Found a core file: (gdb) where #0 0x00007f2411bdda45 in raise () from /lib64/libc.so.6 #1 0x00007f2411bdf225 in abort () from /lib64/libc.so.6 #2 0x00007f2414de8751 in dump_core () at lib/fault.c:391 #3 0x00007f2414df7d19 in smb_panic (why=<value optimized out>) at lib/util.c:1132 #4 0x00007f2414de8bd4 in fault_report (sig=11) at lib/fault.c:53 #5 sig_fault (sig=11) at lib/fault.c:76 #6 <signal handler called> #7 dptr_close_internal (dptr=0x7f24169aee30) at smbd/dir.c:255 #8 0x00007f2414aded17 in dptr_CloseDir (fsp=0x7f241694a640) at smbd/dir.c:587 #9 0x00007f2414b70a56 in smbd_smb2_find_send (req=0x7f24171c4770) at smbd/smb2_find.c:320 #10 smbd_smb2_request_process_find (req=0x7f24171c4770) at smbd/smb2_find.c:124 #11 0x00007f2414b62159 in smbd_smb2_request_dispatch (req=0x7f24171c4770) at smbd/smb2_server.c:1491 (gdb) frame 7 #7 dptr_close_internal (dptr=0x7f24169aee30) at smbd/dir.c:255 255 struct smbd_server_connection *sconn = dptr->conn->sconn; (gdb) p *dptr $21 = {next = 0x7f2416f8dff0, prev = 0x7f24169adde0, dnum = 378273808, spid = 32548, conn = 0x0, dir_hnd = 0x0, expect_close = false, wcard = 0x7f24151e8f18 "../libcli/security/security_token.c:71", attr = 0, path = 0x7f24e8150c73 <Address 0x7f24e8150c73 out of bounds>, has_wild = false, did_stat = false} Metze is already working on a fix
Created attachment 7079 [details] Metze's patchset from master
Created attachment 7080 [details] torturetest to reproduce
Comment on attachment 7079 [details] Metze's patchset from master Looks good to me !
Karolin, please add cherry-pick information before pushing, thanks!
Re-assigned to Karolin for inclusion in 3.6.next. Metze, do you also want to add the torture test into the normal commit tests ? Jeremy.
Pushed to v3-6-test. Closing out bug report. Thanks!