't find where we hit any panic.
> Can you send me the backtrace please?

#0  0x00007f1f0b8bc4a5 in waitpid () from /lib/libc.so.6
#1  0x00007f1f0b85d461 in do_system () from /lib/libc.so.6
#2  0x000000000086a419 in smb_panic (why=0xd7e390 "internal error") at
lib/util.c:1453
#3  0x000000000084feab in fault_report (sig=11) at lib/fault.c:47
#4  0x000000000084febe in sig_fault (sig=11) at lib/fault.c:70
#5  <signal handler called>
#6  0x00000000004c0322 in conn_snum_used (snum=0) at smbd/conn.c:56
#7  0x00000000004a7411 in lp_killunused (snumused=0x4c0309
<conn_snum_used>) at param/loadparm.c:8154
#8  0x0000000000c93624 in reload_services (test=false) at
smbd/server.c:758
#9  0x0000000000c91b3c in smb_conf_updated (msg=0x11fb500,
private_data=0x0, msg_type=769, server_id={pid = 13560}, data=0x1210280)
    at smbd/server.c:98
#10 0x000000000083bcc2 in messaging_dispatch_rec (msg_ctx=0x11fb500,
rec=0x1210270) at lib/messages.c:373
#11 0x000000000083f034 in message_dispatch (msg_ctx=0x11fb500) at
lib/messages_local.c:456
#12 0x000000000083dba1 in messaging_tdb_signal_handler
(ev_ctx=0x11fb440, se=0x11fb960, signum=10, count=1, _info=0x0,
private_data=0x11fa4c0)
    at lib/messages_local.c:75
#13 0x0000000000886cd0 in tevent_common_check_signal (ev=0x11fb440) at
../lib/tevent/tevent_signal.c:331
#14 0x00000000008832ee in run_events (ev=0x11fb440, selrtn=1,
read_fds=0x7fff166e8a40, write_fds=0x7fff166e89c0) at lib/events.c:94
#15 0x0000000000883838 in s3_event_loop_once (ev=0x11fb440,
location=0xe4ab0c "smbd/server.c:692") at lib/events.c:194
#16 0x00000000008848f8 in _tevent_loop_once (ev=0x11fb440,
location=0xe4ab0c "smbd/server.c:692") at ../lib/tevent/tevent.c:488
#17 0x0000000000c93405 in smbd_parent_loop (parent=0x12216e0) at
smbd/server.c:692
#18 0x0000000000c94a64 in main (argc=2, argv=0x7fff166e8f78) at
smbd/server.c:1269

As you go up the stack, you'll see that sconn inside smbd/conn.c:56
is null.

(gdb) up
#1  0x00007f1f0b85d461 in do_system () from /lib/libc.so.6
(gdb) up
#2  0x000000000086a419 in smb_panic (why=0xd7e390 "internal error") at
lib/util.c:1453
1453			result = system(cmd);
(gdb) up
#3  0x000000000084feab in fault_report (sig=11) at lib/fault.c:47
47		smb_panic("internal error");
(gdb) up
#4  0x000000000084febe in sig_fault (sig=11) at lib/fault.c:70
70		fault_report(sig);
(gdb) up
#5  <signal handler called>
(gdb) up
#6  0x00000000004c0322 in conn_snum_used (snum=0) at smbd/conn.c:56
56		for
(conn=sconn->smb1.tcons.Connections;conn;conn=conn->next) {
(gdb) p sconn
$1 = (struct smbd_server_connection *) 0x0

This is the "main" smbd daemon that calls "accept" to spawn
children.

Jeremy.