Created attachment 9547 [details] Work-in-progress. Found by Joonas Kuorilehto <joneskoo@codenomicon.com>. This is because we don't cancel the outstanding notify (or lock) requests, either would cause the crash - before removing the outstanding session data, so when we try and sign the notify requests afterwards smbd crashes. Fix is to make sessionlogoff and tdis async, and cancel any outstanding requests before replying. Attached is a prototype patch for the issue on sessionlogoff, along with a test case. Needs expanding to cover async tdis, but I'm attaching here so I don't lose the patch. Jeremy.
Created attachment 9619 [details] WIP-part2
Created attachment 9620 [details] WIP-part3 Nearly finished, just need to add a torture test for the notify+tcon.
Created attachment 9736 [details] git-am fix for master Full fix I'm trying to get into master :-).
Created attachment 9761 [details] Replacement fix after metze gave it a going-over :-).
Created attachment 9770 [details] Proposed patch for master
Created attachment 9772 [details] Backport of master patchset to 4.1.x
Created attachment 9773 [details] Backport of master patchset to 4.0.x
Comment on attachment 9773 [details] Backport of master patchset to 4.0.x lib/smbd_tevent_queue.o isn't added to Makefile.in
Created attachment 9780 [details] git-am patch for 4.0.x. Backport from master. Contains Makefile.in fix Metze requested.
(In reply to comment #9) > Created attachment 9780 [details] > git-am patch for 4.0.x. Backport from master. > > Contains Makefile.in fix Metze requested. Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Comment on attachment 9772 [details] Backport of master patchset to 4.1.x source3/lib/smbd_tevent_queue.c should only include <tevent.h> the internal headers are not required
Comment on attachment 9780 [details] git-am patch for 4.0.x. Backport from master. source3/lib/smbd_tevent_queue.c should only include <tevent.h> the internal headers are not required
Created attachment 9815 [details] git-am 4.0.x patchset containing metze's change.
Created attachment 9816 [details] git-am 4.1.x patchset containing metze's change.
Comment on attachment 9815 [details] git-am 4.0.x patchset containing metze's change. <tevent.h> not "tevent.h" please, we may use the system header
Comment on attachment 9816 [details] git-am 4.1.x patchset containing metze's change. <tevent.h> not "tevent.h" please, we may use the system header
Created attachment 9817 [details] git-am 4.0.x patchset. Done.
Created attachment 9818 [details] git-am 4.1.x patchset Done.
Comment on attachment 9817 [details] git-am 4.0.x patchset. Looks good, thanks!
Comment on attachment 9818 [details] git-am 4.1.x patchset Looks good, thanks!
Pushed new patchsets to autobuilds.
Pushed to v4-0-test and v4-1-test. Closing out bug report. Thanks!
Karolin, please revert fc185a5f4cb34f4a2488eb336844c32812f930e7 in v4-0-test, this somehow went in twice. 87a02403ee4fcc404dc3b887a851c421660cb4d8 is the first commit. It's not a real problem to have the same check twice, but it's a bit confusing and may generate problems with future backports.
(In reply to comment #23) > Karolin, please revert fc185a5f4cb34f4a2488eb336844c32812f930e7 in v4-0-test, > this somehow went in twice. 87a02403ee4fcc404dc3b887a851c421660cb4d8 is the > first commit. > > It's not a real problem to have the same check twice, but it's a bit confusing > and may generate problems with future backports. Pushed to autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!
The patches on bug #13796 are related...