Bug 14890 - Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
Summary: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-02 01:52 UTC by Jeremy Allison
Modified: 2021-12-08 14:57 UTC (History)
2 users (show)

See Also:

Attachments
raw patch for master / 4.15.next (696 bytes, patch)
2021-11-02 01:55 UTC, Jeremy Allison 		no flags Details
git-am fix for 4.15.next. (1.24 KB, patch)
2021-11-03 19:08 UTC, Jeremy Allison 		slow: review+
Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2021-11-02 01:52:12 UTC 
Reported on the mailing list here:

https://lists.samba.org/archive/samba/2021-November/238134.html

coredump here:

https://gist.github.com/SenH/2a611b30b8ed9ef7c234b7d14d75d074

Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166458,  0] ../../source3/smbd/fd_handle.c:92(fsp_get_io_fd)
Nov 01 20:53:36 router smbd[456352]:   fsp_get_io_fd: fsp [complete/test.docx] is a path referencing fsp
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166667,  0] ../../lib/util/fault.c:172(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   ===============================================================
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166745,  0] ../../lib/util/fault.c:173(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   INTERNAL ERROR: bad fsp in pid 456352 (4.15.1)
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166819,  0] ../../lib/util/fault.c:177(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166897,  0] ../../lib/util/fault.c:182(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   ===============================================================
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.166970,  0] ../../lib/util/fault.c:183(smb_panic_log)
Nov 01 20:53:36 router smbd[456352]:   PANIC (pid 456352): bad fsp in 4.15.1
Nov 01 20:53:36 router smbd[456352]: [2021/11/01 20:53:36.168868,  0] ../../lib/util/fault.c:287(log_stack_trace)
Nov 01 20:53:36 router smbd[456352]:   BACKTRACE: 29 stack frames:
Nov 01 20:53:36 router smbd[456352]:    #0 /usr/lib/libsamba-util.so.0(log_stack_trace+0x31) [0x7efdc6c5c8c1]
Nov 01 20:53:36 router smbd[456352]:    #1 /usr/lib/libsamba-util.so.0(smb_panic+0xa) [0x7efdc6c5cb2a]
Nov 01 20:53:36 router smbd[456352]:    #2 /usr/lib/samba/vfs/fruit.so(ad_fset+0xcd5) [0x7efdc1828f55]
Nov 01 20:53:36 router smbd[456352]:    #3 /usr/lib/samba/vfs/fruit.so(+0xafd5) [0x7efdc182cfd5]
Nov 01 20:53:36 router smbd[456352]:    #4 /usr/lib/samba/vfs/catia.so(+0x603b) [0x7efdc181a03b]
Nov 01 20:53:36 router smbd[456352]:    #5 /usr/lib/samba/libsmbd-base-samba4.so(file_ntimes+0x94) [0x7efdc6dd1b94]
Nov 01 20:53:36 router smbd[456352]:    #6 /usr/lib/samba/libsmbd-base-samba4.so(+0xf6ab5) [0x7efdc6db9ab5]
Nov 01 20:53:36 router smbd[456352]:    #7 /usr/lib/samba/libsmbd-base-samba4.so(smbd_do_setfilepathinfo+0x530) [0x7efdc6dc7940]
Nov 01 20:53:36 router smbd[456352]:    #8 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_process_setinfo+0x689) [0x7efdc6e2b729]
Nov 01 20:53:36 router smbd[456352]:    #9 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x12bb) [0x7efdc6e120fb]
Nov 01 20:53:36 router smbd[456352]:    #10 /usr/lib/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch_immediate+0x51) [0x7efdc6e137f1]
Comment 1 Jeremy Allison 2021-11-02 01:52:43 UTC 
Ralph, making sure you know about this one.
Comment 2 Jeremy Allison 2021-11-02 01:55:21 UTC 
Created attachment 16905 [details]
raw patch for master / 4.15.next

Ralph, I think this is the fix (raw untested patch). We're always calling fsp_get_io_fd() in a call path where we're calling SMB_VFS_NEXT_FSETXATTR() so only need a pathref fsp.

The only question is, how to reproduce this for the test ?
Comment 3 Ralph Böhme 2021-11-02 04:34:37 UTC 
Comment on attachment 16905 [details]
raw patch for master / 4.15.next

I think we can safely remove the whole paranioa check.
Comment 4 Samba QA Contact 2021-11-03 17:33:03 UTC 
This bug was referenced in samba master:

3cb9f8f5ff29c14e117b57896c4540cc66510a1a
Comment 5 Jeremy Allison 2021-11-03 19:08:21 UTC 
Created attachment 16942 [details]
git-am fix for 4.15.next.

Cherry-picked from master.
Comment 6 Ralph Böhme 2021-11-04 07:50:01 UTC 
Reassigning to Jule for inclusion in 4.15.
Comment 7 Jule Anger 2021-11-10 14:33:32 UTC 
Pushed to autobuild-v4-15-test.
Comment 8 Samba QA Contact 2021-11-10 17:08:48 UTC 
This bug was referenced in samba v4-15-test:

f926586544e8c92b58ccba133992f75f8c33c5a1
Comment 9 Jule Anger 2021-11-10 18:04:04 UTC 
Closing out bug report.

Thanks!
Comment 10 Samba QA Contact 2021-12-08 14:57:29 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

f926586544e8c92b58ccba133992f75f8c33c5a1