In a domain that has trusted domains, run winbindd with -i option, you will see the following error message. The root cause is in winbindd_ads.c, there is a struct should be zeroedbefore using it. Here is the fix: source/winbindd/winbindd_ads.c ==== @@ -1249,6 +1249,7 @@ /* add to the trusted domain cache */ + memset(&d, 0, sizeof(d)); fstrcpy( d.name, trusts.array[i].netbios_name); fstrcpy( d.alt_name, trusts.array[i].dns_name); if (trusts.array[i].sid) { ...... tdb_unpack(d, 171) -> 4 tdb_unpack(fffddd, 167) -> 30 unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0 tdb_unpack(fffddd, 137) -> 63 unpack_tdc_domains: Unpacking domain XXXXXXXXX () SID S-1-5-21-XXXX-XXXX-XXXX, flags = 0x0, attribs = 0x0, type = 0x0 tdb_unpack(fffddd, 74) -> 74 unpack_tdc_domains: Unpacking domain XXXXXXXXX (XXXXXXXXXXXXXXXXXX) SID S-1-5-21-XXXX-XXXX-XXXX, flags = 0x0, attribs = 0x0, type = 0x0 pack_tdc_domains: Packing 4 trusted domains tdb_pack_va(d, 0) -> 4 tdb_pack_va(fffddd, -4) -> 30 tdb_pack_va(fffddd, -34) -> 63 tdb_pack_va(fffddd, -97) -> 74 ERROR: string overflow by 1 (256 - 255) in safe_strcpy [S-XXX-XX-XXXXXXXXXXXXXX-XXXXXXXXXXX-X-XXXXXXXXXX] tdb_pack_va(fffddd, -171) -> 281 tdb_pack_va(d, 452) -> 4 pack_tdc_domains: Packing domain BUILTIN () tdb_pack_va(fffddd, 448) -> 30 pack_tdc_domains: Packing domain XXXXXXXXX () tdb_pack_va(fffddd, 418) -> 63 pack_tdc_domains: Packing domain XXXXXXXXX (XXXXXXXXXXXXXXXXXX) tdb_pack_va(fffddd, 355) -> 74 pack_tdc_domains: Packing domain XXXXXXXXXXXXX () ERROR: string overflow by 1 (256 - 255) in safe_strcpy [S-XXX-XX-XXXXXXXXXXXXXX-XXXXXXXXXXX-X-XXXXXXXXXX] tdb_pack_va(fffddd, 281) -> 281 *** glibc detected *** double free or corruption (!prev): 0x8043be90 *** =============================================================== INTERNAL ERROR: Signal 6 in pid 6978 (3.2.2) Please read the Trouble-Shooting section of the Samba3-HOWTO From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf =============================================================== PANIC (pid 6978): internal error BACKTRACE: 22 stack frames: #0 /opt/samba/sbin/winbindd(log_stack_trace+0x2d) [0x8011237c] #1 /opt/samba/sbin/winbindd(smb_panic+0x80) [0x801124b8] #2 /opt/samba/sbin/winbindd [0x800fcdca] #3 [0xb7f68420] #4 /lib/tls/i686/cmov/libc.so.6(abort+0x109) [0xb7ccbfb9] #5 /lib/tls/i686/cmov/libc.so.6 [0xb7cffe0a] #6 /lib/tls/i686/cmov/libc.so.6 [0xb7d0769f] #7 /lib/tls/i686/cmov/libc.so.6(__libc_free+0x82) [0xb7d07742] #8 /usr/lib/libtalloc.so.1(talloc_free+0x24c) [0xb7ded9c0] #9 /opt/samba/sbin/winbindd(wcache_tdc_add_domain+0x348) [0x800664c0] #10 /opt/samba/sbin/winbindd [0x8008326f] #11 /opt/samba/sbin/winbindd [0x80068c6b] #12 /opt/samba/sbin/winbindd(winbindd_dual_list_trusted_domains+0xd2) [0x800775d2] #13 /opt/samba/sbin/winbindd [0x8008ab63] #14 /opt/samba/sbin/winbindd(async_request+0x1b9) [0x8008c13a] #15 /opt/samba/sbin/winbindd(init_child_connection+0x2bd) [0x800613a5] #16 /opt/samba/sbin/winbindd(async_domain_request+0x139) [0x8008c3c3] #17 /opt/samba/sbin/winbindd [0x8006161b] #18 /opt/samba/sbin/winbindd(rescan_trusted_domains+0x49) [0x80061a19] #19 /opt/samba/sbin/winbindd(main+0xe3f) [0x8005757c] #20 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7cb6ea8] #21 /opt/samba/sbin/winbindd [0x80054e81] dumping core in /log/cores/winbindd Destroying timed event 80462868 "async_request_timeout" Could not receive async reply from child pid 6978 Could not receive trustdoms Already reaped child 6978 died
Perfect catch - thanks ! Jeremy.
Fixed - thanks ! Jeremy.