Univention Bugzilla – Bug 48733
PANIC/sig 11 in "samba_dnsupdate --local"
Last modified: 2019-05-15 13:43:35 CEST
Configure 98univention-samba4-dns.inst Wed Feb 20 20:30:49 CET 2019 2019-02-20 20:30:49.451395023+01:00 (in joinscript_init) Waiting for RID Pool replication: done. Object created: uid=dns-slave176,cn=users,dc=nstx,dc=local looking for spn account "dns-slave176" in local samba looking for spn account "dns-slave176" in local samba Modified 1 records successfully Added 1 records successfully Expiry for user 'dns-slave176' disabled. Not updating samba4/sysvol/sync/cron Adding CNAME record "c01fee02-45ea-4189-9f4a-a34fa99955cb._msdcs slave176.nstx.local." to zone nstx.local... done Adding TXT record "_kerberos NSTX.LOCAL" to zone nstx.local... done =============================================================== INTERNAL ERROR: Signal 11 in pid 5484 (4.10.0rc2-Univention) Please read the Trouble-Shooting section of the Samba HOWTO =============================================================== smb_panic_default: PANIC (pid 5484): internal error BACKTRACE: 19 stack frames: #0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x2d) [0x7f97bba45e0d] #1 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) [0x7f97bba45f2b] #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1a16d) [0x7f97bba4616d] #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110c0) [0x7f97bf3ad0c0] #4 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(talloc_get_name+0) [0x7f97bc2db9e0] #5 /usr/lib/x86_64-linux-gnu/libpytalloc-util.so.2(+0x1c6d) [0x7f97b9fd4c6d] #6 /usr/lib/python2.7/dist-packages/samba/gensec.x86_64-linux-gnu.so(+0x399f) [0x7f97a745099f] #7 /usr/bin/python2.7(PyEval_EvalFrameEx+0x61a) [0x556e6963b84a] #8 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5f1f) [0x556e6964114f] #9 /usr/bin/python2.7(PyEval_EvalCodeEx+0x235) [0x556e696399f5] #10 /usr/bin/python2.7(PyEval_EvalFrameEx+0x6218) [0x556e69641448] #11 /usr/bin/python2.7(PyEval_EvalCodeEx+0x235) [0x556e696399f5] #12 /usr/bin/python2.7(PyEval_EvalCode+0x19) [0x556e696397b9] #13 /usr/bin/python2.7(+0x129bff) [0x556e69669bff] #14 /usr/bin/python2.7(PyRun_FileExFlags+0x82) [0x556e69664b52] #15 /usr/bin/python2.7(PyRun_SimpleFileExFlags+0x19e) [0x556e6966469e] #16 /usr/bin/python2.7(Py_Main+0x6c1) [0x556e69615771] #17 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f97be6f82e1] #18 /usr/bin/python2.7(_start+0x2a) [0x556e69614f9a] /usr/lib/univention-install/98univention-samba4-dns.inst: Zeile 163: 5484 Abgebrochen samba_dnsupdate --local 2019-02-20 20:31:19.365795884+01:00 (in joinscript_save_current_version) Configure 98univention-samba4-saml-kerberos.inst Wed Feb 20 20:31:19 CET 2019
Created attachment 9859 [details] join.log Happened on a UCS@school 4.4 edu DC slave during initial join.
Happened also on a UCS@school 4.4 *admin* DC slave during initial join.
Seems to be reproducible. My second UCS@school edu slave showed also a SIG11 in samba_dnsupdate.
Ok, I got a core dump and I have an idea what's going on. I think we should simply use the --use-samba-tool options of samba_dnsupdate in this joinscript and get rid of our own --local option (Patch 95_dnsupdate.quilt). (gdb) py-bt Traceback (most recent call first): File "/usr/sbin/samba_dnsupdate", line 200, in get_krb5_rw_dns_server gensec_client.set_credentials(creds) File "/usr/sbin/samba_dnsupdate", line 527, in call_nsupdate server = get_krb5_rw_dns_server(creds, zone) File "/usr/sbin/samba_dnsupdate", line 995, in <module> call_nsupdate(d) The thing is, that the "creds" variable is unset at this point, and apparently the gensec (or other) C code changed and can't handle that any more. My first attempt to fix the --local option ended with nsupdate telling me that the nameserver refused to accept the record update. Maybe this only works in the context of the joinscript, no clue why it used to work there. So, maybe better use the upstream option --use-samba-tool. Only drawback of that is, that it bypasses dlz_bind9 and writes the records to the DomainDnsZones partition directly. That should be ok when (re-)provisioning Samba during a UCS@School Slave (re-)join. We don't have to consider any legacy DNS zone positions in that situation.
I've adjusted the joinscript to use the --use-samba-tool option instead of the --local option. We may drop the obsolete Samba patch sometime in the future.
Ok, looks good. No more tracebacks during join. OK: code change OK: functional test
UCS@school 4.4 v1 has been released. https://docs.software-univention.de/release-notes-ucsschool-4.4v1-de.html If this error occurs again, please clone this bug.