[Samba] tdb_expand overflow detected

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Thu Nov 21 21:32:10 UTC 2024


On 21/11/24 15:24, Dan Langille wrote:
>>>>      net cache list
>>>>
>>>> will tell you what the cache thinks it contains. If it is filled with
>>>> real things, it could indicate where they're coming from. If it fails or
>>>> shows a cache full of nonsense, well that is also interesting.
>>>
>>> That is 161 lines of expired stuff.
>>
>> Yeah, I'm not sure how that adds to 4 billion.
>>
>> tdbtool /var/db/samba4/gencache.tdb
>> tdb> info
>>
>> will show lines describing the "smallest/average/largest" of various things.
> 
> This is the file I moved away:
> 
> [2:23 tm dvl ~] % sudo tdbtool ~/tmp/gencache.tdb
> tdb> info
> Size of file/data: 81919/9152
> Header offset/logical size: 81920/4294967295

It looks like tdb internally has a different idea of the file size than 
the file system has. From an earlier message:

>>> The file size is close
>>> 
>>> [22:44 tm dvl ~] % ls -l /var/db/samba4/gencache.tdb
>>> -rw-r--r--  1 root wheel 4295049215 2024.11.18 13:26 /var/db/samba4/gencache.tdb
>>> 
>>> 4295049215-4294967295 = 81,920

81920 is 0x14000.
4294967295 is 0xffffffff.
the actual file size is 0x100013fff.

My understanding of tdb (I am not an expert) is that it can only map in 
a 32 bit size (up to 4294967295), so the extra stuff at the end is not 
actually accessible.

What I think has happened is mmap() or something has somehow set an 
extra bit, so the desired file size of 0x13fff becomes 0x100013fff, 
after which tdb is in a state of confusion, refusing to add anything.

> Number of records: 161
> Incompatible hash: yes
> Active/supported feature flags: 0x00000001/0x00000001
> Robust mutexes locking: yes
> Smallest/average/largest keys: 19/39/61
> Smallest/average/largest data: 16/17/59
> Smallest/average/largest padding: 20/20/26
> Number of dead records: 0
> Smallest/average/largest dead records: 0/0/0
> Number of free records: 22
> Smallest/average/largest free records: 28/195223196/4294897995

Of course this largest free record looks a bit large, but I am guessing 
this is an artifact rather than a cause.

The original message said:

> I'm using samba416-4.16.11 on FreeBSD 14.1 (on ZFS, in a jail, with quotas on those filesystems, etc)

This is a sparsely populated region. Maybe there is something in that 
"etc" that might affect it?

Douglas






More information about the samba mailing list