10786 – crash when using multiple views with the same dlz zone in tdb_nest_lock or in tdb_nest_unlock

Bug 10786 - crash when using multiple views with the same dlz zone in tdb_nest_lock or in tdb_nest_unlock

Summary: crash when using multiple views with the same dlz zone in tdb_nest_lock or in...

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS plugin (BIND DLZ) (show other bugs)
Version:	4.1.11
Hardware:	All Linux

Importance:	P5 critical (vote)
Target Milestone:	---
Assignee:	Amitay Isaacs
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-08-27 11:16 UTC by Diego Liziero
Modified:	2020-11-23 09:17 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
bt full inside gdb after named crash (25.55 KB, text/plain) 2014-08-27 11:25 UTC, Diego Liziero	no flags	Details
bt inside gdb of another crash (this time in _talloc_free) (2.82 KB, text/plain) 2014-08-29 10:01 UTC, Diego Liziero	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diego Liziero 2014-08-27 11:16:20 UTC

Creating more than one view with inside the same dlz causes named to crash in tdb_nest_unlock or in tdb_nest_unlock (there are various stack traces).

I'm using bind-9.8.2rc1 and samba 4.1.11

In each view I have:

        dlz "AD DNS Zone" {
    database "dlopen /usr/local/samba4.1/lib/bind9/dlz_bind9.so -d 3"; };

The various traces have in common this part:


#6  0x00007f991abbb8e1 in tdb_find_lock_hash (tdb=0x7f992027a440, key=..., hash=1613222522, locktype=0, rec=0x7f9928822b00) at ../lib/tdb/common/tdb.c:121
#7  0x00007f991abbbb0d in _tdb_fetch (tdb=0x7f992027a440, key=...) at ../lib/tdb/common/tdb.c:196
#8  0x00007f991abbbbd0 in tdb_fetch (tdb=0x7f992027a440, key=...) at ../lib/tdb/common/tdb.c:208
#9  0x00007f9912131d81 in schema_metadata_get_uint64 (module=0x7f99201f3e50, key=0x7f99121331d8 "SCHEMA_SEQ_NUM", value=0x7f9928822cb0, default_value=0) at ../source4/dsdb/samdb/ldb_modules/schema_load.c:133
#10 0x00007f991213205f in dsdb_schema_refresh (module=0x7f99201f3e50, ev=0x7f9920157090, schema=0x7f99217c46d0, is_global_schema=true) at ../source4/dsdb/samdb/ldb_modules/schema_load.c:198
#11 0x00007f991c8f9339 in dsdb_get_schema (ldb=0x7f9920168f40, reference_ctx=0x7f98ec0412e0) at ../source4/dsdb/schema/schema_set.c:637

Comment 1 Diego Liziero 2014-08-27 11:25:56 UTC

Created attachment 10233 [details]
bt full inside gdb after named crash

Comment 2 Diego Liziero 2014-08-29 10:01:05 UTC

Created attachment 10239 [details]
bt inside gdb of another crash (this time in _talloc_free)

Comment 3 Alisson 2016-06-24 19:36:43 UTC

The problem keeps happening in Samba 4.4.4.

The error is randomly and crash BIND.

The error in the log is:
samba_dlz: Bad talloc magic value - unknown value

Comment 4 Douglas Bagnall 2020-09-12 00:19:40 UTC

Does this still happen on more recent versions?

Comment 5 Sergey Urushkin 2020-11-23 09:17:24 UTC

(In reply to Douglas Bagnall from comment #4)
Yes, 4.13.2, 4.12.7 + bind 9.16.1, ubuntu 20.04 amd64.