winbindd seg faults when a wbinfo --sequence is issued a second time. It seems to be segfaulting against the trusted domain that has restrict anonymous set (I did not wbinfo -A user%password) Here is the record of the segfault -- and I will add a bt full when I get recompile with the right options: [27407]: show sequence rpc: fetch sequence_number for TEST.DOMAIN.CM =============================================================== INTERNAL ERROR: Signal 11 in pid 27400 (3.0alpha24) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== PANIC: internal error BACKTRACE: 12 stack frames: #0 winbindd(smb_panic+0xf9) [0x80ae439] #1 winbindd [0x809ed55] #2 /lib/i686/libc.so.6 [0x401603b8] #3 winbindd(cm_get_sam_handle+0x42) [0x8076432] #4 winbindd [0x80786b3] #5 winbindd(winbindd_show_sequence+0x7b) [0x8074a9b] #6 winbindd(strftime+0x11f7) [0x806b18f] #7 winbindd(winbind_process_packet+0x1d) [0x806b44d] #8 winbindd(strftime+0x1cf4) [0x806bc8c] #9 winbindd(main+0x33a) [0x806c0fa] #10 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x4014d7f7] #11 winbindd(strcpy+0x39) [0x806aad1]
Reassigning to me.
A stacktrace would be good. I wasn't able to reproduce this on my initial attempts.
More information on this one: Seems that winbindd segfaults on any joined or trusted NT4 domain. This should be an easy one to reproduce, and I'm going to get a backtrace when I have a chance
Here is that backtrace: No symbol table info available. #1 0x40160215 in raise () from /lib/i686/libc.so.6 No symbol table info available. #2 0x4016176b in abort () from /lib/i686/libc.so.6 No symbol table info available. #3 0x080ae4cd in smb_panic (why=0x8149a5d "internal error") at lib/util.c:1482 cmd = 0x10 <Address 0x10 out of bounds> result = 16 i = 16 backtrace_stack = {0x80ae439, 0x809ed55, 0x401603b8, 0x8076212, 0x8078903, 0x8072a75, 0x807022d, 0x807042a, 0x806fdc7, 0x8074a7c, 0x806b18f, 0x806b44d, 0x806bc8c, 0x806c0fa, 0x4014d7f7, 0x806aad1, 0x81f29f0, 0xbfffecd8, 0x809eaa9, 0x402682e0, 0x0, 0x401a1f6d, 0xbfffecf0, 0xbffff1b8, 0xc0000001, 0xbffff0f8, 0x809ec7b, 0xbfffecf0, 0x3ff, 0x813d267, 0xbffff104, 0x3a637072, 0x75727420, 0x64657473, 0x6d6f645f, 0x736e6961, 0xa, 0xbfffed38, 0x1c, 0xbfffed70, 0x0, 0xbfffed38, 0x809e9e1, 0x8147eba, 0x81787e0, 0x0, 0x14, 0xbfffed90, 0x0, 0xbfffed58, 0x809eaa9, 0x8147eba, 0x81787e0, 0x401a1f6d, 0xbfffed70, 0x0, 0x0, 0xbffff178, 0x809ec7b, 0xbfffed70, 0x3ff, 0x813b689, 0xbffff184, 0x6e616373} backtrace_size = 16 backtrace_strings = (char **) 0x81c1f50 #4 0x0809ed55 in fault_report (sig=11) at lib/fault.c:41 counter = 1 #5 0x401603b8 in __libc_sigaction () from /lib/i686/libc.so.6 No symbol table info available. #6 0x08076212 in cm_get_lsa_handle (domain=0x819a838 "MORIA") at nsswitch/winbindd_cm.c:565 conn = (struct winbindd_cm_conn *) 0x0 result = {v = 1076264784} hnd = {cli = 0x0, pol = {data1 = 0, data2 = 0, data3 = 0, data4 = 0, data5 = "\0\0\0\0\0\0\0"}} #7 0x08078903 in trusted_domains (domain=0x81f5490, mem_ctx=0x81f47a0, num_domains=0xbffff1a8, names=0xbffff1ac, alt_names=0x310, dom_sids=0xbffff1b4) at nsswitch/winbindd_rpc.c:713 hnd = (CLI_POLICY_HND *) 0x81f5490 result = {v = 3221225473} enum_ctx = 0 retry = 0 #8 0x08072a75 in trusted_domains (domain=0x81f5490, mem_ctx=0x81f47a0, num_domains=0xbffff1a8, names=0xbffff1ac, alt_names=0xbffff1b0, dom_sids=0xbffff1b4) at nsswitch/winbindd_cache.c:982 cache = (struct winbind_cache *) 0x310 #9 0x0807022d in rescan_trusted_domains (force=1) at nsswitch/winbindd_util.c:181 domain = (struct winbindd_domain *) 0x81f5490 mem_ctx = (TALLOC_CTX *) 0x81f47a0 last_scan = 1053705020 t = 1053705020 #10 0x0807042a in init_domain_list () at nsswitch/winbindd_util.c:224 domain = (struct winbindd_domain *) 0x81f5490 #11 0x0806fdc7 in domain_list () at nsswitch/winbindd_util.c:56 #12 0x08074a7c in winbindd_show_sequence (state=0x81f6718) at nsswitch/winbindd_misc.c:160 domain = (struct winbindd_domain *) 0x0 extra_data = 0x81f4e20 "" #13 0x0806b18f in process_request (state=0x81f6718) at nsswitch/winbindd.c:273 table = (struct dispatch_table *) 0x8174118 #14 0x0806b44d in winbind_process_packet (state=0x81f6718) at nsswitch/winbindd.c:397 No locals. #15 0x0806bc8c in process_loop () at nsswitch/winbindd.c:694 No locals. #16 0x0806c0fa in main (argc=3, argv=0xbffff904) at nsswitch/winbindd.c:891 logfile = "/usr/local/samba/var/log.winbindd\0\0\0L)\001@L)\001@\030\0\0\0\0\0\0\0\n\0\0\0\220º&@\020,\001@\t\0\0\0r\b\0@,\002\0@\0\0\0@í·\0@í·\0@L)\001@\002\0\0\0`ìÿ¿\0\0\0\0\0\0\0\0\020,\001@", '\0' <repeats 12 times>, "í·\0@\0\0\0\0\0\0\0\0\001\0\0\0\020,\001@\224\t\0@h\0\0\0\0\0\0\0`\221\006\b\0\0\0\0\001\0\0\0\210õÿ¿Ú¨\0@\030öÿ¿\020,\001@\034\006\0@\200õÿ¿5ÿ\0@<\0\0\0<\0"... interactive = 1 Fork = 0 log_stdout = 1 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x817a0c0, val = 0, descrip = 0x813a06d "Help options", argDescrip = 0x0}, {longName = 0x813a081 "stdout", shortName = 83 'S', argInfo = 7, arg = 0x81741ec, val = 1, descrip = 0x813a07a "Log to stdout", argDescrip = 0x0}, {longName = 0x813a088 "foreground", shortName = 70 'F', argInfo = 7, arg = 0x81741e8, val = 0, descrip = 0x813a093 "Daemon in foreground mode", argDescrip = 0x0}, { longName = 0x813a0ad "interactive", shortName = 105 'i', argInfo = 0, arg = 0x0, val = 105, descrip = 0x813a0b9 "Interactive mode", argDescrip = 0x0}, {longName = 0x813a0ca "dual-daemon", shortName = 66 'B', argInfo = 7, arg = 0x8174024, val = 1, descrip = 0x813a0d6 "Dual daemon mode", argDescrip = 0x0}, { longName = 0x813a0e7 "no-caching", shortName = 110 'n', argInfo = 7, arg = 0x8174020, val = 0, descrip = 0x813a0f2 "Disable caching", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8179ee0, val = 0, descrip = 0x813a102 "Common samba options:", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} pc = 0x819a340 opt = 136269344 #17 0x4014d7f7 in __libc_start_main () from /lib/i686/libc.so.6 No symbol table info available.
Thanks Mark. This doesn't make much sense! According to the stack backtrace at line 565 in nsswitch/winbindd_cm.c conn is NULL and result is 1076264784 (an invalid NT status code). However at line 561 if result is non-zero then we should return from the function. Is it possible to get a level 10 debug? It looks like there is some reconnection-fu going on that I don't understand.
I hammered on winbind a lot today. wbinfo could not be made to barf. Please review this. If it is still an issue please say so, otherwise please close this one out. Thx. - July 27, 2003
Yes, this is fixed now
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.