I have a customer who has a stuck winbind child after kinit.

pstack:

#0  0x00007f9114701fa7 in poll () from /lib64/libc.so.6
#1  0x00007f9114e890f1 in service_fds () from /lib64/libkrb5.so.3
#2  0x00007f9114e8e053 in k5_sendto () from /lib64/libkrb5.so.3
#3  0x00007f9114e8f294 in krb5_sendto_kdc () from /lib64/libkrb5.so.3
#4  0x00007f9114e5cd25 in krb5_get_cred_via_tkt_ext () from /lib64/libkrb5.so.3
#5  0x00007f9114e5cf3f in krb5_get_cred_via_tkt () from /lib64/libkrb5.so.3
#6  0x00007f9114e5d2ba in krb5_fwd_tgt_creds () from /lib64/libkrb5.so.3
#7  0x00007f9114c7dec7 in make_gss_checksum () from /lib64/libgssapi_krb5.so.2
#8  0x00007f9114e6fda4 in krb5_mk_req_extended () from /lib64/libkrb5.so.3
#9  0x00007f9114c8abae in krb5_gss_init_sec_context_ext () from /lib64/libgssapi_krb5.so.2
#10 0x00007f9114c8b024 in krb5_gss_init_sec_context () from /lib64/libgssapi_krb5.so.2
#11 0x00007f9114c6c530 in gss_init_sec_context () from /lib64/libgssapi_krb5.so.2
#12 0x00007f91153f2008 in gensec_gse_update_send () from /usr/lib64/samba/libgse-private-samba.so
#13 0x00007f9114f768af in gensec_update_send () from /usr/lib64/samba/libgensec-private-samba.so
#14 0x00007f9114f7b1d2 in gensec_spnego_update_send () from /usr/lib64/samba/libgensec-private-samba.so
#15 0x00007f9114f768af in gensec_update_send () from /usr/lib64/samba/libgensec-private-samba.so
#16 0x00007f9114f76ad4 in gensec_update () from /usr/lib64/samba/libgensec-private-samba.so
#17 0x00007f9115b15093 in rpc_pipe_bind_send () from /usr/lib64/samba/libmsrpc3-private-samba.so
#18 0x00007f9115b1525d in rpc_pipe_bind () from /usr/lib64/samba/libmsrpc3-private-samba.so
#19 0x00007f9115b1646f in cli_rpc_pipe_open_with_creds () from /usr/lib64/samba/libmsrpc3-private-samba.so
#20 0x000055d53b4d1507 in cm_connect_lsa ()
#21 0x000055d53b4d1959 in cm_connect_lsat ()
#22 0x000055d53b4d3808 in winbindd_lookup_sids ()
#23 0x000055d53b4d3a26 in msrpc_sid_to_name ()
#24 0x000055d53b4d73a0 in sid_to_name.lto_priv ()
#25 0x000055d53b4bd272 in wb_cache_sid_to_name ()
#26 0x000055d53b4e594f in _wbint_LookupSid ()
#27 0x000055d53b4eac0d in winbind.op_dispatch_internal ()
#28 0x00007f9115ad6179 in dcesrv_call_dispatch_local () from /lib64/libdcerpc-server-core.so.0
#29 0x000055d53b4e51ff in winbindd_dual_ndrcmd ()
#30 0x000055d53b4e0095 in child_handler ()
#31 0x00007f9114e054a5 in tevent_common_invoke_fd_handler () from /lib64/libtevent.so.0
#32 0x00007f9114e0955e in epoll_event_loop_once () from /lib64/libtevent.so.0
#33 0x00007f9114e0082b in std_event_loop_once () from /lib64/libtevent.so.0
#34 0x00007f9114e02368 in _tevent_loop_once () from /lib64/libtevent.so.0
#35 0x000055d53b4e0720 in fork_domain_child ()
#36 0x000055d53b4e1065 in wb_child_request_waited ()
#37 0x00007f9114e056da in tevent_common_invoke_immediate_handler () from /lib64/libtevent.so.0
#38 0x00007f9114e0572e in tevent_common_loop_immediate () from /lib64/libtevent.so.0
#39 0x00007f9114e09370 in epoll_event_loop_once () from /lib64/libtevent.so.0
#40 0x00007f9114e0082b in std_event_loop_once () from /lib64/libtevent.so.0
#41 0x00007f9114e02368 in _tevent_loop_once () from /lib64/libtevent.so.0
#42 0x000055d53b4a9298 in main ()

We wait forever in k5_sendto() on a reply on the TCP connection we never get. In MIT Kerberos 1.22 there is a new config option `request_timeout` which can be set to not wait forever. Heimdal offers `kdc_timeout`. We should set this in the krb5.conf we create.

I have a patch already.