Samba 4.17.10 in domain member mode on Linux. IOCTL causes panic with the following backtrace: #0 0x00007f6ecaf28387 in raise () from /lib64/libc.so.6 #1 0x00007f6ecaf29a78 in abort () from /lib64/libc.so.6 #2 0x00007f6ecddda3a9 in dump_core () at ../../source3/lib/dumpcore.c:338 #3 0x00007f6ecdde7e6c in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:713 #4 0x00007f6ecbd3488a in smb_panic (why=why@entry=0x7ffdc71af6d0 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:198 #5 0x00007f6ecbd34915 in fault_report (sig=<optimized out>) at ../../lib/util/fault.c:82 #6 sig_fault (sig=11) at ../../lib/util/fault.c:93 #7 <signal handler called> #8 vfs_offload_token_db_fetch_fsp (ctx=0x0, token_blob=token_blob@entry=0x56504b49db60, fsp=fsp@entry=0x7ffdc71b04b8) at ../../source3/modules/offload_token.c:203 #9 0x00007f6ece4d0688 in vfswrap_offload_write_send (handle=<optimized out>, mem_ctx=<optimized out>, ev=0x56504b3d0230, fsctl=1327346, token=0x56504b49db60, transfer_offset=0, dest_fsp=0x56504b4e1950, dest_off=0, to_copy=505856) at ../../source3/modules/vfs_default.c:2255 #10 0x00007f6ece54b7b1 in fsctl_srv_copychunk_loop (req=req@entry=0x56504b49d950) at ../../source3/smbd/smb2_ioctl_network_fs.c:199 #11 0x00007f6ece54c301 in fsctl_srv_copychunk_send (smb2req=<optimized out>, in_max_output=12, in_input=0x56504b49ca68, dst_fsp=0x56504b4e1950, ctl_code=1263409488, ev=0x56504b3d0230, mem_ctx=0x56504b49ca50) at ../../source3/smbd/smb2_ioctl_network_fs.c:165 #12 smb2_ioctl_network_fs (ctl_code=ctl_code@entry=1327346, ev=ev@entry=0x56504b3d0230, req=req@entry=0x56504b49c890, state=0x56504b49ca50) at ../../source3/smbd/smb2_ioctl_network_fs.c:632 #13 0x00007f6ece549499 in smbd_smb2_ioctl_send (in_flags=1, in_max_output=12, in_input=..., in_ctl_code=1327346, fsp=0x56504b4e1950, smb2req=0x56504b4d9080, ev=0x56504b3d0230, mem_ctx=0x56504b4d9080) at ../../source3/smbd/smb2_ioctl.c:465 #14 smbd_smb2_request_process_ioctl (req=req@entry=0x56504b4d9080) at ../../source3/smbd/smb2_ioctl.c:224 #15 0x00007f6ece535f07 in smbd_smb2_request_dispatch (req=req@entry=0x56504b4d9080) at ../../source3/smbd/smb2_server.c:3452 #16 0x00007f6ece538000 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x56504b4c3f40) at ../../source3/smbd/smb2_server.c:5045 #17 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/smb2_server.c:5083 #18 0x00007f6ecb2c7824 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0 #19 0x00007f6ecb2cdf87 in epoll_event_loop_once () from /lib64/libtevent.so.0 #20 0x00007f6ecb2cbf87 in std_event_loop_once () from /lib64/libtevent.so.0 #21 0x00007f6ecb2c6c6d in _tevent_loop_once () from /lib64/libtevent.so.0 #22 0x00007f6ecb2c6ecb in tevent_common_loop_wait () from /lib64/libtevent.so.0 #23 0x00007f6ecb2cbf27 in std_event_loop_wait () from /lib64/libtevent.so.0 #24 0x00007f6ece5243d4 in smbd_process (ev_ctx=ev_ctx@entry=0x56504b3d0230, msg_ctx=msg_ctx@entry=0x56504b3df870, sock_fd=sock_fd@entry=39, interactive=interactive@entry=false) at ../../source3/smbd/smb2_process.c:2048 #25 0x00005650493e3d08 in smbd_accept_connection (ev=0x56504b3d0230, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1037 #26 0x00007f6ecb2c7824 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0 #27 0x00007f6ecb2cdf87 in epoll_event_loop_once () from /lib64/libtevent.so.0 #28 0x00007f6ecb2cbf87 in std_event_loop_once () from /lib64/libtevent.so.0 #29 0x00007f6ecb2c6c6d in _tevent_loop_once () from /lib64/libtevent.so.0 #30 0x00007f6ecb2c6ecb in tevent_common_loop_wait () from /lib64/libtevent.so.0 #31 0x00007f6ecb2cbf27 in std_event_loop_wait () from /lib64/libtevent.so.0 #32 0x00005650493e0c57 in smbd_parent_loop (parent=<optimized out>, ev_ctx=0x56504b3d0230) at ../../source3/smbd/server.c:1381 #33 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2125
This bug was referenced in samba master: 372476aeb003e9c608cd2c0a78a9c577b57ba8f4 462b74da79c51f9ba6dbd24e603aa904485d5123
Created attachment 18344 [details] Patches for v4-20-test
Created attachment 18345 [details] Patches for v4-19-test
Reassigning to Jule for inclusion in 4.19 and 4.20.
Pushed to autobuild-v4-{20,19}-test.
This bug was referenced in samba v4-20-test: d7e0b5933fa4a76f004ef62fa55b260cbb825e80 b3ce5a86489e53ab6874ef52cfde79be3bff249b
This bug was referenced in samba v4-20-stable (Release samba-4.20.2): d7e0b5933fa4a76f004ef62fa55b260cbb825e80 b3ce5a86489e53ab6874ef52cfde79be3bff249b
This bug was referenced in samba v4-19-test: 1af40f29c7e57999dca64e94747927a949e85ac5 ac5efd0302fa95de7a2be3498ebb266b2df36f63
Closing out bug report. Thanks!
This bug was referenced in samba v4-19-stable (Release samba-4.19.8): 1af40f29c7e57999dca64e94747927a949e85ac5 ac5efd0302fa95de7a2be3498ebb266b2df36f63