If "change notify = no" is set in smb.conf, notify_ctx is NULL. Then in file_free() we pass notify_ctx (= NULL) to notify_remove() which doesn't check for that and crashes. SBT: #5 0x00007f7c104ce0d9 in sig_fault (sig=11) at ../lib/util/fault.c:94 No locals. #6 <signal handler called> No locals. #7 0x00007f7c1009a84a in notify_remove (ctx=0x0, private_data=0x7f7c12492c20) at ../source3/smbd/notify_msg.c:186 listel = 0x0 msg = {instance = {creation_time = {tv_sec = 0, tv_nsec = 0}, filter = 0, subdir_filter = 0, private_data = 0x0}, path = 0x7ffecc3faa40 "`\252?\314\376\177"} iov = {{iov_base = 0x7ffecc3faa40, iov_len = 140170822468639}, {iov_base = 0x7f7c12492c20, iov_len = 140170859409920}} status = {v = 306738544} __FUNCTION__ = "notify_remove" #8 0x00007f7c0ff8f685 in file_free (req=0x7f7c124931a0, fsp=0x7f7c12492c20) at ../source3/smbd/files.c:519 notify_ctx = 0x0 sconn = 0x7f7c124770f0 fnum = 2759414850 __FUNCTION__ = "file_free" #9 0x00007f7c1001b0d5 in close_directory (req=0x7f7c124931a0, fsp=0x7f7c12492c20, close_type=NORMAL_CLOSE) at ../source3/smbd/close.c:1195 self = {pid = 3164, task_id = 0, vnn = 4294967295, unique_id = 4078087674507910988} lck = 0x0 delete_dir = false status = {v = 0} status1 = {v = 0} del_nt_token = 0x0 del_token = 0x0 notify_status = {v = 267} __FUNCTION__ = "close_directory" #10 0x00007f7c1001b159 in close_file (req=0x7f7c124931a0, fsp=0x7f7c12492c20, close_type=NORMAL_CLOSE) at ../source3/smbd/close.c:1214 status = {v = 0} base_fsp = 0x0 ---Type <return> to continue, or q <return> to quit--- __FUNCTION__ = "close_file" #11 0x00007f7c1006b7b5 in smbd_smb2_close (req=0x7f7c12479ec0, fsp=0x7f7c12492c20, in_flags=0, out_flags=0x7f7c12492fe2, out_creation_ts=0x7f7c12492fe8, out_last_access_ts=0x7f7c12492ff8, out_last_write_ts=0x7f7c12493008, out_change_ts=0x7f7c12493018, out_allocation_size=0x7f7c12493028, out_end_of_file=0x7f7c12493030, out_file_attributes=0x7f7c12493038) at ../source3/smbd/smb2_close.c:260 status = {v = 270446609} smbreq = 0x7f7c124931a0 conn = 0x7f7c12485be0 smb_fname = 0x7f7c12487340 allocation_size = 0 file_size = 0 dos_attrs = 0 flags = 0 posix_open = false __FUNCTION__ = "smbd_smb2_close" Patch and selftest pending.
Created attachment 11384 [details] Patches for v4-3-test
I think we need this in 4.2 as well, don't we?
Pushed to autobuild-v4-3-test
Pushed to v4-3-test