Created attachment 8444 [details] broken unlink network trace The following testcase reproduce the problem: 1) open a file with SHARE_ALL 2) unlink the file The backtrace: check lock order 1 for /var/lib/samba/smbXsrv_open_global.tdb Lock order violation: Trying /var/lib/samba/smbXsrv_open_global.tdb at 1 while /var/lib/samba/locking.tdb at 1 is locked lock order: 1:/var/lib/samba/locking.tdb 2:<none> 3:<none> PANIC (pid 2992): invalid lock_order BACKTRACE: 27 stack frames: #0 /usr/lib/libsmbconf.so.0(log_stack_trace+0x29) [0xb716c889] #1 /usr/lib/libsmbconf.so.0(smb_panic_s3+0x31) [0xb716c991] #2 /usr/lib/libsamba-util.so.0(smb_panic+0x3a) [0xb76a478a] #3 /usr/lib/samba/libdbwrap.so(+0x24e1) [0xb6abc4e1] #4 /usr/lib/samba/libdbwrap.so(+0x265b) [0xb6abc65b] #5 /usr/lib/samba/libsmbd_base.so(smbXsrv_open_close+0x275) [0xb74c48b5] #6 /usr/lib/samba/libsmbd_base.so(+0x157d0e) [0xb74c4d0e] #7 /usr/lib/libtalloc.so.2(_talloc_free+0x778) [0xb6da2308] #8 /usr/lib/samba/libsmbd_base.so(file_free+0xbc) [0xb741034c] #9 /usr/lib/samba/libsmbd_base.so(close_file+0xa71) [0xb7472611] #10 /usr/lib/samba/libsmbd_base.so(smbd_do_setfilepathinfo+0x17ba) [0xb7459d2a] #11 /usr/lib/samba/libsmbd_base.so(+0xf044f) [0xb745d44f] #12 /usr/lib/samba/libsmbd_base.so(reply_trans2+0x565) [0xb74601d5] #13 /usr/lib/samba/libsmbd_base.so(+0x1211d3) [0xb748e1d3] #14 /usr/lib/samba/libsmbd_base.so(+0x122305) [0xb748f305] #15 /usr/lib/samba/libsmbd_base.so(+0x122a99) [0xb748fa99] #16 /usr/lib/libsmbconf.so.0(run_events_poll+0x11c) [0xb71909cc] #17 /usr/lib/libsmbconf.so.0(+0x40d25) [0xb7190d25] #18 /usr/lib/libtevent.so.0(_tevent_loop_once+0xa8) [0xb6d94318] #19 /usr/lib/samba/libsmbd_base.so(smbd_process+0xea7) [0xb7491157] #20 /usr/sbin/smbd() [0x8051b2f] #21 /usr/lib/libsmbconf.so.0(run_events_poll+0x358) [0xb7190c08] #22 /usr/lib/libsmbconf.so.0(+0x40db8) [0xb7190db8] #23 /usr/lib/libtevent.so.0(_tevent_loop_once+0xa8) [0xb6d94318] #24 /usr/sbin/smbd(main+0x1846) [0x804d746] #25 /lib/libc.so.6(__libc_start_main+0xf5) [0xb6c383d5] #26 /usr/sbin/smbd() [0x804dcd5] The network trace is in attachment.
Created attachment 8445 [details] s3:smbd: fix wrong lock order in posix unlink This patch fixes the problem for me.
Yep. You've identified We don't run into this as normaly we don't get a NTCreateX open followed by a POSIX close on the same SMB connection stream. I'll add an smbtorture regression test for this and get this pushed to 3.6.x, 4.0.x and master. Jeremy.
The only change I'm going to make in this patch is to hold lck over the call to smb_set_file_disposition_info(), which is an efficiency change (so we don't drop the lock then re-acquire inside smb_set_file_disposition_info()). Won't make a difference to the ordering change. Jeremy.
Created attachment 8480 [details] git-am fix for 4.0.x e104e5a8192e9d9a2637035bec343de3c35ca21e -2 in master Contains both the fix and a regression test added to smbtorture that triggers the bug. Jeremy.
Created attachment 8481 [details] git-am fix for 3.6.next Just the fix for 3.6.next, not the regression torture test. Jeremy.
Comment on attachment 8481 [details] git-am fix for 3.6.next Looks good, it's 578909ae19d7ec9dacb960626bd1985a2915365b in master
Comment on attachment 8480 [details] git-am fix for 4.0.x e104e5a8192e9d9a2637035bec343de3c35ca21e -2 in master Looks good, it's e104e5a8192e9d9a2637035bec343de3c35ca21e -2 in master
Pushed to v3-6-test and autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!