Bug 12798 - PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type)
Summary: PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type)
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.5.9
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
: 12815 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-05-22 11:14 UTC by Klaus Braun
Modified: 2018-05-21 17:00 UTC (History)
7 users (show)

See Also:


Attachments
Possible patch for master (4.07 KB, patch)
2017-05-26 10:15 UTC, Ralph Böhme
no flags Details
Patch for 4.5 and 4.6 cherry-picked from master (8.17 KB, patch)
2017-05-28 20:33 UTC, Ralph Böhme
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Braun 2017-05-22 11:14:25 UTC
Dear samba team,

after upgrading from 4.5.8 to 4.5.9 from time to time, i.e. around two to
three times a day, I see the following entries in the logs:

[2017/05/22 09:10:55.581910,  0] ../source3/smbd/oplock.c:178(update_num_read_oplocks)
  PANIC: assert failed at ../source3/smbd/oplock.c(178): lease_type_is_exclusive(e_lease_type)
[2017/05/22 09:10:55.581986,  0] ../source3/lib/util.c:791(smb_panic_s3)
  PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type)
[2017/05/22 09:10:55.582979,  0] ../source3/lib/util.c:902(log_stack_trace)
  BACKTRACE: 35 stack frames:
   #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1c) [0x7ff52f6cecac]
   #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x77) [0x7ff52f6ceb02]
   #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x25) [0x7ff53218586a]
   #3 /usr/local/samba/lib/private/libsmbd-base-samba4.so(update_num_read_oplocks+0xf9) [0x7ff531d5240f]
   #4 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x14075b) [0x7ff531cc875b]
   #5 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x1440ee) [0x7ff531ccc0ee]
   #6 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x147b55) [0x7ff531ccfb55]
   #7 /usr/local/samba/lib/private/libsmbd-base-samba4.so(create_file_default+0x304) [0x7ff531cd07af]
   #8 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x258dc3) [0x7ff531de0dc3]
   #9 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_create_file+0xe8) [0x7ff531cdc4de]
   #10 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x19b245) [0x7ff531d23245]
   #11 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_process_create+0x812) [0x7ff531d1ffd1]
   #12 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x11fb) [0x7ff531d1387b]
   #13 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x18fb24) [0x7ff531d17b24]
   #14 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x18fc44) [0x7ff531d17c44]
   #15 /usr/local/samba/lib/private/libtevent.so.0(+0xde49) [0x7ff53116ee49]
   #16 /usr/local/samba/lib/private/libtevent.so.0(+0xe45f) [0x7ff53116f45f]
   #17 /usr/local/samba/lib/private/libtevent.so.0(+0xb237) [0x7ff53116c237]
   #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf0) [0x7ff531165cbd]
   #19 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x29) [0x7ff531165f2f]
   #20 /usr/local/samba/lib/private/libtevent.so.0(+0xb2d4) [0x7ff53116c2d4]
   #21 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x25) [0x7ff531165fed]
   #22 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_process+0xc51) [0x7ff531cf9f77]
   #23 /usr/local/samba/sbin/smbd(+0xdab7) [0x7ff53282dab7]
   #24 /usr/local/samba/lib/private/libtevent.so.0(+0xde49) [0x7ff53116ee49]
   #25 /usr/local/samba/lib/private/libtevent.so.0(+0xe45f) [0x7ff53116f45f]
   #26 /usr/local/samba/lib/private/libtevent.so.0(+0xb237) [0x7ff53116c237]
   #27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf0) [0x7ff531165cbd]
   #28 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x29) [0x7ff531165f2f]
   #29 /usr/local/samba/lib/private/libtevent.so.0(+0xb2d4) [0x7ff53116c2d4]
   #30 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x25) [0x7ff531165fed]
   #31 /usr/local/samba/sbin/smbd(+0xe816) [0x7ff53282e816]
   #32 /usr/local/samba/sbin/smbd(main+0x169c) [0x7ff532830072]
   #33 /lib64/libc.so.6(__libc_start_main+0xe6) [0x7ff52dff7c36]
   #34 /usr/local/samba/sbin/smbd(+0x6f29) [0x7ff532826f29]
[2017/05/22 09:10:56.188643,  0] ../source3/lib/dumpcore.c:303(dump_core)
  dumping core in /usr/local/samba/var/cores/smbd
[2017/05/22 09:10:56.189694,  1] ../source3/smbd/server.c:868(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown
[2017/05/22 09:11:16.190306,  1] ../source3/smbd/smbd_cleanupd.c:99(smbd_cleanupd_unlock)
  smbd_cleanupd_unlock: Cleaning up brl and lock database after unclean shutdown

Configuration has not been changed between 4.5.8 and 4.5.9. 

As far as I could figure it out samba clients don't show severe outages. 

Any ideas what's going on here?

Thanks for help.

Regards

Klaus
Comment 1 Jeremy Allison 2017-05-22 18:18:10 UTC
I think this is a duplicate of:

https://bugzilla.samba.org/show_bug.cgi?id=12766

*** This bug has been marked as a duplicate of bug 12766 ***
Comment 2 Klaus Braun 2017-05-23 07:44:26 UTC
Sorry for insisting in this question. In the release notes of version 4.5.9 it is
documented that the patch for bug 12766 is included in the release. But I am talking about this new 4.5.9 release when I get the error messages, I didn't see them before in the 4.5.8 version of samba.

Regards
Comment 3 Ralph Böhme 2017-05-23 08:33:17 UTC
Can you compile with debug symbols (or install the debug packages), add

  panic action = "/bin/sleep 90000"

to smb.conf and restart Samba?

Then wait for a crash, attach to the crashed process with gdb (gdb -p PID) and run

gdb> bt

In the output locate the stackframe number where smbd is in the function update_num_read_oplocks().

Run

gdb> f STACKFRAME_NUMBER
gdb> p *d
...
gdb> p *e
...
gdb> p e_lease_type

Thanks!
Comment 4 Klaus Braun 2017-05-23 10:12:39 UTC
I'll try to do my best. Because it's a production system it might take some
time until I will be able to restart samba with debug symbols enabled.

Regrads
Comment 5 Klaus Braun 2017-05-24 11:21:25 UTC
OK. This are the results from a crash during this morning:

[2017/05/24 11:24:28.351082,  0] ../source3/smbd/oplock.c:178(update_num_read_oplocks)
  PANIC: assert failed at ../source3/smbd/oplock.c(178): lease_type_is_exclusive(e_lease_type)
[2017/05/24 11:24:28.351163,  0] ../source3/lib/util.c:791(smb_panic_s3)
  PANIC (pid 10826): assert failed: lease_type_is_exclusive(e_lease_type)
[2017/05/24 11:24:28.352236,  0] ../source3/lib/util.c:902(log_stack_trace)
  BACKTRACE: 35 stack frames:
   #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1c) [0x7f8a36489cac]
   #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x77) [0x7f8a36489b02]
   #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x25) [0x7f8a38f4086a]
   #3 /usr/local/samba/lib/private/libsmbd-base-samba4.so(update_num_read_oplocks+0xf9) [0x7f8a38b0d40f]
   #4 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x14075b) [0x7f8a38a8375b]
   #5 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x1440ee) [0x7f8a38a870ee]
   #6 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x147b55) [0x7f8a38a8ab55]
   #7 /usr/local/samba/lib/private/libsmbd-base-samba4.so(create_file_default+0x304) [0x7f8a38a8b7af]
   #8 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x258dc3) [0x7f8a38b9bdc3]
   #9 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_create_file+0xe8) [0x7f8a38a974de]
   #10 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x19b245) [0x7f8a38ade245]
   #11 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_process_create+0x812) [0x7f8a38adafd1]
   #12 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x11fb) [0x7f8a38ace87b]
   #13 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x18fb24) [0x7f8a38ad2b24]
   #14 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x18fc44) [0x7f8a38ad2c44]
   #15 /usr/local/samba/lib/private/libtevent.so.0(+0xde49) [0x7f8a37f29e49]
   #16 /usr/local/samba/lib/private/libtevent.so.0(+0xe45f) [0x7f8a37f2a45f]
   #17 /usr/local/samba/lib/private/libtevent.so.0(+0xb237) [0x7f8a37f27237]
   #18 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf0) [0x7f8a37f20cbd]
   #19 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x29) [0x7f8a37f20f2f]
   #20 /usr/local/samba/lib/private/libtevent.so.0(+0xb2d4) [0x7f8a37f272d4]
   #21 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x25) [0x7f8a37f20fed]
   #22 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_process+0xc51) [0x7f8a38ab4f77]
   #23 /usr/local/samba/sbin/smbd(+0xdab7) [0x7f8a395e8ab7]
   #24 /usr/local/samba/lib/private/libtevent.so.0(+0xde49) [0x7f8a37f29e49]
   #25 /usr/local/samba/lib/private/libtevent.so.0(+0xe45f) [0x7f8a37f2a45f]
   #26 /usr/local/samba/lib/private/libtevent.so.0(+0xb237) [0x7f8a37f27237]
   #27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf0) [0x7f8a37f20cbd]
   #28 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x29) [0x7f8a37f20f2f]
   #29 /usr/local/samba/lib/private/libtevent.so.0(+0xb2d4) [0x7f8a37f272d4]
   #30 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x25) [0x7f8a37f20fed]
   #31 /usr/local/samba/sbin/smbd(+0xe816) [0x7f8a395e9816]
   #32 /usr/local/samba/sbin/smbd(main+0x169c) [0x7f8a395eb072]
   #33 /lib64/libc.so.6(__libc_start_main+0xe6) [0x7f8a34db2c36]
   #34 /usr/local/samba/sbin/smbd(+0x6f29) [0x7f8a395e1f29]
[2017/05/24 11:24:28.881038,  0] ../source3/lib/util.c:803(smb_panic_s3)
  smb_panic(): calling panic action [/bin/sleep 90000]

geo# gdb -p 10826

(gdb) bt
#0  0x00007f8a34e3ee75 in waitpid () from /lib64/libc.so.6
#1  0x00007f8a34dd2cd1 in do_system () from /lib64/libc.so.6
#2  0x00007f8a36489b9b in smb_panic_s3 (why=0x7f8a38c6d770 "assert failed: lease_type_is_exclusive(e_lease_type)") at ../source3/lib/util.c:804
#3  0x00007f8a38f4086a in smb_panic (why=0x7f8a38c6d770 "assert failed: lease_type_is_exclusive(e_lease_type)") at ../lib/util/fault.c:166
#4  0x00007f8a38b0d40f in update_num_read_oplocks (fsp=0x7f8a39870c20, lck=0x7f8a39932110) at ../source3/smbd/oplock.c:178
#5  0x00007f8a38a8375b in grant_fsp_oplock_type (req=0x7f8a398a3e50, fsp=0x7f8a39870c20, lck=0x7f8a39932110, oplock_request=256, lease=0x7ffc94c25310)
    at ../source3/smbd/open.c:2201
#6  0x00007f8a38a870ee in open_file_ntcreate (conn=0x7f8a39886590, req=0x7f8a398a3e50, access_mask=131200, share_access=7, create_disposition=1, 
    create_options=2097152, new_dos_attributes=0, oplock_request=256, lease=0x7ffc94c25310, private_flags=0, pinfo=0x7ffc94c24ff8, fsp=0x7f8a39870c20)
    at ../source3/smbd/open.c:3655
#7  0x00007f8a38a8ab55 in create_file_unixpath (conn=0x7f8a39886590, req=0x7f8a398a3e50, smb_fname=0x7f8a399178b0, access_mask=131200, share_access=7, 
    create_disposition=1, create_options=2097152, file_attributes=0, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, private_flags=0, 
    sd=0x0, ea_list=0x0, result=0x7ffc94c250b0, pinfo=0x7ffc94c250c8) at ../source3/smbd/open.c:5182
#8  0x00007f8a38a8b7af in create_file_default (conn=0x7f8a39886590, req=0x7f8a398a3e50, root_dir_fid=0, smb_fname=0x7f8a399178b0, access_mask=131200, 
    share_access=7, create_disposition=1, create_options=2097152, file_attributes=0, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, 
    private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, out_context_blobs=0x7f8a3989b3b0)
    at ../source3/smbd/open.c:5591
#9  0x00007f8a38b9bdc3 in vfswrap_create_file (handle=0x7f8a398f0ab0, req=0x7f8a398a3e50, root_dir_fid=0, smb_fname=0x7f8a399178b0, access_mask=131200, 
    share_access=7, create_disposition=1, create_options=2097152, file_attributes=0, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, 
    private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, out_context_blobs=0x7f8a3989b3b0)
    at ../source3/modules/vfs_default.c:586
#10 0x00007f8a38a974de in smb_vfs_call_create_file (handle=0x7f8a398f0ab0, req=0x7f8a398a3e50, root_dir_fid=0, smb_fname=0x7f8a399178b0, 
    access_mask=131200, share_access=7, create_disposition=1, create_options=2097152, file_attributes=0, oplock_request=256, lease=0x7ffc94c25310, 
    allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, 
    out_context_blobs=0x7f8a3989b3b0) at ../source3/smbd/vfs.c:1630
#11 0x00007f8a38ade245 in smbd_smb2_create_send (mem_ctx=0x7f8a398ea060, ev=0x7f8a39807fb0, smb2req=0x7f8a398ea060, in_oplock_level=255 '\377', 
---Type <return> to continue, or q <return> to quit---q
in_impersonQuit
(gdb) f 4
#4  0x00007f8a38b0d40f in update_num_read_oplocks (fsp=0x7f8a39870c20, lck=0x7f8a39932110) at ../source3/smbd/oplock.c:178
178				SMB_ASSERT(lease_type_is_exclusive(e_lease_type));
(gdb) p *d
$1 = {sequence_number = 12806976261403252102, servicepath = 0x7f8a39898420 "/dpool/GEO/users/hk1014", 
  base_name = 0x7f8a39925ca0 "Dokumente/Globe/Data collection/food_flows/papers/review_MDPI/Review.docx", stream_name = 0x0, num_share_modes = 3, 
  share_modes = 0x7f8a398e4bb0, num_leases = 1, leases = 0x7f8a398eb410, num_delete_tokens = 0, delete_tokens = 0x7f8a398ed100, old_write_time = {
    tv_sec = 1495617868, tv_nsec = 320757981}, changed_write_time = {tv_sec = 0, tv_nsec = 0}, fresh = 0 '\000', modified = 1 '\001', 
  record = 0x7f8a399321f0, id = {devid = 2065, inode = 51801309, extid = 0}}
(gdb) p *e
$2 = {pid = {pid = 10826, task_id = 0, vnn = 4294967295, unique_id = 17746893810935573188}, op_mid = 160931, op_type = 0, lease_idx = 4294967295, 
  access_mask = 1048704, share_access = 7, private_options = 0, time = {tv_sec = 1495617868, tv_usec = 346733}, id = {devid = 2065, inode = 51801309, 
    extid = 0}, share_file_id = 2856317844, uid = 5668, flags = 0, name_hash = 2358261023, stale = 0 '\000', lease = 0x0}
(gdb) p e_lease_type
$3 = 0
(gdb)
Comment 6 Klaus Braun 2017-05-24 11:54:03 UTC
And here the results from a second crash, triggered from a different user and a different document type:

(gdb) bt
#0  0x00007f8a34e3ee75 in waitpid () from /lib64/libc.so.6
#1  0x00007f8a34dd2cd1 in do_system () from /lib64/libc.so.6
#2  0x00007f8a36489b9b in smb_panic_s3 (why=0x7f8a38c6d770 "assert failed: lease_type_is_exclusive(e_lease_type)") at ../source3/lib/util.c:804
#3  0x00007f8a38f4086a in smb_panic (why=0x7f8a38c6d770 "assert failed: lease_type_is_exclusive(e_lease_type)") at ../lib/util/fault.c:166
#4  0x00007f8a38b0d40f in update_num_read_oplocks (fsp=0x7f8a398c30e0, lck=0x7f8a398d60f0) at ../source3/smbd/oplock.c:178
#5  0x00007f8a38a8375b in grant_fsp_oplock_type (req=0x7f8a398ad170, fsp=0x7f8a398c30e0, lck=0x7f8a398d60f0, oplock_request=256, lease=0x7ffc94c25310)
    at ../source3/smbd/open.c:2201
#6  0x00007f8a38a870ee in open_file_ntcreate (conn=0x7f8a3989a130, req=0x7f8a398ad170, access_mask=1179785, share_access=1, create_disposition=1, 
    create_options=64, new_dos_attributes=0, oplock_request=256, lease=0x7ffc94c25310, private_flags=0, pinfo=0x7ffc94c24ff8, fsp=0x7f8a398c30e0)
    at ../source3/smbd/open.c:3655
#7  0x00007f8a38a8ab55 in create_file_unixpath (conn=0x7f8a3989a130, req=0x7f8a398ad170, smb_fname=0x7f8a3988b4b0, access_mask=1179785, share_access=1, 
    create_disposition=1, create_options=64, file_attributes=128, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, private_flags=0, sd=0x0, 
    ea_list=0x0, result=0x7ffc94c250b0, pinfo=0x7ffc94c250c8) at ../source3/smbd/open.c:5182
#8  0x00007f8a38a8b7af in create_file_default (conn=0x7f8a3989a130, req=0x7f8a398ad170, root_dir_fid=0, smb_fname=0x7f8a3988b4b0, access_mask=1179785, 
    share_access=1, create_disposition=1, create_options=64, file_attributes=128, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, 
    private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, out_context_blobs=0x7f8a3990c370)
    at ../source3/smbd/open.c:5591
#9  0x00007f8a38b9bdc3 in vfswrap_create_file (handle=0x7f8a3988d410, req=0x7f8a398ad170, root_dir_fid=0, smb_fname=0x7f8a3988b4b0, access_mask=1179785, 
    share_access=1, create_disposition=1, create_options=64, file_attributes=128, oplock_request=256, lease=0x7ffc94c25310, allocation_size=0, 
    private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, out_context_blobs=0x7f8a3990c370)
    at ../source3/modules/vfs_default.c:586
#10 0x00007f8a38a974de in smb_vfs_call_create_file (handle=0x7f8a3988d410, req=0x7f8a398ad170, root_dir_fid=0, smb_fname=0x7f8a3988b4b0, 
    access_mask=1179785, share_access=1, create_disposition=1, create_options=64, file_attributes=128, oplock_request=256, lease=0x7ffc94c25310, 
    allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc94c25490, pinfo=0x7ffc94c2564c, in_context_blobs=0x7ffc94c256e8, 
    out_context_blobs=0x7f8a3990c370) at ../source3/smbd/vfs.c:1630
#11 0x00007f8a38ade245 in smbd_smb2_create_send (mem_ctx=0x7f8a398c4870, ev=0x7f8a39807fb0, smb2req=0x7f8a398c4870, in_oplock_level=255 '\377', 
---Type <return> to continue, or q <return> to quit---q
in_impersonQuit
(gdb) f 4
#4  0x00007f8a38b0d40f in update_num_read_oplocks (fsp=0x7f8a398c30e0, lck=0x7f8a398d60f0) at ../source3/smbd/oplock.c:178
178				SMB_ASSERT(lease_type_is_exclusive(e_lease_type));
(gdb) p *d
$1 = {sequence_number = 11603823428140027214, servicepath = 0x7f8a399090f0 "/dpool/DATA/kawwilMaps", 
  base_name = 0x7f8a398a7df0 "CaravanRoutesLibya/MapsIntroduction/Nighttime Lights/LibyaVIIRSNighttimeLights2012_197.pdf", stream_name = 0x0, 
  num_share_modes = 4, share_modes = 0x7f8a3990e880, num_leases = 1, leases = 0x7f8a39924c60, num_delete_tokens = 0, delete_tokens = 0x7f8a39809150, 
  old_write_time = {tv_sec = 1413038001, tv_nsec = 311981787}, changed_write_time = {tv_sec = 0, tv_nsec = 0}, fresh = 0 '\000', modified = 1 '\001', 
  record = 0x7f8a398d61d0, id = {devid = 2065, inode = 234928, extid = 0}}
(gdb) p *e
$2 = {pid = {pid = 11400, task_id = 0, vnn = 4294967295, unique_id = 2729100082490551798}, op_mid = 28440, op_type = 0, lease_idx = 4294967295, 
  access_mask = 1048704, share_access = 7, private_options = 0, time = {tv_sec = 1495625655, tv_usec = 725531}, id = {devid = 2065, inode = 234928, 
    extid = 0}, share_file_id = 1199761384, uid = 5375, flags = 0, name_hash = 560042887, stale = 0 '\000', lease = 0x0}
(gdb) p e_lease_type
$3 = 0
(gdb)
Comment 7 Ralph Böhme 2017-05-24 12:09:19 UTC
Hm, this looks fishy, as if the fsp->lease_state got out of sync with the locking record.

Jeremy, do you have any idea what might be going on? Otherwise I'm afraid we need a more detailed analysis, maybe someone else is better in remote controlling Klaus, but I'd need direct system access.
Comment 8 Jeremy Allison 2017-05-24 15:57:13 UTC
We need to see both the contents of the fsp struct as well as the share mode entries data. They are certainly mismatching.

fsp_lease_type_is_exclusive(fsp)

is returning true at line source3/smbd/oplock.c:169 but the share mode entries data show no oplock/lease (lease idx = 0xFFFFFFFF op_type = 0).
Comment 9 (mail address dead) 2017-05-26 07:26:44 UTC
I see the same error message regularly on several machines after upgrading from 4.5.8 to 4.5.10.
Comment 10 Ralph Böhme 2017-05-26 08:38:08 UTC
Can anyone trigger/reproduce this on a particular client so we can record the SMB connection and enable client specific Samba debug logging [1] ?

[1] <https://wiki.samba.org/index.php/Client_specific_logging>
Comment 11 Ralph Böhme 2017-05-26 10:15:12 UTC
Created attachment 13238 [details]
Possible patch for master
Comment 12 Klaus Braun 2017-05-28 10:02:45 UTC
Unfortunately I got at least one situation where this bug causes a corrupted file when samba crashed. Because of this experience I decided to disable smb2 leases using 

smb2 leases = no

in the smb.conf of my actual 4.5.10 release. Is this a suitable workaround for 
the problem described above? Otherwise I would have to switch back to version 
4.5.8 which at least for me would be a minor good option because of the security 
problem fixed in 4.5.10.

Also after the experience with a corrupted file it would be difficult for 
me to do any further debugging on my production system in this case. Sorry
about that.

Regards

Klaus
Comment 13 Ralph Böhme 2017-05-28 12:32:53 UTC
(In reply to Klaus Braun from comment #12)
No, that won't help, but the proposed patch does fix the issue.
Comment 14 Klaus Braun 2017-05-28 19:17:29 UTC
(In reply to Ralph Böhme from comment #13)
OK. I'll try the proposed patch. 

Thanks for the quick response.

Regards 

Klaus
Comment 15 Ralph Böhme 2017-05-28 20:33:44 UTC
Created attachment 13241 [details]
Patch for 4.5 and 4.6 cherry-picked from master
Comment 16 (mail address dead) 2017-05-29 08:02:02 UTC
Will there be soon new sernet packages? At the moment I have to choose between the latest CVE and frequent samba crashes. Also, I don't want to compile from source. Is there any other option? Thanks
Comment 17 Karolin Seeger 2017-05-29 08:10:37 UTC
(In reply to tim.dittler from comment #16)
Yes, there will be new SerNet packages pretty soon.
Comment 18 Karolin Seeger 2017-05-29 08:45:06 UTC
(In reply to tim.dittler from comment #16)
Available now.
Comment 19 Jeremy Allison 2017-05-30 23:11:37 UTC
Comment on attachment 13241 [details]
Patch for 4.5 and 4.6 cherry-picked from master

LGTM.
Comment 20 Jeremy Allison 2017-05-30 23:12:08 UTC
Re-assigning to Karolin for inclusion in 4.6.next, 4.5.next.
Comment 21 (mail address dead) 2017-05-31 09:07:03 UTC
(In reply to Karolin Seeger from comment #18)
Thank you. 4.5.10-17 fixes our problems.
Comment 22 Klaus Braun 2017-05-31 09:25:39 UTC
(In reply to Ralph Böhme from comment #13)
Looks good. One and a half day without the problems described above.
Thank you for fixing the issues.

Regards 

Klaus
Comment 23 IGP IT 2017-06-02 07:07:25 UTC
*** Bug 12815 has been marked as a duplicate of this bug. ***
Comment 24 Karolin Seeger 2017-06-02 07:52:59 UTC
Pushed to autobuild-v4-{6,5}-test.
Comment 25 Karolin Seeger 2017-06-06 07:36:09 UTC
Pushed to both branches.
Closing out bug report.

Thanks!