[PATCH]: s3: smbd: Fix delete-on-close after smb2_find
Ralph Wuerthner
ralphw at de.ibm.com
Fri Nov 3 15:10:23 UTC 2017
Hi!
On a customer system I came recently across the following Samba panic:
[2017/11/03 14:27:35.930242, 0, pid=446, effective(12000500, 12000513),
real(12000500, 0)] ../source3/lib/util.c:791(smb_panic_s3)
PANIC (pid 446): assert failed: dirp->fsp->dptr->dir_hnd == dirp
[2017/11/03 14:27:35.930722, 0, pid=446, effective(12000500, 12000513),
real(12000500, 0)] ../source3/lib/util.c:902(log_stack_trace)
BACKTRACE: 27 stack frames:
#0 /usr/lpp/mmfs/lib64/libsmbconf.so.0(log_stack_trace+0x1a)
[0x7f3a05013e7a]
#1 /usr/lpp/mmfs/lib64/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7f3a05013f50]
#2 /usr/lpp/mmfs/lib64/libsamba-util.so.0(smb_panic+0x2f)
[0x7f3a07919bdf]
#3 /usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(+0xbb127)
[0x7f3a07461127]
#4 /usr/lpp/mmfs/lib64/samba/libtalloc.so.2(_talloc_free+0x440)
[0x7f3a06d8fed0]
#5
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(can_delete_directory_fsp+0x137)
[0x7f3a07464357]
#6
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(can_set_delete_on_close+0x168)
[0x7f3a074e85b8]
#7 /usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(+0xf4b73)
[0x7f3a0749ab73]
#8
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(smbd_do_setfilepathinfo+0x169b)
[0x7f3a074ab0ab]
#9
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_process_setinfo+0x630)
[0x7f3a07504c30]
#10
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0xcb5)
[0x7f3a074ecb05]
#11 /usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(+0x148f22)
[0x7f3a074eef22]
#12 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x9c9b) [0x7f3a06984c9b]
#13 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x8167) [0x7f3a06983167]
#14
/usr/lpp/mmfs/lib64/samba/libtevent.so.0(_tevent_loop_once+0x8d)
[0x7f3a0697f31d]
#15
/usr/lpp/mmfs/lib64/samba/libtevent.so.0(tevent_common_loop_wait+0x1b)
[0x7f3a0697f4bb]
#16 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x8107) [0x7f3a06983107]
#17
/usr/lpp/mmfs/lib64/samba/libsmbd-base-samba4.so(smbd_process+0x721)
[0x7f3a074db991]
#18 /usr/lpp/mmfs/bin/smbd(+0xb588) [0x7f3a07fbc588]
#19 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x9c9b) [0x7f3a06984c9b]
#20 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x8167) [0x7f3a06983167]
#21
/usr/lpp/mmfs/lib64/samba/libtevent.so.0(_tevent_loop_once+0x8d)
[0x7f3a0697f31d]
#22
/usr/lpp/mmfs/lib64/samba/libtevent.so.0(tevent_common_loop_wait+0x1b)
[0x7f3a0697f4bb]
#23 /usr/lpp/mmfs/lib64/samba/libtevent.so.0(+0x8107) [0x7f3a06983107]
#24 /usr/lpp/mmfs/bin/smbd(main+0x1580) [0x7f3a07fb8fc0]
#25 /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f3a03accb35]
#26 /usr/lpp/mmfs/bin/smbd(+0x82c9) [0x7f3a07fb92c9]
I was able to recreate the panic on my test system with the attached
'smb2.delete-on-close-perms.FIND and set DOC.FIND and set DOC'
smbtorture test. Please see also my proposed fix. Both patches apply on
master.
--
Regards
Ralph Wuerthner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-delete-on-close-after-smb2_find.patch
Type: text/x-patch
Size: 4640 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171103/1f36c0f4/fix-delete-on-close-after-smb2_find.bin>
More information about the samba-technical
mailing list