Seeing lots of coredumps from samba when using upstream cifs
David Howells
dhowells at redhat.com
Thu Jun 19 14:47:11 UTC 2025
Hi Jeremy, Steve,
I've been trying to investigate all the reconnection issues cifs is seeing in
the currently upstream kernel from running the generic/013 xfstest against it,
and I've realised Samba is coredumping a lot (attached is one example, at
lease several others look similar).
The version of the Fedora Samba RPM I'm using is: samba-4.21.4-1.fc41.x86_64
In smb2_lease_key_equal (frame #10), k1 is 0x18 - which is presumably the root
of the SEGV.
Going up to frame #12 (delay_rename_lease_break_fn), fsp->lease is NULL.
(gdb) p *fsp
$5 = {next = 0x558d634a1520, prev = 0x558d6345f130, fnum = 566610366, op = 0x558d63537b20, conn = 0x558d63414680, fh = 0x558d635182c0, num_smb_operations = 0,
file_id = {devid = 48, inode = 1875968, extid = 0}, initial_allocation_size = 0, file_pid = 52138, vuid = 3019447861, open_time = {tv_sec = 1750343292,
tv_usec = 868402}, access_mask = 65536, fsp_flags = {is_pathref = true, is_fsa = true, have_proc_fds = true, kernel_share_modes_taken = false,
update_write_time_triggered = false, update_write_time_on_close = false, write_time_forced = false, can_lock = true, can_read = false, can_write = false,
modified = false, is_directory = false, is_dirfsp = false, aio_write_behind = false, initial_delete_on_close = false, delete_on_close = false,
is_sparse = true, backup_intent = false, use_ofd_locks = true, closing = false, lock_failure_seen = false, encryption_required = false,
fstat_before_close = false}, update_write_time_event = 0x0, close_write_time = {tv_sec = 0, tv_nsec = 1073741822}, oplock_type = 0, leases_db_seqnum = 0,
lease_type = 0, lease = 0x0, sent_oplock_break = 0, oplock_timeout = 0x0, current_lock_count = 0, posix_flags = 0, fsp_name = 0x558d63566550,
name_hash = 3474280865, mid = 1043, vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0, stream_fsp = 0x0, share_mode_flags_seqnum = 0,
share_mode_flags = 0, brlock_seqnum = 0, brlock_rec = 0x558d63518220, dptr = 0x0, print_file = 0x0, num_aio_requests = 0, aio_requests = 0x0,
blocked_smb1_lock_reqs = 0x0, lock_failure_offset = 0}
David
---
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1 0x00007f44435dcbc3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2 0x00007f4443583f9e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f444356b942 in __GI_abort () at abort.c:79
#4 0x00007f4443ac26dc in dump_core () at ../../source3/lib/dumpcore.c:339
#5 0x00007f4443ac2734 in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:716
#6 0x00007f44437c56b6 in smb_panic (why=why at entry=0x7ffcde469310 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:209
#7 0x00007f44437c575d in fault_report (sig=11) at ../../lib/util/fault.c:83
#8 sig_fault (sig=11) at ../../lib/util/fault.c:94
#9 <signal handler called>
#10 0x00007f44429acbf9 in smb2_lease_key_equal (k1=k1 at entry=0x18, k2=k2 at entry=0x7ffcde469b98) at ../../libcli/smb/smb2_lease.c:93
#11 0x00007f44429acc47 in smb2_lease_equal (g1=<optimized out>, k1=k1 at entry=0x18, g2=g2 at entry=0x7ffcde469b84, k2=k2 at entry=0x7ffcde469b98)
at ../../libcli/smb/smb2_lease.c:101
#12 0x00007f4443c61c5f in delay_rename_lease_break_fn (e=0x7ffcde469b60, private_data=0x7ffcde469cb0) at ../../source3/smbd/smb2_setinfo.c:202
#13 0x00007f4443cdcb8f in share_mode_for_one_entry (fn=<optimized out>, private_data=<optimized out>, i=<synthetic pointer>, data=0x558d635920ad "\025\262\021",
num_share_modes=<synthetic pointer>, writeback=<synthetic pointer>) at ../../source3/locking/share_mode_lock.c:2161
#14 share_mode_forall_entries (lck=<optimized out>, fn=0x7f4443ccdf40 <share_mode_forall_leases_fn>, private_data=0x7ffcde469c30)
at ../../source3/locking/share_mode_lock.c:2265
#15 0x00007f4443cd4556 in share_mode_forall_leases (lck=0x558d635b2b80, fn=0x7f4443c61c20 <delay_rename_lease_break_fn>, private_data=0x7ffcde469cb0)
at ../../source3/locking/locking.c:1349
#16 0x00007f4443c61d42 in delay_rename_for_lease_break (req=req at entry=0x558d635b2850, smb2req=smb2req at entry=0x558d635b10b0, ev=ev at entry=0x558d63425d80,
fsp=fsp at entry=0x558d6357a960, lck=lck at entry=0x558d635b2b80, data=data at entry=0x558d6349da00 "\001", data_size=116) at ../../source3/smbd/smb2_setinfo.c:245
#17 0x00007f4443c62721 in smbd_smb2_setinfo_send (mem_ctx=0x558d635b10b0, ev=0x558d63425d80, smb2req=0x558d635b10b0, fsp=0x558d6357a960,
--Type <RET> for more, q to quit, c to continue without paging--
in_info_type=<optimized out>, in_file_info_class=<optimized out>, in_input_buffer=..., in_additional_information=<optimized out>)
at ../../source3/smbd/smb2_setinfo.c:491
#18 smbd_smb2_request_process_setinfo (req=0x558d635b10b0) at ../../source3/smbd/smb2_setinfo.c:112
#19 0x00007f4443c476d4 in smbd_smb2_request_dispatch (req=0x558d635b10b0) at ../../source3/smbd/smb2_server.c:3582
#20 0x00007f4443c48f99 in smbd_smb2_request_dispatch_immediate (ctx=ctx at entry=0x558d63425d80, im=<optimized out>, im at entry=0x558d635b2760,
private_data=private_data at entry=0x558d635b10b0) at ../../source3/smbd/smb2_server.c:3910
#21 0x00007f4443769a50 in tevent_common_invoke_immediate_handler (im=0x558d635b2760, removed=removed at entry=0x0) at ../../tevent_immediate.c:190
#22 0x00007f4443769ab2 in tevent_common_loop_immediate (ev=ev at entry=0x558d63425d80) at ../../tevent_immediate.c:236
#23 0x00007f444376d750 in epoll_event_loop_once (ev=0x558d63425d80, location=<optimized out>) at ../../tevent_epoll.c:905
#24 0x00007f44437648e4 in std_event_loop_once (ev=0x558d63425d80, location=0x7f4443bae1c8 "../../source3/smbd/smb2_process.c:2163")
at ../../tevent_standard.c:110
#25 0x00007f4443766499 in _tevent_loop_once (ev=ev at entry=0x558d63425d80, location=location at entry=0x7f4443bae1c8 "../../source3/smbd/smb2_process.c:2163")
at ../../tevent.c:820
#26 0x00007f44437665cb in tevent_common_loop_wait (ev=0x558d63425d80, location=0x7f4443bae1c8 "../../source3/smbd/smb2_process.c:2163") at ../../tevent.c:949
#27 0x00007f4443764964 in std_event_loop_wait (ev=0x558d63425d80, location=0x7f4443bae1c8 "../../source3/smbd/smb2_process.c:2163")
at ../../tevent_standard.c:141
#28 0x00007f4443c38fa3 in smbd_process (ev_ctx=ev_ctx at entry=0x558d63425d80, msg_ctx=msg_ctx at entry=0x558d63420a50, sock_fd=sock_fd at entry=35,
interactive=interactive at entry=false) at ../../source3/smbd/smb2_process.c:2163
#29 0x0000558d47185606 in smbd_accept_connection (ev=0x558d63425d80, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>)
at ../../source3/smbd/server.c:1033
#30 0x00007f4443769818 in tevent_common_invoke_fd_handler (fde=0x558d63439fe0, flags=1, removed=removed at entry=0x0) at ../../tevent_fd.c:174
#31 0x00007f444376da56 in epoll_event_loop (epoll_ev=0x558d63425fb0, tvalp=0x7ffcde46a380) at ../../tevent_epoll.c:696
#32 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:926
--Type <RET> for more, q to quit, c to continue without paging--
#33 0x00007f44437648e4 in std_event_loop_once (ev=0x558d63425d80, location=0x558d4717fbd0 "../../source3/smbd/server.c:1382") at ../../tevent_standard.c:110
#34 0x00007f4443766499 in _tevent_loop_once (ev=ev at entry=0x558d63425d80, location=location at entry=0x558d4717fbd0 "../../source3/smbd/server.c:1382")
at ../../tevent.c:820
#35 0x00007f44437665cb in tevent_common_loop_wait (ev=0x558d63425d80, location=0x558d4717fbd0 "../../source3/smbd/server.c:1382") at ../../tevent.c:949
#36 0x00007f4443764964 in std_event_loop_wait (ev=0x558d63425d80, location=0x558d4717fbd0 "../../source3/smbd/server.c:1382") at ../../tevent_standard.c:141
#37 0x0000558d47188acf in smbd_parent_loop (parent=0x558d6340e270, ev_ctx=0x558d63425d80) at ../../source3/smbd/server.c:1382
#38 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2354
More information about the samba-technical
mailing list