<div dir="ltr"><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
B) Current toybox should, yes. Older ones had the API wrong:<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<a href="https://github.com/landley/toybox/commit/3d64b0cc95c5" rel="noreferrer" target="_blank">https://github.com/landley/<wbr>toybox/commit/3d64b0cc95c5</a></blockquote><br></div><div>My toybox build is from April (<a href="https://github.com/d4rken/toybox/tree/sdmaid">https://github.com/d4rken/toybox/tree/sdmaid</a>).<br></div><div>But if %u and %g is used I think it doesn't try lookup in /etc/ anyways, right?<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">(...)<br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Which came from the kernel.</blockquote><div><br></div><div>That makes sense, so there isn't really anything to be done from this end.<br>Should have looked more into the toybox code.<br></div><div>Sorry for the false alarm and thanks for the insights guys!<br><br>If I can ever reproduce this on a device I have access to, I'll open a ticket on the AOSP bugtracker.<br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-05-14 21:54 GMT+02:00 Rob Landley <span dir="ltr"><<a href="mailto:rob@landley.net" target="_blank">rob@landley.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 05/14/2017 02:16 PM, darken wrote:<br>
>> which will try to read /etc/passwd and /etc/group which don't exist on<br>
> android.<br>
><br>
> And then fall back to just use the numeric ids? Which are stored in the<br>
> filesystem? Inodes I think?<br>
<br>
</span>A) Some filsystems do. Fat won't. (The whole filesystem belongs to the<br>
same user, you can set it at mount time.)<br>
<br>
B) Current toybox should, yes. Older ones had the API wrong:<br>
<br>
<a href="https://github.com/landley/toybox/commit/3d64b0cc95c5" rel="noreferrer" target="_blank">https://github.com/landley/<wbr>toybox/commit/3d64b0cc95c5</a><br>
<span class=""><br>
> Isn't reading uids/guids from inodes be independent from bionic/musl etc.?<br>
<br>
</span>What's important is what the "stat" system call returns. How that's<br>
implemented under the covers is hidden from userspace.<br>
<span class=""><br>
> On second thought, if this data is stored and read from the filesystem,<br>
> couldn't a filesystem corruption cause these values?<br>
<br>
</span>Depends on the filesystem. How many of them store 32 bit uids? (ext2 did<br>
this weird low 16 bits/high 16 bits straddle thing because the inode<br>
format got extended over the years and they could only append, not<br>
insert, so...)<br>
<span class=""><br>
>> Does it reliably happen on those files, or is it a race condition?<br>
><br>
> If there is such a file, it's read everytime like this.<br>
> I don't think it's a new issue either, I just usually don't log this.<br>
> Could have been the same with busybox.<br>
<br>
</span>Whether it happens with busybox would be good to know, but I'm guessing<br>
it does. We're reporting what's in stat:<br>
<br>
else if (type == 'u') out('u', stat->st_uid);<br>
<br>
Which came from either stat or lstat:<br>
<br>
if (flagf && !statfs(TT.file, (void *)&TT.stat));<br>
else if (flagf || (L ? stat : lstat)(TT.file, (void *)&TT.stat)) {<br>
perror_msg("'%s'", TT.file);<br>
continue;<br>
}<br>
<br>
Which came from the kernel.<br>
<span class=""><br>
> I've looked a bit more through the reports.<br>
> 4294967295 is most common but there is also: 3912069456 or 3800903683 or<br>
> 3780276225 or 3851690820 etc. but with those I can see that the user<br>
> used some root tools to mount extra partitions (e.g. apps2sd -><br>
> /data/sdext2), so I would write those ones off as unrelated.<br>
><br>
> 4294967295 accounts for 80% of the reports and 99% are from devices on<br>
> Android 6.0.1, 93% of those are Samsung and mostly SM-N930F or SM-G900F.<br>
> While I'm the first to chalk an issue up to a Samsung specific bug, this<br>
> could also just be coincidence due to Samsungs device popularity...<br>
<br>
</span>Usually -1 means "failure", although how that gets put into a stat<br>
structure field I couldn't tell you.<br>
<span class=""><br>
>> Send it to me if you find it. Bionic doesn't have a conventional<br>
> makefile you can use to build it outside the AOSP hairball.<br>
><br>
> Will do if I find one, first need to see about resizing my VM though if<br>
> I want to download AOSP :)<br>
<br>
</span>I plead the third.<br>
<span class="HOEnZb"><font color="#888888"><br>
Rob<br>
</font></span></blockquote></div><br></div>