When running the following command, we encounter a segmentation fault. # samba-gpupdate --rsop The following packages have been installed: samba-gpupdate oddjob-gpupdate The packages have the following versions: Installed Packages Name : samba-gpupdate Epoch : 2 Version : 4.19.5 Release : 1.fc39 Architecture : x86_64 Size : 7.2 k Source : samba-4.19.5-1.fc39.src.rpm Repository : @System From repo : updates Summary : Samba GPO support for clients URL : https://www.samba.org License : GPL-3.0-or-later AND LGPL-3.0-or-later Description : This package provides the samba-gpupdate tool to apply Group Policy Objects : (GPO) on Samba clients. Installed Packages Name : oddjob-gpupdate Version : 0.2.1 Release : 4.fc39 Architecture : x86_64 Size : 42 k Source : oddjob-gpupdate-0.2.1-4.fc39.src.rpm Repository : @System From repo : fedora Summary : An oddjob helper which applies group policy objects URL : https://github.com/altlinux/oddjob-gpupdate.git License : BSD Description : This package contains the oddjob helper which can be used by the : pam_oddjob_gpupdate module to apply group policy objects at login-time. The client is joined to a Microsoft Active Directory Domain by using realm, sssd and adcli (using the command: realm join). For the AD join the following packages were installed: realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools This is the current sssd.conf content (please note that the actual domain name has been redacted): [sssd] domains = example-domain.local default_domain_suffix = example-domain.local config_file_version = 2 services = nss, pam [domain/example-domain.local] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = example-domain.LOCAL realmd_tags = manages-system joined-with-adcli id_provider = ad fallback_homedir = /home/%u ad_domain = example-domain.local use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad ad_gpo_access_control = disabled ad_gpo_ignore_unreadable = true ad_update_samba_machine_account_password = true This is the content of the /etc/samba/smb.conf file: [global] kerberos method = secrets and keytab realm = EXAMPLE.LOCAL workgroup = EXAMPLE security = ads passdb backend = tdbsam Now when running the command "samba-gpupdate --rsop -d10" with root privileges, this results in a segmentation fault. Reproducible: Always Steps to Reproduce: Run the following command: # samba-gpupdate --rsop -d10 Actual Results: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 Processing section "[global]" doing parameter kerberos method = secrets and keytab doing parameter realm = EXAMPLE-DOMAIN.LOCAL doing parameter workgroup = EXAMPLE-DOMAIN doing parameter security = ads doing parameter passdb backend = tdbsam pm_process() returned Yes lp_servicenumber: couldn't find homes ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory lp_load_ex: refreshing parameters Freeing parametrics: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 Processing section "[global]" doing parameter kerberos method = secrets and keytab doing parameter realm = EXAMPLE-DOMAIN.LOCAL doing parameter workgroup = EXAMPLE-DOMAIN doing parameter security = ads doing parameter passdb backend = tdbsam pm_process() returned Yes lp_servicenumber: couldn't find homes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'ncalrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 finddcs: searching for a DC by DNS domain EXAMPLE-DOMAIN.LOCAL finddcs: looking for SRV records for _ldap._tcp.EXAMPLE-DOMAIN.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.EXAMPLE-DOMAIN.LOCAL<0x0> getlmhostsent: lmhost entry: 127.0.0.1 localhost dns_lookup_send_next: Sending DNS request #0 to 127.0.0.53 dns_cli_request_send: Asking 127.0.0.53 for _ldap._tcp.EXAMPLE-DOMAIN.LOCAL./1/33 via UDP THIS OUTPUT WAS REDACTED finddcs: DNS SRV response 0 at '192.0.2.3' finddcs: DNS SRV response 1 at '192.0.2.1' finddcs: DNS SRV response 2 at '192.0.2.1' finddcs: DNS SRV response 3 at '192.0.2.4' finddcs: DNS SRV response 4 at '192.0.2.1' finddcs: DNS SRV response 5 at '192.0.2.1' finddcs: DNS SRV response 6 at '192.0.2.2' finddcs: DNS SRV response 7 at '192.0.2.2' finddcs: DNS SRV response 8 at '192.0.2.2' finddcs: DNS SRV response 9 at '192.0.2.4' finddcs: performing CLDAP query on 192.0.2.3 &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0003f17c (258428) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 0: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 1: NBT_SERVER_DS_9 1: NBT_SERVER_DS_10 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 1fsa8519-0281-7482-13e7-0abc4985ffcd forest : 'example-domain.local' dns_domain : 'example-domain.local' pdc_dns_name : 'example-domain-controller01.example-domain.local' domain_name : 'EXAMPLE-DOMAIN' pdc_name : 'example-domain-controller01' user_name : '' server_site : 'example location' client_site : 'example location' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) finddcs: Found matching DC 192.0.2.3 with server_type=0x0003f17c lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" pm_process() returned Yes Security token SIDs (1): SID[ 0]: S-1-5-18 Privileges (0xFFFFFFFFFFFFFFFF): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 added interface enp0s13f0u2 ip=192.0.2.203 bcast=192.0.2.255 netmask=255.255.252.0 resolve_lmhosts: Attempting lmhosts lookup for name example-domain-controller01.example-domain.local<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 smb_krb5_trace_cb: [3642] 1709202279.909580: Getting initial credentials for example-client-name$@EXAMPLE-DOMAIN.LOCAL smb_krb5_trace_cb: [3642] 1709202279.909581: Error loading plugin module pkinit: 2/unable to load plugin [/usr/lib64/krb5/plugins/preauth/pkinit.so]: /usr/lib64/krb5/plugins/preauth/pkinit.so: cannot open shared object file: No such file or directory smb_krb5_trace_cb: [3642] 1709202279.909583: Sending unauthenticated request smb_krb5_trace_cb: [3642] 1709202279.909584: Sending request (200 bytes) to EXAMPLE-DOMAIN.LOCAL smb_krb5_trace_cb: [3642] 1709202279.909585: Initiating TCP connection to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909586: Sending TCP request to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909587: Received answer (194 bytes) from stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909588: Terminating TCP connection to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909589: Response was from primary KDC smb_krb5_trace_cb: [3642] 1709202279.909590: Received error from KDC: -1765328359/Additional pre-authentication required smb_krb5_trace_cb: [3642] 1709202279.909593: Preauthenticating using KDC method data smb_krb5_trace_cb: [3642] 1709202279.909594: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) smb_krb5_trace_cb: [3642] 1709202279.909595: Selected etype info: etype aes256-cts, salt "EXAMPLE-DOMAIN.LOCALhostexample-client-name.example-domain.local", params "" smb_krb5_trace_cb: [3642] 1709202279.909596: AS key obtained for encrypted timestamp: aes256-cts/746E smb_krb5_trace_cb: [3642] 1709202279.909598: Encrypted timestamp (for 1709202279.888025): plain REDACTED, encrypted REDACTED smb_krb5_trace_cb: [3642] 1709202279.909599: Preauth module encrypted_timestamp (2) (real) returned: 0/Success smb_krb5_trace_cb: [3642] 1709202279.909600: Produced preauth for next request: PA-ENC-TIMESTAMP (2) smb_krb5_trace_cb: [3642] 1709202279.909601: Sending request (280 bytes) to EXAMPLE-DOMAIN.LOCAL smb_krb5_trace_cb: [3642] 1709202279.909602: Initiating TCP connection to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909603: Sending TCP request to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909604: Received answer (1654 bytes) from stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909605: Terminating TCP connection to stream 192.0.2.1:88 smb_krb5_trace_cb: [3642] 1709202279.909606: Response was from primary KDC smb_krb5_trace_cb: [3642] 1709202279.909607: Processing preauth types: PA-ETYPE-INFO2 (19) smb_krb5_trace_cb: [3642] 1709202279.909608: Selected etype info: etype aes256-cts, salt "EXAMPLE-DOMAIN.LOCALhostexample-client-name.example-domain.local", params "" smb_krb5_trace_cb: [3642] 1709202279.909609: Produced preauth for next request: (empty) smb_krb5_trace_cb: [3642] 1709202279.909610: AS key determined by preauth: aes256-cts/746E smb_krb5_trace_cb: [3642] 1709202279.909611: Decrypted AS reply; session key is: aes256-cts/9E65 smb_krb5_trace_cb: [3642] 1709202279.909612: FAST negotiation: unavailable smb_krb5_trace_cb: [3642] 1709202279.909613: Initializing MEMORY:0x55ba8c7375d0 with default princ example-client-name$@EXAMPLE-DOMAIN.LOCAL smb_krb5_trace_cb: [3642] 1709202279.909614: Storing example-client-name$@EXAMPLE-DOMAIN.LOCAL -> krbtgt/EXAMPLE-DOMAIN.LOCAL in MEMORY:0x55ba8c7375d0 kinit for example-client-name$@EXAMPLE-DOMAIN.LOCAL succeeded gensec_update_send: gssapi_krb5[0x55ba8c730340]: subreq: 0x55ba8c6c3320 gensec_update_send: spnego[0x55ba8c730250]: subreq: 0x55ba8c737670 gensec_update_done: gssapi_krb5[0x55ba8c730340]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55ba8c6c3320/../../source4/auth/gensec/gensec_gssapi.c:1059]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x55ba8c6c3500)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1070] gensec_update_done: spnego[0x55ba8c730250]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55ba8c737670/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55ba8c737850)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically sealed gensec_update_send: gssapi_krb5[0x55ba8c730340]: subreq: 0x55ba8c6c3320 gensec_update_send: spnego[0x55ba8c730250]: subreq: 0x55ba8c737670 gensec_update_done: gssapi_krb5[0x55ba8c730340]: NT_STATUS_OK tevent_req[0x55ba8c6c3320/../../source4/auth/gensec/gensec_gssapi.c:1059]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x55ba8c6c3500)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1077] gensec_update_done: spnego[0x55ba8c730250]: NT_STATUS_OK tevent_req[0x55ba8c737670/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55ba8c737850)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] 2024-02-29 11:24:39.998|[I99992]| Found dn CN=example-client-name,OU=Mobile,OU=Clients,OU=EXAMPLE_Computers,DC=example-domain,DC=local for samaccountname example-client-name$ | {} gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00\B0\97\E116\CA\83\BF\F2\0E\CC\12)(objectClass=domain)) -> 1 gendb_search_v: DC=example-domain,DC=local NULL -> 1 Security token SIDs (7): SID[ 0]: S-1-5-21-836868016-3213085238-315363058-32210 SID[ 1]: S-1-5-21-836868016-3213085238-315363058-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-554 SID[ 6]: S-1-5-32-545 Privileges (0x 0): Rights (0x 0): 2024-02-29 11:24:40.333|[D11846]| get_gpo_list: query OU: [OU=Mobile,OU=Clients,OU=EXAMPLE_Computers,DC=example-domain,DC=local] for GPOs | {} 2024-02-29 11:24:40.352|[D15106]| get_gpo_link: no 'gPOptions' attribute found | {} 2024-02-29 11:24:40.352|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.353|[D26036]| gpo_parse_gplink: link: LDAP://cn={E55CDAE0-5A84-4916-A6BA-637DE2280126},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.353|[D63190]| gpo_parse_gplink: opt: 0 | {} 2024-02-29 11:24:40.353|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.353|[D11226]| gpo_parse_gplink: link: LDAP://cn={378F3691-290A-4E3D-AA51-6170386EBDA1},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.354|[D63190]| gpo_parse_gplink: opt: 0 | {} 2024-02-29 11:24:40.354|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.354|[D27958]| gpo_parse_gplink: link: LDAP://cn={82B490BA-8C56-44F6-8C53-05F4E5784229},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.354|[D63190]| gpo_parse_gplink: opt: 0 | {} 2024-02-29 11:24:40.355|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.355|[D05766]| gpo_parse_gplink: link: LDAP://cn={6E527FC6-AFE1-43FC-9586-4A3D6F91370B},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.355|[D63190]| gpo_parse_gplink: opt: 0 | {} 2024-02-29 11:24:40.355|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.355|[D22770]| gpo_parse_gplink: link: LDAP://cn={493EE557-2BD9-463E-ACD3-1C4D1A856B1F},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.356|[D63190]| gpo_parse_gplink: opt: 0 | {} 2024-02-29 11:24:40.356|[D00143]| gpo_parse_gplink: processing link | {} 2024-02-29 11:24:40.356|[D65516]| gpo_parse_gplink: link: LDAP://cn={1A19BD1C-B121-44D3-B078-0E2C4078124C},cn=policies,cn=system,DC=example-domain,DC=local | {} 2024-02-29 11:24:40.356|[D04618]| gpo_parse_gplink: opt: 1 | {} 2024-02-29 11:24:40.356|[D11464]| skipping disabled GPO | {} =============================================================== INTERNAL ERROR: Signal 11: Segmentation fault in () () pid 3642 (4.19.5) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting =============================================================== PANIC (pid 3642): Signal 11: Segmentation fault in 4.19.5 BACKTRACE: 22 stack frames: #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x37) [0x7fda9f0b9e47] #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0x15) [0x7fda9f0ba655] #2 /usr/lib64/samba/libgenrand-samba4.so(+0x370d) [0x7fda9f0ba70d] #3 /lib64/libc.so.6(+0x3e9a0) [0x7fda9fe9b9a0] #4 /usr/lib64/samba/libsamba-security-samba4.so(ndr_push_security_descriptor+0x195) [0x7fda9e104c65] #5 /lib64/libndr.so.3(ndr_push_struct_blob+0x3f) [0x7fda9e1f837f] #6 /usr/lib64/samba/libsamba-security-samba4.so(marshall_sec_desc+0x3f) [0x7fda9e10cccf] #7 /usr/lib64/python3.12/site-packages/samba/gpo.cpython-312-x86_64-linux-gnu.so(+0x4d94) [0x7fda9aa7dd94] #8 /lib64/libpython3.12.so.1.0(+0x21a75a) [0x7fda9fa1a75a] #9 /lib64/libpython3.12.so.1.0(PyObject_Vectorcall+0x5c) [0x7fda9fa0ae9c] #10 /lib64/libpython3.12.so.1.0(+0x10fb3a) [0x7fda9f90fb3a] #11 /lib64/libpython3.12.so.1.0(PyEval_EvalCode+0xb6) [0x7fda9fa8ab56] #12 /lib64/libpython3.12.so.1.0(+0x2ade2a) [0x7fda9faade2a] #13 /lib64/libpython3.12.so.1.0(+0x2a8d9e) [0x7fda9faa8d9e] #14 /lib64/libpython3.12.so.1.0(+0x2c9753) [0x7fda9fac9753] #15 /lib64/libpython3.12.so.1.0(_PyRun_SimpleFileObject+0x1ca) [0x7fda9fac8dea] #16 /lib64/libpython3.12.so.1.0(_PyRun_AnyFileObject+0x4f) [0x7fda9fac895f] #17 /lib64/libpython3.12.so.1.0(Py_RunMain+0x352) [0x7fda9fab95e2] #18 /lib64/libpython3.12.so.1.0(Py_BytesMain+0x3c) [0x7fda9fa748bc] #19 /lib64/libc.so.6(+0x2814a) [0x7fda9fe8514a] #20 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7fda9fe8520b] #21 /usr/bin/python3(_start+0x25) [0x55ba8b2b0095] Can not dump core: corepath not set up Expected Results: Actual output of the resultant set of policies
Could you please install debuginfo and reproduce the issue and share the full backtrace? $ dnf install dnf-utils $ debuginfo-install samba
Created attachment 2020026 [details] samba-gpupdate Backtrace log
Hello Andreas, Thanks for your quick reply. I am not too familiar with debugging, so please correct me if I did something wrong. I did the following steps: # dnf install dnf-utils # debuginfo-install samba # gdb --args /usr/bin/python3 /usr/sbin/samba-gpupdate "--rsop" "-d10" Enable debuginfod for this session (y or [n]) > y (gdb) set logging file /tmp/backtrace.log (gdb) set logging enabled on (gdb) run (gdb) thread apply all bt full (gdb) set logging enabled off (gdb) quit I've attached the backtrace to this bug report (filename: samba-gpupdate_backtrace_2024.03.4.log). Best Regards, Patrick
Thank you very much. I've submitted a patch upstream.
Many thanks for the quick fix! I'll wait to test the ticket downstream and will close this ticket after testing.
FEDORA-2024-8d000fa65a (samba-4.19.6-1.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-8d000fa65a
FEDORA-2024-8d000fa65a has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-8d000fa65a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-8d000fa65a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
I tested the new version on the client that had the segmentation fault and the issue has been solved. When running "samba-gpupdate --rsop -d10" it doesn't encounter the segmentation vault anymore. I have also provided my testing feedback on the linked advisory FEDORA-2024-8d000fa65a. Thank you for the quick fix. Best Regards, Patrick
FEDORA-2024-8d000fa65a (samba-4.19.6-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.