[Bug 970679] Re: [SRU] winbind coredumps when encountering a group with over 1000 members

Launchpad Bug Tracker 970679 at bugs.launchpad.net
Fri May 18 09:00:32 UTC 2012 

** Branch linked: lp:ubuntu/precise-proposed/samba

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/970679

Title:
  [SRU] winbind coredumps when encountering a group with over 1000
  members

Status in Samba:
  Unknown
Status in “samba” package in Ubuntu:
  Fix Released
Status in “samba” source package in Precise:
  Fix Committed
Status in “samba” source package in Quantal:
  Fix Released

Bug description:
  Impact:
  winbind coredumps when encountering a group with more that 1000 members - this renders winbind unusable in deployments with > 1000 users in a single group.

  Development Fix:
  Cherry picked patch from upstream VCS - this fix should be included in 3.6.6.
  Fix ensures that hunks of 1000 entries processed in winbind line up with talloc memory handling preventing the crash.

  Stable Fix:
  Cherry picked patch from upstream VCS - see comments in Development fix.

  Test Case:
  NOTE - hard to reproduce as requires deployment with large number of users/groups.
  Configure winbind to communicate with a Domain Controller with more that 1000 users
  getent group groupWithLessThan1000Members - OK
  getent group groupWithMoreThan1000Members - HANGS (coredumps recorded in syslog).

  Regression Potential:
  Minimal - patch has been committed upstream and should be released in Samba 3.6.6.

  Original Bug Report:

  Samba 3.6.3 precise

  winbind works as expected with groups with < 1000 members, core dumps
  when encountering groups with > 1000 members.

  e.g. getent group groupWithLessThan1000Members returns expected
  results

  getent group groupWithMoreThan1000Members hangs at CLI whilst winbind
  coredumps in the background and eventually returns nothing, however
  this can be found in syslog

  Apr  1 02:00:56 fs1 winbindd[1506]: [2012/04/01 02:00:56.252483,  0] ../lib/util/debug.c:413(talloc_log_fn)
  Apr  1 02:00:56 fs1 winbindd[1506]:   Bad talloc magic value - unknown value
  Apr  1 02:00:56 fs1 winbindd[1506]: [2012/04/01 02:00:56.255072,  0] lib/util.c:1117(smb_panic)
  Apr  1 02:00:56 fs1 winbindd[1506]:   PANIC (pid 1506): Bad talloc magic value - unknown value
  Apr  1 02:00:56 fs1 winbindd[1506]: [2012/04/01 02:00:56.282138,  0] lib/util.c:1221(log_stack_trace)
  Apr  1 02:00:56 fs1 winbindd[1506]:   BACKTRACE: 20 stack frames:
  Apr  1 02:00:56 fs1 winbindd[1506]:    #0 /usr/sbin/winbindd(log_stack_trace+0x1a) [0x7f4dab7704ca]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #1 /usr/sbin/winbindd(smb_panic+0x25) [0x7f4dab7705a5]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #2 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(talloc_strdup+0x299) [0x7f4da95ab429]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #3 /usr/sbin/winbindd(+0x4edb5d) [0x7f4dabab9b5d]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #4 /usr/sbin/winbindd(dcerpc_lsa_lookup_sids3+0x2e) [0x7f4dababa24e]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #5 /usr/sbin/winbindd(winbindd_lookup_sids+0x116) [0x7f4dab6b7306]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #6 /usr/sbin/winbindd(+0xeefa2) [0x7f4dab6bafa2]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #7 /usr/sbin/winbindd(+0xd9be2) [0x7f4dab6a5be2]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #8 /usr/sbin/winbindd(_wbint_LookupGroupMembers+0x5e) [0x7f4dab6c497e]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #9 /usr/sbin/winbindd(+0x1029b4) [0x7f4dab6ce9b4]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #10 /usr/sbin/winbindd(winbindd_dual_ndrcmd+0xbc) [0x7f4dab6c3f6c]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #11 /usr/sbin/winbindd(+0xf6cb4) [0x7f4dab6c2cb4]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #12 /usr/sbin/winbindd(+0xf7765) [0x7f4dab6c3765]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #13 /usr/sbin/winbindd(tevent_common_loop_immediate+0xe2) [0x7f4dab781e92]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #14 /usr/sbin/winbindd(run_events_poll+0x48) [0x7f4dab77ff88]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #15 /usr/sbin/winbindd(+0x1b43a6) [0x7f4dab7803a6]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #16 /usr/sbin/winbindd(_tevent_loop_once+0x90) [0x7f4dab780fb0]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #17 /usr/sbin/winbindd(main+0x78b) [0x7f4dab699a3b]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #18 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed) [0x7f4da8bd376d]
  Apr  1 02:00:56 fs1 winbindd[1506]:    #19 /usr/sbin/winbindd(+0xcde91) [0x7f4dab699e91]
  Apr  1 02:00:56 fs1 winbindd[1506]: [2012/04/01 02:00:56.282756,  0] lib/fault.c:372(dump_core)
  Apr  1 02:00:56 fs1 winbindd[1506]:   dumping core in /var/log/samba/cores/winbindd
  Apr  1 02:00:56 fs1 winbindd[1506]:
  Apr  1 02:03:57 fs1 winbindd[1163]: [2012/04/01 02:03:57.387585,  0] winbindd/winbindd_util.c:330(trustdom_list_done)
  Apr  1 02:03:57 fs1 winbindd[1163]:   Got invalid trustdom response

  Fix submitted here: https://bugzilla.samba.org/show_bug.cgi?id=8807
  ubuntu version probbably just needs patching.

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/970679/+subscriptions

More information about the foundations-bugs mailing list