2020-11-02T15:04:23.636539+01:00 samba-11 smbd[3549453]: =============================================================== 2020-11-02T15:04:23.636987+01:00 samba-11 smbd[3549453]: INTERNAL ERROR: Signal 11 in pid 3549453 (4.12.7) 2020-11-02T15:04:23.637080+01:00 samba-11 smbd[3549453]: =============================================================== 2020-11-02T15:04:23.637116+01:00 samba-11 smbd[3549453]: PANIC (pid 3549453): internal error 2020-11-02T15:04:23.637152+01:00 samba-11 smbd[3549453]: BACKTRACE: 2020-11-02T15:04:23.637588+01:00 samba-11 smbd[3549453]: #0 log_stack_trace + 0x3d [ip=0x7f445a1a141d] [sp=0x7ffcc4446b80] 2020-11-02T15:04:23.638229+01:00 samba-11 smbd[3549453]: #1 smb_panic_s3 + 0x29 [ip=0x7f4459bfb619] [sp=0x7ffcc44474c0] 2020-11-02T15:04:23.638795+01:00 samba-11 smbd[3549453]: #2 smb_panic + 0x31 [ip=0x7f445a1a1631] [sp=0x7ffcc44474e0] 2020-11-02T15:04:23.639342+01:00 samba-11 smbd[3549453]: #3 smb_panic + 0x291 [ip=0x7f445a1a1891] [sp=0x7ffcc44475f0] 2020-11-02T15:04:23.639812+01:00 samba-11 smbd[3549453]: #4 funlockfile + 0x50 [ip=0x7f4458d83dd0] [sp=0x7ffcc4447600] 2020-11-02T15:04:23.640361+01:00 samba-11 smbd[3549453]: #5 create_file_default + 0x72a [ip=0x7f4459e12f7a] [sp=0x7ffcc44482d0] 2020-11-02T15:04:23.640898+01:00 samba-11 smbd[3549453]: #6 close_file + 0xd0 [ip=0x7f4459e13940] [sp=0x7ffcc4448300] 2020-11-02T15:04:23.641430+01:00 samba-11 smbd[3549453]: #7 file_close_user + 0x3d [ip=0x7f4459dae8bd] [sp=0x7ffcc4448520] 2020-11-02T15:04:23.641975+01:00 samba-11 smbd[3549453]: #8 smbXsrv_session_logoff + 0x51 [ip=0x7f4459e5d211] [sp=0x7ffcc4448540] 2020-11-02T15:04:23.642530+01:00 samba-11 smbd[3549453]: #9 smbXsrv_session_logoff + 0x3fa [ip=0x7f4459e5d5ba] [sp=0x7ffcc4448590] 2020-11-02T15:04:23.642957+01:00 samba-11 smbd[3549453]: #10 dbwrap_unmarshall + 0x194 [ip=0x7f44578ff0a4] [sp=0x7ffcc44485b0] 2020-11-02T15:04:23.643430+01:00 samba-11 smbd[3549453]: #11 dbwrap_unmarshall + 0x3ce [ip=0x7f44578ff2de] [sp=0x7ffcc4448670] 2020-11-02T15:04:23.643869+01:00 samba-11 smbd[3549453]: #12 dbwrap_traverse + 0xb [ip=0x7f44578fd83b] [sp=0x7ffcc44486a0] 2020-11-02T15:04:23.644416+01:00 samba-11 smbd[3549453]: #13 smbXsrv_session_logoff_all + 0x5b [ip=0x7f4459e5d77b] [sp=0x7ffcc44486b0] 2020-11-02T15:04:23.644924+01:00 samba-11 smbd[3549453]: #14 smbXsrv_open_cleanup + 0x55e [ip=0x7f4459e62e8e] [sp=0x7ffcc44486f0] 2020-11-02T15:04:23.645455+01:00 samba-11 smbd[3549453]: #15 smbd_exit_server_cleanly + 0x14 [ip=0x7f4459e633f4] [sp=0x7ffcc4448740] 2020-11-02T15:04:23.646162+01:00 samba-11 smbd[3549453]: #16 exit_server_cleanly + 0x18 [ip=0x7f4459612a18] [sp=0x7ffcc4448750] 2020-11-02T15:04:23.646741+01:00 samba-11 smbd[3549453]: #17 smbd_server_connection_terminate_ex + 0x162 [ip=0x7f4459e3dd42] [sp=0x7ffcc44487 60] 2020-11-02T15:04:23.647302+01:00 samba-11 smbd[3549453]: #18 smbd_smb2_request_process_keepalive + 0x2fa [ip=0x7f4459e52d4a] [sp=0x7ffcc4448790] 2020-11-02T15:04:23.647809+01:00 samba-11 smbd[3549453]: #19 smbd_smb2_request_pending_queue + 0x15f [ip=0x7f4459e3ec1f] [sp=0x7ffcc44487f0] 2020-11-02T15:04:23.648331+01:00 samba-11 smbd[3549453]: #20 smbd_smb2_request_process_query_directory + 0x223 [ip=0x7f4459e548f3] [sp=0x7ffcc44488a0] 2020-11-02T15:04:23.648864+01:00 samba-11 smbd[3549453]: #21 smbd_smb2_request_dispatch + 0xe44 [ip=0x7f4459e40114] [sp=0x7ffcc4448910] 2020-11-02T15:04:23.649418+01:00 samba-11 smbd[3549453]: #22 smbd_smb2_request_dispatch_immediate + 0x50 [ip=0x7f4459e41830] [sp=0x7ffcc44489b0] 2020-11-02T15:04:23.649910+01:00 samba-11 smbd[3549453]: #23 tevent_common_invoke_immediate_handler + 0x139 [ip=0x7f4458f98879] [sp=0x7ffcc44489d0] 2020-11-02T15:04:23.650419+01:00 samba-11 smbd[3549453]: #24 tevent_common_loop_immediate + 0x27 [ip=0x7f4458f988a7] [sp=0x7ffcc4448a20] 2020-11-02T15:04:23.650897+01:00 samba-11 smbd[3549453]: #25 tevent_wakeup_recv + 0xfef [ip=0x7f4458f9e79f] [sp=0x7ffcc4448a40] 2020-11-02T15:04:23.651399+01:00 samba-11 smbd[3549453]: #26 tevent_cleanup_pending_signal_handlers + 0xcb [ip=0x7f4458f9c99b] [sp=0x7ffcc444 8aa0] 2020-11-02T15:04:23.651904+01:00 samba-11 smbd[3549453]: #27 _tevent_loop_once + 0x95 [ip=0x7f4458f97b15] [sp=0x7ffcc4448ac0] 2020-11-02T15:04:23.652385+01:00 samba-11 smbd[3549453]: #28 tevent_common_loop_wait + 0x1b [ip=0x7f4458f97dbb] [sp=0x7ffcc4448af0] 2020-11-02T15:04:23.652866+01:00 samba-11 smbd[3549453]: #29 tevent_cleanup_pending_signal_handlers + 0x5b [ip=0x7f4458f9c92b] [sp=0x7ffcc444 8b10] 2020-11-02T15:04:23.653397+01:00 samba-11 smbd[3549453]: #30 smbd_process + 0x7bf [ip=0x7f4459e3009f] [sp=0x7ffcc4448b30] 2020-11-02T15:04:23.653544+01:00 samba-11 smbd[3549453]: #31 smbd_accept_connection + 0x130 [ip=0x559323715d00] [sp=0x7ffcc4448bd0] 2020-11-02T15:04:23.654059+01:00 samba-11 smbd[3549453]: #32 tevent_common_invoke_fd_handler + 0x83 [ip=0x7f4458f98443] [sp=0x7ffcc4448ca0] 2020-11-02T15:04:23.654555+01:00 samba-11 smbd[3549453]: #33 tevent_wakeup_recv + 0x120f [ip=0x7f4458f9e9bf] [sp=0x7ffcc4448cd0] 2020-11-02T15:04:23.654997+01:00 samba-11 smbd[3549453]: #34 tevent_cleanup_pending_signal_handlers + 0xcb [ip=0x7f4458f9c99b] [sp=0x7ffcc444 8d30] 2020-11-02T15:04:23.655430+01:00 samba-11 smbd[3549453]: #35 _tevent_loop_once + 0x95 [ip=0x7f4458f97b15] [sp=0x7ffcc4448d50] 2020-11-02T15:04:23.655858+01:00 samba-11 smbd[3549453]: #36 tevent_common_loop_wait + 0x1b [ip=0x7f4458f97dbb] [sp=0x7ffcc4448d80] 2020-11-02T15:04:23.656286+01:00 samba-11 smbd[3549453]: #37 tevent_cleanup_pending_signal_handlers + 0x5b [ip=0x7f4458f9c92b] [sp=0x7ffcc444 8da0] 2020-11-02T15:04:23.656346+01:00 samba-11 smbd[3549453]: #38 main + 0x1bd2 [ip=0x5593237102a2] [sp=0x7ffcc4448dc0] 2020-11-02T15:04:23.656916+01:00 samba-11 smbd[3549453]: #39 __libc_start_main + 0xf3 [ip=0x7f44589d26a3] [sp=0x7ffcc4449180] 2020-11-02T15:04:23.657006+01:00 samba-11 smbd[3549453]: #40 _start + 0x2e [ip=0x55932371065e] [sp=0x7ffcc4449240] 2020-11-02T15:04:23.657038+01:00 samba-11 smbd[3549453]: coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern
What Samba are you running here ? The call 'funlockfile()' doesn't exist in any Samba code.
Are you using a custom VFS module ?
(In reply to Jeremy Allison from comment #2) THis is actually pretty common to have in a SBT. I guess it's coming from glibc or something like that. :)
Oh, it's a pthread primitive from glibc. Sorry for the noise.
Might be coming from a delete_on_close on a directory when (in close.c): if ((close_type == NORMAL_CLOSE || close_type == SHUTDOWN_CLOSE) && delete_dir) { rmdir_internals() gets called.
We are using 4.12.7.
Can you install the Samba debug package so we get a SBT with more usable infos?
Is installing the package enough, or should I also set the log level higher than 2 (our current value), or even raise the winbind log level? It must be say that the issue only happened with a considerable load in terms of users accessing the service, so we may need some time to emulate the same situation in a test environment.
(In reply to Aritz Brosa from comment #8) Installing the package is enough.
We have tried to analyze the issue with core dumps we have from the server's ABRT, and it seems that fsp->aio_requests[0] is freed before applying TALLOC_FREE, so that's the reason of the segmentation fault: [1] We have available the full core dump, if that will make the investigation easier. [1] (gdb) up #8 0x00007f28b87def7a in assert_no_pending_aio (close_type=SHUTDOWN_CLOSE, fsp=<optimized out>, fsp=<optimized out>) at ../../source3/smbd/close.c:669 669 TALLOC_FREE(fsp->aio_requests[0]); (gdb) p fsp->aio_requests value has been optimized out (gdb) p fsp $4 = <optimized out> (gdb) up #9 0x00007f28b87dfac0 in close_directory (close_type=SHUTDOWN_CLOSE, fsp=0x556e384dade0, req=0x0) at ../../source3/smbd/close.c:1140 1140 assert_no_pending_aio(fsp, close_type); (gdb) p fsp $5 = (files_struct *) 0x556e384dade0 (gdb) p *fsp $6 = {next = 0x556e384db310, prev = 0x556e384db310, fnum = 3920950551, op = 0x556e384b50c0, conn = 0x556e38478520, fh = 0x556e384ce2c0, num_smb_operations = 0, file_id = {devid = 8215405831492424305, inode = 32206246, extid = 0}, initial_allocation_size = 0, file_pid = 65279, vuid = 879232126, open_time = {tv_sec = 1603814990, tv_usec = 31649}, access_mask = 1048705, kernel_share_modes_taken = false, update_write_time_triggered = false, update_write_time_event = 0x0, update_write_time_on_close = false, close_write_time = {tv_sec = 0, tv_nsec = 1073741822}, write_time_forced = false, oplock_type = 0, leases_db_seqnum = 0, lease_type = 0, lease = 0x0, sent_oplock_break = 0, oplock_timeout = 0x0, last_lock_failure = {context = {smblctx = 0, tid = 0, pid = {pid = 0, task_id = 0, vnn = 0, unique_id = 0}}, start = 0, size = 0, fnum = 0, lock_type = READ_LOCK, lock_flav = WINDOWS_LOCK}, current_lock_count = 0, can_lock = false, can_read = false, can_write = false, modified = false, is_directory = true, aio_write_behind = false, initial_delete_on_close = false, delete_on_close = false, posix_flags = 0, is_sparse = false, backup_intent = false, use_ofd_locks = true, fsp_name = 0x556e384c9f90, name_hash = 712496592, mid = 4, vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0, share_mode_flags_seqnum = 0, share_mode_flags = 0, brlock_seqnum = 0, brlock_rec = 0x0, dptr = 0x556e384cad60, print_file = 0x0, num_aio_requests = 0, aio_requests = 0x0, closing = false, blocked_smb1_lock_reqs = 0x0, lock_failure_seen = false, lock_failure_offset = 0, deferred_close = 0x0} (gdb) p fsp->aio_requests $7 = (struct tevent_req **) 0x0
Oh, this looks like a duplicate of bug 14515 which has just been fixed. The fix will ship with the next upcoming 4.12 and 4.13 releases and are also available as git-am patch files on the bugreport. *** This bug has been marked as a duplicate of bug 14515 ***