Problem with AD membership in an AD with more the 100.000 group (possible regression in 4.12?)

Dr. Hansjörg Maurer hansjoerg.maurer at itsd.de
Thu May 20 06:36:11 UTC 2021


Am 19.05.21 um 11:55 schrieb Andrew Bartlett:
> On Wed, 2021-05-19 at 07:56 +0200, Dr. Hansjörg Maurer wrote:
>>> OK, so this case it doesn't happen, which is the one I patched.
>> the gdb run took place with the unpatched version
>>
> Thanks, can you try with the patched one?  I'm thinking we must be
> hitting a different case now, if you still have issues, as the lines
> you show are gone with this patch (I hope).
Hi Andrew

here is the gdb bt output from the patched version

I patched the sources an rebuild the RPM with the spec file.
I would expect, this would apply the changes to the winbind.idl file?

Best regards

Hansjörg

(gdb)
talloc_get_size (context=0x555556872f90) at ../../lib/talloc/talloc.c:2821
2821    {
(gdb)
2824            if (context == NULL) {
(gdb)
2828            tc = talloc_chunk_from_ptr(context);
(gdb)
talloc_get_size (context=0x555556872f90) at ../../lib/talloc/talloc.c:2830
2830            return tc->size;
(gdb)
ndr_token_store (mem_ctx=mem_ctx at entry=0x5555558ce920, 
list=list at entry=0x5555558ce968,
     key=key at entry=0x7fffdccba018, value=31) at ../../librpc/ndr/ndr.c:994
994                     if (list->count >= NDR_TOKEN_MAX_LIST_SIZE) {
(gdb)
1017            return NDR_ERR_SUCCESS;
(gdb)
ndr_pull_array_size (ndr=ndr at entry=0x5555558ce920, 
p=p at entry=0x7fffdccba018) at ../../librpc/ndr/ndr.c:1090
1090            if (ret == NDR_ERR_RANGE) {
(gdb)
1091                    return ndr_pull_error(ndr, ret,
(gdb)
_ndr_pull_error (ndr=ndr at entry=0x5555558ce920, 
ndr_err=ndr_err at entry=NDR_ERR_RANGE,
     function=function at entry=0x7ffff7bcd650 <__FUNCTION__.9556> 
"ndr_pull_array_size",
     location=location at entry=0x7ffff7bcc431 "../../librpc/ndr/ndr.c:1093",
     format=format at entry=0x7ffff7bcce00 "More than %d NDR tokens stored 
for array_size")
     at ../../librpc/ndr/ndr.c:606
606     {
(gdb)
607             char *s=NULL;


(gdb) bt full
#0  _ndr_pull_error (ndr=ndr at entry=0x5555558ce920, 
ndr_err=ndr_err at entry=NDR_ERR_RANGE,
     function=function at entry=0x7ffff7bcd650 <__FUNCTION__.9556> 
"ndr_pull_array_size",
     location=location at entry=0x7ffff7bcc431 "../../librpc/ndr/ndr.c:1093",
     format=format at entry=0x7ffff7bcce00 "More than %d NDR tokens stored 
for array_size")
     at ../../librpc/ndr/ndr.c:607
         s = 0x7fffe065ec98 "w10_lgrm.rduser_ptid-l-201475_b"
         ap = {{gp_offset = 1, fp_offset = 0,
             overflow_arg_area = 0x7ffff47373fc 
<convert_string_talloc_handle+428>, reg_save_area = 0xff070}}
         ret = <optimized out>
         __FUNCTION__ = "_ndr_pull_error"
#1  0x00007ffff7bc6ee2 in ndr_pull_array_size 
(ndr=ndr at entry=0x5555558ce920, p=p at entry=0x7fffdccba018)
     at ../../librpc/ndr/ndr.c:1091
         ret = <optimized out>
         size = 31
         __FUNCTION__ = "ndr_pull_array_size"
#2  0x00007ffff504b40c in ndr_pull_wbint_Principal (ndr=0x5555558ce920, 
ndr_flags=<optimized out>,
     r=0x7fffdccb9fd0) at librpc/gen_ndr/ndr_winbind.c:420
         _status = <optimized out>
         size_name_0 = 0
         length_name_0 = 0
         __FUNCTION__ = "ndr_pull_wbint_Principal"
#3  0x00007ffff504b652 in ndr_pull_wbint_Principals (ndr=0x5555558ce920, 
ndr_flags=<optimized out>,
     r=0x55555591b1c0) at librpc/gen_ndr/ndr_winbind.c:488
         _status = <optimized out>
         size_principals_0 = <optimized out>
         cntr_principals_0 = <optimized out>
         _mem_save_principals_0 = 0x55555591b1c0
         __FUNCTION__ = "ndr_pull_wbint_Principals"
#4  0x00007ffff504d4eb in ndr_pull_wbint_QueryGroupList 
(ndr=0x5555558ce920, flags=<optimized out>,
     r=0x555555916780) at librpc/gen_ndr/ndr_winbind.c:1899
         _status = <optimized out>
         _mem_save_groups_0 = <optimized out>
         __FUNCTION__ = "ndr_pull_wbint_QueryGroupList"
#5  0x00007ffff735c44c in dcerpc_binding_handle_call_done 
(subreq=0x5555559171d0)
--Type <RET> for more, q to quit, c to continue without paging--c
     at ../../librpc/rpc/binding_handle.c:492
         req = 0x55555591b270
         state = 0x55555591b420
         h = 0x5555558f9cf0
         error = {v = 0}
         out_flags = 0
         ndr_err = <optimized out>
#6  0x00005555555e86d1 in wbint_bh_raw_call_domain_done 
(subreq=0x555555917860) at ../../source3/winbindd/winbindd_dual_ndr.c:204
         req = 0x55555591ba50
         state = 0x55555591bc00
         ret = 0
         err = 21845
#7  0x00005555555e6010 in wb_domain_request_done (subreq=0x555555917510) 
at ../../source3/winbindd/winbindd_dual.c:734
         req = 0x555555917860
         state = <optimized out>
         ret = 0
         err = 21845
#8  0x00005555555e4041 in wb_child_request_done (subreq=0x55555591cec0) 
at ../../source3/winbindd/winbindd_dual.c:298
         req = 0x555555917510
         state = <optimized out>
         ret = <optimized out>
         err = 21845
#9  0x00007ffff004648b in wb_simple_trans_read_done 
(subreq=0x55555591d550) at ../../nsswitch/wb_reqtrans.c:432
         req = 0x55555591cec0
         state = <optimized out>
         ret = 9226296
         err = 21845
#10 0x00007ffff0045cba in wb_resp_read_done (subreq=0x55555591d200) at 
../../nsswitch/wb_reqtrans.c:275
         req = 0x55555591d550
         state = 0x55555591d700
         buf = 0x7fffe0a93070 <error: Cannot access memory at address 
0x7fffe0a93070>
         err = 32767
#11 0x00007ffff713eb53 in tevent_common_invoke_fd_handler 
(fde=fde at entry=0x55555590d9e0, flags=<optimized out>, 
removed=removed at entry=0x0) at ../../lib/tevent/tevent_fd.c:138
         handler_ev = 0x5555558ad350
#12 0x00007ffff71450ef in epoll_event_loop (tvalp=0x7fffffffd510, 
epoll_ev=0x5555558c2f60) at ../../lib/tevent/tevent_epoll.c:736
         fde = 0x55555590d9e0
         flags = <optimized out>
         mpx_fde = <optimized out>
         ret = <optimized out>
         i = 0
         timeout = <optimized out>
         wait_errno = 4
         events = {{events = 1, data = {ptr = 0x55555590d9e0, fd = 
1435556320, u32 = 1435556320, u64 = 93824996137440}}}
         ret = <optimized out>
         i = <optimized out>
         events = <optimized out>
         timeout = <optimized out>
         wait_errno = <optimized out>
         fde = <optimized out>
         flags = <optimized out>
         mpx_fde = <optimized out>
         handled_fde = <optimized out>
         handled_mpx = <optimized out>
#13 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) 
at ../../lib/tevent/tevent_epoll.c:937
         epoll_ev = 0x5555558c2f60
         tval = {tv_sec = 0, tv_usec = 821479}
         panic_triggered = false
#14 0x00007ffff71430fb in std_event_loop_once (ev=0x5555558ad350, 
location=0x555555615828 "../../source3/winbindd/winbindd.c:1949") at 
../../lib/tevent/tevent_standard.c:110
         glue_ptr = <optimized out>
         glue = 0x5555558c2ed0
         ret = <optimized out>
#15 0x00007ffff713e225 in _tevent_loop_once (ev=0x5555558ad350, 
location=0x555555615828 "../../source3/winbindd/winbindd.c:1949") at 
../../lib/tevent/tevent.c:772
         ret = <optimized out>
         nesting_stack_ptr = 0x0
#16 0x000055555557f1a4 in main (argc=<optimized out>, argv=<optimized 
out>) at ../../source3/winbindd/winbindd.c:1949
         is_daemon = false
         Fork = false
         log_stdout = true
         no_process_group = true
         long_options = {{longName = 0x0, shortName = 0 '\000', argInfo 
= 4, arg = 0x7fffefbf3160 <poptHelpOptions>, val = 0, descrip = 
0x55555561337b "Help options:", argDescrip = 0x0}, {longName = 
0x555555613390 "stdout", shortName = 83 'S', argInfo = 0, arg = 0x0, val 
= 1003, descrip = 0x555555613389 "Log to stdout", argDescrip = 0x0}, 
{longName = 0x555555613397 "foreground", shortName = 70 'F', argInfo = 
0, arg = 0x0, val = 1001, descrip = 0x5555556133a2 "Daemon in foreground 
mode", argDescrip = 0x0}, {longName = 0x5555556133bc "no-process-group", 
shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 1002, descrip = 
0x555555614e70 "Don't create a new process group", argDescrip = 0x0}, 
{longName = 0x555555658a7e "daemon", shortName = 68 'D', argInfo = 0, 
arg = 0x0, val = 1000, descrip = 0x5555556133cd "Become a daemon 
(default)", argDescrip = 0x0}, {longName = 0x5555556133e7 "interactive", 
shortName = 105 'i', argInfo = 0, arg = 0x0, val = 105, descrip = 
0x5555556133f3 "Interactive mode", argDescrip = 0x0}, {longName = 
0x555555613404 "no-caching", shortName = 110 'n', argInfo = 0, arg = 
0x0, val = 110, descrip = 0x55555561340f "Disable caching", argDescrip = 
0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 
0x7ffff4f38280 <popt_common_samba>, val = 0, descrip = 0x55555561341f 
"Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 
0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
         lp_sub = <optimized out>
         pc = <optimized out>
         opt = <optimized out>
         frame = 0x555555914790
         status = <optimized out>
         ok = <optimized out>
         __FUNCTION__ = "main"
         __func__ = "main"


>
> Thanks!
>
> Andrew Bartlett


-- 
Dr. Hansjörg Maurer
itsystems Deutschland AG
Erzgießereistr. 22
80335 München
Tel:   +49-89-52 04 68-41
Fax:   +49-89-52 04 68-59
E-Mail: hansjoerg.maurer at itsd.de
Web:    http://www.itsd.de


Amtsgericht München HRB 132146
USt-IdNr. DE 812991301
Steuer-Nr. 143/100/81575

Aufsichtsratsvorsitzender:
Stefan Adam
Vorstand:
Dr. Michael Krocka
Dr. Hansjörg Maurer




More information about the samba-technical mailing list