Bug 5747 - winbind segfaults
winbind segfaults
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
3.2.2
x86 Linux
: P3 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-09 14:04 UTC by Jason Gunthorpe
Modified: 2008-10-27 17:53 UTC (History)
0 users

See Also:


Attachments
use the new created ad connection (1.20 KB, patch)
2008-09-10 05:33 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Gunthorpe 2008-09-09 14:04:04 UTC
Haven't quite figured out what causes this, but it happens alot.. Here is the output from log.wb-ORCORP:

[2008/09/09 11:44:54,  3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299)
  name_to_sid [rpc] ORCORP\mvoth for domain ORCORP
[2008/09/09 11:44:54,  3] winbindd/winbindd_user.c:winbindd_dual_userinfo(139)
  [ 6057]: lookupsid S-1-5-21-3359403674-27046192-2187186990-1163
[2008/09/09 11:44:54,  3] winbindd/winbindd_ads.c:query_user(426)
  ads: query_user
[2008/09/09 11:44:54,  2] lib/module.c:do_smb_load_module(64)
  Module '/usr/lib/samba/nss_info/rfc2307.so' loaded
[2008/09/09 11:44:54,  3] libsmb/namequery.c:get_dc_list(1909)
  get_dc_list: preferred server list: "10.0.0.6, ads0.ads.orcorp.ca"
[2008/09/09 11:44:54,  3] libads/ldap.c:ads_connect(430)
  Successfully contacted LDAP server 10.0.0.6
[2008/09/09 11:44:54,  3] libsmb/namequery.c:get_dc_list(1909)
  get_dc_list: preferred server list: "10.0.0.6, ads0.ads.orcorp.ca"
[2008/09/09 11:44:54,  3] libads/ldap.c:ads_connect(430)
  Successfully contacted LDAP server 10.0.0.6
[2008/09/09 11:44:54,  3] libads/ldap.c:ads_connect(480)
  Connected to LDAP server ads0.ads.orcorp.ca
[2008/09/09 11:44:54,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/09/09 11:44:54,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/09/09 11:44:54,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/09/09 11:44:54,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/09/09 11:44:54,  3] libads/sasl.c:ads_sasl_spnego_bind(789)
  ads_sasl_spnego_bind: got server principal name = ads0$@ADS.ORCORP.CA
[2008/09/09 11:44:54,  3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Tue, 09 Sep 2008 21:44:58 PDT
[2008/09/09 11:44:54,  3] libsmb/clikrb5.c:ads_krb5_mk_req(713)
  ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2008/09/09 11:44:54,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2008/09/09 11:44:54,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 7716 (3.2.3)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2008/09/09 11:44:54,  0] lib/fault.c:fault_report(43)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2008/09/09 11:44:54,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2008/09/09 11:44:54,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 7716): internal error
[2008/09/09 11:44:54,  0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 18 stack frames:
   #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x800f483e]
   #1 /usr/sbin/winbindd(smb_panic+0x84) [0x800f4980]
   #2 /usr/sbin/winbindd [0x800e1faa]
   #3 [0xffffe420]
   #4 /usr/lib/samba/nss_info/rfc2307.so [0xb77958f9]
   #5 /usr/sbin/winbindd(nss_get_info+0x193) [0x80257f70]
   #6 /usr/sbin/winbindd(nss_get_info_cached+0x210) [0x8005f0ec]
   #7 /usr/sbin/winbindd [0x8007ae3a]
   #8 /usr/sbin/winbindd [0x80060eba]
   #9 /usr/sbin/winbindd(winbindd_dual_userinfo+0x183) [0x80050858]
   #10 /usr/sbin/winbindd [0x8007fafe]
   #11 /usr/sbin/winbindd(async_request+0x1b9) [0x800810e1]
   #12 /usr/sbin/winbindd(async_domain_request+0x57) [0x80081292]
   #13 /usr/sbin/winbindd [0x800583db]
   #14 /usr/sbin/winbindd(rescan_trusted_domains+0x49) [0x800587d3]
   #15 /usr/sbin/winbindd(main+0xe4f) [0x8004db6c]
   #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7c1a050]
   #17 /usr/sbin/winbindd [0x8004b451]
[2008/09/09 11:44:54,  0] lib/util.c:smb_panic(1668)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 7716]
[2008/09/09 11:44:54,  0] lib/util.c:smb_panic(1676)
  smb_panic(): action returned status 0
[2008/09/09 11:44:54,  0] lib/fault.c:dump_core(201)
  dumping core in /var/log/samba/cores/winbindd

gdb says:
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7c31875 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7c33201 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0x800e1ac7 in dump_core () from /opt/samba/samba-3.2.3/source/bin/winbindd
#4  0x800f4abf in smb_panic () from /opt/samba/samba-3.2.3/source/bin/winbindd
#5  0x800e1faa in sig_fault () from /opt/samba/samba-3.2.3/source/bin/winbindd
#6  <signal handler called>
#7  0x80231604 in ads_pull_string () from /opt/samba/samba-3.2.3/source/bin/winbindd
#8  0xb76538f9 in nss_ad_get_info () from /usr/lib/samba/nss_info/rfc2307.so
#9  0x80257f70 in nss_get_info () from /opt/samba/samba-3.2.3/source/bin/winbindd
#10 0x8005f0ec in nss_get_info_cached () from /opt/samba/samba-3.2.3/source/bin/winbindd
#11 0x8007ae3a in query_user () from /opt/samba/samba-3.2.3/source/bin/winbindd
#12 0x80060eba in query_user () from /opt/samba/samba-3.2.3/source/bin/winbindd
#13 0x80050858 in winbindd_dual_userinfo () from /opt/samba/samba-3.2.3/source/bin/winbindd
#14 0x8007fafe in schedule_async_request () from /opt/samba/samba-3.2.3/source/bin/winbindd
#15 0x800810e1 in async_request () from /opt/samba/samba-3.2.3/source/bin/winbindd
#16 0x80058165 in init_child_connection () from /opt/samba/samba-3.2.3/source/bin/winbindd
#17 0x80081374 in async_domain_request () from /opt/samba/samba-3.2.3/source/bin/winbindd
#18 0x800583db in add_trusted_domains () from /opt/samba/samba-3.2.3/source/bin/winbindd
#19 0x800587d3 in rescan_trusted_domains () from /opt/samba/samba-3.2.3/source/bin/winbindd
#20 0x8004db6c in main () from /opt/samba/samba-3.2.3/source/bin/winbindd

Fussing to get symbols.. And gdb says this:
(gdb) frame 8
#8  0xb76538f9 in nss_ad_get_info (e=0x803a1138, sid=0xbfdfdd68, ctx=0x80342d08, ads=0x0, 
    msg=0x0, homedir=0xbfdfdcd4, shell=0xbfdfdcd8, gecos=0xbfdfdcd0, gid=0xbfdfdcdc)
    at winbindd/idmap_ad.c:768
768             *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr );

(gdb) p homedir
$1 = (char **) 0xbfdfdcd4
(gdb) p *homedir
$2 = 0x0
(gdb) p ads
$3 = (ADS_STRUCT *) 0x0
(gdb) p ctx
$4 = (TALLOC_CTX *) 0x80342d08
(gdb) p msg
$5 = (LDAPMessage *) 0x0
(gdb) p ad_schema->posix_homedir_attr
$6 = 0x803a6440 "unixHomeDirectory"

Looks like ads being 0 is the fatal thing here since ads_pull_string immediately does ads->ldap.id

This seems to happen sometimes with a 'wbinfo -i mvoth' command, but also things like gdm causes it.

smb.conf has:

[global]
workgroup = ORCORP
realm = ADS.ORCORP.CA
os level = 0
log level = 3

security = ads
password server = ads0.ads.orcorp.ca
use kerberos keytab = true

idmap domains = ORCORP
idmap config ORCORP:backend = ad
idmap config ORCORP:readonly = yes
idmap config ORCORP:default = yes
idmap config ORCORP:range = 1000-11000
idmap config ORCORP:schema_mode = rfc2307

idmap alloc backend = tdb
idmap alloc config:range        = 300000000 - 310000000

winbind nss info = rfc2307
winbind use default domain = yes
winbind offline logon = yes
winbind refresh tickets = yes
winbind normalize names = yes

encrypt passwords = true
dns proxy = no
log file = /var/log/samba/log.%m
panic action = /usr/share/samba/panic-action %d
obey pam restrictions = yes
guest account = nobody
invalid users = root
unix charset = "UTF8"

name resolve order = lmhosts host wins bcast

Machine is ubuntu gutsy, built from source using the ibex packaging of 3.2.2
Comment 1 Guenther Deschner 2008-09-10 05:33:36 UTC
Created attachment 3548 [details]
use the new created ad connection

Can you try this patch, please ?
Comment 2 Karolin Seeger 2008-09-21 22:28:34 UTC
Does the patch fix your issue?
Comment 3 Jason Gunthorpe 2008-09-26 16:15:37 UTC
Karolin,

I have been unable to try the patch yet, the laptop that had this problem has left the building.. I'll let you know when I'm able to try it again.
Comment 4 Guenther Deschner 2008-09-26 17:03:22 UTC
Have you thrown it out of the window?? :-)

That patch is not not needed any more, Jerry Carter has checked in a similar fix into the 3-2/3-3-test branch, so it will be part of the next releases.
Comment 5 Jason Gunthorpe 2008-09-26 18:57:21 UTC
Just shipped across the country to the intended user.. I had hoped to use winbind to have an offline caching 'roaming' NSS setup for it, but I was not able to get it to work reliably. I'll try again on a later release.

I'm quite excited about this entire winbind configuration using idmap backend = ad/etc, it seems to be by far the best solution I've seen for NSS/PAM against AD..
Comment 6 Guenther Deschner 2008-10-27 17:53:45 UTC
Glad to hear that :)

Please re-open, if this is still a bug for you then.

Thanks for the report.