Bug 1049966

Summary: [abrt] gvfs-smb-1.16.0-1.fc19: SMBC_stat_ctx: Process /usr/libexec/gvfsd-smb was killed by signal 11 (SIGSEGV)
Product: Red Hat Enterprise Linux 7 Reporter: Michal Toman <mtoman>
Component: gvfsAssignee: Ondrej Holy <oholy>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: asn, dblechte, djasa, dkochuka, gdeschner, jbuchta, jwright, msimon, oholy, rvokal, svashisht, tpelka, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: http://faf-report.itos.redhat.com/reports/420
Whiteboard: abrt_hash:99426e12bf64246909bcb476bfc403f32c72556e
Fixed In Version: gvfs-1.22.4-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: New requests were executed on another thread during unmount operation and accessed private gvfs backend structures. It affected smb backend especially. Consequence: Gvfs backend crashed consequently, because private structures were cleared in the meantime. It caused also nautilus crashes in some cases. Fix: New requests are blocked and error is returned for them while the unmount is being executed. Result: Gvfs backends are being unmounted properly without crashes.
 Story Points: ---
Clone Of: 953622 Environment:
Last Closed: 2015-11-19 09:25:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Toman 2014-01-08 14:34:00 UTC 
+++ This bug was initially created as a clone of Bug #953622 +++

Description of problem:
Using a remote Samba filesystem via Nautilus. Just regularily transferring files and such.

Version-Release number of selected component:
gvfs-smb-1.16.0-1.fc19

Additional info:
backtrace_rating: 4
cmdline:        /usr/libexec/gvfsd-smb --spawner :1.3 /org/gtk/gvfs/exec_spaw/3
crash_function: SMBC_stat_ctx
executable:     /usr/libexec/gvfsd-smb
kernel:         3.9.0-0.rc7.git0.2.fc20.x86_64
runlevel:       N 5
uid:            1000
ureports_counter: 1
var_log_messages: Apr 18 00:35:45 alpine abrt[17591]: Saved core dump of pid 10329 (/usr/libexec/gvfsd-smb) to /var/tmp/abrt/ccpp-2013-04-18-00:35:45-10329 (110931968 bytes)

Truncated backtrace:
Thread no. 1 (4 frames)
 #0 SMBC_stat_ctx at ../source3/libsmb/libsmb_stat.c:126
 #1 do_query_info at gvfsbackendsmb.c:1668
 #2 g_vfs_job_run at gvfsjob.c:197
 #4 g_thread_proxy at gthread.c:798

--- Additional comment from felix on 20130418T16:59:21 ---

Created attachment 737356 [details]
File: backtrace

--- Additional comment from felix on 20130418T16:59:24 ---

Created attachment 737357 [details]
File: cgroup

--- Additional comment from felix on 20130418T16:59:26 ---

Created attachment 737358 [details]
File: core_backtrace

--- Additional comment from felix on 20130418T16:59:29 ---

Created attachment 737359 [details]
File: dso_list

--- Additional comment from felix on 20130418T16:59:32 ---

Created attachment 737360 [details]
File: environ

--- Additional comment from felix on 20130418T16:59:34 ---

Created attachment 737361 [details]
File: limits

--- Additional comment from felix on 20130418T16:59:37 ---

Created attachment 737362 [details]
File: maps

--- Additional comment from felix on 20130418T16:59:40 ---

Created attachment 737363 [details]
File: open_fds

--- Additional comment from felix on 20130418T16:59:43 ---

Created attachment 737364 [details]
File: proc_pid_status

--- Additional comment from felix on 20130422T18:16:25 ---

Today this happened after trying to unmount a SMB volume after losing LAN connection.

--- Additional comment from jhrozek on 20130501T08:13:40 ---

Try to unmount a Samba share after the machine has been suspended for a couple of hours.

backtrace_rating: 4
cmdline:        /usr/libexec/gvfsd-smb --spawner :1.3 /org/gtk/gvfs/exec_spaw/3
crash_function: SMBC_stat_ctx
executable:     /usr/libexec/gvfsd-smb
kernel:         3.9.0-0.rc8.git0.2.fc19.x86_64
package:        gvfs-smb-1.16.1-1.fc19
reason:         Process /usr/libexec/gvfsd-smb was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            10327
ureports_counter: 1

--- Additional comment from fedora-admin-xmlrpc on 20130523T14:36:55 ---

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

--- Additional comment from kianby on 20130812T11:18:39 ---

Nautilus failed to unmount a Windows share.

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/libexec/gvfsd-smb --spawner :1.3 /org/gtk/gvfs/exec_spaw/9
crash_function: SMBC_stat_ctx
executable:     /usr/libexec/gvfsd-smb
kernel:         3.10.5-201.fc19.x86_64
package:        gvfs-smb-1.16.3-2.fc19
reason:         Process /usr/libexec/gvfsd-smb was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            1000

--- Additional comment from andreas.tunek on 20130818T17:17:57 ---

Tried to copy a directory from my NAS.

reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/libexec/gvfsd-smb --spawner :1.5 /org/gtk/gvfs/exec_spaw/8
crash_function: SMBC_stat_ctx
executable:     /usr/libexec/gvfsd-smb
kernel:         3.10.6-200.fc19.x86_64
package:        gvfs-smb-1.16.3-2.fc19
reason:         Process /usr/libexec/gvfsd-smb was killed by signal 11 (SIGSEGV)
runlevel:       N 5
uid:            1000

--- Additional comment from devonjspace-bugzilla on 20130822T01:50:46 ---

Had the error occur when I disconnected from the remote windows share.  Will up error logs.
Thanks, Devon

--- Additional comment from devonjspace-bugzilla on 20130822T01:52:27 ---

Created attachment 789024 [details]
Error from share disconnect

--- Additional comment from sanjay.ankur on 20130915T21:28:00 ---

Just had this bug come up multiple times while working with a smb share. Generally happens on disconnect. It also causes nautilus to crash.

--- Additional comment from thozza on 20130929T16:17:02 ---

I'm experiencing this most of the time when accessing my SMB shares on my home
NAS.

--- Additional comment from oholy on 20131010T14:47:29 ---

I can't reproduce it simply by suspending or disconnecting for a short time unfortunately. However it looks like that samba context initialized by smbc_new_context is freed from some reasons and we are trying to access it from the backend... This is problem directly in the libsmbclient probably, so changing component to samba.
Comment 1 Michal Toman 2014-01-08 14:34:03 UTC 
The same problem has been detected in Red Hat Enterprise Linux 7. The following packages are affected:

gvfs-smb-1.16.4-3.el7.x86_64
Comment 3 Andreas Schneider 2014-01-14 16:25:31 UTC 
The only function which frees the context and context->internal is smbc_free_context(). This function is not called inside of libsmbclient. So it must be an issue in the gvfs module. You should set the context to NULL after you've freed it. Then you should be able to find it.

Let me know if I can help further.
Comment 4 Juraj Marko 2014-02-04 15:04:14 UTC 
Another user experienced a similar problem:

0. Connect computer to network1
1. Connect to samba server using gnome shell Files
2. Disconnect computer from network1
3. Connect to other network2
4. Do no look on files on the connected samba
5. Disconnect computer from network2
6. Connect computer to network1
7. Try to onpen file from samba server

reporter:       libreport-2.1.11
backtrace_rating: 3
cmdline:        /usr/libexec/gvfsd-smb --spawner :1.3 /org/gtk/gvfs/exec_spaw/5
crash_function: SMBC_stat_ctx
executable:     /usr/libexec/gvfsd-smb
kernel:         3.10.0-67.el7.x86_64
package:        gvfs-smb-1.16.4-5.el7
reason:         gvfsd-smb killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 5 Ondrej Holy 2014-02-07 14:59:30 UTC 
I can't still reproduce exactly the same bug, however I can reproduce similar one:

1/ mount to smb using gvfs-mount
2/ execute parallel gvfs-mount -u & gvfs-ls 
3/ do that several times

It causes SIGSEGV in SMBC_opendir_ctx. Probaly all those bugs are race condition with unmount. If we set context = NULL when unmount, it will solve some cases by error message instead of crash, but it doesn't cover all cases...
Comment 6 RHEL Program Management 2014-03-22 06:16:54 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 16 Ondrej Holy 2014-10-14 15:58:34 UTC 
*** Bug 1152595 has been marked as a duplicate of this bug. ***
Comment 18 Ondrej Holy 2015-02-24 14:41:53 UTC 
It seems it was fixed upstream by the commit:
https://git.gnome.org/browse/gvfs/commit/?id=87c9f6d80ac612caedb7b39b22b3d4ed2804bb0b

because I don't see any abrt bug report for F21...
Comment 21 Ondrej Holy 2015-04-29 13:22:18 UTC 
*** Bug 1215826 has been marked as a duplicate of this bug. ***
Comment 22 Ondrej Holy 2015-05-06 12:51:00 UTC 
The commit mentioned in the Comment 18 is included in the rebased gvfs (Bug 1174716).
Comment 29 errata-xmlrpc 2015-11-19 09:25:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2106.html