Bug #11831

SMB kernel panic in smb_user_namecmp during MMC close file

Added by Gordon Ross 4 months ago. Updated 3 months ago.

Start date:
Due date:
% Done:


Estimated time:


While attempting to release a file lock from a CIFS shared file, using the MMC utility to close the open file, system panic'ed.



Updated by Gordon Ross 4 months ago

Before #11031 the function smb_server_session_disconnect
used to take a hold on each user object before operating on it.
Taking the hold filters out user objects in states other than
"LOGGED_ON", which is what this function wants.

After #11031 the hold is taken only after the user object is
examined with smb_user_namecmp (to find out if it's one we
should log off) so that may see incomplete user objects.

The fix is fairly simple: Move the smb_user_hold call earlier,
much as it was before #11031


Updated by Gordon Ross 3 months ago

Testing: This is tricky to reproduce. We first need to arrange for the existence of an smb_user_t object in state LOGGING_ON and making it stay in that state for a while. The only easy way I know of to do that is run a client under debug and put a breakpoint after the first SMB2_SESSION_SETUP command, leaving the client stopped in the debugger at that point. Check that we have an smb_user_t object in state LOGGING_ON by examining the SMB server state with mdb -k (::smblist). Then use "server manager" on a Windows client (with "connect to remote computer") and enumerate client sessions. Finally, do a "force disconnect" operation on the client we arranged to be in LOGGING_ON state above.


Updated by Gordon Ross 3 months ago

Tested per. description above.


Updated by Electric Monk 3 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 896d95522971026bf88063d02c736529f8a884dd

commit  896d95522971026bf88063d02c736529f8a884dd
Author: Gordon Ross <>
Date:   2019-10-19T13:02:11.000Z

    11831 SMB kernel panic in smb_user_namecmp during MMC close file
    Reviewed by: Evan Layton <>
    Reviewed by: Matt Barden <>
    Reviewed by: Yuri Pankov <>
    Reviewed by: Andy Stormont <>
    Approved by: Robert Mustacchi <>

Also available in: Atom PDF