thr3ads.net - samba - [Samba] Core dump in 4.17.2 non_widelink_open (assert failed: slash == NULL) (Also 4.17.2 missing in list of versions in Bugzilla :-) [Nov 2022]

If this information is useful, please help other people find it:
Share via:
Peter Eriksson
2022-Nov-01 09:25 UTC
[Samba] Core dump in 4.17.2 non_widelink_open (assert failed: slash == NULL) (Also 4.17.2 missing in list of versions in Bugzilla :-)

Just got a core dump from a freshly installed Samba 4.17.2 smbd,

Also, I when bug reporting it in bugzilla, can?t select 4.17.2 in Version
(latest there seems to be 4.17.1 :-)

FreeBSD 12.3. Bugzilla 15221

- Peter

GDB info:

Sent by thr_kill() from pid 33958 and user 0.
#0  0x00000008043a769a in thr_kill () from /lib/libc.so.7
(gdb) bt
#0  0x00000008043a769a in thr_kill () from /lib/libc.so.7
#1  0x00000008043a5af4 in raise () from /lib/libc.so.7
#2  0x000000080431b719 in abort () from /lib/libc.so.7
#3  0x0000000801f0af37 in dump_core () at ../../source3/lib/dumpcore.c:338
#4  0x0000000801f17f76 in smb_panic_s3 (why=<optimized out>) at
../../source3/lib/util.c:713
#5  0x0000000803d8b7f8 in smb_panic (why=why at entry=0x8017d6b8c "assert
failed: slash == NULL")
    at ../../lib/util/fault.c:198
#6  0x00000008017061ba in non_widelink_open (dirfsp=dirfsp at entry=0x811dc9120,
fsp=fsp at entry=0x811dcab60,
    smb_fname=smb_fname at entry=0x80f32fa00, _how=_how at entry=0x7fffffffdf00,
link_depth=link_depth at entry=0)
    at ../../source3/smbd/open.c:773
#7  0x0000000801708eca in fd_openat (dirfsp=dirfsp at entry=0x811dc9120,
smb_fname=smb_fname at entry=0x80f32fa00,
    fsp=0x811dcab60, _how=_how at entry=0x7fffffffe000) at
../../source3/smbd/open.c:952
#8  0x00000008016e2c9f in openat_pathref_fullname (conn=conn at
entry=0x80eb98c60, dirfsp=dirfsp at entry=0x811dc9120,
    basefsp=basefsp at entry=0x0, full_fname=full_fname at entry=0x7fffffffdff8,
smb_fname=smb_fname at entry=0x80f32fa00,
    how=how at entry=0x7fffffffe000) at ../../source3/smbd/files.c:481
#9  0x00000008016e342b in openat_pathref_fsp (dirfsp=dirfsp at
entry=0x811dc9120, smb_fname=smb_fname at entry=0x80f32fa00)
    at ../../source3/smbd/files.c:590
#10 0x0000000801704601 in openat_pathref_fsp_case_insensitive (ucf_flags=0,
smb_fname_rel=0x80f32fa00,
    dirfsp=0x811dc9120) at ../../source3/smbd/filename.c:912
#11 filename_convert_dirfsp_nosymlink (_unparsed=<synthetic pointer>,
_substitute=<synthetic pointer>,
    _smb_fname=0x7fffffffe208, _dirfsp=0x7fffffffe200, twrp=0, ucf_flags=0,
name_in=<optimized out>, conn=0x80eb98c60,
    mem_ctx=0x80ebeb0e0) at ../../source3/smbd/filename.c:1259
#12 filename_convert_dirfsp (mem_ctx=mem_ctx at entry=0x80ebeb0e0,
conn=<optimized out>,
    name_in=0x80ebeb530
"sopas205/Downloads/teamviewerqs/profile/dosdevices/CQFO6Q~M",
ucf_flags=0, twrp=0,
    _dirfsp=_dirfsp at entry=0x7fffffffe200, _smb_fname=0x7fffffffe208) at
../../source3/smbd/filename.c:1457
#13 0x0000000801746f20 in smbd_smb2_create_send (in_context_blobs=..., 
    in_name=0x80ebead30
"sopas205\\Downloads\\teamviewerqs\\profile\\dosdevices\\CQFO6Q~M",
    in_create_options=<optimized out>, in_create_disposition=<optimized
out>, in_share_access=3, in_file_attributes=0,
    in_desired_access=1048705, in_impersonation_level=2,
in_oplock_level=<optimized out>, smb2req=0x80ebea8e0,
    ev=<optimized out>, mem_ctx=0x80ebea8e0) at
../../source3/smbd/smb2_create.c:976
#14 smbd_smb2_request_process_create (smb2req=smb2req at entry=0x80ebea8e0) at
../../source3/smbd/smb2_create.c:270
#15 0x000000080173c7c7 in smbd_smb2_request_dispatch (req=req at
entry=0x80ebea8e0) at ../../source3/smbd/smb2_server.c:3399
#16 0x000000080173d4b3 in smbd_smb2_io_handler (fde_flags=<optimized out>,
xconn=0x80eb9e560)

(gdb) frame 6
#6  0x00000008017061ba in non_widelink_open (dirfsp=dirfsp at entry=0x811dc9120,
fsp=fsp at entry=0x811dcab60, smb_fname=smb_fname at entry=0x80f32fa00,
    _how=_how at entry=0x7fffffffdf00, link_depth=link_depth at entry=0) at
../../source3/smbd/open.c:773
773			SMB_ASSERT(slash == NULL);

(gdb) print *dirfsp
$1 = {next = 0x811dc9d60, prev = 0x811dcab60, fnum = 0, op = 0x0, conn =
0x80eb98c60, fh = 0x812efcb00, num_smb_operations = 0, file_id = {
    devid = 5952628266332556909, inode = 4654, extid = 0},
initial_allocation_size = 0, file_pid = 0, vuid = 0, open_time = {tv_sec = 0,
tv_usec = 0},
  access_mask = 0, fsp_flags = {is_pathref = true, is_fsa = false, have_proc_fds
= false, kernel_share_modes_taken = false,
    update_write_time_triggered = false, update_write_time_on_close = false,
write_time_forced = false, can_lock = false, can_read = false,
    can_write = false, modified = false, is_directory = true, is_dirfsp = false,
aio_write_behind = false, initial_delete_on_close = false,
    delete_on_close = false, is_sparse = false, backup_intent = false,
use_ofd_locks = false, closing = false, lock_failure_seen = false,
    encryption_required = false, fstat_before_close = false},
update_write_time_event = 0x0, close_write_time = {tv_sec = 0, tv_nsec = -2},
  oplock_type = 0, leases_db_seqnum = 0, lease_type = 0, lease = 0x0,
sent_oplock_break = 0, oplock_timeout = 0x0, current_lock_count = 0,
  posix_flags = 0, fsp_name = 0x80f333e80, name_hash = 1414196691, mid = 0,
vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0,
  stream_fsp = 0x0, share_mode_flags_seqnum = 0, share_mode_flags = 0,
brlock_seqnum = 0, brlock_rec = 0x0, dptr = 0x0, print_file = 0x0,
  num_aio_requests = 0, aio_requests = 0x0, blocked_smb1_lock_reqs = 0x0,
lock_failure_offset = 0}

(gdb) print *fsp
$2 = {next = 0x811dc9120, prev = 0x80eb65ae0, fnum = 0, op = 0x0, conn =
0x80eb98c60, fh = 0x812efd1e0, num_smb_operations = 0, file_id = {devid = 0,
    inode = 0, extid = 0}, initial_allocation_size = 0, file_pid = 0, vuid = 0,
open_time = {tv_sec = 1667232016, tv_usec = 588582}, access_mask = 0,
  fsp_flags = {is_pathref = true, is_fsa = false, have_proc_fds = false,
kernel_share_modes_taken = false, update_write_time_triggered = false,
    update_write_time_on_close = false, write_time_forced = false, can_lock =
false, can_read = false, can_write = false, modified = false,
    is_directory = false, is_dirfsp = false, aio_write_behind = false,
initial_delete_on_close = false, delete_on_close = false, is_sparse = false,
    backup_intent = false, use_ofd_locks = false, closing = false,
lock_failure_seen = false, encryption_required = false, fstat_before_close =
false},
  update_write_time_event = 0x0, close_write_time = {tv_sec = 0, tv_nsec = -2},
oplock_type = 0, leases_db_seqnum = 0, lease_type = 0, lease = 0x0,
  sent_oplock_break = 0, oplock_timeout = 0x0, current_lock_count = 0,
posix_flags = 0, fsp_name = 0x811dc4780, name_hash = 2156576274, mid = 0,
  vfs_extension = 0x0, fake_file_handle = 0x0, notify = 0x0, base_fsp = 0x0,
stream_fsp = 0x0, share_mode_flags_seqnum = 0, share_mode_flags = 0,
  brlock_seqnum = 0, brlock_rec = 0x0, dptr = 0x0, print_file = 0x0,
num_aio_requests = 0, aio_requests = 0x0, blocked_smb1_lock_reqs = 0x0,
  lock_failure_offset = 0}

(gdb) print *smb_fname
$3 = {base_name = 0x80f32fb20
"sopas205/Downloads/teamviewerqs/profile/drive_c", stream_name = 0x0,
flags = 0, st = {st_ex_dev = 0, st_ex_ino = 0,
    st_ex_mode = 0, st_ex_nlink = 0, st_ex_uid = 0, st_ex_gid = 0, st_ex_rdev =
0, st_ex_size = 0, st_ex_atime = {tv_sec = 0, tv_nsec = 0},
    st_ex_mtime = {tv_sec = 0, tv_nsec = 0}, st_ex_ctime = {tv_sec = 0, tv_nsec
= 0}, st_ex_btime = {tv_sec = 0, tv_nsec = 0}, st_ex_blksize = 0,
    st_ex_blocks = 0, st_ex_flags = 0, st_ex_iflags = 0}, twrp = 0, fsp = 0x0,
fsp_link = 0x0}


- Peter
samba - Nov 2022 - Core dump in 4.17.2 non_widelink_open (assert failed: slash == NULL) (Also 4.17.2 missing in list of versions in Bugzilla :-)

[Samba] Core dump in 4.17.2 non_widelink_open (assert failed: slash == NULL) (Also 4.17.2 missing in list of versions in Bugzilla :-)
