4.23.0-1 winbind crash on start
Description:
After upgrade from version 4.22 to version 4.23, winbind is crashing on start. If started again by hand, it will succeed.
Comparing https://gitlab.com/samba-team/samba/-/merge_requests/4225 against stacktrace produced on my computer I think this is the related fix , but I am yet to produce a patched package to test it.
EDIT: currently testing the fix from the above merge request.
EDIT: fix in the above merge request fixed the crash.
Additional info:
- package version(s): 4.23.0-1
- config and/or log files:
- link to upstream bug report, if any: https://bugzilla.samba.org/show_bug.cgi?id=15914
stacktrace:
root@gdansk ~ # coredumpctl info
PID: 6859 (winbindd)
UID: 0 (root)
GID: 0 (root)
Signal: 6 (ABRT)
Timestamp: Tue 2025-09-16 06:45:11 BST (3h 9min ago)
Command Line: /usr/bin/winbindd --foreground --no-process-group
Executable: /usr/bin/winbindd
Control Group: /system.slice/winbind.service
Unit: winbind.service
Slice: system.slice
Boot ID: 352cff312acc41b39e48576093fcde28
Machine ID: 9fd94c96ea7a4bbca6ebe370a43101f1
Hostname: gdansk.lan.incorrekt.net
Storage: /var/lib/systemd/coredump/core.winbindd.0.352cff312acc41b39e48576093fcde28.6859.1758001511000000.zst (present)
Size on Disk: 881.7K
Message: Process 6859 (winbindd) of user 0 dumped core.
Stack trace of thread 6859:
#0 0x00007f9c22b1094c n/a (libc.so.6 + 0x9894c)
#1 0x00007f9c22ab6410 raise (libc.so.6 + 0x3e410)
#2 0x00007f9c22a9d57a abort (libc.so.6 + 0x2557a)
#3 0x00007f9c235eb089 dump_core (libsmbconf.so.0 + 0x55089)
#4 0x00007f9c235eb0e5 smb_panic_s3 (libsmbconf.so.0 + 0x550e5)
#5 0x00007f9c22f879e7 smb_panic (libgenrand-private-samba.so + 0x29e7)
#6 0x00007f9c22f87a98 n/a (libgenrand-private-samba.so + 0x2a98)
#7 0x00007f9c22ab6540 n/a (libc.so.6 + 0x3e540)
#8 0x00007f9c23bd722b dcerpc_binding_handle_call_send (libdcerpc-binding.so.0 + 0x1822b)
#9 0x00007f9c23bae057 dcerpc_wbint_NormalizeNameUnmap_r_send (libdcerpc-samba4-private-samba.so + 0x12057)
#10 0x00007f9c23bae36b dcerpc_wbint_NormalizeNameUnmap_send (libdcerpc-samba4-private-samba.so + 0x1236b)
#11 0x000055a98037e9c8 winbindd_getgroups_send (/usr/bin/winbindd + 0x6e9c8)
#12 0x000055a9803902b0 n/a (/usr/bin/winbindd + 0x802b0)
#13 0x000055a98038839f n/a (/usr/bin/winbindd + 0x7839f)
#14 0x00007f9c22cb47d9 tevent_common_invoke_fd_handler (libtevent.so.0 + 0xb7d9)
#15 0x00007f9c22cb94b0 n/a (libtevent.so.0 + 0x104b0)
#16 0x00007f9c22cafaf6 n/a (libtevent.so.0 + 0x6af6)
#17 0x00007f9c22cb164a _tevent_loop_once (libtevent.so.0 + 0x864a)
#18 0x000055a980327e33 main (/usr/bin/winbindd + 0x17e33)
#19 0x00007f9c22a9f675 n/a (libc.so.6 + 0x27675)
#20 0x00007f9c22a9f729 __libc_start_main (libc.so.6 + 0x27729)
#21 0x000055a980328bb5 _start (/usr/bin/winbindd + 0x18bb5)
ELF object binary architecture: AMD x86-64in gdb this seems to be a null pointer dereference at librpc/rpc/binding_handle.c:420
Core was generated by `/usr/bin/winbindd --foreground --no-process-group'.
Program terminated with signal SIGABRT, Aborted.
Downloading 4.48 K source file /usr/src/debug/glibc/glibc/nptl/pthread_kill.c
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f9c22b10a13 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
#2 0x00007f9c22ab6410 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f9c22a9d57a in __GI_abort () at abort.c:77
#4 0x00007f9c235eb089 in dump_core () at ../../source3/lib/dumpcore.c:339
#5 0x00007f9c235eb0e5 in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:730
#6 0x00007f9c22f879e7 in smb_panic (why=why@entry=0x7fff95bef490 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:209
#7 0x00007f9c22f87a98 in fault_report (sig=11) at ../../lib/util/fault.c:83
#8 sig_fault (sig=11) at ../../lib/util/fault.c:94
#9 <signal handler called>
#10 0x00007f9c23bd722b in dcerpc_binding_handle_call_send (mem_ctx=<optimized out>, ev=ev@entry=0x55a9bb0019a0, h=h@entry=0x0, object=object@entry=0x0, table=0x7f9c238260a0 <ndr_table_winbind>,
opnum=opnum@entry=29, r_mem=0x55a9bb016c10, r_ptr=0x55a9bb01ab48) at ../../librpc/rpc/binding_handle.c:420
#11 0x00007f9c23bae057 in dcerpc_wbint_NormalizeNameUnmap_r_send (mem_ctx=<optimized out>, ev=ev@entry=0x55a9bb0019a0, h=h@entry=0x0, r=0x55a9bb01ab48) at librpc/gen_ndr/ndr_winbind_c.c:6622
#12 0x00007f9c23bae36b in dcerpc_wbint_NormalizeNameUnmap_send (mem_ctx=<optimized out>, ev=0x55a9bb0019a0, h=0x0, _name=0x55a9bb00f020 "root", _unmapped_name=<optimized out>)
at librpc/gen_ndr/ndr_winbind_c.c:6721
#13 0x000055a98037e9c8 in winbindd_getgroups_send (mem_ctx=<optimized out>, ev=0x55a9bb0019a0, cli=0x55a9bb015990, request=<optimized out>) at ../../source3/winbindd/winbindd_getgroups.c:75
#14 0x000055a9803902b0 in process_request_send (mem_ctx=0x55a9bb015990, ev=0x55a9bb0019a0, cli_state=0x55a9bb015990) at ../../source3/winbindd/winbindd.c:503
#15 winbind_client_request_read (req=<optimized out>) at ../../source3/winbindd/winbindd.c:747
#16 0x000055a98038839f in wb_req_read_done (subreq=<optimized out>) at ../../nsswitch/wb_reqtrans.c:126
#17 0x00007f9c22cb47d9 in tevent_common_invoke_fd_handler (fde=0x55a9bb01b130, flags=1, removed=removed@entry=0x0) at ../../tevent_fd.c:174
#18 0x00007f9c22cb94b0 in epoll_event_loop (epoll_ev=0x55a9bb004a90, tvalp=0x7fff95bf0480) at ../../tevent_epoll.c:699
#19 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../tevent_epoll.c:929
#20 0x00007f9c22cafaf6 in std_event_loop_once (ev=0x55a9bb0019a0, location=0x55a9803c8a18 "../../source3/winbindd/winbindd.c:1738") at ../../tevent_standard.c:110
#21 0x00007f9c22cb164a in _tevent_loop_once (ev=0x55a9bb0019a0, location=location@entry=0x55a9803c8a18 "../../source3/winbindd/winbindd.c:1738") at ../../tevent.c:860
#22 0x000055a980327e33 in main (argc=<optimized out>, argv=<optimized out>) at ../../source3/winbindd/winbindd.c:1738
(gdb) fr 10
Downloading 14.49 K source file /usr/src/debug/samba/samba-4.23.0/bin/default/../../librpc/rpc/binding_handle.c
#10 0x00007f9c23bd722b in dcerpc_binding_handle_call_send (mem_ctx=<optimized out>, ev=ev@entry=0x55a9bb0019a0, h=h@entry=0x0, object=object@entry=0x0, table=0x7f9c238260a0 <ndr_table_winbind>,
opnum=opnum@entry=29, r_mem=0x55a9bb016c10, r_ptr=0x55a9bb01ab48) at ../../librpc/rpc/binding_handle.c:420
420 if (table != h->table) {
(gdb) p h
$1 = (struct dcerpc_binding_handle *) 0x0
(gdb) fr 13
Downloading 8.53 K source file /usr/src/debug/samba/samba-4.23.0/bin/default/../../source3/winbindd/winbindd_getgroups.c
#13 0x000055a98037e9c8 in winbindd_getgroups_send (mem_ctx=<optimized out>, ev=0x55a9bb0019a0, cli=0x55a9bb015990, request=<optimized out>) at ../../source3/winbindd/winbindd_getgroups.c:75
75 subreq = dcerpc_wbint_NormalizeNameUnmap_send(state,
(gdb) p state
$1 = (struct winbindd_getgroups_state *) 0x55a9bb024c30
(gdb) p *state
$2 = {ev = 0x55a9bb0019a0, request_name = 0x55a9bb00f020 "root", unmapped_name = 0x0, namespace = 0x0, domname = 0x0, username = 0x0, sid = {sid_rev_num = 0 '\000', num_auths = 0 '\000',
id_auth = "\000\000\000\000\000", sub_auths = {0 <repeats 15 times>}}, type = SID_NAME_USE_NONE, num_sids = 0, sids = 0x0, num_gids = 0, gids = 0x0}Steps to reproduce:
- install and configure samba
- enable winbind and smb
- restart machine
- systemctl status winbind to see the stacktrace (pasted above)
Edited by Bronek Kozicki