Bug 14251 - Fix segfault in smbd_do_qfilepathinfo()
Summary: Fix segfault in smbd_do_qfilepathinfo()
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Build (show other bugs)
Version: 4.11.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-24 15:54 UTC by Andreas Schneider
Modified: 2020-01-30 08:29 UTC (History)
3 users (show)

See Also:


Attachments
patch for 4.11 (1.01 KB, patch)
2020-01-24 15:55 UTC, Andreas Schneider
vl: review+
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2020-01-24 15:54:36 UTC
Running

    make test TESTS=samba3.smbtorture_s3.plain.*nt4_dc"

in Samba 4.11 crashes smbd. This has already been fixed in master.


Backtrace:


#0  0x00007f45eaaf4f4b in waitpid () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f45eaa7183f in do_system () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f45ef773027 in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:837
        cmd = 0x5565d46bcf10 "cd /root/rpmbuild/BUILD/samba-4.11.2 && /root/rpmbuild/BUILD/samba-4.11.2/selftest/gdb_backtrace 11539 ./bin/smbd"
        result = <optimized out>
        __FUNCTION__ = "smb_panic_s3"
#3  0x00007f45efe44351 in smb_panic (why=why@entry=0x7f45efe50ae9 "internal error") at ../../lib/util/fault.c:174
No locals.
#4  0x00007f45efe445b1 in fault_report (sig=11) at ../../lib/util/fault.c:88
        counter = 1
        __FUNCTION__ = "fault_report"
#5  sig_fault (sig=11) at ../../lib/util/fault.c:99
No locals.
#6  <signal handler called>
No symbol table info available.
#7  0x00007f45efa2990a in smb_query_posix_acl (pdata_size_out=0x7ffc95e7cd20, data_size_in=69631, pdata=0x5565d46cbbf0 "", smb_fname=0x5565d46bc480, fsp=<optimized out>, req=0x5565d46bc290, conn=0x5565d45faaa0) at ../../source3/smbd/trans2.c:4981
        num_file_acls = 0
        num_def_acls = 0
        size_needed = 0
        status = {v = 3221225506}
        ok = <optimized out>
        file_acl = 0x0
        def_acl = 0x0
        close_fsp = true
        file_acl = <optimized out>
        def_acl = <optimized out>
        num_file_acls = <optimized out>
        num_def_acls = <optimized out>
        size_needed = <optimized out>
        status = <optimized out>
        ok = <optimized out>
        close_fsp = <optimized out>
        __FUNCTION__ = "smb_query_posix_acl"
        __func__ = "smb_query_posix_acl"
        access_mask = <optimized out>
#8  smbd_do_qfilepathinfo (conn=conn@entry=0x5565d45faaa0, mem_ctx=mem_ctx@entry=0x5565d46bc290, req=req@entry=0x5565d46bc290, info_level=info_level@entry=516, fsp=fsp@entry=0x0, smb_fname=0x5565d46bc480, delete_pending=false, write_time_ts=..., ea_list=<optimized out>, lock_data_count=0, lock_data=0x0, flags2=51267, max_data_bytes=65535, fixed_portion=0x7ffc95e7ceb8, ppdata=0x5565d46ab6a0, pdata_size=0x7ffc95e7cea4) at ../../source3/smbd/trans2.c:5793
        pdata = 0x5565d46cbbf0 ""
        dstart = 0x5565d46cbbf0 ""
        dend = <optimized out>
        data_size = <optimized out>
        create_time_ts = {tv_sec = 1579792312, tv_nsec = 394242000}
        mtime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        atime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        ctime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        create_time = 1579792312
        mtime = 1579792312
        atime = 1579792312
        c_time = 1579792312
        psbuf = 0x5565d46bc4a0
        p = <optimized out>
        base_name = 0x5565d46bc5b0 "posix_symlink"
        dos_fname = <optimized out>
        mode = 32
        nlink = 1
        status = <optimized out>
        file_size = <optimized out>
        pos = <optimized out>
        allocation_size = 10
        file_id = <optimized out>
        access_mask = 1180063
        len = 0
        __FUNCTION__ = "smbd_do_qfilepathinfo"
#9  0x00007f45efa2a785 in call_trans2qfilepathinfo (conn=conn@entry=0x5565d45faaa0, req=req@entry=0x5565d46bc290, tran_call=<optimized out>, pparams=<optimized out>, total_params=<optimized out>, ppdata=0x5565d46ab6a0, total_data=<optimized out>, max_data_bytes=65535) at ../../source3/smbd/trans2.c:6291
        params = 0x5565d464f5f0 ""
        pdata = <optimized out>
        info_level = 516
        data_size = 0
        param_size = 2
        smb_fname = 0x5565d46bc480
        delete_pending = false
        write_time_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        fsp = 0x0
        fileid = {devid = 64768, inode = 36045800, extid = 0}
        ea_list = <optimized out>
        lock_data_count = <optimized out>
        lock_data = <optimized out>
        fixed_portion = 0
        status = {v = 0}
        __FUNCTION__ = "call_trans2qfilepathinfo"
#10 0x00007f45efa301ec in handle_trans2 (conn=conn@entry=0x5565d45faaa0, req=req@entry=0x5565d46bc290, state=state@entry=0x5565d46ab630) at ../../source3/smbd/trans2.c:9776
        __profasync_Trans2_qpathinfo = {start = 0, stats = 0x0}
        __FUNCTION__ = "handle_trans2"
#11 0x00007f45efa329f8 in reply_trans2 (req=0x5565d46bc290) at ../../source3/smbd/trans2.c:10017
        conn = 0x5565d45faaa0
        dsoff = <optimized out>
        dscnt = <optimized out>
        psoff = <optimized out>
        pscnt = <optimized out>
        tran_call = <optimized out>
        state = 0x5565d46ab630
        result = <optimized out>
        __profasync_SMBtrans2 = <optimized out>
        __FUNCTION__ = "reply_trans2"
#12 0x00007f45efa5ccfb in switch_message (type=<optimized out>, req=req@entry=0x5565d46bc290) at ../../source3/smbd/process.c:1724
        flags = 9
        session_tag = <optimized out>
        conn = 0x5565d45faaa0
        xconn = <optimized out>
        now = <optimized out>
        session = 0x5565d4678800
        status = <optimized out>
        __FUNCTION__ = "switch_message"
#13 0x00007f45efa5f0d9 in construct_reply (deferred_pcd=0x0, encrypted=<optimized out>, seqnum=0, unread_bytes=0, size=108, inbuf=<optimized out>, xconn=0x5565d46b0b30) at ../../source3/smbd/process.c:1760
        sconn = <optimized out>
        req = 0x5565d46bc290
        sconn = <optimized out>
        req = <optimized out>
#14 process_smb (xconn=xconn@entry=0x5565d46b0b30, inbuf=<optimized out>, nread=108, unread_bytes=0, seqnum=0, encrypted=<optimized out>, deferred_pcd=0x0) at ../../source3/smbd/process.c:2008
        sconn = 0x5565d46b3e70
        msg_type = <optimized out>
        __FUNCTION__ = "process_smb"
        __func__ = "process_smb"
#15 0x00007f45efa6017d in smbd_server_connection_read_handler (xconn=0x5565d46b0b30, fd=<optimized out>) at ../../source3/smbd/process.c:2608
        inbuf = 0x5565d46bc1c0 ""
        inbuf_len = 108
        unread_bytes = 0
        encrypted = false
        mem_ctx = 0x5565d46bc160
        status = {v = 0}
        seqnum = 0
        async_echo = <optimized out>
        from_client = <optimized out>
        __FUNCTION__ = "smbd_server_connection_read_handler"
#16 0x00007f45eb016443 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0
No symbol table info available.
#17 0x00007f45eb01c9bf in epoll_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#18 0x00007f45eb01a99b in std_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#19 0x00007f45eb015b15 in _tevent_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#20 0x00007f45eb015dbb in tevent_common_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#21 0x00007f45eb01a92b in std_event_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#22 0x00007f45efa61597 in smbd_process (ev_ctx=0x5565d45f8b50, msg_ctx=<optimized out>, sock_fd=49, interactive=<optimized out>) at ../../source3/smbd/process.c:4128
        trace_state = {ev = 0x5565d45f8b50, frame = 0x5565d46bc160, profile_idle = {start = 0, stats = 0x0}}
        client = 0x5565d46943d0
        sconn = 0x5565d46b3e70
        xconn = 0x5565d46b0b30
        locaddr = 0x5565d4678800 "\320`g\324eU"
        remaddr = <optimized out>
        ret = <optimized out>
        status = <optimized out>
        tv = {tv_sec = 1579792312, tv_usec = 343093}
        now = <optimized out>
        chroot_dir = 0x5565d46b1000 "\223"
        rc = <optimized out>
        __func__ = "smbd_process"
        __FUNCTION__ = "smbd_process"
#23 0x00005565d39a48a0 in smbd_accept_connection (ev=0x5565d45f8b50, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1010
        status = <optimized out>
        s = 0x0
        msg_ctx = 0x5565d45f76e0
        addr = {ss_family = 2, __ss_padding = "T\"\177\000\000\v", '\000' <repeats 25 times>, "\324\347\225\374\177\000\000u\216\362\225\374\177", '\000' <repeats 14 times>, "\002\000\000\000 \235h\324eU\000\000H\235h\324eU\000\000\070u_\324eU\000\000P\213_\324eU\000\000P\213_\324eU\000\000\002\256\001\353E\177\000\000\267\267)^\000\000\000", __ss_align = 139938272226901}
        in_addrlen = 16
        fd = 49
        pid = 0
        __FUNCTION__ = "smbd_accept_connection"
#24 0x00007f45eb016443 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0
No symbol table info available.
#25 0x00007f45eb01c9bf in epoll_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#26 0x00007f45eb01a99b in std_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#27 0x00007f45eb015b15 in _tevent_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#28 0x00007f45eb015dbb in tevent_common_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#29 0x00007f45eb01a92b in std_event_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#30 0x00005565d399faed in smbd_parent_loop (parent=0x5565d4677b00, ev_ctx=0x5565d45f8b50) at ../../source3/smbd/server.c:1355
        trace_state = {frame = 0x5565d45e5520}
        ret = 0
        trace_state = <optimized out>
        ret = <optimized out>
        __FUNCTION__ = "smbd_parent_loop"
#31 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2187
        is_daemon = <optimized out>
        interactive = <optimized out>
        Fork = <optimized out>
        no_process_group = <optimized out>
        log_stdout = <optimized out>
        ports = 0x0
        profile_level = 0x0
        opt = <optimized out>
        pc = <optimized out>
        print_build_options = <optimized out>
        main_server_id = {pid = 11415, task_id = 0, vnn = 4294967295, unique_id = 11209690496312523338}
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f45eb42f160 <poptHelpOptions>, val = 0, descrip = 0x5565d39a9389 "Help options:", argDescrip = 0x0}, {longName = 0x5565d39a9397 "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x5565d39a939e "Become a daemon (default)", argDescrip = 0x0}, {longName = 0x5565d39a93b8 "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x5565d39a7c78 "Run interactive (not a daemon) and log to stdout", argDescrip = 0x0}, {longName = 0x5565d39a93c4 "foreground", shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip = 0x5565d39a7cb0 "Run daemon in foreground (for daemontools, etc.)", argDescrip = 0x0}, {longName = 0x5565d39a93cf "no-process-group", shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, descrip = 0x5565d39a7ce8 "Don't create a new process group", argDescrip = 0x0}, {longName = 0x5565d39a93e0 "log-stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip = 0x5565d39a93eb "Log to stdout", argDescrip = 0x0}, {longName = 0x5565d39a93f9 "build-options", shortName = 98 'b', argInfo = 0, arg = 0x0, val = 98, descrip = 0x5565d39a9407 "Print build options", argDescrip = 0x0}, {longName = 0x5565d39a941b "port", shortName = 112 'p', argInfo = 1, arg = 0x7ffc95e7d5e8, val = 0, descrip = 0x5565d39a9420 "Listen on the specified ports", argDescrip = 0x0}, {longName = 0x5565d39a943e "profiling-level", shortName = 80 'P', argInfo = 1, arg = 0x7ffc95e7d5f0, val = 0, descrip = 0x5565d39a944e "Set profiling level", argDescrip = 0x5565d39a9462 "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f45efe2a280 <popt_common_samba>, val = 0, descrip = 0x5565d39a9470 "Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        parent = 0x5565d4677b00
        frame = <optimized out>
        status = <optimized out>
        ev_ctx = 0x5565d45f8b50
        msg_ctx = 0x5565d45f76e0
        server_id = {pid = 11415, task_id = 0, vnn = 4294967295, unique_id = 959521185515044421}
        se = <optimized out>
        profiling_level = <optimized out>
        np_dir = <optimized out>
        smbd_shim_fns = {send_stat_cache_delete_message = 0x7f45efa4fb30 <smbd_send_stat_cache_delete_message>, change_to_root_user = 0x7f45efa341c0 <smbd_change_to_root_user>, become_authenticated_pipe_user = 0x7f45efa34260 <smbd_become_authenticated_pipe_user>, unbecome_authenticated_pipe_user = 0x7f45efa34310 <smbd_unbecome_authenticated_pipe_user>, contend_level2_oplocks_begin = 0x7f45efa9d2a0 <smbd_contend_level2_oplocks_begin>, contend_level2_oplocks_end = 0x7f45efa9d6a0 <smbd_contend_level2_oplocks_end>, become_root = 0x7f45efa34320 <smbd_become_root>, unbecome_root = 0x7f45efa34360 <smbd_unbecome_root>, exit_server = 0x7f45efa94510 <smbd_exit_server>, exit_server_cleanly = 0x7f45efa94530 <smbd_exit_server_cleanly>}
        __FUNCTION__ = "main"
        __func__ = "main"

Thread 1 (Thread 0x7f45e635cbc0 (LWP 11539)):
#0  0x00007f45eaaf4f4b in waitpid () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f45eaa7183f in do_system () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f45ef773027 in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:837
        cmd = 0x5565d46bcf10 "cd /root/rpmbuild/BUILD/samba-4.11.2 && /root/rpmbuild/BUILD/samba-4.11.2/selftest/gdb_backtrace 11539 ./bin/smbd"
        result = <optimized out>
        __FUNCTION__ = "smb_panic_s3"
#3  0x00007f45efe44351 in smb_panic (why=why@entry=0x7f45efe50ae9 "internal error") at ../../lib/util/fault.c:174
No locals.
#4  0x00007f45efe445b1 in fault_report (sig=11) at ../../lib/util/fault.c:88
        counter = 1
        __FUNCTION__ = "fault_report"
#5  sig_fault (sig=11) at ../../lib/util/fault.c:99
No locals.
#6  <signal handler called>
No symbol table info available.
#7  0x00007f45efa2990a in smb_query_posix_acl (pdata_size_out=0x7ffc95e7cd20, data_size_in=69631, pdata=0x5565d46cbbf0 "", smb_fname=0x5565d46bc480, fsp=<optimized out>, req=0x5565d46bc290, conn=0x5565d45faaa0) at ../../source3/smbd/trans2.c:4981
        num_file_acls = 0
        num_def_acls = 0
        size_needed = 0
        status = {v = 3221225506}
        ok = <optimized out>
        file_acl = 0x0
        def_acl = 0x0
        close_fsp = true
        file_acl = <optimized out>
        def_acl = <optimized out>
        num_file_acls = <optimized out>
        num_def_acls = <optimized out>
        size_needed = <optimized out>
        status = <optimized out>
        ok = <optimized out>
        close_fsp = <optimized out>
        __FUNCTION__ = "smb_query_posix_acl"
        __func__ = "smb_query_posix_acl"
        access_mask = <optimized out>
#8  smbd_do_qfilepathinfo (conn=conn@entry=0x5565d45faaa0, mem_ctx=mem_ctx@entry=0x5565d46bc290, req=req@entry=0x5565d46bc290, info_level=info_level@entry=516, fsp=fsp@entry=0x0, smb_fname=0x5565d46bc480, delete_pending=false, write_time_ts=..., ea_list=<optimized out>, lock_data_count=0, lock_data=0x0, flags2=51267, max_data_bytes=65535, fixed_portion=0x7ffc95e7ceb8, ppdata=0x5565d46ab6a0, pdata_size=0x7ffc95e7cea4) at ../../source3/smbd/trans2.c:5793
        pdata = 0x5565d46cbbf0 ""
        dstart = 0x5565d46cbbf0 ""
        dend = <optimized out>
        data_size = <optimized out>
        create_time_ts = {tv_sec = 1579792312, tv_nsec = 394242000}
        mtime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        atime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        ctime_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        create_time = 1579792312
        mtime = 1579792312
        atime = 1579792312
        c_time = 1579792312
        psbuf = 0x5565d46bc4a0
        p = <optimized out>
        base_name = 0x5565d46bc5b0 "posix_symlink"
        dos_fname = <optimized out>
        mode = 32
        nlink = 1
        status = <optimized out>
        file_size = <optimized out>
        pos = <optimized out>
        allocation_size = 10
        file_id = <optimized out>
        access_mask = 1180063
        len = 0
        __FUNCTION__ = "smbd_do_qfilepathinfo"
#9  0x00007f45efa2a785 in call_trans2qfilepathinfo (conn=conn@entry=0x5565d45faaa0, req=req@entry=0x5565d46bc290, tran_call=<optimized out>, pparams=<optimized out>, total_params=<optimized out>, ppdata=0x5565d46ab6a0, total_data=<optimized out>, max_data_bytes=65535) at ../../source3/smbd/trans2.c:6291
        params = 0x5565d464f5f0 ""
        pdata = <optimized out>
        info_level = 516
        data_size = 0
        param_size = 2
        smb_fname = 0x5565d46bc480
        delete_pending = false
        write_time_ts = {tv_sec = 1579792312, tv_nsec = 396242044}
        fsp = 0x0
        fileid = {devid = 64768, inode = 36045800, extid = 0}
        ea_list = <optimized out>
        lock_data_count = <optimized out>
        lock_data = <optimized out>
        fixed_portion = 0
        status = {v = 0}
        __FUNCTION__ = "call_trans2qfilepathinfo"
#10 0x00007f45efa301ec in handle_trans2 (conn=conn@entry=0x5565d45faaa0, req=req@entry=0x5565d46bc290, state=state@entry=0x5565d46ab630) at ../../source3/smbd/trans2.c:9776
        __profasync_Trans2_qpathinfo = {start = 0, stats = 0x0}
        __FUNCTION__ = "handle_trans2"
#11 0x00007f45efa329f8 in reply_trans2 (req=0x5565d46bc290) at ../../source3/smbd/trans2.c:10017
        conn = 0x5565d45faaa0
        dsoff = <optimized out>
        dscnt = <optimized out>
        psoff = <optimized out>
        pscnt = <optimized out>
        tran_call = <optimized out>
        state = 0x5565d46ab630
        result = <optimized out>
        __profasync_SMBtrans2 = <optimized out>
        __FUNCTION__ = "reply_trans2"
#12 0x00007f45efa5ccfb in switch_message (type=<optimized out>, req=req@entry=0x5565d46bc290) at ../../source3/smbd/process.c:1724
        flags = 9
        session_tag = <optimized out>
        conn = 0x5565d45faaa0
        xconn = <optimized out>
        now = <optimized out>
        session = 0x5565d4678800
        status = <optimized out>
        __FUNCTION__ = "switch_message"
#13 0x00007f45efa5f0d9 in construct_reply (deferred_pcd=0x0, encrypted=<optimized out>, seqnum=0, unread_bytes=0, size=108, inbuf=<optimized out>, xconn=0x5565d46b0b30) at ../../source3/smbd/process.c:1760
        sconn = <optimized out>
        req = 0x5565d46bc290
        sconn = <optimized out>
        req = <optimized out>
#14 process_smb (xconn=xconn@entry=0x5565d46b0b30, inbuf=<optimized out>, nread=108, unread_bytes=0, seqnum=0, encrypted=<optimized out>, deferred_pcd=0x0) at ../../source3/smbd/process.c:2008
        sconn = 0x5565d46b3e70
        msg_type = <optimized out>
        __FUNCTION__ = "process_smb"
        __func__ = "process_smb"
#15 0x00007f45efa6017d in smbd_server_connection_read_handler (xconn=0x5565d46b0b30, fd=<optimized out>) at ../../source3/smbd/process.c:2608
        inbuf = 0x5565d46bc1c0 ""
        inbuf_len = 108
        unread_bytes = 0
        encrypted = false
        mem_ctx = 0x5565d46bc160
        status = {v = 0}
        seqnum = 0
        async_echo = <optimized out>
        from_client = <optimized out>
        __FUNCTION__ = "smbd_server_connection_read_handler"
#16 0x00007f45eb016443 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0
No symbol table info available.
#17 0x00007f45eb01c9bf in epoll_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#18 0x00007f45eb01a99b in std_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#19 0x00007f45eb015b15 in _tevent_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#20 0x00007f45eb015dbb in tevent_common_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#21 0x00007f45eb01a92b in std_event_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#22 0x00007f45efa61597 in smbd_process (ev_ctx=0x5565d45f8b50, msg_ctx=<optimized out>, sock_fd=49, interactive=<optimized out>) at ../../source3/smbd/process.c:4128
        trace_state = {ev = 0x5565d45f8b50, frame = 0x5565d46bc160, profile_idle = {start = 0, stats = 0x0}}
        client = 0x5565d46943d0
        sconn = 0x5565d46b3e70
        xconn = 0x5565d46b0b30
        locaddr = 0x5565d4678800 "\320`g\324eU"
        remaddr = <optimized out>
        ret = <optimized out>
        status = <optimized out>
        tv = {tv_sec = 1579792312, tv_usec = 343093}
        now = <optimized out>
        chroot_dir = 0x5565d46b1000 "\223"
        rc = <optimized out>
        __func__ = "smbd_process"
        __FUNCTION__ = "smbd_process"
#23 0x00005565d39a48a0 in smbd_accept_connection (ev=0x5565d45f8b50, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1010
        status = <optimized out>
        s = 0x0
        msg_ctx = 0x5565d45f76e0
        addr = {ss_family = 2, __ss_padding = "T\"\177\000\000\v", '\000' <repeats 25 times>, "\324\347\225\374\177\000\000u\216\362\225\374\177", '\000' <repeats 14 times>, "\002\000\000\000 \235h\324eU\000\000H\235h\324eU\000\000\070u_\324eU\000\000P\213_\324eU\000\000P\213_\324eU\000\000\002\256\001\353E\177\000\000\267\267)^\000\000\000", __ss_align = 139938272226901}
        in_addrlen = 16
        fd = 49
        pid = 0
        __FUNCTION__ = "smbd_accept_connection"
#24 0x00007f45eb016443 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0
No symbol table info available.
#25 0x00007f45eb01c9bf in epoll_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#26 0x00007f45eb01a99b in std_event_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#27 0x00007f45eb015b15 in _tevent_loop_once () from /lib64/libtevent.so.0
No symbol table info available.
#28 0x00007f45eb015dbb in tevent_common_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#29 0x00007f45eb01a92b in std_event_loop_wait () from /lib64/libtevent.so.0
No symbol table info available.
#30 0x00005565d399faed in smbd_parent_loop (parent=0x5565d4677b00, ev_ctx=0x5565d45f8b50) at ../../source3/smbd/server.c:1355
        trace_state = {frame = 0x5565d45e5520}
        ret = 0
        trace_state = <optimized out>
        ret = <optimized out>
        __FUNCTION__ = "smbd_parent_loop"
#31 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2187
        is_daemon = <optimized out>
        interactive = <optimized out>
        Fork = <optimized out>
        no_process_group = <optimized out>
        log_stdout = <optimized out>
        ports = 0x0
        profile_level = 0x0
        opt = <optimized out>
        pc = <optimized out>
        print_build_options = <optimized out>
        main_server_id = {pid = 11415, task_id = 0, vnn = 4294967295, unique_id = 11209690496312523338}
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f45eb42f160 <poptHelpOptions>, val = 0, descrip = 0x5565d39a9389 "Help options:", argDescrip = 0x0}, {longName = 0x5565d39a9397 "daemon", shortName = 68 'D', argInfo = 0, arg = 0x0, val = 1000, descrip = 0x5565d39a939e "Become a daemon (default)", argDescrip = 0x0}, {longName = 0x5565d39a93b8 "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 1001, descrip = 0x5565d39a7c78 "Run interactive (not a daemon) and log to stdout", argDescrip = 0x0}, {longName = 0x5565d39a93c4 "foreground", shortName = 70 'F', argInfo = 0, arg = 0x0, val = 1002, descrip = 0x5565d39a7cb0 "Run daemon in foreground (for daemontools, etc.)", argDescrip = 0x0}, {longName = 0x5565d39a93cf "no-process-group", shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1003, descrip = 0x5565d39a7ce8 "Don't create a new process group", argDescrip = 0x0}, {longName = 0x5565d39a93e0 "log-stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val = 1004, descrip = 0x5565d39a93eb "Log to stdout", argDescrip = 0x0}, {longName = 0x5565d39a93f9 "build-options", shortName = 98 'b', argInfo = 0, arg = 0x0, val = 98, descrip = 0x5565d39a9407 "Print build options", argDescrip = 0x0}, {longName = 0x5565d39a941b "port", shortName = 112 'p', argInfo = 1, arg = 0x7ffc95e7d5e8, val = 0, descrip = 0x5565d39a9420 "Listen on the specified ports", argDescrip = 0x0}, {longName = 0x5565d39a943e "profiling-level", shortName = 80 'P', argInfo = 1, arg = 0x7ffc95e7d5f0, val = 0, descrip = 0x5565d39a944e "Set profiling level", argDescrip = 0x5565d39a9462 "PROFILE_LEVEL"}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x7f45efe2a280 <popt_common_samba>, val = 0, descrip = 0x5565d39a9470 "Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        parent = 0x5565d4677b00
        frame = <optimized out>
        status = <optimized out>
        ev_ctx = 0x5565d45f8b50
        msg_ctx = 0x5565d45f76e0
        server_id = {pid = 11415, task_id = 0, vnn = 4294967295, unique_id = 959521185515044421}
        se = <optimized out>
        profiling_level = <optimized out>
        np_dir = <optimized out>
        smbd_shim_fns = {send_stat_cache_delete_message = 0x7f45efa4fb30 <smbd_send_stat_cache_delete_message>, change_to_root_user = 0x7f45efa341c0 <smbd_change_to_root_user>, become_authenticated_pipe_user = 0x7f45efa34260 <smbd_become_authenticated_pipe_user>, unbecome_authenticated_pipe_user = 0x7f45efa34310 <smbd_unbecome_authenticated_pipe_user>, contend_level2_oplocks_begin = 0x7f45efa9d2a0 <smbd_contend_level2_oplocks_begin>, contend_level2_oplocks_end = 0x7f45efa9d6a0 <smbd_contend_level2_oplocks_end>, become_root = 0x7f45efa34320 <smbd_become_root>, unbecome_root = 0x7f45efa34360 <smbd_unbecome_root>, exit_server = 0x7f45efa94510 <smbd_exit_server>, exit_server_cleanly = 0x7f45efa94530 <smbd_exit_server_cleanly>}
        __FUNCTION__ = "main"
        __func__ = "main"
Comment 1 Andreas Schneider 2020-01-24 15:55:48 UTC
Created attachment 15753 [details]
patch for 4.11
Comment 2 Guenther Deschner 2020-01-24 16:05:15 UTC
Comment on attachment 15753 [details]
patch for 4.11

LGTM
Comment 3 Guenther Deschner 2020-01-24 16:05:50 UTC
Karolin, please add to 4.11. Thanks!
Comment 4 Karolin Seeger 2020-01-30 08:29:08 UTC
Pushed to v4-11-test.
Included in Samba 4.11.6.
Closing out bug report.

Thanks!