Bug 14530 - smbd crashed with SIGSEGV while trying to list "Previous versions" using vfs_shadow_copy2 out of GlusterFS snapshots
Summary: smbd crashed with SIGSEGV while trying to list "Previous versions" using vfs_...
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.13.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-12 10:28 UTC by Anoop C S
Modified: 2020-10-14 11:05 UTC (History)
1 user (show)

See Also:


Attachments
patch for 4.13 (1.54 KB, patch)
2020-10-14 11:05 UTC, Anoop C S
anoopcs: review? (slow)
anoopcs: ci-passed+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Anoop C S 2020-10-12 10:28:42 UTC
Description:
smbd crashed with following backtrace while trying to list "Previous versions" using shadow_copy2 VFS module with GlusterFS snapshots.

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f2333b46895 in __GI_abort () at abort.c:79
#2  0x00007f23341e4f38 in dump_core () at ../../source3/lib/dumpcore.c:338
#3  0x00007f23341f83ae in smb_panic_s3 (why=0x7ffc19527610 "Signal 11: Segmentation fault") at ../../source3/lib/util.c:850
#4  0x00007f2334659ae6 in smb_panic (why=0x7ffc19527610 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:184
#5  0x00007f2334659692 in fault_report (sig=11) at ../../lib/util/fault.c:82
#6  0x00007f23346596a7 in sig_fault (sig=11) at ../../lib/util/fault.c:93
#7  <signal handler called>
#8  0x00007f2320d85d75 in pub_glfs_close (glfd=0x55d8f49b97f0) at ../../../../glusterfs.git/api/src/glfs-fops.c:524
#9  0x00007f2320da7292 in vfs_gluster_close (handle=0x55d8f48a1e70, fsp=0x55d8f49aa4a0) at ../../source3/modules/vfs_glusterfs.c:677
#10 0x00007f23344843e2 in smb_vfs_call_close (handle=0x55d8f48a1e70, fsp=0x55d8f49aa4a0) at ../../source3/smbd/vfs.c:1840
#11 0x00007f233446daf7 in fd_close (fsp=0x55d8f49aa4a0) at ../../source3/smbd/open.c:853
#12 0x00007f2320935787 in shadow_copy2_get_shadow_copy_data (handle=0x55d8f4894760, fsp=0x55d8f49a6050, shadow_copy2_data=0x55d8f48a5be0, labels=false)
    at ../../source3/modules/vfs_shadow_copy2.c:2121
#13 0x00007f2334483e73 in smb_vfs_call_get_shadow_copy_data (handle=0x55d8f4894760, fsp=0x55d8f49a6050, shadow_copy_data=0x55d8f48a5be0, labels=false)
    at ../../source3/smbd/vfs.c:1679
#14 0x00007f23343f2f23 in vfswrap_fsctl (handle=0x55d8f48a7ad0, fsp=0x55d8f49a6050, ctx=0x55d8f48a5b30, function=1327204, req_flags=49217, _in_data=0x0, 
    in_len=0, _out_data=0x7ffc195280e8, max_out_len=16, out_len=0x7ffc195280e4) at ../../source3/modules/vfs_default.c:1425
#15 0x00007f2334485b11 in smb_vfs_call_fsctl (handle=0x55d8f48a7ad0, fsp=0x55d8f49a6050, ctx=0x55d8f48a5b30, function=1327204, req_flags=49217, in_data=0x0, 
    in_len=0, out_data=0x7ffc195280e8, max_out_len=16, out_len=0x7ffc195280e4) at ../../source3/smbd/vfs.c:2427
#16 0x00007f23344d8209 in smb2_ioctl_network_fs (ctl_code=1327204, ev=0x55d8f486f690, req=0x55d8f48a5980, state=0x55d8f48a5b30)
    at ../../source3/smbd/smb2_ioctl_network_fs.c:631
#17 0x00007f23344d3fd9 in smbd_smb2_ioctl_send (mem_ctx=0x55d8f49b9310, ev=0x55d8f486f690, smb2req=0x55d8f49b9310, fsp=0x55d8f49a6050, in_ctl_code=1327204, 
    in_input=..., in_max_output=16, in_flags=1) at ../../source3/smbd/smb2_ioctl.c:456
#18 0x00007f23344d3409 in smbd_smb2_request_process_ioctl (req=0x55d8f49b9310) at ../../source3/smbd/smb2_ioctl.c:221
#19 0x00007f23344b9f9c in smbd_smb2_request_dispatch (req=0x55d8f49b9310) at ../../source3/smbd/smb2_server.c:3328
#20 0x00007f23344bec32 in smbd_smb2_io_handler (xconn=0x55d8f48b4a40, fde_flags=1) at ../../source3/smbd/smb2_server.c:4902
#21 0x00007f23344bed3b in smbd_smb2_connection_handler (ev=0x55d8f486f690, fde=0x55d8f48873c0, flags=1, private_data=0x55d8f48b4a40)
    at ../../source3/smbd/smb2_server.c:4940
#22 0x00007f2333e50f11 in tevent_common_invoke_fd_handler (fde=fde@entry=0x55d8f48873c0, flags=1, removed=removed@entry=0x0) at ../../tevent_fd.c:138
#23 0x00007f2333e57417 in epoll_event_loop (tvalp=0x7ffc195284d0, epoll_ev=0x55d8f48a44c0) at ../../tevent_epoll.c:736
#24 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:937
#25 0x00007f2333e5557b in std_event_loop_once (ev=0x55d8f486f690, location=0x7f23345c5f38 "../../source3/smbd/process.c:4212") at ../../tevent_standard.c:110
#26 0x00007f2333e50598 in _tevent_loop_once (ev=ev@entry=0x55d8f486f690, location=location@entry=0x7f23345c5f38 "../../source3/smbd/process.c:4212")
    at ../../tevent.c:772
#27 0x00007f2333e5087b in tevent_common_loop_wait (ev=0x55d8f486f690, location=0x7f23345c5f38 "../../source3/smbd/process.c:4212") at ../../tevent.c:895
#28 0x00007f2333e5550b in std_event_loop_wait (ev=0x55d8f486f690, location=0x7f23345c5f38 "../../source3/smbd/process.c:4212") at ../../tevent_standard.c:141
#29 0x00007f23344a12aa in smbd_process (ev_ctx=0x55d8f486f690, msg_ctx=0x55d8f486b980, dce_ctx=0x55d8f48843a0, sock_fd=56, interactive=false)
    at ../../source3/smbd/process.c:4212
#30 0x000055d8f2ba419f in smbd_accept_connection (ev=0x55d8f486f690, fde=0x55d8f48a33b0, flags=1, private_data=0x55d8f48d2b10)
    at ../../source3/smbd/server.c:1018
#31 0x00007f2333e50f11 in tevent_common_invoke_fd_handler (fde=fde@entry=0x55d8f48a33b0, flags=1, removed=removed@entry=0x0) at ../../tevent_fd.c:138
#32 0x00007f2333e57417 in epoll_event_loop (tvalp=0x7ffc195287a0, epoll_ev=0x55d8f4882b70) at ../../tevent_epoll.c:736
#33 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:937
#34 0x00007f2333e5557b in std_event_loop_once (ev=0x55d8f486f690, location=0x55d8f2baee88 "../../source3/smbd/server.c:1365") at ../../tevent_standard.c:110
#35 0x00007f2333e50598 in _tevent_loop_once (ev=ev@entry=0x55d8f486f690, location=location@entry=0x55d8f2baee88 "../../source3/smbd/server.c:1365")
    at ../../tevent.c:772
#36 0x00007f2333e5087b in tevent_common_loop_wait (ev=0x55d8f486f690, location=0x55d8f2baee88 "../../source3/smbd/server.c:1365") at ../../tevent.c:895
#37 0x00007f2333e5550b in std_event_loop_wait (ev=0x55d8f486f690, location=0x55d8f2baee88 "../../source3/smbd/server.c:1365") at ../../tevent_standard.c:141
#38 0x000055d8f2ba4e42 in smbd_parent_loop (ev_ctx=0x55d8f486f690, parent=0x55d8f4883130) at ../../source3/smbd/server.c:1365
#39 0x000055d8f2ba6fbb in main (argc=3, argv=0x7ffc19528d58) at ../../source3/smbd/server.c:2216


# Global parameters
[global]
	clustering = Yes
	load printers = No
	log file = /usr/local/var/log/samba/log.%I
	netbios name = GFS-SMB-CLUSTER
	security = USER
	server string = Samba Server
	idmap config * : backend = tdb


[gluster-vol]
	comment = For samba share of volume vol
	kernel share modes = No
	path = /
	read only = No
	vfs objects = shadow_copy2 glusterfs
	shadow:format = _GMT-%Y.%m.%d-%H.%M.%S
	shadow:snapprefix = ^s[A-Za-z0-9]*p$
	shadow:sort = desc
	shadow:basedir = /
	shadow:snapdir = /.snaps
	glusterfs:loglevel = 7
	glusterfs:logfile = /usr/local/var/log/samba/glusterfs-vol.%M.log
	glusterfs:volume = vol

Version:
master

Steps to Reproduce:
1. Have a Samba-GlusterFS setup with shadow_copy2 VFS module configuration
2. Create snapshot/s of GlusterFS volume
3. Modify file content and try to list Previous version.
Comment 1 Samba QA Contact 2020-10-14 10:09:05 UTC
This bug was referenced in samba master:

74fbe0b987a0333cca28bb6a547e5b4b4f2e706d
Comment 2 Anoop C S 2020-10-14 11:05:02 UTC
Created attachment 16282 [details]
patch for 4.13
Comment 3 Anoop C S 2020-10-14 11:05:52 UTC
Ressigning to Karolin for inclusion in 4.13