Bug 10216 - PANIC validate_oplock_types failed
Summary: PANIC validate_oplock_types failed
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.0.10
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-17 16:31 UTC by Nick Semenkovich
Modified: 2013-10-23 15:08 UTC (History)
1 user (show)

See Also:

Attachments
smb.conf (928 bytes, text/plain)
2013-10-17 16:31 UTC, Nick Semenkovich 		no flags Details
Patch (2.37 KB, patch)
2013-10-18 15:10 UTC, Volker Lendecke 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Semenkovich 2013-10-17 16:31:10 UTC 
Created attachment 9301 [details]
smb.conf

Built from the latest git version:
> auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()


I've seen two PANICs this morning, on a domain with only Windows 8 clients. Users have folder redirection to the samba server.

Both crashes start with:

[2013/10/17 11:05:22.396088,  1] ../source3/smbd/open.c:1300(validate_oplock_types)
  got batch (1) or ex (1) non-exclusively (2)
[2013/10/17 11:05:22.396129,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 19128): validate_oplock_types failed


One with backtrace;

[2013/10/17 11:15:58.051522,  2] ../source3/smbd/open.c:932(open_file)
  CORP\laurie opened file laurie/AppData/Roaming/Microsoft/Office/Recent/index.dat read=Yes write=No (numopen=14)
[2013/10/17 11:15:58.051630,  1] ../source3/smbd/open.c:1300(validate_oplock_types)
  got batch (1) or ex (1) non-exclusively (2)
[2013/10/17 11:15:58.051673,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 19222): validate_oplock_types failed
[2013/10/17 11:15:58.053124,  0] ../source3/lib/util.c:896(log_stack_trace)
  BACKTRACE: 45 stack frames:
   #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f9cbd99dc9e]
   #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6c) [0x7f9cbd99daf1]
   #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f9cbf426c7d]
   #3 /usr/local/samba/lib/private/libsmbd_base.so(+0x1331da) [0x7f9cbef8c1da]
   #4 /usr/local/samba/lib/private/libsmbd_base.so(+0x13686b) [0x7f9cbef8f86b]
   #5 /usr/local/samba/lib/private/libsmbd_base.so(create_file_default+0x2df) [0x7f9cbef9035e]
   #6 /usr/local/samba/lib/private/libsmbd_base.so(+0x264156) [0x7f9cbf0bd156]
   #7 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_create_file+0xc8) [0x7f9cbef9c60c]
   #8 /usr/local/samba/lib/private/libsmbd_base.so(+0x18b594) [0x7f9cbefe4594]
   #9 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_process_create+0x794) [0x7f9cbefe1c6e]
   #10 /usr/local/samba/lib/private/libsmbd_base.so(smbd_smb2_request_dispatch+0xf4b) [0x7f9cbefd8833]
   #11 /usr/local/samba/lib/private/libsmbd_base.so(+0x1829a8) [0x7f9cbefdb9a8]
   #12 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #13 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #14 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #15 /usr/local/samba/lib/private/libsmbd_base.so(+0x182402) [0x7f9cbefdb402]
   #16 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #17 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #19 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc39f) [0x7f9cbd76b39f]
   #20 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #21 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #23 /usr/local/samba/lib/private/libsamba-sockets.so(+0xbe89) [0x7f9cbd76ae89]
   #24 /usr/local/samba/lib/private/libsamba-sockets.so(+0xc0b4) [0x7f9cbd76b0b4]
   #25 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #26 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7f9cbec4cb59]
   #28 /usr/local/samba/lib/private/libsamba-sockets.so(+0xb3e7) [0x7f9cbd76a3e7]
   #29 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7f9cbec4cb00]
   #30 /usr/local/samba/lib/private/libtevent.so.0(+0x5b32) [0x7f9cbec4cb32]
   #31 /usr/local/samba/lib/private/libtevent.so.0(+0x5c50) [0x7f9cbec4cc50]
   #32 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_immediate+0x1f5) [0x7f9cbec4c038]
   #33 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x56) [0x7f9cbd9be8bb]
   #34 /usr/local/samba/lib/libsmbconf.so.0(+0x45f7f) [0x7f9cbd9bef7f]
   #35 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172]
   #36 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x12ef) [0x7f9cbefb8dc4]
   #37 /usr/local/samba/sbin/smbd(+0xa10a) [0x7f9cbfa9210a]
   #38 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x55f) [0x7f9cbd9bedc4]
   #39 /usr/local/samba/lib/libsmbconf.so.0(+0x46090) [0x7f9cbd9bf090]
   #40 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7f9cbec4b172]
   #41 /usr/local/samba/sbin/smbd(+0xad74) [0x7f9cbfa92d74]
   #42 /usr/local/samba/sbin/smbd(main+0x1753) [0x7f9cbfa94618]
   #43 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f9cbc1feea5]
   #44 /usr/local/samba/sbin/smbd(+0x5809) [0x7f9cbfa8d809]
[2013/10/17 11:15:58.054679,  0] ../source3/lib/util.c:797(smb_panic_s3)
  smb_panic(): calling panic action [/home/semenko/panic-action 19222]


I'll rebuild debug and send a GDB backtrace if it crashes again.
Comment 1 Volker Lendecke 2013-10-17 17:42:51 UTC 
Ok, I think I know what this might be. Weird that autobuild does not catch this...
Comment 2 Volker Lendecke 2013-10-17 19:26:13 UTC 
Hmm. Okay. I was wrong. I don't understand what the problem is. If you hit this again, can you get us the output of

p *d->share_modes@2

if possible?

This is an additional check that was not there so far, and I need to understand the circumstances when this happens.
Comment 3 Volker Lendecke 2013-10-18 11:39:20 UTC 
Got it reproduced. Expect a fix soon...
Comment 4 Volker Lendecke 2013-10-18 15:10:28 UTC 
Created attachment 9305 [details]
Patch

The attached patch fixes my reproducer. It has not seen a full autobuild, but survives the oplock related tests including the repro. Can you apply that and see if you still have problems?

Thanks,

Volker
Comment 5 Nick Semenkovich 2013-10-18 16:00:10 UTC 
(In reply to comment #4)
> Created attachment 9305 [details]
> Patch
> 
> The attached patch fixes my reproducer. It has not seen a full autobuild, but
> survives the oplock related tests including the repro. Can you apply that and
> see if you still have problems?
> 
> Thanks,
> 
> Volker

Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday (but not a lot of active users today).
Comment 6 Nick Semenkovich 2013-10-19 15:19:47 UTC 
(In reply to comment #5)
> Thanks! I'll test it in a few. Haven't seen any crashes yet since yesterday
> (but not a lot of active users today).

The patch didn't seem to want to apply to my ~master, so I'm still running the unpatched version. Either way, probably not great for testing -- there aren't many users around to trigger the crash on the weekend.
Comment 7 Volker Lendecke 2013-10-20 08:19:18 UTC 
For me the patch applied cleanly to both

556f66b metze@samba.org auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()

and also to

28cdd1c vl@samba.org winbind3: Fix CID 1107229 Uninitialized pointer read

which is the current master for me. What are you running on?
Comment 8 Volker Lendecke 2013-10-20 08:19:33 UTC 
BTW, I applied with "git am -3"
Comment 9 Nick Semenkovich 2013-10-20 22:25:58 UTC 
(In reply to comment #8)
> BTW, I applied with "git am -3"

Ah, cool. That worked -- thanks!

Applied to current head, > winbind3: Fix CID 1107229 Uninitialized pointer read

I'll let you know if I see the panic again tomorrow.
Comment 10 Nick Semenkovich 2013-10-21 18:09:23 UTC 
(In reply to comment #9)
> I'll let you know if I see the panic again tomorrow.

Seems to be running smoothly so far. I'll let you know if that panic happens again, but so far, seems to have fixed it! :)
Comment 11 Volker Lendecke 2013-10-23 15:08:40 UTC 
It's in master now. Please re-open if it happens to you again.

Thanks a lot for running production on bleeding edge!

Volker