[Pkg-samba-maint] Bug#823372: winbind: segfault on first login attempt

Vincent McIntyre vincent.mcintyre at csiro.au
Wed May 4 00:16:35 UTC 2016 

Package: winbind
Version: 2:3.6.6-6+deb7u9
Severity: normal

possibly-related bugs: 820981

We have not used winbind in our setup until the badlock patches
came along (2:3.6.6-6+deb7u9). We follwed the recommendation in
#820981. The environment is MS AD, we are running a "member server"
serving a few shares. There are no Samba DCs.

When I restart winbind, and then attempt to authenticate with
smbclient on a different host, the first attempt fails, but the
second attempt succeeds.  The impact of this for us is minor but
I thought I should report the issue.

The first attempt fails with this error message
    % smbclient //myserv/myshare -U joe
    Enter joe's password: 
    session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
    did you forget to run kinit?

The backtrace that came via email is shown below.
Also the contents of log.wb-CORP at the time the segfault occurs.

The second connection attempt succeeds with no errors.

Other observations.

When I restart winbind, and on the first connection attempt
I hit <return> (i.e. enter a null password)
I get a normal NT_STATUS_ACCESS_DENIED error and no segfault.
If I then try again, actually entering a password, the segfault occurs.

When I restart winbind, and on the first connection attempt
I enter the wrong password
I get a normal NT_STATUS_ACCESS_DENIED error and no segfault.
If I then try again, actually entering a password, the segfault occurs.

I guess these are the same case and handled before reaching
the segfaulting code.

Kind regards
Vince

-- testparm -s output: -------------------------------------------------------
[global]
        workgroup = CORP
        realm = CORP.COM
        server string =  %h UNIX Server (Samba %v)
        security = DOMAIN
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        ntlm auth = No
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = host wins
        client signing = required
        deadtime = 10
        lpq cache time = 20
        printcap name = cups
        os level = 24
        domain master = No
        dns proxy = No
        wins server = 1.2.3.4, 1.2.4.4, 1.2.5.4
        panic action = /usr/share/samba/panic-action %d
        winbind use default domain = Yes
        idmap config * : backend = tdb
        create mask = 0600
        directory mask = 0700
        hosts allow = 1.2.3.0/255.255.255.0, 1.2.4.0/255.255.255.0, 1.2.5.0/255.255.255.0
        case sensitive = No
        blocking locks = No
        strict locking = No


-- backtrace.txt -------------------------------------------------------------

The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for PID 32399 (/usr/sbin/winbindd).

This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows
the state of the program at the time the error occurred.  The Samba log
files may contain additional information about the problem.

If the problem persists, you are encouraged to first install the
samba-dbg package, which contains the debugging symbols for the Samba
binaries.  Then submit the provided information as a bug report to
Debian.  For information about the procedure for submitting bug reports,
please see http://www.debian.org/Bugs/Reporting or the reportbug(1)
manual page.

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f9b57f80a3e in waitpid () from /lib/x86_64-linux-gnu/libc.so.6
#0  0x00007f9b57f80a3e in waitpid () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f9b57f12949 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f9b5acb0ba9 in smb_panic (why=why at entry=0x7f9b5b07716e "internal error") at lib/util.c:1123
#3  0x00007f9b5aca1d34 in fault_report (sig=<optimized out>) at lib/fault.c:53
#4  sig_fault (sig=<optimized out>) at lib/fault.c:76
#5  <signal handler called>
#6  cm_connect_lsa_tcp (domain=domain at entry=0x7f9b5bb83e30, mem_ctx=mem_ctx at entry=0x7f9b5bbc4400, cli=cli at entry=0x7fff59308b18) at winbindd/winbindd_cm.c:2420
#7  0x00007f9b5abf116e in winbindd_lookup_sids (mem_ctx=mem_ctx at entry=0x7f9b5bbc4400, domain=domain at entry=0x7f9b5bb83e30, num_sids=num_sids at entry=1, sids=0x7f9b5bbc2910, domains=domains at entry=0x7fff59308ba0, names=names at entry=0x7fff59308ba8, types=types at entry=0x7fff59308bb0) at winbindd/winbindd_msrpc.c:1093
#8  0x00007f9b5abf1520 in msrpc_sid_to_name (domain=0x7f9b5bb83e30, mem_ctx=0x7f9b5bbc4400, sid=<optimized out>, domain_name=0x7fff59308cc0, name=0x7fff59308cc8, type=0x7fff59308cbc) at winbindd/winbindd_msrpc.c:295
#9  0x00007f9b5abf3e24 in sid_to_name (domain=0x7f9b5bb83e30, mem_ctx=0x7f9b5bbc4400, sid=0x7f9b5bbc2910, domain_name=0x7fff59308cc0, name=0x7fff59308cc8, type=<optimized out>) at winbindd/winbindd_reconnect.c:162
#10 0x00007f9b5abf40ee in sid_to_name (domain=<optimized out>, mem_ctx=<optimized out>, sid=<optimized out>, domain_name=<optimized out>, name=<optimized out>, type=<optimized out>) at winbindd/winbindd_ads.c:449
#11 0x00007f9b5abe08c6 in sid_to_name (domain=0x7f9b5bb83e30, mem_ctx=0x7f9b5bbc4400, sid=0x7f9b5bbc2910, domain_name=0x7fff59308cc0, name=0x7fff59308cc8, type=0x7fff59308cbc) at winbindd/winbindd_cache.c:1950
#12 0x00007f9b5abfe0c3 in _wbint_LookupSid (p=p at entry=0x7fff59308d30, r=r at entry=0x7f9b5bbc8410) at winbindd/winbindd_dual_srv.c:61
#13 0x00007f9b5ac0afb4 in api_wbint_LookupSid (p=0x7fff59308d30) at librpc/gen_ndr/srv_wbint.c:144
#14 0x00007f9b5abfdf2d in winbindd_dual_ndrcmd (domain=<optimized out>, state=0x7fff59308f10) at winbindd/winbindd_dual_ndr.c:322
#15 0x00007f9b5abfcc84 in child_process_request (state=0x7fff59308f10, child=<optimized out>) at winbindd/winbindd_dual.c:440
#16 fork_domain_child (child=0x7f9b5bb83820) at winbindd/winbindd_dual.c:1554
#17 0x00007f9b5abfd715 in wb_child_request_trigger (req=0x7f9b5bb823a0, private_data=<optimized out>) at winbindd/winbindd_dual.c:145
#18 0x00007f9b5acc2172 in tevent_common_loop_immediate (ev=ev at entry=0x7f9b5bb72d40) at ../lib/tevent/tevent_immediate.c:135
#19 0x00007f9b5acc0277 in run_events_poll (ev=0x7f9b5bb72d40, pollrtn=0, pfds=0x0, num_pfds=0) at lib/events.c:198
#20 0x00007f9b5acc0696 in s3_event_loop_once (ev=0x7f9b5bb72d40, location=<optimized out>) at lib/events.c:331
#21 0x00007f9b5acc1280 in _tevent_loop_once (ev=0x7f9b5bb72d40, location=location at entry=0x7f9b5b026e58 "winbindd/winbindd.c:1454") at ../lib/tevent/tevent.c:494
#22 0x00007f9b5abd374b in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at winbindd/winbindd.c:1454
A debugging session is active.

	Inferior 1 [process 32399] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]

-- log.wb-CORP ---------------------------------------------------------------
(excerpt)

[2016/05/04 09:56:22.025174,  1] rpc_client/cli_pipe.c:581(cli_pipe_validate_current_pdu)
  rpc_client/cli_pipe.c:581: RPC fault code WERR_RPC_S_SEC_PKG_ERROR received from host dc1.corp.com!
[2016/05/04 09:56:22.048445,  0] lib/fault.c:47(fault_report)
  ===============================================================
[2016/05/04 09:56:22.048503,  0] lib/fault.c:48(fault_report)
  INTERNAL ERROR: Signal 11 in pid 32399 (3.6.6)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2016/05/04 09:56:22.048557,  0] lib/fault.c:50(fault_report)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2016/05/04 09:56:22.048604,  0] lib/fault.c:51(fault_report)
  ===============================================================
[2016/05/04 09:56:22.048638,  0] lib/util.c:1117(smb_panic)
  PANIC (pid 32399): internal error
[2016/05/04 09:56:22.052813,  0] lib/util.c:1221(log_stack_trace)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/winbindd(log_stack_trace+0x1a) [0x7f9b5acb0aaa]
   #1 /usr/sbin/winbindd(smb_panic+0x22) [0x7f9b5acb0b82]
   #2 /usr/sbin/winbindd(+0x1add34) [0x7f9b5aca1d34]
   #3 /lib/x86_64-linux-gnu/libc.so.6(+0x321a0) [0x7f9b57f051a0]
   #4 /usr/sbin/winbindd(cm_connect_lsa_tcp+0x55) [0x7f9b5abedf75]
   #5 /usr/sbin/winbindd(winbindd_lookup_sids+0x7e) [0x7f9b5abf116e]
   #6 /usr/sbin/winbindd(+0xfd520) [0x7f9b5abf1520]
   #7 /usr/sbin/winbindd(+0xffe24) [0x7f9b5abf3e24]
   #8 /usr/sbin/winbindd(+0x1000ee) [0x7f9b5abf40ee]
   #9 /usr/sbin/winbindd(+0xec8c6) [0x7f9b5abe08c6]
   #10 /usr/sbin/winbindd(_wbint_LookupSid+0x53) [0x7f9b5abfe0c3]
   #11 /usr/sbin/winbindd(+0x116fb4) [0x7f9b5ac0afb4]
   #12 /usr/sbin/winbindd(winbindd_dual_ndrcmd+0xbd) [0x7f9b5abfdf2d]
   #13 /usr/sbin/winbindd(+0x108c84) [0x7f9b5abfcc84]
   #14 /usr/sbin/winbindd(+0x109715) [0x7f9b5abfd715]
   #15 /usr/sbin/winbindd(tevent_common_loop_immediate+0xe2) [0x7f9b5acc2172]
   #16 /usr/sbin/winbindd(run_events_poll+0x47) [0x7f9b5acc0277]
   #17 /usr/sbin/winbindd(+0x1cc696) [0x7f9b5acc0696]
   #18 /usr/sbin/winbindd(_tevent_loop_once+0x90) [0x7f9b5acc1280]
   #19 /usr/sbin/winbindd(main+0x78b) [0x7f9b5abd374b]
   #20 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f9b57ef1ead]
   #21 /usr/sbin/winbindd(+0xdfba9) [0x7f9b5abd3ba9]
[2016/05/04 09:56:22.053321,  0] lib/util.c:1122(smb_panic)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 32399]
[2016/05/04 09:56:22.848441,  0] lib/util.c:1130(smb_panic)
  smb_panic(): action returned status 0
[2016/05/04 09:56:22.848531,  0] lib/fault.c:372(dump_core)
  dumping core in /var/log/samba/cores/winbindd



-- System Information:
Debian Release: 7.10
  APT prefers oldstable
  APT policy: (990, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages winbind depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.16.17
ii  libc6             2.13-38+deb7u10
ii  libcap2           1:2.22-1.2
ii  libcomerr2        1.42.5-1.1+deb7u1
ii  libgssapi-krb5-2  1.10.1+dfsg-5+deb7u7
ii  libk5crypto3      1.10.1+dfsg-5+deb7u7
ii  libkrb5-3         1.10.1+dfsg-5+deb7u7
ii  libldap-2.4-2     2.4.31-2+deb7u1
ii  libpam0g          1.1.3-7.1
ii  libpopt0          1.16-7
ii  libtalloc2        2.0.7+git20120207-1
ii  libtdb1           1.2.10-2
ii  libwbclient0      2:3.6.6-6+deb7u9
ii  lsb-base          4.1+Debian8+deb7u1
ii  samba-common      2:3.6.6-6+deb7u9
ii  zlib1g            1:1.2.7.dfsg-13

Versions of packages winbind recommends:
pn  libnss-winbind  <none>
pn  libpam-winbind  <none>

winbind suggests no packages.

-- no debconf information


--

More information about the Pkg-samba-maint mailing list