Bug 10216 - PANIC validate_oplock_types failed
PANIC validate_oplock_types failed
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: File services
4.0.10
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-17 16:31 UTC by Nick Semenkovich
Modified: 2013-10-23 15:08 UTC (History)
1 user (show)

See Also:


Attachments
smb.conf (928 bytes, text/plain)
2013-10-17 16:31 UTC, Nick Semenkovich
no flags Details
Patch (2.37 KB, patch)
2013-10-18 15:10 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Semenkovich 2013-10-17 16:31:10 UTC
Created attachment 9301 [details]
smb.conf

Built from the latest git version:
> auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()


I've seen two PANICs this morning, on a domain with only Windows 8 clients. Users have folder redirection to the samba server.

Both crashes start with:

[2013/10/17 11:05:22.396088,  1] ../source3/smbd/open.c:1300(validate_oplock_types)
  got batch (1) or ex (1) non-exclusively (2)
[2013/10/17 11:05:22.396129,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 19128): validate_oplock_types failed


One with backtrace;

[2013/10/17 11:15:58.051522,  2] ../source3/smbd/open.c:932(open_file)
  CORP\laurie opened file laurie/AppData/Roaming/Microsoft/Office/Recent/index.dat read=Yes write=No (numopen=14)
[2013/10/17 11:15:58.051630,  1] ../source3/smbd/open.c:1300(validate_oplock_types)
  got batch (1) or ex (1) non-exclusively (2)
[2013/10/17 11:15:58.051673,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 19222): validate_oplock_types failed
[2013/10/17 11:15:58.053124,  0] ../source3/lib/util.c:896(log_stack_trace)
  BACKTRACE: 45 stack frames:
   #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f9cbd99dc9e]
   #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6c) [0x7f9cbd99daf1]
   #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f9cbf426c7d]
   #3 /usr/local/samba/lib/private/libsmbd_base.so(+0x1331da) [0x7f9cbef8c1da]
   #4 /usr/local/samba/lib/private/libsmbd_base.so(+0x13686b) [0x7f9cbef8f86b]
   #5 /usr/local/samba/lib/private/libsmbd_base.so(create_file_default+0x2df) [0x7f9cbef9035e]
   #6 /usr/local/samba/lib/private/libsmbd_base.so(+0x264156) [0x7f9cbf0bd156]
   #7 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_create_file+0xc8) [0x7f9cbef9c60c]
   #8 /usr/local/samba/lib/private/libsmbd_base.so(+0x18b594) [0x7f9cbefe4594]
   #9 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_process_create+0x794) [0x7f9cbefe1c6e]
   #10 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_dispatch+0xf4b) [0x7f9cbefd8833]
   #11 /usr/local/samba/lib/private/libsmbd_base.so(+0x1829a8) [0x7f9cbefdb9a8]
   #12 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #13 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #14 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #15 /usr/local/samba/lib/private/libsmbd_base.so(+0x182402) [0x7f9cbefdb402]
   #16 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #17 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #19 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc39f) [0x7f9cbd76b39f]
   #20 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #21 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #23 /usr/local/samba/lib/private/libsamba-sockets.so(+0xbe89) [0x7f9cbd76ae89]
   #24 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc0b4) [0x7f9cbd76b0b4]
   #25 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #26 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #28 /usr/local/samba/lib/private/libsamba-sockets.so(+0xb3e7) [0x7f9cbd76a3e7]
   #29 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #30 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #31 /usr/local/samba/lib/private/libtevent.so.0(+0x5c50) [0x7f9cbec4cc50]
   #32 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_immediate+0x1f5) [0x7f9cbec4c038]
   #33 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x56) [0x7f9cbd9be8bb]
   #34 /usr/local/samba/lib/libsmbconf.so.0(+0x45f7f) [0x7f9cbd9bef7f]
   #35 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172]
   #36 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x12ef) [0x7f9cbefb8dc4]
   #37 /usr/local/samba/sbin/smbd(+0xa10a) [0x7f9cbfa9210a]
   #38 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x55f) [0x7f9cbd9bedc4]
   #39 /usr/local/samba/lib/libsmbconf.so.0(+0x46090) [0x7f9cbd9bf090]
   #40 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172]
   #41 /usr/local/samba/sbin/smbd(+0xad74) [0x7f9cbfa92d74]
   #42 /usr/local/samba/sbin/smbd(main+0x1753) [0x7f9cbfa94618]
   #43 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f9cbc1feea5]
   #44 /usr/local/samba/sbin/smbd(+0x5809) [0x7f9cbfa8d809]
[2013/10/17 11:15:58.054679,  0] ../source3/lib/util.c:797(smb_panic_s3)
  smb_panic(): calling panic action [/home/semenko/panic-action 19222]


I'll rebuild debug and send a GDB backtrace if it crashes again.
Comment 1 Volker Lendecke 2013-10-17 17:42:51 UTC
Ok, I think I know what this might be. Weird that autobuild does not catch this...
Comment 2 Volker Lendecke 2013-10-17 19:26:13 UTC
Hmm. Okay. I was wrong. I don't understand what the problem is. If you hit this again, can you get us the output of

p *d->share_modes@2

if possible?

This is an additional check that was not there so far, and I need to understand the circumstances when this happens.
Comment 3 Volker Lendecke 2013-10-18 11:39:20 UTC
Got it reproduced. Expect a fix soon...
Comment 4 Volker Lendecke 2013-10-18 15:10:28 UTC
Created attachment 9305 [details]
Patch

The attached patch fixes my reproducer. It has not seen a full autobuild, but survives the oplock related tests including the repro. Can you apply that and see if you still have problems?

Thanks,

Volker
Comment 5 Nick Semenkovich 2013-10-18 16:00:10 UTC
(In reply to comment #4)
> Created attachment 9305 [details]
> Patch
> 
> The attached patch fixes my reproducer. It has not seen a full autobuild, but
> survives the oplock related tests including the repro. Can you apply that and
> see if you still have problems?
> 
> Thanks,
> 
> Volker

Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday (but not a lot of active users today).
Comment 6 Nick Semenkovich 2013-10-19 15:19:47 UTC
(In reply to comment #5)
> Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday
> (but not a lot of active users today).

The patch didn't seem to want to apply to my ~master, so I'm still running the unpatched version. Either way, probably not great for testing -- there aren't many users around to trigger the crash on the weekend.
Comment 7 Volker Lendecke 2013-10-20 08:19:18 UTC
For me the patch applied cleanly to both

556f66b metze@samba.org auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()

and also to

28cdd1c vl@samba.org winbind3: Fix CID 1107229 Uninitialized pointer read

which is the current master for me. What are you running on?
Comment 8 Volker Lendecke 2013-10-20 08:19:33 UTC
BTW, I applied with "git am -3"
Comment 9 Nick Semenkovich 2013-10-20 22:25:58 UTC
(In reply to comment #8)
> BTW, I applied with "git am -3"

Ah, cool. That worked -- thanks!

Applied to current head, > winbind3: Fix CID 1107229 Uninitialized pointer read

I'll let you know if I see the panic again tomorrow.
Comment 10 Nick Semenkovich 2013-10-21 18:09:23 UTC
(In reply to comment #9)
> I'll let you know if I see the panic again tomorrow.

Seems to be running smoothly so far. I'll let you know if that panic happens again, but so far, seems to have fixed it! :)
Comment 11 Volker Lendecke 2013-10-23 15:08:40 UTC
It's in master now. Please re-open if it happens to you again.

Thanks a lot for running production on bleeding edge!

Volker