Description of problem: ************************************* When AIO is enabled as follows in smb.conf , and there is huge IO running on smb client , restart of smb service leads to core dump and smbd process panics. bt from log is as follows: [2015/02/23 13:00:44.093255, 0] ../source3/modules/vfs_glusterfs.c:257(vfs_gluster_connect) volume1: Initialized volume from server localhost [2015/02/23 14:08:01.323978, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) talloc: access after free error - first free may be at ../source3/smbd/close.c:648 [2015/02/23 14:08:01.324615, 0] ../source3/lib/popt_common.c:67(popt_s3_talloc_log_fn) Bad talloc magic value - access after free [2015/02/23 14:08:01.324739, 0] ../source3/lib/util.c:785(smb_panic_s3) PANIC (pid 5168): Bad talloc magic value - access after free [2015/02/23 14:08:01.365544, 0] ../source3/lib/util.c:896(log_stack_trace) BACKTRACE: 9 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f6c4054903a] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x23) [0x7f6c40549103] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x1a1) [0x7f6c41cbfa91] #3 /usr/lib64/libtalloc.so.2(talloc_get_name+0x58) [0x7f6c3f16cdd8] #4 /usr/lib64/libtalloc.so.2(_talloc_get_type_abort+0x2b) [0x7f6c3f16f7eb] #5 /usr/lib64/samba/vfs/glusterfs.so(+0x4478) [0x7f6c2c043478] #6 /usr/lib64/libgfapi.so.0(+0x3eade0a301) [0x7f6c2be2e301] #7 /usr/lib64/libglusterfs.so.0(synctask_wrap+0x2a) [0x7f6c2b7b131a] #8 /lib64/libc.so.6(+0x3de94438f0) [0x7f6c3ec0c8f0] Version-Release number of selected component (if applicable): ******************************************************* samba-winbind-modules-4.1.16-5.el6rhs.x86_64 samba-winbind-4.1.16-5.el6rhs.x86_64 samba-winbind-clients-4.1.16-5.el6rhs.x86_64 samba-vfs-glusterfs-4.1.16-5.el6rhs.x86_64 samba-debuginfo-4.1.16-5.el6rhs.x86_64 samba-common-4.1.16-5.el6rhs.x86_64 samba-winbind-krb5-locator-4.1.16-5.el6rhs.x86_64 samba-4.1.16-5.el6rhs.x86_64 samba-libs-4.1.16-5.el6rhs.x86_64 samba-client-4.1.16-5.el6rhs.x86_64 How reproducible: ******************************************************* Always Steps to Reproduce: 1.Enable AIO in smb.conf (aio read size = 1 or 64 aio write size = 1 or 64) 2. Mount the volume on cifs client 3. Start io from the client. (dd if=/dev/zero of=file1 bs=1G count=1024) 4. Service smb restart . 5. Check the logs and core file. Actual results: ****************************************************** crash of smb process. Expected results: ************************************************* There should not any crash.Needs to be handled in cleaner way. Additional info: ************************************************* Core files are truncated. Trying to get the full core file.Will upload soon.
Tested with AIO enabled : 1. aio read size = 4096 as per default smb.conf for rhgs. 2. Mount the volume on cifs client 3. Start io from the client. (dd if=/dev/zero of=file1 bs=1G count=1024) 4. Service smb restart . 5. Check the logs and core file. No Crash is seen. Also tried with multiple restarts of smb process.No crash seen. Will try out few more scenarios and will update the Bug.
Executed IO's from multiple clients with AIO enabled and restarted smb services, stopped and started smb services : No crash seen. Marking this BZ verified with following build: samba-4.2.4-12.el6rhs.x86_64 Testing other AIO cases with reboot/shutdown : Will update the test runs accordingly.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0324.html