11350 – Codenomicon crash in smbd: exit_server

Bug 11350 - Codenomicon crash in smbd: exit_server

Summary: Codenomicon crash in smbd: exit_server

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-19 16:11 UTC by Jeremy Allison
Modified:	2015-06-22 20:15 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2015-06-19 16:11:56 UTC

Backtrace:

<signal handler called>
#7  0x00007f751752995e in file_close_user (sconn=0x0, vuid=58330) at ../source3/smbd/files.c:249
#8  0x00007f7517612ea9 in smbXsrv_session_logoff (session=0x7f751a98c650) at ../source3/smbd/smbXsrv_session.c:1600
#9  0x00007f75176119a8 in smbXsrv_session_clear_and_logoff (session=0x7f751a98c650)
    at ../source3/smbd/smbXsrv_session.c:1125
#10 0x00007f75176119c8 in smbXsrv_session_destructor (session=0x7f751a98c650) at ../source3/smbd/smbXsrv_session.c:1133
#11 0x00007f751705825c in _talloc_free_internal (ptr=0x7f751a98c650, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:993
#12 0x00007f7517059395 in _talloc_free_children_internal (tc=0x7f7519be7cb0, ptr=0x7f7519be7d10, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:1472
#13 0x00007f751705840d in _talloc_free_internal (ptr=0x7f7519be7d10, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:1019
#14 0x00007f7517059395 in _talloc_free_children_internal (tc=0x7f7519d793f0, ptr=0x7f7519d79450, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:1472
#15 0x00007f751705840d in _talloc_free_internal (ptr=0x7f7519d79450, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:1019
#16 0x00007f75170597a7 in _talloc_free (ptr=0x7f7519d79450, 
    location=0x7f7517779800 "../source3/smbd/server_exit.c:235") at ../lib/talloc/talloc.c:1594
#17 0x00007f751761a74c in exit_server_common (how=SERVER_EXIT_NORMAL, 
    reason=0x7f751775df38 "construct_reply_chain: srv_send_smb failed.") at ../source3/smbd/server_exit.c:235
#18 0x00007f751761a88d in smbd_exit_server_cleanly (
    explanation=0x7f751775df38 "construct_reply_chain: srv_send_smb failed.") at ../source3/smbd/server_exit.c:269
#19 0x00007f7514fffc77 in exit_server_cleanly (reason=0x7f751775df38 "construct_reply_chain: srv_send_smb failed.")
    at ../source3/lib/smbd_shim.c:131
#20 0x00007f75175cc508 in smb_request_done (req=0x7f7519bd7ae0) at ../source3/smbd/process.c:1842
#21 0x00007f75175cbb94 in construct_reply (xconn=0x7f751aca3ed0, inbuf=0x0, size=188, unread_bytes=0, seqnum=0, 
    encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1697


Just logging this so I don't lose track of all the issues.

Comment 1 Jeremy Allison 2015-06-19 16:46:53 UTC

(gdb) x/200xb req->inbuf
0x7f7519bd79c0:	0x00	0x00	0x00	0xb8	0xff	0x53	0x4d	0x42
0x7f7519bd79c8:	0x73	0x00	0x00	0x00	0x00	0x18	0x03	0xc0
0x7f7519bd79d0:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x7f7519bd79d8:	0x00	0x00	0x00	0x00	0x00	0x00	0x3a	0xd9
0x7f7519bd79e0:	0x8d	0x33	0x02	0x00	0x0d	0xff	0x00	0x00
0x7f7519bd79e8:	0x00	0xff	0xff	0x02	0x00	0x41	0x15	0x00
0x7f7519bd79f0:	0x00	0x00	0x00	0x18	0x00	0x18	0x00	0x00
0x7f7519bd79f8:	0x00	0x00	0x00	0x5c	0xd0	0x00	0x00	0x7b
0x7f7519bd7a00:	0x00	0xff	0xbb	0x0e	0xf8	0x73	0xf4	0x00
0x7f7519bd7a08:	0xf6	0x6a	0x22	0x48	0x63	0xf6	0x33	0x15
0x7f7519bd7a10:	0xa7	0x8c	0x74	0x1a	0xbf	0xc9	0xf9	0xc5
0x7f7519bd7a18:	0x70	0x9a	0x99	0xe6	0x7a	0xca	0x53	0xc6
0x7f7519bd7a20:	0xdd	0x8b	0x85	0x2d	0x49	0x7e	0x27	0x15
0x7f7519bd7a28:	0x31	0xe5	0x89	0xfe	0xec	0x17	0x62	0x4b
0x7f7519bd7a30:	0x70	0x00	0x41	0x00	0x64	0x00	0x6d	0x00
0x7f7519bd7a38:	0x69	0x00	0x6e	0x00	0x69	0x00	0x73	0x00
0x7f7519bd7a40:	0x74	0x00	0x72	0x00	0x61	0x00	0x74	0x00
0x7f7519bd7a48:	0x6f	0x00	0x72	0x00	0x00	0x00	0x73	0x00
0x7f7519bd7a50:	0x61	0x00	0x6d	0x00	0x62	0x00	0x61	0x00
0x7f7519bd7a58:	0x31	0x00	0x2e	0x00	0x69	0x00	0x6f	0x00
0x7f7519bd7a60:	0x6c	0x00	0x61	0x00	0x62	0x00	0x00	0x00
0x7f7519bd7a68:	0x55	0x00	0x6e	0x00	0x69	0x00	0x78	0x00
0x7f7519bd7a70:	0x00	0x00	0x55	0x00	0x6e	0x00	0x69	0x00
0x7f7519bd7a78:	0x78	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x7f7519bd7a80:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00