Bug 14890 - Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
Summary: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-02 01:52 UTC by Jeremy Allison
Modified: 2021-11-10 18:04 UTC (History)
2 users (show)

See Also:


Attachments
raw patch for master / 4.15.next (696 bytes, patch)
2021-11-02 01:55 UTC, Jeremy Allison
no flags Details
git-am fix for 4.15.next. (1.24 KB, patch)
2021-11-03 19:08 UTC, Jeremy Allison
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2021-11-02 01:52:12 UTC
Reported on the mailing list here:

https://lists.samba.org/archive/samba/2021-November/238134.html

coredump here:

https://gist.github.com/SenH/2a611b30b8ed9ef7c234b7d14d75d074

Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166458,  0] ../../source3/smbd/fd_handle.c:92(fsp_get_io_fd)
Nov 01 20:53:36 router smbd[456352]:   fsp_get_io_fd: fsp [complete/test.docx] is a path referencing fsp
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166667,  0] ../../lib/util/fault.c:172(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   ===============================================================
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166745,  0] ../../lib/util/fault.c:173(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   INTERNAL ERROR: bad fsp in pid 456352 (4.15.1)
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166819,  0] ../../lib/util/fault.c:177(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166897,  0] ../../lib/util/fault.c:182(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   ===============================================================
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166970,  0] ../../lib/util/fault.c:183(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   PANIC (pid 456352): bad fsp in 4.15.1
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.168868,  0] ../../lib/util/fault.c:287(log_stack_trace)
Nov 01 20:53:36 router smbd[456352]:   BACKTRACE: 29 stack frames:
Nov 01 20:53:36 router smbd[456352]:    #0 /usr/lib/libsamba-util.so.0(log_stack_trace+0x31) [0x7efdc6c5c8c1]
Nov 01 20:53:36 router smbd[456352]:    #1 /usr/lib/libsamba-util.so.0(smb_panic+0xa) [0x7efdc6c5cb2a]
Nov 01 20:53:36 router smbd[456352]:    #2 /usr/lib/samba/vfs/fruit.so(ad_fset+0xcd5) [0x7efdc1828f55]
Nov 01 20:53:36 router smbd[456352]:    #3 /usr/lib/samba/vfs/fruit.so(+0xafd5) [0x7efdc182cfd5]
Nov 01 20:53:36 router smbd[456352]:    #4 /usr/lib/samba/vfs/catia.so(+0x603b) [0x7efdc181a03b]
Nov 01 20:53:36 router smbd[456352]:    #5 /usr/lib/samba/libsmbd-base-samba4.so(file_ntimes+0x94) [0x7efdc6dd1b94]
Nov 01 20:53:36 router smbd[456352]:    #6 /usr/lib/samba/libsmbd-base-samba4.so(+0xf6ab5) [0x7efdc6db9ab5]
Nov 01 20:53:36 router smbd[456352]:    #7 /usr/lib/samba/libsmbd-base-samba4.so(smbd_do_setfilepathinfo+0x530) [0x7efdc6dc7940]
Nov 01 20:53:36 router smbd[456352]:    #8 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_process_setinfo+0x689) [0x7efdc6e2b729]
Nov 01 20:53:36 router smbd[456352]:    #9 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x12bb) [0x7efdc6e120fb]
Nov 01 20:53:36 router smbd[456352]:    #10 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch_immediate+0x51) [0x7efdc6e137f1]
Comment 1 Jeremy Allison 2021-11-02 01:52:43 UTC
Ralph, making sure you know about this one.
Comment 2 Jeremy Allison 2021-11-02 01:55:21 UTC
Created attachment 16905 [details]
raw patch for master / 4.15.next

Ralph, I think this is the fix (raw untested patch). We're always calling fsp_get_io_fd() in a call path where we're calling SMB_VFS_NEXT_FSETXATTR() so only need a pathref fsp.

The only question is, how to reproduce this for the test ?
Comment 3 Ralph Böhme 2021-11-02 04:34:37 UTC
Comment on attachment 16905 [details]
raw patch for master / 4.15.next

I think we can safely remove the whole paranioa check.
Comment 4 Samba QA Contact 2021-11-03 17:33:03 UTC
This bug was referenced in samba master:

3cb9f8f5ff29c14e117b57896c4540cc66510a1a
Comment 5 Jeremy Allison 2021-11-03 19:08:21 UTC
Created attachment 16942 [details]
git-am fix for 4.15.next.

Cherry-picked from master.
Comment 6 Ralph Böhme 2021-11-04 07:50:01 UTC
Reassigning to Jule for inclusion in 4.15.
Comment 7 Jule Anger 2021-11-10 14:33:32 UTC
Pushed to autobuild-v4-15-test.
Comment 8 Samba QA Contact 2021-11-10 17:08:48 UTC
This bug was referenced in samba v4-15-test:

f926586544e8c92b58ccba133992f75f8c33c5a1
Comment 9 Jule Anger 2021-11-10 18:04:04 UTC
Closing out bug report.

Thanks!