Winbind deamon segfaults regularly

Bug #282733 reported by Jelmer Jaarsma on 2008-10-13
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba
Fix Released
Medium
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: samba

I upgraded a Hardy installation to Intrepid, and I wanted to test Samba + Winbind authentication.
I configured Samba, started the deamons, joined the domain and everything was working. wbinfo and getent show the proper information, however, roughly every 10 minutes winbindd will crash and will result in the trace listed at the bottom of this message. Winbind will keep on crashing until I run a "getent passwd" in a terminal, that somehow seems to fix it temporarily.
Our domain controllers run Windows Server 2008 but the domain is still on 2003-mode. The schema has been extended with Microsoft's rfc2307 scheme and Winbind has been configured to use it.

It is possible that this bug has been fixed in Samba 3.2.4, the release notes mention "Fix Winbind crash."

----
The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for PID 13577 (/usr/sbin/winbindd).

This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows
the state of the program at the time the error occurred. The Samba log
files may contain additional information about the problem.

If the problem persists, you are encouraged to first install the
samba-dbg package, which contains the debugging symbols for the Samba
binaries. Then submit the provided information as a bug report to
Ubuntu by visiting this link:
https://launchpad.net/ubuntu/+source/samba/+filebug

[Thread debugging using libthread_db enabled]
[New Thread 0xb7784930 (LWP 13577)]
0xb7c49430 in __kernel_vsyscall ()
#0 0xb7c49430 in __kernel_vsyscall ()
#1 0xb79945e3 in waitpid () from /lib/tls/i686/cmov/libc.so.6
#2 0xb793175b in ?? () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7d3a7c1 in smb_panic () from /usr/sbin/winbindd
#4 0xb7d27dd3 in sig_fault () from /usr/sbin/winbindd
#5 <signal handler called>
#6 0xb7e7a9aa in ads_pull_string () from /usr/sbin/winbindd
#7 0xb7528884 in ?? () from /usr/lib/samba/nss_info/rfc2307.so
#8 0xb7ea0182 in nss_get_info () from /usr/sbin/winbindd
#9 0xb7cad30c in nss_get_info_cached () from /usr/sbin/winbindd
#10 0xb7cc4080 in query_user () from /usr/sbin/winbindd
#11 0xb7cab77d in query_user () from /usr/sbin/winbindd
#12 0xb7c9c5df in winbindd_dual_userinfo () from /usr/sbin/winbindd
#13 0xb7cc9247 in fork_domain_child () from /usr/sbin/winbindd
#14 0xb7cc942d in schedule_async_request () from /usr/sbin/winbindd
#15 0xb7cc9db5 in async_request () from /usr/sbin/winbindd
#16 0xb7cc9f50 in async_domain_request () from /usr/sbin/winbindd
#17 0xb7ccbfda in do_async_domain () from /usr/sbin/winbindd
#18 0xb7ccc49e in query_user_async () from /usr/sbin/winbindd
#19 0xb7c9b576 in winbindd_getpwsid () from /usr/sbin/winbindd
#20 0xb7c9b6bc in getpwuid_recv () from /usr/sbin/winbindd
#21 0xb7cd0f89 in winbindd_uid2sid_recv () from /usr/sbin/winbindd
#22 0xb7cca460 in do_async_recv () from /usr/sbin/winbindd
#23 0xb7cc9b6a in async_reply_recv () from /usr/sbin/winbindd
#24 0xb7c98ac3 in rw_callback () from /usr/sbin/winbindd
#25 0xb7c99b31 in main () from /usr/sbin/winbindd
The program is running. Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
----

Jelmer Jaarsma (jelmer-jaarsma) wrote :

I compiled the Samba 3.2.4 package from Debian which solved this problem so it would appear that my segfaults are indeed related to the fix mentioned in the changelog for 3.2.4

Richard Verwayen (ys76) wrote :
Download full text (3.1 KiB)

The same symptoms occur here on a setup where
* samba 3.0.28a-1ubuntu4.7
* winbind 3.0.28a-1ubuntu4.7
is authenticating against a W2K3-Server.

The server is running hardy without any custom modifications.

[Thread debugging using libthread_db enabled]
[New Thread 0xb7ade6d0 (LWP 10153)]
0xb7ef4410 in __kernel_vsyscall ()
#0 0xb7ef4410 in __kernel_vsyscall ()
#1 0xb7c9d4d3 in waitpid () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c40643 in ?? () from /lib/tls/i686/cmov/libc.so.6
#3 0x08123178 in smb_panic (why=0x8276ea4 "internal error") at lib/util.c:1639
#4 0x0810d99a in sig_fault (sig=6) at lib/fault.c:47
#5 <signal handler called>
#6 0xb7ef4410 in __kernel_vsyscall ()
#7 0xb7c33085 in raise () from /lib/tls/i686/cmov/libc.so.6
#8 0xb7c34a01 in abort () from /lib/tls/i686/cmov/libc.so.6
#9 0xb7c2c10e in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#10 0xb7d73bea in ldap_parse_result () from /usr/lib/libldap_r-2.4.so.2
#11 0x08239e4c in ads_do_paged_search_args (ads=0x8380e00,
   bind_path=<value optimized out>, scope=0,
   expr=0x8265735 "(objectclass=*)", attrs=0xbf970470, args=0x0,
   res=0xbf970478, count=0xbf970394, cookie=0xbf970398) at libads/ldap.c:700
#12 0x0823a1cf in ads_do_search_all_args (ads=0x8380e00,
   bind_path=0x832ef80 "", scope=0, expr=0x8265735 "(objectclass=*)",
   attrs=0xbf970470, args=0x0, res=0xbf970478) at libads/ldap.c:772
#13 0x08243769 in ads_do_search_retry_internal (ads=0x8380e00,
   bind_path=0x82aa7b5 "", scope=0, expr=0x8265735 "(objectclass=*)",
   attrs=0xbf970470, args=0x0, res=0xbf970478) at libads/ldap_utils.c:60
#14 0x08243cda in ads_do_search_retry (ads=0x8380e00, bind_path=0x82aa7b5 "",
   scope=0, expr=0x8265735 "(objectclass=*)", attrs=0xbf970470,
   res=0xbf970478) at libads/ldap_utils.c:124
#15 0x08236ccc in ads_USN (ads=0x8380e00, usn=0x832ea44) at libads/ldap.c:2328
#16 0x080b4289 in sequence_number (domain=0x832e5c0, seq=0x832ea44)
   at nsswitch/winbindd_ads.c:1021
#17 0x08098a51 in refresh_sequence_number (domain=0x832e5c0,
   force=<value optimized out>) at nsswitch/winbindd_cache.c:479
#18 0x08099079 in wcache_fetch (cache=0x832e4f8, domain=0x832e5c0,
   format=0x826065d "NS/%s/%s") at nsswitch/winbindd_cache.c:601
#19 0x0809b6dd in name_to_sid (domain=0x832e5c0, mem_ctx=0x82d0eb8,
   domain_name=0xbf970ae4 "REDACTED", name=0xbf970be4 "REMOVED", sid=0xbf970834,
   type=0xbf970878) at nsswitch/winbindd_cache.c:1358
#20 0x08094311 in winbindd_lookup_sid_by_name (mem_ctx=0x82d0eb8,
   domain=0x832e5c0, domain_name=0xbf970ae4 "REDACTED",
   name=0xbf970be4 "lantzen", sid=0xbf970834, type=0xbf970878)
   at nsswitch/winbindd_util.c:707
#21 0x080bdc78 in winbindd_dual_lookupname (domain=0x832e5c0, state=0xbf970988)
   at nsswitch/winbindd_async.c:953
#22 0x080b943f in schedule_async_request (child=0x832ea98)
   at nsswitch/winbindd_dual.c:481
#23 0x080ba33f in async_request_fail (state=0x83570c8)
   at nsswitch/winbindd_dual.c:208
#24 0x0808b9da in rw_callback (event=0x832eea8, flags=1)
   at nsswitch/winbindd.c:389
#25 0x0808c3f9 in main (argc=) at nsswitch/winbindd.c:835
The program is running. Quit anyway (and detach it)? (y or n) [answered Y; input not from ...

Read more...

Thierry Carrez (ttx) wrote :

Yes, that was fixed in 3.2.4 and 3.3.0 so it is fixed in the development release.

Changed in samba:
status: New → Fix Released
Changed in samba:
status: Unknown → Fix Released
Changed in samba:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.