[PATCH] Attempt to replicate DNS zones at domain join time (drepl server crash)

Andrew Bartlett abartlet at samba.org
Thu Jun 21 17:02:01 MDT 2012 

On Thu, 2012-06-21 at 16:20 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > This patch tries to reduce the pain around replicating DNS.  We now do
> > it at join time.
> > 
> > However, at least during make test, it causes a segfault in the DRS
> > server, which I can't yet pin down (even with valgrind I don't get a
> > useful answer). 
> > 
> > I'm posting the patch here in case someone else has a clue why it
> > crashes our DRS server, as I think it is an existing bug (I just change
> > how we join, not the DRS server).
> 
> HasMasterNCs is only for the 3 main partitions, while msDS-HasMasterNCs
> is for all of them...
> Maybe your bug is related.
> 
> metze

The segfault is this:

Program received signal SIGSEGV, Segmentation fault.
0x00007fffebf26cc0 in dreplsrv_run_pull_ops (s=0x19d6d80)
at ../source4/dsdb/repl/drepl_out_pull.c:200
200             op->source_dsa->repsFrom1->last_attempt = now;
#0  0x00007fffebf26cc0 in dreplsrv_run_pull_ops (s=0x19d6d80)
at ../source4/dsdb/repl/drepl_out_pull.c:200
#1  0x00007fffebf24179 in dreplsrv_run_pending_ops (s=0x19d6d80)
at ../source4/dsdb/repl/drepl_periodic.c:131
#2  0x00007fffebf2a710 in dreplsrv_notify_run (service=0x19d6d80)
at ../source4/dsdb/repl/drepl_notify.c:480
#3  0x00007fffebf2a47b in dreplsrv_notify_handler_te (ev=0x630870,
te=0x1477280, t=..., ptr=0x19d6d80)
at ../source4/dsdb/repl/drepl_notify.c:421
#4  0x00007ffff68a4593 in tevent_common_loop_timer_delay (ev=0x630870)
at ../lib/tevent/tevent_timed.c:254
#5  0x00007ffff68a3385 in epoll_event_loop (std_ev=0x630950,
tvalp=0x7fffffff98e0) at ../lib/tevent/tevent_standard.c:298
#6  0x00007ffff68a3c13 in std_event_loop_once (ev=0x630870,
location=0x40fb9f "../source4/smbd/server.c:472")
at ../lib/tevent/tevent_standard.c:567
#7  0x00007ffff689ecf5 in _tevent_loop_once (ev=0x630870,
location=0x40fb9f "../source4/smbd/server.c:472")
at ../lib/tevent/tevent.c:506
#8  0x00007ffff689ef1a in tevent_common_loop_wait (ev=0x630870,
location=0x40fb9f "../source4/smbd/server.c:472")
at ../lib/tevent/tevent.c:607
#9  0x00007ffff689efe5 in _tevent_loop_wait (ev=0x630870,
location=0x40fb9f "../source4/smbd/server.c:472")
at ../lib/tevent/tevent.c:626
#10 0x000000000040b5a3 in binary_smbd_main (binary_name=0x40f58b
"samba", argc=6, argv=0x7fffffff9d28) at ../source4/smbd/server.c:472
#11 0x000000000040b5e9 in main (argc=6, argv=0x7fffffff9d28)
at ../source4/smbd/server.c:483
Missing separate debuginfos, use: debuginfo-install
glibc-2.14.90-24.fc16.7.x86_64 gnome-keyring-3.2.1-3.fc16.x86_64
gnutls-2.12.14-3.fc16.x86_64 krb5-libs-1.9.3-2.fc16.x86_64
libbsd-0.2.0-4.fc15.x86_64 libdb-5.2.36-1.fc16.x86_64
libgcrypt-1.5.0-2.fc16.x86_64 libgpg-error-1.10-1.fc16.x86_64
libtalloc-2.0.7-4.fc16.x86_64 libtasn1-2.12-1.fc16.x86_64
openssl-1.0.0j-1.fc16.x86_64 p11-kit-0.6-1.fc16.x86_64
python-libs-2.7.3-3.fc16.x86_64

This is because op->source (struct dreplsrv_partition_source_dsa) is I
think freed here:

source4/messaging/messaging.c:772

full talloc report on 'struct irpc_message' (total   4102 bytes in  23
blocks)
    struct dreplsrv_partition_source_dsa contains    350 bytes in   3
blocks (ref 0) 0x1d3dae0
        struct repsFromTo1OtherInfo    contains     78 bytes in   2
blocks (ref 0) 0xe34500

178dcc89-2e73-4415-939b-0b3bb168ab09._msdcs.samba.example.com contains
62 bytes in   1 blocks (ref 0) 0x1d3dcd0
    default/librpc/gen_ndr/ndr_drsuapi.c:14837 contains    416 bytes in
3 blocks (ref 0) 0xba93a0
        default/librpc/gen_ndr/ndr_drsuapi.c:661 contains    376 bytes
in   2 blocks (ref 0) 0x198e730
            char                           contains    272 bytes in   1
blocks (ref 0) 0x1cd5100
    default/librpc/gen_ndr/ndr_drsuapi.c:14829 contains     20 bytes in
1 blocks (ref 0) 0x1d3df30
    DATA_BLOB: ../librpc/ndr/ndr_basic.c:1301 contains      4 bytes in
1 blocks (ref 0) 0x15d1de0
    default/source4/librpc/gen_ndr/ndr_irpc.c:57 contains    508 bytes
in   2 blocks (ref 0) 0x8980a0
        default/librpc/gen_ndr/ndr_security.c:1001 contains    476 bytes
in   1 blocks (ref 0) 0xbf1300
    struct ndr_pull                contains   2660 bytes in  12 blocks
(ref 0) 0xff2520
        struct ndr_push                contains   2244 bytes in   5
blocks (ref 0) 0xec9d10
            uint8_t                        contains      4 bytes in   1
blocks (ref 0) 0x13b80a0
            struct ndr_push                contains   1120 bytes in   2
blocks (ref 0) 0x1618a50
                uint8_t                        contains   1024 bytes in
1 blocks (ref 0) 0xe4f050
            uint8_t                        contains   1024 bytes in   1
blocks (ref 0) 0x16bca90
        struct ndr_pull                contains     96 bytes in   1
blocks (ref 0) 0x1f2a9a0
        struct ndr_token_list          contains     32 bytes in   1
blocks (ref 0) 0x19bcb80
        struct ndr_token_list          contains     32 bytes in   1
blocks (ref 0) 0xbf15c0
        ../source4/lib/messaging/messaging.c:802 contains     32 bytes
in   1 blocks (ref 0) 0xbf1540
        struct ndr_pull                contains    128 bytes in   2
blocks (ref 0) 0x1f2abb0
            struct ndr_token_list          contains     32 bytes in   1
blocks (ref 0) 0x18347a0



-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list