Created attachment 18327 [details] gdb backtrace of segmentation fault (with debug symbols installed) Hi, since upgrading to samba 4.20.1 (provided by sernet) from 4.19.6 we got reports of strange behaviour (LibreOffice reporting readonly when saving, leftover temp files...) from our users on our most used fileserver. In the logfiles I found a lot of segmentation faults. Since the backtrace showed vfs_recycle I temporarily disabled the recycle bin on the affected shares and the problems stoppped. Attached you'll find a gdb backtrace of a core dump.
I forgot to mention: SAMBA is running on Debian 12 and the clients are mostly Windows Server 2019. I have not been able to reproduce the problem on a similar setup. In one of the shares I found some directories which had invalid characters, snippets from the config ("rid", "mkdirat read pread pwrite write renameat unlinkat connect create_file", "40000-60000") and even parts of lines from the auditlog as names. As far as I can tell the creation time of these directories correlates with the segmentation faults. Looks to me like something points to the wrong memory address.
please also provide a minimal configuration with which this issues can be reproduced.
This is the same issue we've got reported in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2282238 I did some investigation after a core dump was provided and it looks like a memory overwrite or heap smashing as the structure that should be intact (coming from an smbconf parameter lookup) gets rewritten by a pointer to another smbconf data.
Created attachment 18340 [details] possible fix can you try if this patch fixes the problem for you?
Most likely the problem is that the values from lp_parm_string_list() in vfs_recycle_connect() get out of scope because we reloaded the config file.
Comment on attachment 18340 [details] possible fix This is ok, but won't fix the problem.
This bug was referenced in samba master: 2916b6096e16fb44d659b7e60d3f3a569d037279 6467c47cbe562e99e970dbb895e1068f54e6295b 691564f6ca7d206939558b8e69b5fb86a3e68650 220b0e977e2e25f2033cfd62c17d998c750992fc cf7a6b521ac0bb903dabbd1af208d1af4fbe9a8b b38241da3dd73386c4f41a56d95d33d4e1e3d2de 2175856fef17964cef7cf8618b39736168219eec c229a84b449b8ba326ee0f6f702d91f101b99ee4 53b72ea4d25d4aa6cf8de1c7555456d4cc03b809
Created attachment 18346 [details] Patches for v4-20-test
Comment on attachment 18346 [details] Patches for v4-20-test lgtm
assign to Jule for inclusion in 4.20
Pushed to autobuild-v4-20-test.
This bug was referenced in samba v4-20-test: 7d277c424fc14b5b43c63cb100705ae0fcc99994 cf22968a8a12151fcb294c164e0e3f6fc0015690 db098ff1aadb84d69ef32c981458a7b2c72e8a0a 69b9c140527c930b6632e7201a6f83a3e8f664f1 a5d5d83c4923ff860a1463a65057859bfdf61db0 4bb5f8a92aa34cf7d65fbc9518a2b8b94a98fec8 64d7108cddb64d60afaf52dd0fc74d127e6c0b94 f464a85c12968c0791714af68c7d3a044e81adc6 7d69ec93e3178105ee02aae24d056d65d2d70358
This bug was referenced in samba v4-20-stable (Release samba-4.20.2): 7d277c424fc14b5b43c63cb100705ae0fcc99994 cf22968a8a12151fcb294c164e0e3f6fc0015690 db098ff1aadb84d69ef32c981458a7b2c72e8a0a 69b9c140527c930b6632e7201a6f83a3e8f664f1 a5d5d83c4923ff860a1463a65057859bfdf61db0 4bb5f8a92aa34cf7d65fbc9518a2b8b94a98fec8 64d7108cddb64d60afaf52dd0fc74d127e6c0b94 f464a85c12968c0791714af68c7d3a044e81adc6 7d69ec93e3178105ee02aae24d056d65d2d70358
Closing out bug report. Thanks!