10498 – segfault at ../source3/smbd/open.c:1625 defer_open_done

Bug 10498 - segfault at ../source3/smbd/open.c:1625 defer_open_done

Summary: segfault at ../source3/smbd/open.c:1625 defer_open_done

Status:	RESOLVED DUPLICATE of bug 10593

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-14 19:04 UTC by Nick Semenkovich
Modified:	2014-10-13 10:52 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Semenkovich 2014-03-14 19:04:04 UTC

This is happening on yesterday's git build, so it's likely not a duplicate of bug #10284

commit 3632c59e250396b3974bccf7ad74cbe5c84fdba3
Author: Stefan Metzmacher <metze@samba.org>
Date:   Wed Mar 12 15:12:42 2014 +0100

    selftest/subunithelper.py: correctly pass testsuite-uxsuccess to end_testsuite()

    Signed-off-by: Stefan Metzmacher <metze@samba.org>
    Reviewed-by: Jeremy Allison <jra@samba.org>

    Autobuild-User(master): Jeremy Allison <jra@samba.org>
    Autobuild-Date(master): Thu Mar 13 23:49:36 CET 2014 on sn-devel-104


[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007ffbb84f146a in __libc_waitpid (pid=3723, stat_loc=stat_loc@entry=0x7fff460e2a80, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:31
#0  0x00007ffbb84f146a in __libc_waitpid (pid=3723, stat_loc=stat_loc@entry=0x7fff460e2a80, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:31
        resultvar = 18446744073709551104
        oldtype = <optimized out>
        result = <optimized out>
#1  0x00007ffbb8475fae in do_system (line=0x7ffbbef2cde0 "/home/semenko/panic-action 2670") at ../sysdeps/posix/system.c:148
        __result = <optimized out>
        _buffer = {__routine = 0x7ffbb8476260 <cancel_handler>, __arg = 0x7fff460e2a90, __canceltype = 0, __prev = 0x0}
        _avail = 1
        status = <optimized out>
        save = <optimized out>
        pid = 3723
        sa = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {65536, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x7ffbbef2cde0}
        omask = {__val = {6272, 140719164176848, 140734368721936, 140719208108576, 140734368725296, 0, 0, 140719157610390, 4294967040, 140719130027736, 140719157507584, 292087982760, 0, 206158430224, 140734368721952, 140719162032248}}
#2  0x00007ffbb9be0a0e in smb_panic_s3 (why=0x7ffbbb385354 "assert failed: ret") at ../source3/lib/util.c:798
        cmd = 0x7ffbbef2cde0 "/home/semenko/panic-action 2670"
        result = 32763
        __FUNCTION__ = "smb_panic_s3"
#3  0x00007ffbbb670d8c in smb_panic (why=0x7ffbbb385354 "assert failed: ret") at ../lib/util/fault.c:159
No locals.
#4  0x00007ffbbb1d5b58 in defer_open_done (req=0x0) at ../source3/smbd/open.c:1625
        state = 0x7ffbbefbee10
        status = {v = 0}
        ret = false
        __FUNCTION__ = "defer_open_done"
#5  0x00007ffbbae95f25 in _tevent_req_notify_callback (req=0x7ffbbf243880, location=0x7ffbb9c25390 "../source3/lib/dbwrap/dbwrap_watch.c:368") at ../lib/tevent/tevent_req.c:112
No locals.
#6  0x00007ffbbae95feb in tevent_req_finish (req=0x7ffbbf243880, state=TEVENT_REQ_DONE, location=0x7ffbb9c25390 "../source3/lib/dbwrap/dbwrap_watch.c:368") at ../lib/tevent/tevent_req.c:149
No locals.
#7  0x00007ffbbae96012 in _tevent_req_done (req=0x7ffbbf243880, location=0x7ffbb9c25390 "../source3/lib/dbwrap/dbwrap_watch.c:368") at ../lib/tevent/tevent_req.c:155
No locals.
#8  0x00007ffbb9be99a7 in dbwrap_record_watch_done (subreq=0x0) at ../source3/lib/dbwrap/dbwrap_watch.c:368
        req = 0x7ffbbf243880
        state = 0x7ffbbf243a10
        rec = 0x7ffbbe131f20
        ret = 0
#9  0x00007ffbbae95f25 in _tevent_req_notify_callback (req=0x7ffbbee7f980, location=0x7ffbb9c26927 "../source3/lib/messages.c:525") at ../lib/tevent/tevent_req.c:112
No locals.
#10 0x00007ffbbae95feb in tevent_req_finish (req=0x7ffbbee7f980, state=TEVENT_REQ_DONE, location=0x7ffbb9c26927 "../source3/lib/messages.c:525") at ../lib/tevent/tevent_req.c:149
No locals.
#11 0x00007ffbbae96012 in _tevent_req_done (req=0x7ffbbee7f980, location=0x7ffbb9c26927 "../source3/lib/messages.c:525") at ../lib/tevent/tevent_req.c:155
No locals.
#12 0x00007ffbb9bedccf in messaging_read_done (req=0x7ffbbee7f980, rec=0x7ffbbe9024f0) at ../source3/lib/messages.c:525
        state = 0x7ffbbee7fb10
#13 0x00007ffbb9bede57 in messaging_dispatch_rec (msg_ctx=0x7ffbbdac1490, rec=0x7ffbbe9024f0) at ../source3/lib/messages.c:571
        req = 0x7ffbbee7f980
        state = 0x7ffbbee7fb10
        cb = 0x0
        next = 0x0
        i = 1
#14 0x00007ffbb9bef531 in message_dispatch (msg_ctx=0x7ffbbdac1490) at ../source3/lib/messages_local.c:519
        ctx = 0x7ffbbdac2440
        msg_array = 0x7ffbbdd66aa0
        tdb = 0x7ffbbdac3750
        status = {v = 0}
        i = 0
        __FUNCTION__ = "message_dispatch"
#15 0x00007ffbb9bee157 in messaging_tdb_signal_handler (ev_ctx=0x7ffbbdac13a0, se=0x7ffbbe51cdc0, signum=10, count=1, _info=0x0, private_data=0x7ffbbdac2440) at ../source3/lib/messages_local.c:78
        ctx = 0x7ffbbdac2440
        __FUNCTION__ = "messaging_tdb_signal_handler"
#16 0x00007ffbbae99cb9 in tevent_common_check_signal (ev=0x7ffbbdac13a0) at ../lib/tevent/tevent_signal.c:444
        se = 0x7ffbbe51cdc0
        exists = 0x7ffbbdf0f0f0
        count = 1
        sl = 0x7ffbbf3b7cb0
        next = 0x0
        counter = {count = 4, seen = 3}
        clear_processed_siginfo = false
        i = 10
#17 0x00007ffbb9c00ba7 in run_events_poll (ev=0x7ffbbdac13a0, pollrtn=-1, pfds=0x7ffbbe67cb00, num_pfds=3) at ../source3/lib/events.c:187
        state = 0x7ffbbe2ad530
        pollfd_idx = 0x7fff460e3070
        fde = 0x7ffbbe67cb10
        __FUNCTION__ = "run_events_poll"
#18 0x00007ffbb9c01353 in s3_event_loop_once (ev=0x7ffbbdac13a0, location=0x7ffbbb393d18 "../source3/smbd/process.c:3732") at ../source3/lib/events.c:326
        state = 0x7ffbbdac2050
        timeout = 39244
        num_pfds = 3
        ret = -1
        poll_errno = 4
#19 0x00007ffbbae94453 in _tevent_loop_once (ev=0x7ffbbdac13a0, location=0x7ffbbb393d18 "../source3/smbd/process.c:3732") at ../lib/tevent/tevent.c:530
        ret = 32763
        nesting_stack_ptr = 0x0
#20 0x00007ffbbb204cc1 in smbd_process (ev_ctx=0x7ffbbdac13a0, msg_ctx=0x7ffbbdac1490, sock_fd=40, interactive=false) at ../source3/smbd/process.c:3732
        frame = 0x7ffbbef2cc40
        conn = 0x7ffbbe2ad530
        sconn = 0x7ffbbe678d00
        ss = {ss_family = 2, __ss_align = 0, __ss_padding = "\244\bu\202\255P\307\031I#¹\373\177\000\000\v\000\000\000\000\000\000\000\220\024\254\275\373\177\000\000\000\000\000\000\373\177\000\000\001\000\275\271\v\000\000\000\240\023\254\275\373\177\000\000\020ӫ\275\373\177\000\000p2\016F\377\177\000\000Y\000\276\271\373\177\000\000h#¹\373\177\000\000I#¹\373\177", '\000' <repeats 13 times>, "\024\001\177\000"}
        sa = 0x7fff460e31d0
        sa_socklen = 16
        local_address = 0x7ffbbf747fd0
        remote_address = 0x7ffbbe40e560
        locaddr = 0x7ffbbe636ca0 "0`\372\275\373\177"
        remaddr = 0x7ffbbe6b4d40 "/usr/local/samba/var/lock/dbwrap_watchers.tdb"
        rhost = 0x0
        ret = 0
        tmp = 16644
        __FUNCTION__ = "smbd_process"
#21 0x00007ffbbbcdce31 in smbd_accept_connection (ev=0x7ffbbdac13a0, fde=0x7ffbbe9fd460, flags=1, private_data=0x7ffbbeadebf0) at ../source3/smbd/server.c:647
        status = {v = 0}
        s = 0x0
        msg_ctx = 0x7ffbbdac1490
        addr = {ss_family = 2, __ss_align = 0, __ss_padding = '\000' <repeats 16 times>, "x^A\276\373\177\000\000\320\063\016F\377\177\000\000P3\016F\377\177\000\000\005Lf\273\373\177\000\000x^A\276\373\177\000\000\320\063\016F\377\177\000\000;\000\000\000\000\000\000\000\246;\017\000\000\000\000\000\360\063\016F\377\177\000\000T\v\300\271\373\177\000\000\352-#S\000\000\000\000\030\064\016F\377\177\000"}
        in_addrlen = 16
        fd = 40
        pid = 0
        unique_id = 1857542077461891236
        __FUNCTION__ = "smbd_accept_connection"
#22 0x00007ffbb9c010c7 in run_events_poll (ev=0x7ffbbdac13a0, pollrtn=1, pfds=0x7ffbbe67cb00, num_pfds=6) at ../source3/lib/events.c:257
        pfd = 0x7ffbbe67cb20
        flags = 1
        state = 0x7ffbbdac2050
        pollfd_idx = 0x7ffbbe4c2790
        fde = 0x7ffbbe9fd460
        __FUNCTION__ = "run_events_poll"
#23 0x00007ffbb9c01353 in s3_event_loop_once (ev=0x7ffbbdac13a0, location=0x7ffbbbce197e "../source3/smbd/server.c:973") at ../source3/lib/events.c:326
        state = 0x7ffbbdac2050
        timeout = 59999
        num_pfds = 6
        ret = 1
        poll_errno = 4
#24 0x00007ffbbae94453 in _tevent_loop_once (ev=0x7ffbbdac13a0, location=0x7ffbbbce197e "../source3/smbd/server.c:973") at ../lib/tevent/tevent.c:530
        ret = 32763
        nesting_stack_ptr = 0x0
#25 0x00007ffbbbcddae9 in smbd_parent_loop (ev_ctx=0x7ffbbdac13a0, parent=0x7ffbbdac79b0) at ../source3/smbd/server.c:973
        ret = 0
        frame = 0x7ffbbdac3de0
        __FUNCTION__ = "smbd_parent_loop"
#26 0x00007ffbbbcdf3bb in main (argc=4, argv=0x7fff460e3938) at ../source3/smbd/server.c:1612
        is_daemon = true
        interactive = false
        Fork = false
        no_process_group = false
        log_stdout = false
        ports = 0x0
        profile_level = 0x0
        opt = -1
        pc = 0x7ffbbdabdea0
        print_build_options = false
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7ffbb8a03220 <poptHelpOptions>, val = 0, descrip = 0x7ffbbbce1a49 "Help options:", argDescrip = 0x0}, {longName = 0x7ffbbbce1a57 "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x7ffbbbce1a5e "Become a daemon (default)", argDescrip = 0x0}, {longName = 0x7ffbbbce1a78 "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x7ffbbbce1a88 "Run interactive (not a daemon)", argDescrip = 0x0}, {longName = 0x7ffbbbce1aa7 "foreground", shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip = 0x7ffbbbce1ab8 "Run daemon in foreground (for daemontools, etc.)", argDescrip = 0x0}, {longName = 0x7ffbbbce1ae9 "no-process-group", shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, descrip = 0x7ffbbbce1b00 "Don't create a new process group", argDescrip = 0x0}, {longName = 0x7ffbbbce1b21 "log-stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip = 0x7ffbbbce1b2c "Log to stdout", argDescrip = 0x0}, {longName = 0x7ffbbbce1b3a "build-options", shortName = 98 'b', argInfo = 0, arg = 0x0, val = 98, descrip = 0x7ffbbbce1b48 "Print build options", argDescrip = 0x0}, {longName = 0x7ffbbbce1b5c "port", shortName = 112 'p', argInfo = 1, arg = 0x7fff460e3520, val = 0, descrip = 0x7ffbbbce1b61 "Listen on the specified ports", argDescrip = 0x0}, {longName = 0x7ffbbbce1b7f "profiling-level", shortName = 80 'P', argInfo = 1, arg = 0x7fff460e3528, val = 0, descrip = 0x7ffbbbce1b8f "Set profiling level", argDescrip = 0x7ffbbbce1ba3 "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7ffbba283300 <popt_common_samba>, val = 0, descrip = 0x7ffbbbce1bb1 "Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        parent = 0x7ffbbdac79b0
        frame = 0x7ffbbdabb1a0
        status = {v = 0}
        ev_ctx = 0x7ffbbdac13a0
        msg_ctx = 0x7ffbbdac1490
        server_id = {pid = 18866, task_id = 0, vnn = 4294967295, unique_id = 15677304971658638649}
        se = 0x7ffbbdac7c60
        np_dir = 0x7ffbbe67cb00 "\v"
        smbd_shim_fns = {cancel_pending_lock_requests_by_fid = 0x7ffbbb1e156c <smbd_cancel_pending_lock_requests_by_fid>, send_stat_cache_delete_message = 0x7ffbbb1ebd23 <smbd_send_stat_cache_delete_message>, change_to_root_user = 0x7ffbbb1cac2f <smbd_change_to_root_user>, become_authenticated_pipe_user = 0x7ffbbb1cace5 <smbd_become_authenticated_pipe_user>, unbecome_authenticated_pipe_user = 0x7ffbbb1cadd2 <smbd_unbecome_authenticated_pipe_user>, contend_level2_oplocks_begin = 0x7ffbbb25d41a <smbd_contend_level2_oplocks_begin>, contend_level2_oplocks_end = 0x7ffbbb25d48d <smbd_contend_level2_oplocks_end>, become_root = 0x7ffbbb1caff2 <smbd_become_root>, unbecome_root = 0x7ffbbb1cb01a <smbd_unbecome_root>, exit_server = 0x7ffbbb2527a3 <smbd_exit_server>, exit_server_cleanly = 0x7ffbbb2527c0 <smbd_exit_server_cleanly>}
        __FUNCTION__ = "main"
A debugging session is active.

Comment 1 Nick Semenkovich 2014-03-14 19:06:54 UTC

From the machine log:

[2014/03/14 11:29:44.553746,  2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$
[2014/03/14 11:30:10.574228,  0] ../source3/smbd/oplock.c:358(oplock_timeout_handler)
  Oplock break failed for file betsy/Documents/My Pictures/desktop.ini -- replying anyway
[2014/03/14 11:30:10.574451,  0] ../source3/smbd/open.c:1625(defer_open_done)
  PANIC: assert failed at ../source3/smbd/open.c(1625): ret
[2014/03/14 11:30:10.574524,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 2670): assert failed: ret
[2014/03/14 11:30:10.596787,  0] ../source3/lib/util.c:896(log_stack_trace)
  BACKTRACE: 28 stack frames:
   #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7ffbb9be0b08]
   #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7ffbb9be0953]
   #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7ffbbb670d8c]
   #3 /usr/local/samba/lib/private/libsmbd_base.so(+0x133b58) [0x7ffbbb1d5b58]
   #4 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7ffbbae95f25]
   #5 /usr/local/samba/lib/private/libtevent.so.0(+0x5feb) [0x7ffbbae95feb]
   #6 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7ffbbae96012]
   #7 /usr/local/samba/lib/libsmbconf.so.0(+0x2c9a7) [0x7ffbb9be99a7]
   #8 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_notify_callback+0x6a) [0x7ffbbae95f25]
   #9 /usr/local/samba/lib/private/libtevent.so.0(+0x5feb) [0x7ffbbae95feb]
   #10 /usr/local/samba/lib/private/libtevent.so.0(_tevent_req_done+0x25) [0x7ffbbae96012]
   #11 /usr/local/samba/lib/libsmbconf.so.0(+0x30ccf) [0x7ffbb9bedccf]
   #12 /usr/local/samba/lib/libsmbconf.so.0(messaging_dispatch_rec+0xff) [0x7ffbb9bede57]
   #13 /usr/local/samba/lib/libsmbconf.so.0(+0x32531) [0x7ffbb9bef531]
   #14 /usr/local/samba/lib/libsmbconf.so.0(+0x31157) [0x7ffbb9bee157]
   #15 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_check_signal+0x2a0) [0x7ffbbae99cb9]
   #16 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x2f) [0x7ffbb9c00ba7]
   #17 /usr/local/samba/lib/libsmbconf.so.0(+0x44353) [0x7ffbb9c01353]
   #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7ffbbae94453]
   #19 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x1304) [0x7ffbbb204cc1]
   #20 /usr/local/samba/sbin/smbd(+0xae31) [0x7ffbbbcdce31]
   #21 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x54f) [0x7ffbb9c010c7]
   #22 /usr/local/samba/lib/libsmbconf.so.0(+0x44353) [0x7ffbb9c01353]
   #23 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf4) [0x7ffbbae94453]
   #24 /usr/local/samba/sbin/smbd(+0xbae9) [0x7ffbbbcddae9]
   #25 /usr/local/samba/sbin/smbd(main+0x177e) [0x7ffbbbcdf3bb]
   #26 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ffbb8451de5]
   #27 /usr/local/samba/sbin/smbd(+0x5a99) [0x7ffbbbcd7a99]
[2014/03/14 11:30:10.597105,  0] ../source3/lib/util.c:797(smb_panic_s3)
  smb_panic(): calling panic action [/home/semenko/panic-action 2670]

Comment 2 Volker Lendecke 2014-06-24 06:52:09 UTC


*** This bug has been marked as a duplicate of bug 10593 ***