Description of problem: smbclient is segfaulting. Using "smb" method to backup remote window shares using BackupPC, smbclient is segfaulting and not able to start any backups. Even using "smb" method to backup the local linux host is also segfaulting smbclient. Worked fine on Fedora 32. Version-Release number of selected component (if applicable): Samba 4.13.0-13 How reproducible: I'm unclear WHY smbclient is segfaulting, but it is crashing a backup made attempting to use smbclient. Steps to Reproduce: 1. Setup backuppc to backup a remote windows host using smb 2. Run a backup 3. You'll get an error Actual results: dmesg returns: [2020-10-29 07:02:14] smbclient[41339]: segfault at 0 ip 0000557efbfd1fb7 sp 00007ffef0f58528 error 4 in smbclient[557efbfc8000+23000] [2020-10-29 07:02:14] Code: ff ff 48 8d 3d 15 f1 00 00 48 89 c6 31 c0 e8 a0 d3 ff ff b8 01 00 00 00 eb c2 e8 54 d3 ff ff 0f 1f 40 00 48 8b 15 71 b2 01 00 <48> 8b 3a 48 8b 47 08 48 85 c0 74 2d 48 8b 0f 48 89 08 48 89 02 48 /var/log/messages: Oct 29 07:02:15 SERVERNAME kernel: smbclient[41339]: segfault at 0 ip 0000557efbfd1fb7 sp 00007ffef0f58528 error 4 in smbclient[557efbfc8000+23000] Oct 29 07:02:15 SERVERNAME kernel: Code: ff ff 48 8d 3d 15 f1 00 00 48 89 c6 31 c0 e8 a0 d3 ff ff b8 01 00 00 00 eb c2 e8 54 d3 ff ff 0f 1f 40 00 48 8b 15 71 b2 01 00 <48> 8b 3a 48 8b 47 08 48 85 c0 74 2d 48 8b 0f 48 89 08 48 89 02 48 Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=256 op=LOAD Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=257 op=LOAD Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=258 op=LOAD Oct 29 07:02:15 SERVERNAME systemd[1]: Started Process Core Dump (PID 41343/UID 0). Oct 29 07:02:15 SERVERNAME audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@23-41343-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 29 07:02:15 SERVERNAME systemd-coredump[41344]: Process 41339 (smbclient) of user 48 dumped core.#012#012Stack trace of thread 41339:#012#0 0x0000557efbfd1fb7 remove_do_list_queue_head (smbclient + 0x9fb7)#012#1 0x0000557efbfdbba5 do_list (smbclient + 0x13ba5)#012#2 0x0000557efbfe0df4 get_file_callback (smbclient + 0x18df4)#012#3 0x0000557efbfd2d6f do_list_helper (smbclient + 0xad6f)#012#4 0x00007f7f20898ce1 cli_smb2_list (liblibsmb-samba4.so + 0x3fce1)#012#5 0x00007f7f2088d954 cli_list (liblibsmb-samba4.so + 0x34954)#012#6 0x0000557efbfdbb98 do_list (smbclient + 0x13b98)#012#7 0x0000557efbfe0df4 get_file_callback (smbclient + 0x18df4)#012#8 0x0000557efbfd2d6f do_list_helper (smbclient + 0xad6f)#012#9 0x00007f7f20898ce1 cli_smb2_list (liblibsmb-samba4.so + 0x3fce1)#012#10 0x00007f7f2088d954 cli_list (liblibsmb-samba4.so + 0x34954)#012#11 0x0000557efbfdbb98 do_list (smbclient + 0x13b98)#012#12 0x0000557efbfe024c tar_process (smbclient + 0x1824c)#012#13 0x0000557efbfd0bd9 main (smbclient + 0x8bd9)#012#14 0x00007f7f1fde51a2 __libc_start_main (libc.so.6 + 0x281a2)#012#15 0x0000557efbfd1b3e _start (smbclient + 0x9b3e) Oct 29 07:02:15 SERVERNAME systemd[1]: systemd-coredump: Succeeded. Oct 29 07:02:15 SERVERNAME audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@23-41343-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=258 op=UNLOAD Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=257 op=UNLOAD Oct 29 07:02:15 SERVERNAME audit: BPF prog-id=256 op=UNLOAD Oct 29 07:02:16 SERVERNAME abrt-server[41350]: Deleting problem directory ccpp-2020-10-29-07:02:15.918821-41339 (dup of ccpp-2020-10-28-14:35:56.168706-12861) Oct 29 07:02:17 SERVERNAME abrt-notification[41395]: Process 12861 (smbclient) crashed in remove_do_list_queue_head() Oct 29 07:02:22 SERVERNAME systemd[1]: dbus-:1.5-org.freedesktop.problems: Succeeded. Expected results: Sbmclient should not segfault. Additional info: Running BackupPC under the "apache" user. User 48 = apache.
Additional steps to recreate not using BackupPC: 1) Create a file (touch /tmp/current-time) 2) Execute: /usr/bin/smbclient \\\\server\\share -U Administrator -E -d 1 -c tarmode\ full -TcN /tmp/current-time - /temp 3) This should backup the c:\temp of a remote windows machine. 4) After prompting for password, it returns: tarmode is now full, system, hidden, noreset, noverbose Segmentation fault (core dumped)
Compiling myself from source, using tar mode in 4.13.0 or 4.13.1 (latest) returns the segfault. Compiling samba source from 4.12.9 works. There is a bug in 4.13.0 and 4.13.1 using tarmode.
Samba just released version 4.13.2. That version also segfaults using tarmode in smbclient.
Can you please provide a coredump?
Created attachment 1727927 [details] core dump
I can use smbclient to backup /tmp on a linux box. Any attempt made to backup another directory fails. Can't backup remote systems either. smbclient \\\\server\\root -U root -E -d 1 -c tarmode\ full -TcN /backupdir/BackupPC/pc/server/timeStamp.level0 - /etc Segmentation fault.
*** Bug 1900232 has been marked as a duplicate of this bug. ***
I am building Samba for F33 and Rawhide with patches from https://bugzilla.samba.org/show_bug.cgi?id=14517 As I understand, this should fix the problem. Please test the builds once they are ready: F33: https://koji.fedoraproject.org/koji/taskinfo?taskID=56241974 F34: https://koji.fedoraproject.org/koji/taskinfo?taskID=56241908 Non-x86_64 runners are a bit slow, so the builds are still ongoing. Once they are done, I'll submit an update to F33.
Thanks, Alexander. Afraid I don't know what to do with these. I downloaded the rpms that match what is installed on my system, but dnf reports all sorts of dependency issues when i try to install them.
FEDORA-2020-e5062aad76 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-e5062aad76
I've submitted an update to F33. It should appear in updates-testing in a day or so. Simple dnf update will find out then.
FEDORA-2020-e5062aad76 has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e5062aad76` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e5062aad76 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
smbclient (version 4.13.2) still segfaults here.
Yep. Just tried this version. Still segfaults.
Is the backtrace the same?
I don't know what you mean by backtrace. dmesg shows: smbclient[73274]: segfault at 0 ip 00005567c77faff7 sp 00007ffc8fc9bba8 error 4 in smbclient[5567c77f0000+23000] Code: 00 48 89 c6 31 c0 e8 48 d4 ff ff b8 01 00 00 00 eb c9 e8 fc d3 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 8b 15 31 b2 01 00 <48> 8b 3a 48 8b 47 08 48 85 c0 74 2d 48 8b 0f 48 89 08 48 89 02 48 /var/log/messages has: abrt-notification[73350]: Process 79081 (smbclient) crashed in remove_do_list_queue_head() I can include a coredump (.zst) file if that needs to be included?
it looks like the same trace, indeed.
I can actually backup /tmp, but not /etc (or any other directory) if smb.conf shares out "/". If I compile 4.12.10 and install it, both /tmp and /etc work fine. smb.conf: relevant section for the share: [root] path = / browseable = yes valid users = root public = no writable = yes printable = no create mask = 0755 This works: $ touch /tmp/current-time $ /usr/bin/smbclient \\\\localhost\\root -U root -E -d 1 -c tarmode\ full -TcN /tmp/current-time - /tmp This segfaults: $ /usr/bin/smbclient \\\\localhost\\root -U root -E -d 1 -c tarmode\ full -TcN /tmp/current-time - /etc
FEDORA-2020-e5062aad76 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
Re-opening to work on tar mode fixes.
Samba folks have closed their bugzilla (https://bugzilla.samba.org/show_bug.cgi?id=14581), marking it "FIXED."
I think that bug is unrelated -- there was hope that the refactoring fixed this issue but apparently it was not. So, back to investigation.
Samba 4.13.3 has been released, with fixes for Samba bugzillas 14517 and 14581. From release notes: * BUG 14517: smbclient: Fix recursive mget. * BUG 14581: clitar: Use do_list()'s recursion in clitar.c.
Samba 4.13.3 build for F33 is coming soon (patches already updated in Fedora dist-git). To build Samba 4.13.3, we need updates for few other components, so a rebuild for Rawhide and F33 will be done in a sidetag first, then submitted for Bodhi. Hopefully, this will be done in next several days.
https://bodhi.fedoraproject.org/updates/FEDORA-2020-318f27b02b is the version for Fedora 33
Please re-test with Fedora 33/34 to see if the issue is fixed.
I have tested this with samba-4.14.6-0.fc34.x86_64 and this issue is no longer reproducible. It appears fixed.