Bug 8592 - SMB2: crash when more than 256 searches are open
Summary: SMB2: crash when more than 256 searches are open
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: SMB2 (show other bugs)
Version: 3.6.1
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 8595
  Show dependency treegraph
 
Reported: 2011-11-09 15:34 UTC by Christian Ambach
Modified: 2011-11-14 19:10 UTC (History)
1 user (show)

See Also:


Attachments
Metze's patchset from master (6.45 KB, patch)
2011-11-10 14:49 UTC, Christian Ambach
jra: review+
Details
torturetest to reproduce (2.40 KB, patch)
2011-11-10 14:59 UTC, Christian Ambach
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ambach 2011-11-09 15:34:01 UTC
Found a core file:

(gdb) where
#0  0x00007f2411bdda45 in raise () from /lib64/libc.so.6
#1  0x00007f2411bdf225 in abort () from /lib64/libc.so.6
#2  0x00007f2414de8751 in dump_core () at lib/fault.c:391
#3  0x00007f2414df7d19 in smb_panic (why=<value optimized out>) at lib/util.c:1132
#4  0x00007f2414de8bd4 in fault_report (sig=11) at lib/fault.c:53
#5  sig_fault (sig=11) at lib/fault.c:76
#6  <signal handler called>
#7  dptr_close_internal (dptr=0x7f24169aee30) at smbd/dir.c:255
#8  0x00007f2414aded17 in dptr_CloseDir (fsp=0x7f241694a640) at smbd/dir.c:587
#9  0x00007f2414b70a56 in smbd_smb2_find_send (req=0x7f24171c4770) at smbd/smb2_find.c:320
#10 smbd_smb2_request_process_find (req=0x7f24171c4770) at smbd/smb2_find.c:124
#11 0x00007f2414b62159 in smbd_smb2_request_dispatch (req=0x7f24171c4770) at smbd/smb2_server.c:1491

(gdb) frame 7
#7  dptr_close_internal (dptr=0x7f24169aee30) at smbd/dir.c:255
255		struct smbd_server_connection *sconn = dptr->conn->sconn;
(gdb) p *dptr
$21 = {next = 0x7f2416f8dff0, prev = 0x7f24169adde0, dnum = 378273808, spid = 32548, conn = 0x0, dir_hnd = 0x0, expect_close = false, 
  wcard = 0x7f24151e8f18 "../libcli/security/security_token.c:71", attr = 0, 
  path = 0x7f24e8150c73 <Address 0x7f24e8150c73 out of bounds>, has_wild = false, did_stat = false}


Metze is already working on a fix
Comment 1 Christian Ambach 2011-11-10 14:49:04 UTC
Created attachment 7079 [details]
Metze's patchset from master
Comment 2 Christian Ambach 2011-11-10 14:59:49 UTC
Created attachment 7080 [details]
torturetest to reproduce
Comment 3 Jeremy Allison 2011-11-11 20:38:59 UTC
Comment on attachment 7079 [details]
Metze's patchset from master

Looks good to me !
Comment 4 Stefan Metzmacher 2011-11-11 20:46:05 UTC
Karolin, please add cherry-pick information before pushing, thanks!
Comment 5 Jeremy Allison 2011-11-11 23:32:47 UTC
Re-assigned to Karolin for inclusion in 3.6.next. Metze, do you also want to add the torture test into the normal commit tests ?

Jeremy.
Comment 6 Karolin Seeger 2011-11-14 19:10:39 UTC
Pushed to v3-6-test.
Closing out bug report.

Thanks!