smbd panic with below stack (gdb) bt #0 0x0000000802d07ffc in thr_kill () from /lib/libc.so.7 #1 0x0000000802da358b in abort () from /lib/libc.so.7 #2 0x0000000000792361 in dump_core () at lib/fault.c:414 #3 0x00000000007a21ff in smb_panic (why=<optimized out>) at lib/util.c:1133 #4 0x000000000073f3d4 in share_mode_lock_destructor (lck=0x80377ef30) at locking/locking.c:911 #5 0x000000080286fe92 in _talloc_free_internal (ptr=0x80377ef30, location=0xa1bade "smbd/open.c:2893") at ../lib/talloc/talloc.c:826 #6 0x000000000050578b in open_directory (conn=0x803752850, req=0x80441fe80, smb_dname=0x80441ffe0, access_mask=1048704, share_access=7, create_disposition=<optimized out>, create_options=0, file_attributes=0, pinfo=0x7fffffffdc84, result=0x7fffffffdc68) at smbd/open.c:2893 #7 0x0000000000506209 in create_file_unixpath (conn=0x803752850, req=0x80441fe80, smb_fname=0x80441ffe0, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffdd38, pinfo=0x7fffffffdd44) at smbd/open.c:3402 #8 0x0000000000508d9b in create_file_default (conn=0x803752850, req=0x80441fe80, root_dir_fid=0, smb_fname=0x80441ffe0, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe0e4) at smbd/open.c:3753 #9 0x0000000000545093 in vfswrap_create_file (handle=<optimized out>, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe0e4) at modules/vfs_default.c:334 #10 0x000000000050e4f0 in smb_vfs_call_create_file (handle=0x19014, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe0e4) at smbd/vfs.c:1340 #11 0x0000000803e0a9c6 in pz_cifsaudit_create_file () from /usr/local/lib/vfs/pz_cifsaudit.so #12 0x000000000050e4f0 in smb_vfs_call_create_file (handle=0x19014, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe0e4) at smbd/vfs.c:1340 #13 0x0000000804018a5b in snapfs_smb_create () from /usr/local/lib/vfs/snapfs_smb.so #14 0x000000000050e4f0 in smb_vfs_call_create_file (handle=0x19014, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe0e4) at smbd/vfs.c:1340 #15 0x0000000804222444 in create_file_acl_common (handle=0x8037f3dd0, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe35c) at ./modules/vfs_acl_common.c:1079 #16 0x000000000050e4f0 in smb_vfs_call_create_file (handle=0x19014, req=0x6, root_dir_fid=0, smb_fname=0x5, access_mask=2, share_access=4294956624, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7fffffffe338, pinfo=0x7fffffffe35c) at smbd/vfs.c:1340 #17 0x00000000005368a0 in smbd_smb2_create_send (in_context_blobs=..., in_name=<optimized out>, in_create_options=<optimized out>, in_create_disposition=<optimized out>, in_share_access=<optimized out>, in_file_attributes=<optimized out>, in_desired_access=<optimized out>, in_impersonation_level=<optimized out>, in_oplock_level=<optimized out>, smb2req=<optimized out>, ev=0x80370e110, mem_ctx=<optimized out>) at smbd/smb2_create.c:707 #18 smbd_smb2_request_process_create (smb2req=0x80441f110) at smbd/smb2_create.c:229 #19 0x000000000053043b in smbd_smb2_request_dispatch (req=0x80441f110) at smbd/smb2_server.c:1459 #20 0x000000000053122e in smbd_smb2_request_incoming (subreq=0x803774410) at smbd/smb2_server.c:2661 #21 0x000000000052ee2c in smbd_smb2_request_read_done (subreq=0x803774710) at smbd/smb2_server.c:2504 #22 0x00000000005c6e21 in tstream_readv_pdu_queue_done (subreq=0x8037747d0) at ../lib/tsocket/tsocket_helpers.c:423 #23 0x00000000005c71d3 in tstream_readv_pdu_readv_done (subreq=0x8037f3110) at ../lib/tsocket/tsocket_helpers.c:316 #24 0x00000000005c6252 in tstream_readv_done (subreq=0x803776c90) at ../lib/tsocket/tsocket.c:604 #25 0x00000000007b1d80 in tevent_common_loop_immediate (ev=0x80370e110) at ../lib/tevent/tevent_immediate.c:139 #26 0x00000000007b0045 in run_events_poll (ev=0x80370e110, pollrtn=0, pfds=0x0, num_pfds=0) at lib/events.c:197 #27 0x000000000052180d in smbd_server_connection_loop_once (conn=<optimized out>) at smbd/process.c:999 #28 smbd_process (sconn=0x803711350) at smbd/process.c:3172 #29 0x0000000000a00016 in smbd_accept_connection (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at smbd/server.c:664 #30 0x00000000007b0361 in run_events_poll (ev=0x80370e110, pollrtn=<optimized out>, pfds=0x8037102d0, num_pfds=6) at lib/events.c:286 #31 0x00000000007b07cf in s3_event_loop_once (ev=0x80370e110, location=<optimized out>) at lib/events.c:349 #32 0x00000000007b0b81 in _tevent_loop_once (ev=0x80370e110, location=0xc09fc9 "smbd/server.c:970") at ../lib/tevent/tevent.c:494 #33 0x0000000000a01d3e in smbd_parent_loop (parent=<optimized out>) at smbd/server.c:970 #34 main (argc=<optimized out>, argv=<optimized out>) at smbd/server.c:1464
The corresponding code of smbpanic static int share_mode_lock_destructor(struct share_mode_lock *lck) { NTSTATUS status; TDB_DATA data; if (!lck->modified) { return 0; } data = unparse_share_modes(lck); if (data.dptr == NULL) { if (!lck->fresh) { /* There has been an entry before, delete it */ status = lck->record->delete_rec(lck->record); if (!NT_STATUS_IS_OK(status)) { char *errmsg; DEBUG(0, ("delete_rec returned %s\n", nt_errstr(status))); if (asprintf(&errmsg, "could not delete share " "entry: %s\n", nt_errstr(status)) == -1) { smb_panic("could not delete share" "entry"); } smb_panic(errmsg); } } goto done; } status = lck->record->store(lck->record, data, TDB_REPLACE); if (!NT_STATUS_IS_OK(status)) { char *errmsg; DEBUG(0, ("store returned %s\n", nt_errstr(status))); if (asprintf(&errmsg, "could not store share mode entry: %s", nt_errstr(status)) == -1) { smb_panic("could not store share mode entry"); } smb_panic(errmsg); >>>>>>> HERE } done: return 0; }
I see the number of dead record size is more and there were only few free records with less size tdb> open locking.tdb tdb> info Size of file/data: 2414198784/20956 Number of records: 63 Smallest/average/largest keys: 24/24/24 Smallest/average/largest data: 257/308/1084 Smallest/average/largest padding: 24/112/368 Number of dead records: 717 Smallest/average/largest dead records: 352/3366957/2413768680 Number of free records: 19 Smallest/average/largest free records: 12/165/372 Number of hash chains: 10007 Smallest/average/largest hash chains: 0/0/2 Number of uncoalesced records: 7 Smallest/average/largest uncoalesced runs: 1/2/4 Percentage keys/data/padding/free/dead/rechdrs&tailers/hashes: 0/0/0/0/100/0/0 tdb>
Is this reproducible, or did it only happen once ? If it is reproducible, can you reproduce on 4.0.x or 4.1.x ? Jeremy.