[Samba] Core dump in 4.17.2 non_widelink_open (assert failed: slash == NULL) (Also 4.17.2 missing in list of versions in Bugzilla :-)

Peter Eriksson pen at lysator.liu.se
Tue Nov 1 09:25:10 UTC 2022 

Just got a core dump from a freshly installed Samba 4.17.2 smbd,

Also, I when bug reporting it in bugzilla, can’t select 4.17.2 in Version (latest there seems to be 4.17.1 :-)

FreeBSD 12.3. Bugzilla 15221

- Peter

GDB info:

Sent by thr_kill() from pid 33958 and user 0.
#0  0x00000008043a769a in thr_kill () from /lib/libc.so.7
(gdb) bt
#0  0x00000008043a769a in thr_kill () from /lib/libc.so.7
#1  0x00000008043a5af4 in raise () from /lib/libc.so.7
#2  0x000000080431b719 in abort () from /lib/libc.so.7
#3  0x0000000801f0af37 in dump_core () at ../../source3/lib/dumpcore.c:338
#4  0x0000000801f17f76 in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:713
#5  0x0000000803d8b7f8 in smb_panic (why=why at entry=0x8017d6b8c "assert failed: slash == NULL")
    at ../../lib/util/fault.c:198
#6  0x00000008017061ba in non_widelink_open (dirfsp=dirfsp at entry=0x811dc9120, fsp=fsp at entry=0x811dcab60, 
    smb_fname=smb_fname at entry=0x80f32fa00, _how=_how at entry=0x7fffffffdf00, link_depth=link_depth at entry=0)
    at ../../source3/smbd/open.c:773
#7  0x0000000801708eca in fd_openat (dirfsp=dirfsp at entry=0x811dc9120, smb_fname=smb_fname at entry=0x80f32fa00, 
    fsp=0x811dcab60, _how=_how at entry=0x7fffffffe000) at ../../source3/smbd/open.c:952
#8  0x00000008016e2c9f in openat_pathref_fullname (conn=conn at entry=0x80eb98c60, dirfsp=dirfsp at entry=0x811dc9120, 
    basefsp=basefsp at entry=0x0, full_fname=full_fname at entry=0x7fffffffdff8, smb_fname=smb_fname at entry=0x80f32fa00, 
    how=how at entry=0x7fffffffe000) at ../../source3/smbd/files.c:481
#9  0x00000008016e342b in openat_pathref_fsp (dirfsp=dirfsp at entry=0x811dc9120, smb_fname=smb_fname at entry=0x80f32fa00)
    at ../../source3/smbd/files.c:590
#10 0x0000000801704601 in openat_pathref_fsp_case_insensitive (ucf_flags=0, smb_fname_rel=0x80f32fa00, 
    dirfsp=0x811dc9120) at ../../source3/smbd/filename.c:912
#11 filename_convert_dirfsp_nosymlink (_unparsed=<synthetic pointer>, _substitute=<synthetic pointer>, 
    _smb_fname=0x7fffffffe208, _dirfsp=0x7fffffffe200, twrp=0, ucf_flags=0, name_in=<optimized out>, conn=0x80eb98c60, 
    mem_ctx=0x80ebeb0e0) at ../../source3/smbd/filename.c:1259
#12 filename_convert_dirfsp (mem_ctx=mem_ctx at entry=0x80ebeb0e0, conn=<optimized out>, 
    name_in=0x80ebeb530 "sopas205/Downloads/teamviewerqs/profile/dosdevices/CQFO6Q~M", ucf_flags=0, twrp=0, 
    _dirfsp=_dirfsp at entry=0x7fffffffe200, _smb_fname=0x7fffffffe208) at ../../source3/smbd/filename.c:1457
#13 0x0000000801746f20 in smbd_smb2_create_send (in_context_blobs=..., 
    in_name=0x80ebead30 "sopas205\\Downloads\\teamviewerqs\\profile\\dosdevices\\CQFO6Q~M", 
    in_create_options=<optimized out>, in_create_disposition=<optimized out>, in_share_access=3, in_file_attributes=0, 
    in_desired_access=1048705, in_impersonation_level=2, in_oplock_level=<optimized out>, smb2req=0x80ebea8e0, 
    ev=<optimized out>, mem_ctx=0x80ebea8e0) at ../../source3/smbd/smb2_create.c:976
#14 smbd_smb2_request_process_create (smb2req=smb2req at entry=0x80ebea8e0) at ../../source3/smbd/smb2_create.c:270
#15 0x000000080173c7c7 in smbd_smb2_request_dispatch (req=req at entry=0x80ebea8e0) at ../../source3/smbd/smb2_server.c:3399
#16 0x000000080173d4b3 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x80eb9e560)

(gdb) frame 6
#6  0x00000008017061ba in non_widelink_open (dirfsp=dirfsp at entry=0x811dc9120, fsp=fsp at entry=0x811dcab60, smb_fname=smb_fname at entry=0x80f32fa00, 
    _how=_how at entry=0x7fffffffdf00, link_depth=link_depth at entry=0) at ../../source3/smbd/open.c:773
773			SMB_ASSERT(slash == NULL);

(gdb) print *dirfsp
$1 = {next = 0x811dc9d60, prev = 0x811dcab60, fnum = 0, op = 0x0, conn = 0x80eb98c60, fh = 0x812efcb00, num_smb_operations = 0, file_id = {
    devid = 5952628266332556909, inode = 4654, extid = 0}, initial_allocation_size = 0, file_pid = 0, vuid = 0, open_time = {tv_sec = 0, tv_usec = 0}, 
  access_mask = 0, fsp_flags = {is_pathref = true, is_fsa = false, have_proc_fds = false, kernel_share_modes_taken = false, 
    update_write_time_triggered = false, update_write_time_on_close = false, write_time_forced = false, can_lock = false, can_read = false, 
    can_write = false, modified = false, is_directory = true, is_dirfsp = false, aio_write_behind = false, initial_delete_on_close = false, 
    delete_on_close = false, is_sparse = false, backup_intent = false, use_ofd_locks = false, closing = false, lock_failure_seen = false, 
    encryption_required = false, fstat_before_close = false}, update_write_time_event = 0x0, close_write_time = {tv_sec = 0, tv_nsec = -2}, 
  oplock_type = 0, leases_db_seqnum = 0, lease_type = 0, lease = 0x0, sent_oplock_break = 0, oplock_timeout = 0x0, current_lock_count = 0, 
  posix_flags = 0, fsp_name = 0x80f333e80, name_hash = 1414196691, mid = 0, vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0, 
  stream_fsp = 0x0, share_mode_flags_seqnum = 0, share_mode_flags = 0, brlock_seqnum = 0, brlock_rec = 0x0, dptr = 0x0, print_file = 0x0, 
  num_aio_requests = 0, aio_requests = 0x0, blocked_smb1_lock_reqs = 0x0, lock_failure_offset = 0}

(gdb) print *fsp
$2 = {next = 0x811dc9120, prev = 0x80eb65ae0, fnum = 0, op = 0x0, conn = 0x80eb98c60, fh = 0x812efd1e0, num_smb_operations = 0, file_id = {devid = 0, 
    inode = 0, extid = 0}, initial_allocation_size = 0, file_pid = 0, vuid = 0, open_time = {tv_sec = 1667232016, tv_usec = 588582}, access_mask = 0, 
  fsp_flags = {is_pathref = true, is_fsa = false, have_proc_fds = false, kernel_share_modes_taken = false, update_write_time_triggered = false, 
    update_write_time_on_close = false, write_time_forced = false, can_lock = false, can_read = false, can_write = false, modified = false, 
    is_directory = false, is_dirfsp = false, aio_write_behind = false, initial_delete_on_close = false, delete_on_close = false, is_sparse = false, 
    backup_intent = false, use_ofd_locks = false, closing = false, lock_failure_seen = false, encryption_required = false, fstat_before_close = false}, 
  update_write_time_event = 0x0, close_write_time = {tv_sec = 0, tv_nsec = -2}, oplock_type = 0, leases_db_seqnum = 0, lease_type = 0, lease = 0x0, 
  sent_oplock_break = 0, oplock_timeout = 0x0, current_lock_count = 0, posix_flags = 0, fsp_name = 0x811dc4780, name_hash = 2156576274, mid = 0, 
  vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0, stream_fsp = 0x0, share_mode_flags_seqnum = 0, share_mode_flags = 0, 
  brlock_seqnum = 0, brlock_rec = 0x0, dptr = 0x0, print_file = 0x0, num_aio_requests = 0, aio_requests = 0x0, blocked_smb1_lock_reqs = 0x0, 
  lock_failure_offset = 0}

(gdb) print *smb_fname
$3 = {base_name = 0x80f32fb20 "sopas205/Downloads/teamviewerqs/profile/drive_c", stream_name = 0x0, flags = 0, st = {st_ex_dev = 0, st_ex_ino = 0, 
    st_ex_mode = 0, st_ex_nlink = 0, st_ex_uid = 0, st_ex_gid = 0, st_ex_rdev = 0, st_ex_size = 0, st_ex_atime = {tv_sec = 0, tv_nsec = 0}, 
    st_ex_mtime = {tv_sec = 0, tv_nsec = 0}, st_ex_ctime = {tv_sec = 0, tv_nsec = 0}, st_ex_btime = {tv_sec = 0, tv_nsec = 0}, st_ex_blksize = 0, 
    st_ex_blocks = 0, st_ex_flags = 0, st_ex_iflags = 0}, twrp = 0, fsp = 0x0, fsp_link = 0x0}


- Peter

More information about the samba mailing list