Created attachment 9301 [details] smb.conf Built from the latest git version: > auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds() I've seen two PANICs this morning, on a domain with only Windows 8 clients. Users have folder redirection to the samba server. Both crashes start with: [2013/10/17 11:05:22.396088, 1] ../source3/smbd/open.c:1300(validate_oplock_types) got batch (1) or ex (1) non-exclusively (2) [2013/10/17 11:05:22.396129, 0] ../source3/lib/util.c:785(smb_panic_s3) PANIC (pid 19128): validate_oplock_types failed One with backtrace; [2013/10/17 11:15:58.051522, 2] ../source3/smbd/open.c:932(open_file) CORP\laurie opened file laurie/AppData/Roaming/Microsoft/Office/Recent/index.dat read=Yes write=No (numopen=14) [2013/10/17 11:15:58.051630, 1] ../source3/smbd/open.c:1300(validate_oplock_types) got batch (1) or ex (1) non-exclusively (2) [2013/10/17 11:15:58.051673, 0] ../source3/lib/util.c:785(smb_panic_s3) PANIC (pid 19222): validate_oplock_types failed [2013/10/17 11:15:58.053124, 0] ../source3/lib/util.c:896(log_stack_trace) BACKTRACE: 45 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f9cbd99dc9e] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6c) [0x7f9cbd99daf1] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f9cbf426c7d] #3 /usr/local/samba/lib/private/libsmbd_base.so(+0x1331da) [0x7f9cbef8c1da] #4 /usr/local/samba/lib/private/libsmbd_base.so(+0x13686b) [0x7f9cbef8f86b] #5 /usr/local/samba/lib/private/libsmbd_base.so(create_file_default+0x2df) [0x7f9cbef9035e] #6 /usr/local/samba/lib/private/libsmbd_base.so(+0x264156) [0x7f9cbf0bd156] #7 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_create_file+0xc8) [0x7f9cbef9c60c] #8 /usr/local/samba/lib/private/libsmbd_base.so(+0x18b594) [0x7f9cbefe4594] #9 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_process_create+0x794) [0x7f9cbefe1c6e] #10 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_dispatch+0xf4b) [0x7f9cbefd8833] #11 /usr/local/samba/lib/private/libsmbd_base.so(+0x1829a8) [0x7f9cbefdb9a8] #12 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00] #13 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32] #14 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59] #15 /usr/local/samba/lib/private/libsmbd_base.so(+0x182402) [0x7f9cbefdb402] #16 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00] #17 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32] #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59] #19 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc39f) [0x7f9cbd76b39f] #20 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00] #21 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32] #22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59] #23 /usr/local/samba/lib/private/libsamba-sockets.so(+0xbe89) [0x7f9cbd76ae89] #24 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc0b4) [0x7f9cbd76b0b4] #25 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00] #26 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32] #27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59] #28 /usr/local/samba/lib/private/libsamba-sockets.so(+0xb3e7) [0x7f9cbd76a3e7] #29 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00] #30 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32] #31 /usr/local/samba/lib/private/libtevent.so.0(+0x5c50) [0x7f9cbec4cc50] #32 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_immediate+0x1f5) [0x7f9cbec4c038] #33 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x56) [0x7f9cbd9be8bb] #34 /usr/local/samba/lib/libsmbconf.so.0(+0x45f7f) [0x7f9cbd9bef7f] #35 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172] #36 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x12ef) [0x7f9cbefb8dc4] #37 /usr/local/samba/sbin/smbd(+0xa10a) [0x7f9cbfa9210a] #38 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x55f) [0x7f9cbd9bedc4] #39 /usr/local/samba/lib/libsmbconf.so.0(+0x46090) [0x7f9cbd9bf090] #40 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172] #41 /usr/local/samba/sbin/smbd(+0xad74) [0x7f9cbfa92d74] #42 /usr/local/samba/sbin/smbd(main+0x1753) [0x7f9cbfa94618] #43 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f9cbc1feea5] #44 /usr/local/samba/sbin/smbd(+0x5809) [0x7f9cbfa8d809] [2013/10/17 11:15:58.054679, 0] ../source3/lib/util.c:797(smb_panic_s3) smb_panic(): calling panic action [/home/semenko/panic-action 19222] I'll rebuild debug and send a GDB backtrace if it crashes again.
Ok, I think I know what this might be. Weird that autobuild does not catch this...
Hmm. Okay. I was wrong. I don't understand what the problem is. If you hit this again, can you get us the output of p *d->share_modes@2 if possible? This is an additional check that was not there so far, and I need to understand the circumstances when this happens.
Got it reproduced. Expect a fix soon...
Created attachment 9305 [details] Patch The attached patch fixes my reproducer. It has not seen a full autobuild, but survives the oplock related tests including the repro. Can you apply that and see if you still have problems? Thanks, Volker
(In reply to comment #4) > Created attachment 9305 [details] > Patch > > The attached patch fixes my reproducer. It has not seen a full autobuild, but > survives the oplock related tests including the repro. Can you apply that and > see if you still have problems? > > Thanks, > > Volker Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday (but not a lot of active users today).
(In reply to comment #5) > Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday > (but not a lot of active users today). The patch didn't seem to want to apply to my ~master, so I'm still running the unpatched version. Either way, probably not great for testing -- there aren't many users around to trigger the crash on the weekend.
For me the patch applied cleanly to both 556f66b metze@samba.org auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds() and also to 28cdd1c vl@samba.org winbind3: Fix CID 1107229 Uninitialized pointer read which is the current master for me. What are you running on?
BTW, I applied with "git am -3"
(In reply to comment #8) > BTW, I applied with "git am -3" Ah, cool. That worked -- thanks! Applied to current head, > winbind3: Fix CID 1107229 Uninitialized pointer read I'll let you know if I see the panic again tomorrow.
(In reply to comment #9) > I'll let you know if I see the panic again tomorrow. Seems to be running smoothly so far. I'll let you know if that panic happens again, but so far, seems to have fixed it! :)
It's in master now. Please re-open if it happens to you again. Thanks a lot for running production on bleeding edge! Volker