here is the gdb backtrace:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00007fefc0fd7cdb in waitpid () from /lib64/libc.so.6
#0  0x00007fefc0fd7cdb in waitpid () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fefc0f5392f in do_system () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fefc3a83846 in smb_panic_s3 () from /usr/lib64/samba/libsmbconf.so.0
No symbol table info available.
#3  0x00007fefc6a41797 in smb_panic () from /usr/lib64/samba/libsamba-util.so.0
No symbol table info available.
#4  0x00007fefc6a419d2 in sig_fault () from /usr/lib64/samba/libsamba-util.so.0
No symbol table info available.
#5  <signal handler called>
No symbol table info available.
#6  0x00007fefc5de842f in rpccli_netlogon_network_logon () from /usr/lib64/samba/liblibcli-netlogon3-samba4.so
No symbol table info available.
#7  0x00005650b54aaf41 in winbind_samlogon_retry_loop ()
No symbol table info available.
#8  0x00005650b54af0ab in winbind_dual_SamLogon ()
No symbol table info available.
#9  0x00005650b54cc62e in _winbind_SamLogon ()
No symbol table info available.
#10 0x00005650b54cf80c in winbind.op_dispatch_internal ()
No symbol table info available.
#11 0x00005650b54cfa35 in winbind.op_local ()
No symbol table info available.
#12 0x00005650b54c83ee in winbindd_dual_ndrcmd ()
No symbol table info available.
#13 0x00005650b54c3d22 in child_handler ()
No symbol table info available.
#14 0x00007fefc92140e3 in tevent_common_invoke_fd_handler () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#15 0x00007fefc921a659 in epoll_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#16 0x00007fefc92182a7 in std_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#17 0x00007fefc92138f6 in _tevent_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#18 0x00005650b54c7632 in fork_domain_child ()
No symbol table info available.
#19 0x00005650b54c77a9 in wb_child_request_waited ()
No symbol table info available.
#20 0x00007fefc9214c50 in _tevent_req_notify_callback () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#21 0x00007fefc9214cf8 in tevent_req_finish () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#22 0x00007fefc9214d14 in _tevent_req_done () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#23 0x00007fefc921482a in tevent_queue_wait_trigger () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#24 0x00007fefc9214815 in tevent_queue_immediate_trigger () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#25 0x00007fefc9214505 in tevent_common_invoke_immediate_handler () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#26 0x00007fefc9214526 in tevent_common_loop_immediate () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#27 0x00007fefc921a379 in epoll_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#28 0x00007fefc92182a7 in std_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#29 0x00007fefc92138f6 in _tevent_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#30 0x00005650b54765c1 in main ()
No symbol table info available.

Thread 1 (Thread 0x7fefca079bc0 (LWP 64824)):
#0  0x00007fefc0fd7cdb in waitpid () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fefc0f5392f in do_system () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fefc3a83846 in smb_panic_s3 () from /usr/lib64/samba/libsmbconf.so.0
No symbol table info available.
#3  0x00007fefc6a41797 in smb_panic () from /usr/lib64/samba/libsamba-util.so.0
No symbol table info available.
#4  0x00007fefc6a419d2 in sig_fault () from /usr/lib64/samba/libsamba-util.so.0
No symbol table info available.
#5  <signal handler called>
No symbol table info available.
#6  0x00007fefc5de842f in rpccli_netlogon_network_logon () from /usr/lib64/samba/liblibcli-netlogon3-samba4.so
No symbol table info available.
#7  0x00005650b54aaf41 in winbind_samlogon_retry_loop ()
No symbol table info available.
#8  0x00005650b54af0ab in winbind_dual_SamLogon ()
No symbol table info available.
#9  0x00005650b54cc62e in _winbind_SamLogon ()
No symbol table info available.
#10 0x00005650b54cf80c in winbind.op_dispatch_internal ()
No symbol table info available.
#11 0x00005650b54cfa35 in winbind.op_local ()
No symbol table info available.
#12 0x00005650b54c83ee in winbindd_dual_ndrcmd ()
No symbol table info available.
#13 0x00005650b54c3d22 in child_handler ()
No symbol table info available.
#14 0x00007fefc92140e3 in tevent_common_invoke_fd_handler () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#15 0x00007fefc921a659 in epoll_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#16 0x00007fefc92182a7 in std_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#17 0x00007fefc92138f6 in _tevent_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#18 0x00005650b54c7632 in fork_domain_child ()
No symbol table info available.
#19 0x00005650b54c77a9 in wb_child_request_waited ()
No symbol table info available.
#20 0x00007fefc9214c50 in _tevent_req_notify_callback () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#21 0x00007fefc9214cf8 in tevent_req_finish () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#22 0x00007fefc9214d14 in _tevent_req_done () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#23 0x00007fefc921482a in tevent_queue_wait_trigger () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#24 0x00007fefc9214815 in tevent_queue_immediate_trigger () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#25 0x00007fefc9214505 in tevent_common_invoke_immediate_handler () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#26 0x00007fefc9214526 in tevent_common_loop_immediate () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#27 0x00007fefc921a379 in epoll_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#28 0x00007fefc92182a7 in std_event_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#29 0x00007fefc92138f6 in _tevent_loop_once () from /usr/lib64/samba/libtevent.so.0
No symbol table info available.
#30 0x00005650b54765c1 in main ()
No symbol table info available.
No symbol table info available.
A debugging session is active.

	Inferior 1 [process 64824] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]
[Inferior 1 (process 64824) detached]

Thanks, but I still need more detail in the backtrace, in particular line numbers.  Can you install the debug package so you get those symbols and try again?

Thanks,

Thanks.  Is there any chance you are mixing Samba packages?

I ask because we don't have the debug symbols in the library parts, and I thought the sernet packages were not installed under /usr/lib64 (but I've never been given the binaries packages to look at).  

Can you get me an 'ldd' of the winbindd binary you are running?

Can you install any remaining debug packages so we get the last symbols and remove any non-sernet samba packages?

Thanks,

Andrew Bartlett

*** Bug 14639 has been marked as a duplicate of this bug. ***

(In reply to Andrew Bartlett from comment #5)
Yes some of the libs are under "/usr/lib64/" but those are also from the sernet packages. I checked.

The trouble is workstation=0x0 (NULL) because a simple bind has no concept of a workstation, it isn't an NTLM login.

This faults on this line:

if (workstation[0] != '\\' && workstation[1] != '\\') {
	workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
} else {
	workstation_name_slash = workstation;
}

You are lucky that you are trying to use a UPN because otherwise you would hit bug 13879.

Sadly this area still needs a lot of work compared to the rest of the DC.

Andrew, should we just fix the NULL pointer dereferencing bug
in master, dying winbindd children should recover...

Removing embargo on this bug, a recoverable crash no longer triggers the Samba security process.

This bug was referenced in samba master:

5c04c01354944fc3a64bb109bf3e9bf89086cc6f
31db704882bbcd569c2abb764ac1d3691ee0a267

This bug was referenced in samba v4-16-test:

80f35f7ab6a992d8b93c1e12b061039ee64d117b
9898afd747f790521cacca91e64bb9e9838b8817

This bug was referenced in samba v4-14-test:

e7a0e1db90d1accd7b3602e5d0a088de74bd329d
dd91493ed62fd2118f7a896e51251d3b3ea6493d

This bug was referenced in samba v4-15-test:

02824c7942db4b93bd0e1a525361ad00b13eca1c
2d425bb116a93ed219f01ee0203b58867748ae8b

This bug was referenced in samba v4-16-stable (Release samba-4.16.0):

80f35f7ab6a992d8b93c1e12b061039ee64d117b
9898afd747f790521cacca91e64bb9e9838b8817

This bug was referenced in samba v4-14-stable (Release samba-4.14.13):

e7a0e1db90d1accd7b3602e5d0a088de74bd329d
dd91493ed62fd2118f7a896e51251d3b3ea6493d

This bug was referenced in samba v4-15-stable (Release samba-4.15.7):

02824c7942db4b93bd0e1a525361ad00b13eca1c
2d425bb116a93ed219f01ee0203b58867748ae8b