Created attachment 10001 [details] Patch for 4.0 series We had this problem on a 4.0.15 server: --- stack trace --- #0 0x00007f84ad94d425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x00007f84ad950b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #2 0x00007f84aeed613b in dump_core () at ../source3/lib/dumpcore.c:336 called = true __FUNCTION__ = "dump_core" #3 0x00007f84aeec8149 in smb_panic_s3 (why=<optimized out>) at ../source3/lib/util.c:833 cmd = <optimized out> result = <optimized out> __FUNCTION__ = "smb_panic_s3" #4 0x00007f84b0c013ef in smb_panic (why=0x7f84b0c0cfb0 "Frame not freed in order.") at ../lib/util/fault.c:159 No locals. #5 0x00007f84b0bf5f35 in talloc_pop (frame=0x7f84b3bc0a80) at ../lib/util/talloc_stack.c:106 ts = <optimized out> i = <optimized out> __FUNCTION__ = "talloc_pop" #6 0x00007f84b00dd041 in _talloc_free_internal (location=<optimized out>, ptr=<optimized out>) at ../lib/talloc/talloc.c:831 d = 0x7f84b0bf5e50 <talloc_pop> #7 _talloc_free (ptr=0x7f84b3bc0a80, location=0x7f84b0525ff8 "../source3/smbd/posix_acls.c:3562") at ../lib/talloc/talloc.c:1371 No locals. #8 0x00007f84b03ed7d0 in posix_get_nt_acl (conn=<optimized out>, name=0x7f84b2e18c20 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}/Machine", security_info=15, mem_ctx=0x7f84b3bbf9b0, ppdesc=0x7fffe81ac2f8) at ../source3/smbd/posix_acls.c:3562 posix_acl = 0x7f84b3bc0ad0 def_acl = 0x7f84b3bc0c40 pal = 0x0 smb_fname = {base_name = 0x7f84b2e18c20 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}/Machine", stream_name = 0x0, original_lcomp = 0x0, st = {st_ex_dev = 2050, st_ex_ino = 661521, st_ex_mode = 16888, st_ex_nlink = 2, st_ex_uid = 50500, st_ex_gid = 1901, st_ex_rdev = 0, st_ex_size = 0, st_ex_atime = {tv_sec = 1400063567, tv_nsec = 410543744}, st_ex_mtime = {tv_sec = 1400061209, tv_nsec = 750762172}, st_ex_ctime = {tv_sec = 1400063539, tv_nsec = 332944513}, st_ex_btime = {tv_sec = 1400061209, tv_nsec = 750762172}, st_ex_calculated_birthtime = true, st_ex_blksize = 4096, st_ex_blocks = 16, st_ex_flags = 0, st_ex_mask = 0, vfs_private = 0}} ret = <optimized out> frame = 0x7f84b3bc0a80 status = <optimized out> __FUNCTION__ = "posix_get_nt_acl" #9 0x00007f84b04b6c3d in vfswrap_get_nt_acl (handle=<optimized out>, name=<optimized out>, security_info=<optimized out>, mem_ctx=<optimized out>, ppdesc=<optimized out>) at ../source3/modules/vfs_default.c:2080 result = {v = 0} #10 0x00007f84b03e61ed in smb_vfs_call_get_nt_acl (handle=<optimized out>, name=<optimized out>, security_info=<optimized out>, mem_ctx=<optimized out>, ppdesc=<optimized out>) at ../source3/smbd/vfs.c:2205 No locals. #11 0x00007f8492396252 in get_nt_acl_internal (handle=0x7f84b3f0dbb0, fsp=0x0, name=0x7f84b2e18c20 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}/Machine", security_info=7, mem_ctx=0x7f84b3bbf9b0, ppdesc=0x7fffe81ac410) at ../source3/modules/vfs_acl_common.c:322 blob = {data = 0x0, length = 0} status = <optimized out> hash_type = 0 hash = "\220\220\250\262\204\177\000\000c\315\r\260\204\177\000\000\000\000\000\000\000\000\000\000@\t\274\263\204\177\000\000\300\004\334\263\204\177\000\000\300\265\341\260\204\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000" hash_tmp = "\bD\251\262\204\177\000\000\301UF\260\204\177\000\000\320\071'\263\204\177\000\000\004\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\060", '\000' <repeats 15 times>, "2@\241\253\204\177\000" psd = 0x0 pdesc_next = 0x7f84b32f43d0 ignore_file_system_acl = false __FUNCTION__ = "get_nt_acl_internal" #12 0x00007f84923969a6 in get_nt_acl_common (handle=<optimized out>, name=<optimized out>, security_info=<optimized out>, mem_ctx=<optimized out>, ppdesc=<optimized out>) at ../source3/modules/vfs_acl_common.c:517 No locals. #13 0x00007f84b03e61ed in smb_vfs_call_get_nt_acl (handle=<optimized out>, name=<optimized out>, security_info=<optimized out>, mem_ctx=<optimized out>, ppdesc=<optimized out>) at ../source3/smbd/vfs.c:2205 No locals. #14 0x00007f84b03d4cfd in smbd_check_access_rights (conn=0x7f84b324d900, smb_fname=0x7f84b2a943f0, access_mask=131072) at ../source3/smbd/open.c:117 status = <optimized out> sd = 0x0 rejected_share_access = 0 rejected_mask = 131072 do_not_check_mask = 0 __FUNCTION__ = "smbd_check_access_rights" #15 0x00007f84b03d8e74 in open_file (p_file_created=<synthetic pointer>, open_access_mask=131072, access_mask=131072, unx_mode=420, flags=<optimized out>, parent_dir=0x7f84b3bc0240 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}", req=0x7f84b3bbfb50, conn=0x7f84b324d900, fsp=0x7f84b3dc04c0) at ../source3/smbd/open.c:904 status = {v = 0} local_flags = <optimized out> smb_fname = 0x7f84b2a943f0 accmode = <optimized out> file_existed = true #16 open_file_ntcreate (conn=0x7f84b324d900, req=0x7f84b3bbfb50, access_mask=131072, share_access=3, create_disposition=1, create_options=0, new_dos_attributes=0, oplock_request=0, private_flags=0, pinfo=0x7fffe81ac818, fsp=0x7f84b3dc04c0) at ../source3/smbd/open.c:2479 smb_fname = 0x7f84b2a943f0 flags = 2 flags2 = 0 file_existed = true def_acl = false posix_open = false new_file_created = false fsp_open = {v = 3221225506} new_unx_mode = 0 unx_mode = 420 info = <optimized out> existing_dos_attributes = 16 request_time = {tv_sec = 1400230559, tv_usec = 856737} lck = <optimized out> open_access_mask = 131072 status = <optimized out> parent_dir = 0x7f84b3bc0240 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}" saved_stat = {st_ex_dev = 2050, st_ex_ino = 661521, st_ex_mode = 16888, st_ex_nlink = 2, st_ex_uid = 50500, st_ex_gid = 1901, st_ex_rdev = 0, st_ex_size = 0, st_ex_atime = {tv_sec = 1400063567, tv_nsec = 410543744}, st_ex_mtime = {tv_sec = 1400061209, tv_nsec = 750762172}, st_ex_ctime = {tv_sec = 1400063539, tv_nsec = 332944513}, st_ex_btime = {tv_sec = 1400061209, tv_nsec = 750762172}, st_ex_calculated_birthtime = true, st_ex_blksize = 4096, st_ex_blocks = 16, st_ex_flags = 0, st_ex_mask = 0, vfs_private = 0} __FUNCTION__ = "open_file_ntcreate" #17 0x00007f84b03db433 in create_file_unixpath (conn=0x7f84b324d900, req=0x7f84b3bbfb50, smb_fname=0x7f84b3bbfe50, access_mask=131072, share_access=<optimized out>, create_disposition=<optimized out>, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffe81ac8c8, pinfo=0x7fffe81ac8dc) at ../source3/smbd/open.c:3897 info = 1 base_fsp = 0x0 fsp = 0x7f84b3dc04c0 status = <optimized out> __FUNCTION__ = "create_file_unixpath" #18 0x00007f84b03dc52c in create_file_default (conn=0x7f84b324d900, req=0x7f84b3bbfb50, root_dir_fid=<optimized out>, smb_fname=0x7f84b3bbfe50, access_mask=131072, share_access=3, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffe81acb08, pinfo=0x7fffe81acb24) at ../source3/smbd/open.c:4293 info = 1 fsp = 0x0 status = <optimized out> stream_name = <optimized out> __FUNCTION__ = "create_file_default" #19 0x00007f84b04b80cb in vfswrap_create_file (handle=<optimized out>, req=<optimized out>, root_dir_fid=<optimized out>, smb_fname=<optimized out>, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffe81acb08, pinfo=0x7fffe81acb24) at ../source3/modules/vfs_default.c:511 No locals. #20 0x00007f84b03e3235 in smb_vfs_call_create_file (handle=<optimized out>, req=<optimized out>, root_dir_fid=<optimized out>, smb_fname=<optimized out>, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffe81acb08, pinfo=0x7fffe81acb24) at ../source3/smbd/vfs.c:1551 No locals. #21 0x00007f84b039f205 in reply_ntcreate_and_X (req=0x7f84b3bbfb50) at ../source3/smbd/nttrans.c:565 conn = 0x7f84b324d900 smb_fname = 0x7f84b3bbfe50 fname = 0x7f84b3bbfc60 "xxxxxx.xxxx/Policies/{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}/Machine" flags = <optimized out> file_attributes = 0 root_dir_fid = 0 fattr = 0 file_len = 0 info = 0 fsp = 0x0 p = 0x0 create_timespec = {tv_sec = 140207920841004, tv_nsec = 8} c_timespec = {tv_sec = 140207920840960, tv_nsec = 140207869529989} a_timespec = {tv_sec = 140207884419150, tv_nsec = 140207932891120} m_timespec = {tv_sec = 140737087458200, tv_nsec = 140207782940132} write_time_ts = {tv_sec = 140737087458096, tv_nsec = 4} status = {v = 0} oplock_request = 0 oplock_granted = 0 '\000' case_state = 0x0 ctx = 0x7f84b3bbf9b0 __FUNCTION__ = "reply_ntcreate_and_X" #22 0x00007f84b03f550c in switch_message (type=162 '\242', req=0x7f84b3bbfb50) at ../source3/smbd/process.c:1556 flags = 9 session_tag = <optimized out> conn = 0x7f84b324d900 sconn = <optimized out> now = 130447041598565310 session = 0x7f84b41d4470 status = <optimized out> __FUNCTION__ = "switch_message" #23 0x00007f84b03f65f4 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=228, inbuf=0x0, sconn=0x7f84b3e51230) at ../source3/smbd/process.c:1592 conn = <optimized out> req = 0x7f84b3bbfb50 #24 process_smb (sconn=0x7f84b3e51230, inbuf=<optimized out>, nread=228, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1843 msg_type = 0 __FUNCTION__ = "process_smb" #25 0x00007f84b03f6a61 in smbd_server_connection_read_handler (sconn=0x7f84b3e51230, fd=9) at ../source3/smbd/process.c:2432 inbuf = 0x7f84b3bbfa10 "" inbuf_len = 228 unread_bytes = 0 encrypted = <optimized out> mem_ctx = 0x7f84b3bbf9b0 status = <optimized out> seqnum = 0 from_client = <optimized out> __FUNCTION__ = "smbd_server_connection_read_handler" #26 0x00007f84aeede864 in run_events_poll (num_pfds=3, pfds=0x7f84b31f0fc0, ev=0x7f84b2a8c4c0, pollrtn=<optimized out>) at ../source3/lib/events.c:257 pfd = <optimized out> flags = <optimized out> state = <optimized out> fde = 0x7f84b3c81c60 pollfd_idx = 0x7f84b436cb00 #27 run_events_poll (ev=0x7f84b2a8c4c0, pollrtn=<optimized out>, pfds=0x7f84b31f0fc0, num_pfds=3) at ../source3/lib/events.c:179 No locals. #28 0x00007f84aeede9b8 in s3_event_loop_once (ev=0x7f84b2a8c4c0, location=<optimized out>) at ../source3/lib/events.c:326 state = 0x7f84b2a8d660 timeout = 59737 num_pfds = 3 ret = 1 poll_errno = 0 #29 0x00007f84af1234bd in _tevent_loop_once (ev=0x7f84b2a8c4c0, location=0x7f84b052b458 "../source3/smbd/process.c:3624") at ../lib/tevent/tevent.c:530 ret = <optimized out> nesting_stack_ptr = 0x0 #30 0x00007f84b03f7da3 in smbd_process (ev_ctx=0x7f84b2a8c4c0, msg_ctx=<optimized out>, sock_fd=<optimized out>, interactive=false) at ../source3/smbd/process.c:3624 frame = 0x7f84b3bbf9b0 conn = <optimized out> sconn = <optimized out> ss = {ss_family = 2, __ss_align = 0, __ss_padding = "\000\000\000\000\000\000\000\000\256\306\034\367s\225\237\320\000\340%\261\204\177\000\000tw\004\261\204\177\000\000\001\000\000\000\204\177\000\000\000\000\000\000\000\000\000\000\220\364/\260\204\177\000\000\240\305\250\262\204\177\000\000\001", '\000' <repeats 15 times>, "\t\000\000\000\000\000\000\000\300\304\250\262\204\177\000\000\240\305\250\262\204\177\000\000\065\342\004\261\204\177\000"} sa = 0x7fffe81acea0 sa_socklen = <optimized out> local_address = 0x7f84b2d33a80 remote_address = 0x7f84b33d9c20 locaddr = <optimized out> remaddr = <optimized out> rhost = 0x0 ret = <optimized out> __FUNCTION__ = "smbd_process" #31 0x00007f84b1267a94 in smbd_accept_connection (ev=0x7f84b2a8c4c0, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../source3/smbd/server.c:621 status = {v = 0} s = 0x0 msg_ctx = 0x7f84b2a8c5a0 addr = {ss_family = 2, __ss_align = 0, __ss_padding = "\260\317\032\350\377\177\000\000\345\267\037\350\377\177\000\000\360\317\032\350\377\177\000\000\360\317\032\350\377\177\000\000\320\317\032\350\377\177\000\000\033\272\037\350\377\177\000\000\001\000\000\000\000\000\000\000`\326\250\262\204\177\000\000\300\017\037\263\204\177\000\000\001\210\277\260\204\177\000\000\300\304\250\262\204\177\000\000ju\022\257\204\177\000\000*\000\000\000\000\000\000\000\bx\016\000\000\000\000"} in_addrlen = 16 fd = 9 pid = 0 unique_id = 15032898406485640878 __FUNCTION__ = "smbd_accept_connection" #32 0x00007f84aeede864 in run_events_poll (num_pfds=8, pfds=0x7f84b31f0fc0, ev=0x7f84b2a8c4c0, pollrtn=<optimized out>) at ../source3/lib/events.c:257 pfd = <optimized out> flags = <optimized out> state = <optimized out> fde = 0x7f84b3be4c70 pollfd_idx = 0x7f84b436cb00 #33 run_events_poll (ev=0x7f84b2a8c4c0, pollrtn=<optimized out>, pfds=0x7f84b31f0fc0, num_pfds=8) at ../source3/lib/events.c:179 No locals. #34 0x00007f84aeede9b8 in s3_event_loop_once (ev=0x7f84b2a8c4c0, location=<optimized out>) at ../source3/lib/events.c:326 state = 0x7f84b2a8d660 timeout = 42949 num_pfds = 8 ret = 1 poll_errno = 4 #35 0x00007f84af1234bd in _tevent_loop_once (ev=0x7f84b2a8c4c0, location=0x7f84b126a9f9 "../source3/smbd/server.c:946") at ../lib/tevent/tevent.c:530 ret = <optimized out> nesting_stack_ptr = 0x0 #36 0x00007f84b1264a04 in smbd_parent_loop (ev_ctx=0x7f84b2a8c4c0, parent=<optimized out>) at ../source3/smbd/server.c:946 ret = <optimized out> frame = 0x7f84b2a94540 #37 main (argc=<optimized out>, argv=<optimized out>) at ../source3/smbd/server.c:1580 is_daemon = <optimized out> interactive = <optimized out> Fork = false no_process_group = <optimized out> log_stdout = <optimized out> ports = 0x0 profile_level = 0x0 opt = <optimized out> pc = <optimized out> print_build_options = 160 long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f84ae0e9160, val = 0, descrip = 0x7f84b126a340 "Help options:", argDescrip = 0x0}, {longName = 0x7f84b126a34e "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x7f84b126a355 "Become a daemon (default)", argDescrip = 0x0}, {longName = 0x7f84b126a36f "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x7f84b126aec8 "Run interactive (not a daemon)", argDescrip = 0x0}, {longName = 0x7f84b126a37b "foreground", shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip = 0x7f84b126aee8 "Run daemon in foreground (for daemontools, etc.)", argDescrip = 0x0}, {longName = 0x7f84b126a386 "no-process-group", shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, descrip = 0x7f84b126af20 "Don't create a new process group", argDescrip = 0x0}, {longName = 0x7f84b126a397 "log-stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip = 0x7f84b126a3a2 "Log to stdout", argDescrip = 0x0}, {longName = 0x7f84b126a3b0 "build-options", shortName = 98 'b', argInfo = 0, arg = 0x0, val = 98, descrip = 0x7f84b126a3be "Print build options", argDescrip = 0x0}, {longName = 0x7f84b126a3d2 "port", shortName = 112 'p', argInfo = 1, arg = 0x7fffe81ad4b0, val = 0, descrip = 0x7f84b126a3d7 "Listen on the specified ports", argDescrip = 0x0}, {longName = 0x7f84b126a3f5 "profiling-level", shortName = 80 'P', argInfo = 1, arg = 0x7fffe81ad4b8, val = 0, descrip = 0x7f84b126a405 "Set profiling level", argDescrip = 0x7f84b126a419 "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f84af75a6c0, val = 0, descrip = 0x7f84b126a427 "Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f84af759aa0, val = 0, descrip = 0x7f84b126af48 "Build-time configuration overrides:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} parent = 0x7f84b2a966c0 frame = <optimized out> status = <optimized out> ev_ctx = 0x7f84b2a8c4c0 msg_ctx = 0x7f84b2a8c5a0 server_id = {pid = 3695, task_id = 0, vnn = 4294967295, unique_id = 17005057046957569223} se = <optimized out> np_dir = <optimized out> smbd_shim_fns = {cancel_pending_lock_requests_by_fid = 0x7f84b03e1380 <smbd_cancel_pending_lock_requests_by_fid>, send_stat_cache_delete_message = 0x7f84b03e7340 <smbd_send_stat_cache_delete_message>, change_to_root_user = 0x7f84b03cf870 <smbd_change_to_root_user>, contend_level2_oplocks_begin = 0x7f84b042fe40 <smbd_contend_level2_oplocks_begin>, contend_level2_oplocks_end = 0x7f84b0430010 <smbd_contend_level2_oplocks_end>, become_root = 0x7f84b03cf950 <smbd_become_root>, unbecome_root = 0x7f84b03cf980 <smbd_unbecome_root>, exit_server = 0x7f84b0428c40 <smbd_exit_server>, exit_server_cleanly = 0x7f84b0428c60 <smbd_exit_server_cleanly>} __FUNCTION__ = "main" The attached patch solved the issue.
Created attachment 10002 [details] Patch for 4.1 series
Andrew, you reviewed this for master. Do you think it is worthwhile to put into 4.0 and 4.1? I'd have thought that this panic only occurs in DEVELOPER mode, something which we do not recommend for production necessarily.
Created attachment 10006 [details] 4.1 patch cherry-picked from master This patch has the cherry-pick tags. It's good for 4.0 as well, but attachment #10001 [details] has an additional hunk, not needed in master. As to fixing this for a developer-only bug, it seems best to fix it, as users debugging stuff may enable developer mode, and adding 'new' bugs might make that harder. Presumably a real-world situation started this.
Both these look good to me - if you want to reassign to Karolin for inclusion in 4.0.next/4.1.next. Jeremy.
(In reply to comment #4) > Both these look good to me - if you want to reassign to Karolin for inclusion > in 4.0.next/4.1.next. > > Jeremy. Thanks. I just need to re-work the 4.0 patch to be the cherry-picked patch and the additional hunk as a new patch.
Comment on attachment 10006 [details] 4.1 patch cherry-picked from master +1
(In reply to comment #6) > Comment on attachment 10006 [details] > 4.1 patch cherry-picked from master > > +1 Kamen, to review a patch in bugzilla, click on the 'Details' link on the attachment and change the '?' to '+' in the button by your name. That will change the review? to review+ in the normal bug view. Cheers ! Jeremy.