One simple stupid users trick owns all your bases ...
Jeremy Allison
jra at samba.org
Tue Sep 12 16:26:20 UTC 2023
On Fri, Sep 01, 2023 at 11:03:39AM -0700, Jeremy Allison via samba-technical wrote:
>On Fri, Sep 01, 2023 at 10:15:22AM -0700, Richard Sharpe wrote:
>>On Fri, Sep 1, 2023 at 10:04 AM Jeremy Allison <jra at samba.org> wrote:
>>>
>>>On Fri, Sep 01, 2023 at 09:21:09AM -0700, Richard Sharpe via samba-technical wrote:
>>>>Hi folks,
>>>>
>>>>I didn't follow the instructions carefully enough.
>>>>
>>>>I set up resolv.conf to point at 127.0.0.1 and an upstream nameserver
>>>>(10.20.1.100).
>>>>
>>>>During provisioning that created an entry of 'dns resolver = 127.0.0.1'.
>>>>
>>>>That resulted in the following crash. Looks like a bug.
>>>>
>>>>Provisioning should not use any of the aliases for the current system
>>>>as forwarders.
>>>>
>>>>In addition, perhaps the code should not crash if it gets a timeout.
>>>>
>>>>4.19.0rc4.
>>>
>>>Can you add a "panic action = /bin/sleep 99999999"
>>>and catch it in gdb. Knowing *exactly* what line
>>>it goes down on will help. A lot :-).
>>
>>OK:
>>
>>#0 0x00007fa0f256dd98 in nanosleep () from /lib64/libc.so.6
>>#1 0x00007fa0f256dc9e in sleep () from /lib64/libc.so.6
>>#2 0x00007fa0f8e1c13b in log_stack_trace () at ../../lib/util/fault.c:306
>>#3 0x00007fa0f8e1c33f in smb_panic_log (
>> why=why at entry=0x7ffc3acd6050 "Signal 11: Segmentation fault")
>> at ../../lib/util/fault.c:195
>>#4 0x00007fa0f8e1c4b3 in smb_panic (
>> why=why at entry=0x7ffc3acd6050 "Signal 11: Segmentation fault")
>> at ../../lib/util/fault.c:206
>>#5 0x00007fa0f8e1c619 in fault_report (sig=11) at ../../lib/util/fault.c:83
>>#6 sig_fault (sig=11) at ../../lib/util/fault.c:94
>>#7 <signal handler called>
>>#8 0x00007fa0f7b90049 in dns_cli_request_udp_done (subreq=<optimized out>)
>> at ../../libcli/dns/dns.c:497
>>#9 0x00007fa0f7b9134d in dns_udp_request_done (subreq=0x618001b18900)
>> at ../../libcli/dns/dns.c:157
>>#10 0x00007fa0f9764929 in tdgram_recvfrom_done (subreq=0x61800533cd00)
>> at ../../lib/tsocket/tsocket.c:239
>>#11 0x00007fa0f976b1f7 in tdgram_bsd_recvfrom_handler (
>> private_data=<optimized out>) at ../../lib/tsocket/tsocket_bsd.c:1186
>>#12 0x00007fa0f9769c18 in tdgram_bsd_fde_handler (ev=<optimized out>,
>> fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>)
>> at ../../lib/tsocket/tsocket_bsd.c:910
>>#13 0x00007fa0f3dc53a7 in tevent_common_invoke_fd_handler ()
>
>tdgram_bsd_recvfrom_recv() calls tsocket_simple_int_recv()
>which should set:
>
> case TEVENT_REQ_TIMED_OUT:
> *perrno = ETIMEDOUT;
> return -1;
>
>tdgram_recvfrom_done() looks like:
>
>static void tdgram_recvfrom_done(struct tevent_req *subreq)
>{
> struct tevent_req *req = tevent_req_callback_data(subreq,
> struct tevent_req);
> struct tdgram_recvfrom_state *state = tevent_req_data(req,
> struct tdgram_recvfrom_state);
> ssize_t ret;
> int sys_errno;
>
> ret = state->ops->recvfrom_recv(subreq, &sys_errno, state,
> &state->buf, &state->src);
> if (ret == -1) {
> tevent_req_error(req, sys_errno);
> return;
> }
>
> state->len = ret;
>
> tevent_req_done(req);
>}
>
>state->ops->recvfrom_recv() should be tdgram_bsd_recvfrom_recv()
>which should be returning -1 in the ETIMEDOUT Case.
>
>So it should never get to:
>
>lib/tsocket/tsocket.c:239
>
>:-(. Looking under gdb is the next step.
Did you find out what the cause of this one is ?
I lost the thread (sorry :-).
Jeremy.
More information about the samba-technical
mailing list