Created attachment 13272 [details]
stacktrace

Hello,

In Ubuntu we have been getting panic reports from a large selection of samba versions (4.1.x, 4.3.x, 4.4.x and 4.5.x) where the stacktrace shows (full text attached instead of pasted):
...
#7  invalid_name (name=0x0) at ../sysdeps/posix/opendir.c:181
No locals.
#8  __opendir (name=0x0) at ../sysdeps/posix/opendir.c:182
No locals.
#9  0x0000555e8e0ad565 in recursive_delete (path=0x0) at ../source4/smbd/server.c:55
        dir = <optimized out>
        de = <optimized out>
        __FUNCTION__ = "recursive_delete"
#10 0x0000555e8e0ade51 in cleanup_tmp_files (lp_ctx=<optimized out>) at ../source4/smbd/server.c:101
        path = <optimized out>
        mem_ctx = 0x555e8f9d31b0
...

From the code:
static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
{
    char *path;
    TALLOC_CTX *mem_ctx = talloc_new(NULL);

    path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);

    recursive_delete(path);
    talloc_free(mem_ctx);
}


It looks like smbd_tmp_path() returned 0x0 and that was passed on to recursive_delete() as is, resulting in the crash.

We have such reports from versions 4.1.6 all the way up to 4.5.8. I realize 4.5.8 is not the latest, but the code seems to be the same in the current git master tree.

As of this time I have no reproducer case for this.