Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1195173 - SMB: With AIO enabled and IO's going on smb client , restarting smb service leads to core dump.
Summary: SMB: With AIO enabled and IO's going on smb client , restarting smb service l...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba
Version: rhgs-3.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: RHGS 3.1.2
Assignee: Ira Cooper
QA Contact: surabhi
URL:
Whiteboard: core
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-23 10:14 UTC by surabhi
Modified: 2016-03-01 06:13 UTC (History)
8 users (show)

Fixed In Version: samba-4.2.4-10.el6rhgs
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-01 06:13:22 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0324 0 normal SHIPPED_LIVE gluster-smb bug fix and enhancement update 2016-03-01 10:31:19 UTC

Description surabhi 2015-02-23 10:14:35 UTC
Description of problem:
*************************************
When AIO is enabled as follows in smb.conf , and there is huge IO running on smb client , restart of smb service leads to core dump and smbd process panics.

bt from log is as follows:

[2015/02/23 13:00:44.093255,  0] ../source3/modules/vfs_glusterfs.c:257(vfs_gluster_connect)
  volume1: Initialized volume from server localhost
[2015/02/23 14:08:01.323978,  0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
  talloc: access after free error - first free may be at ../source3/smbd/close.c:648
[2015/02/23 14:08:01.324615,  0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn)
  Bad talloc magic value - access after free
[2015/02/23 14:08:01.324739,  0] ../source3/lib/util.c:785(smb_panic_s3)
  PANIC (pid 5168): Bad talloc magic value - access after free
[2015/02/23 14:08:01.365544,  0] ../source3/lib/util.c:896(log_stack_trace)
  BACKTRACE: 9 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f6c4054903a]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x23) [0x7f6c40549103]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x1a1) [0x7f6c41cbfa91]
   #3 /usr/lib64/libtalloc.so.2(talloc_get_name+0x58) [0x7f6c3f16cdd8]
   #4 /usr/lib64/libtalloc.so.2(_talloc_get_type_abort+0x2b) [0x7f6c3f16f7eb]
   #5 /usr/lib64/samba/vfs/glusterfs.so(+0x4478) [0x7f6c2c043478]
   #6 /usr/lib64/libgfapi.so.0(+0x3eade0a301) [0x7f6c2be2e301]
   #7 /usr/lib64/libglusterfs.so.0(synctask_wrap+0x2a) [0x7f6c2b7b131a]
   #8 /lib64/libc.so.6(+0x3de94438f0) [0x7f6c3ec0c8f0]


Version-Release number of selected component (if applicable):
*******************************************************
samba-winbind-modules-4.1.16-5.el6rhs.x86_64
samba-winbind-4.1.16-5.el6rhs.x86_64
samba-winbind-clients-4.1.16-5.el6rhs.x86_64
samba-vfs-glusterfs-4.1.16-5.el6rhs.x86_64
samba-debuginfo-4.1.16-5.el6rhs.x86_64
samba-common-4.1.16-5.el6rhs.x86_64
samba-winbind-krb5-locator-4.1.16-5.el6rhs.x86_64
samba-4.1.16-5.el6rhs.x86_64
samba-libs-4.1.16-5.el6rhs.x86_64
samba-client-4.1.16-5.el6rhs.x86_64



How reproducible:
*******************************************************
Always

Steps to Reproduce:
1.Enable AIO in smb.conf 
        (aio read size = 1 or 64
	aio write size = 1 or 64)
2. Mount the volume on cifs client
3. Start io from the client. (dd if=/dev/zero of=file1 bs=1G count=1024)
4. Service smb restart .
5. Check the logs and core file.

Actual results:
******************************************************
crash of smb process.

Expected results:
*************************************************
There should not any crash.Needs to be handled in cleaner way.


Additional info:
*************************************************
Core files are truncated. Trying to get the full core file.Will upload soon.

Comment 11 surabhi 2016-01-04 12:59:23 UTC
Tested with AIO enabled : 

1. aio read size = 4096 as per default smb.conf for rhgs.
2. Mount the volume on cifs client
3. Start io from the client. (dd if=/dev/zero of=file1 bs=1G count=1024)
4. Service smb restart . 
5. Check the logs and core file.

No Crash is seen.
Also tried with multiple restarts of smb process.No crash seen.

Will try out few more scenarios and will update the Bug.

Comment 12 surabhi 2016-01-05 12:55:30 UTC
Executed IO's from multiple clients with AIO enabled and restarted smb services,
stopped and started smb services : No crash seen.

Marking this BZ verified with following build:
samba-4.2.4-12.el6rhs.x86_64

Testing other AIO cases with reboot/shutdown : Will update the test runs accordingly.

Comment 14 errata-xmlrpc 2016-03-01 06:13:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0324.html


Note You need to log in before you can comment on or make changes to this bug.