We've got a serious problem with our samba installation (samba 3.0.2.a, compiled from sources). The problem seems to occour when printing a file on a printer connected to our samba server. Other printers on the same server seems to work just fine. At the moment, I can reproduce this bug near-sistematicly, accessing to UTHPGL_5 printer. Here a snippet of the log file: [2004/02/26 14:29:09, 0] lib/fault.c:fault_report(36) ~ =============================================================== [2004/02/26 14:29:09, 0] lib/fault.c:fault_report(37) ~ INTERNAL ERROR: Signal 11 in pid 21341 (3.0.2a) ~ Please read the appendix Bugs of the Samba HOWTO collection [2004/02/26 14:29:09, 0] lib/fault.c:fault_report(39) ~ =============================================================== [2004/02/26 14:29:09, 0] lib/util.c:smb_panic(1400) ~ PANIC: internal error [2004/02/26 14:29:09, 0] lib/util.c:smb_panic(1407) ~ BACKTRACE: 24 stack frames: ~ #0 /usr/local/samba3/sbin/smbd(smb_panic+0x182) [0x818bfae] ~ #1 /usr/local/samba3/sbin/smbd [0x817c3d1] ~ #2 /usr/local/samba3/sbin/smbd [0x817c42a] ~ #3 /lib/libc.so.6 [0x4027e888] ~ #4 /usr/local/samba3/sbin/smbd(print_queue_status+0x139) [0x81a6315] ~ #5 /usr/local/samba3/sbin/smbd(_spoolss_enumjobs+0xe8) [0x810c350] ~ #6 /usr/local/samba3/sbin/smbd [0x80fe2ea] ~ #7 /usr/local/samba3/sbin/smbd(api_rpcTNP+0x200) [0x81295ec] ~ #8 /usr/local/samba3/sbin/smbd(api_pipe_request+0xce) [0x812936e] ~ #9 /usr/local/samba3/sbin/smbd [0x81238d4] ~ #10 /usr/local/samba3/sbin/smbd [0x8123ac1] ~ #11 /usr/local/samba3/sbin/smbd [0x8123d46] ~ #12 /usr/local/samba3/sbin/smbd [0x8123f03] ~ #13 /usr/local/samba3/sbin/smbd(write_to_pipe+0xd7) [0x8123e83] ~ #14 /usr/local/samba3/sbin/smbd [0x8087f5b] ~ #15 /usr/local/samba3/sbin/smbd [0x8088147] ~ #16 /usr/local/samba3/sbin/smbd(reply_trans+0x9ab) [0x8088b5b] ~ #17 /usr/local/samba3/sbin/smbd [0x80bc945] ~ #18 /usr/local/samba3/sbin/smbd [0x80bc9d1] ~ #19 /usr/local/samba3/sbin/smbd(process_smb+0x1c5) [0x80bcce1] ~ #20 /usr/local/samba3/sbin/smbd(smbd_process+0x13d) [0x80bd74d] ~ #21 /usr/local/samba3/sbin/smbd(main+0x72c) [0x81e76d4] ~ #22 /lib/libc.so.6(__libc_start_main+0x8e) [0x4026c306] ~ #23 /usr/local/samba3/sbin/smbd(ldap_msgfree+0x69) [0x8076851] Here more information obtained with gdb: Program received signal SIGSEGV, Segmentation fault. 0x082071ab in get_stored_queue_info (pdb=0x8397e68, snum=6, pcount=0xbffff064, ~ ppqueue=0xbffff1ac) at printing/printing.c:2186 2186 jobid = IVAL(&cgdata.dptr, i*4); (gdb) print i $2 = 1012 (gdb) print extra_count $3 = 1130 (gdb) print cgdata.dsize $4 = 4520 (gdb) print cgdata.dsize/4 $5 = 1130 (gdb) print cgdata $6 = {dptr = 0x83bff20 "~\006", dsize = 4520} (gdb) l 2181 /* Add in the changed jobids. */ 2182 for( i = 0; i < extra_count; i++) { 2183 uint32 jobid; 2184 struct printjob *pjob; 2185 2186 jobid = IVAL(&cgdata.dptr, i*4); 2187 DEBUG(5,("get_stored_queue_info: changed job = %u\n", (unsigned int)jobid)); 2188 pjob = print_job_find(snum, jobid); 2189 if (!pjob) { 2190 DEBUG(5,("get_stored_queue_info: failed to find changed job = %u\n", (unsigned int)jobid)); (gdb) (gdb) backtrace #0 0x082071ab in get_stored_queue_info (pdb=0x8397e68, snum=6, ~ pcount=0xbffff064, ppqueue=0xbffff1ac) at printing/printing.c:2186 #1 0x0820763a in print_queue_status (snum=6, ppqueue=0xbffff1ac, ~ status=0xbffff1b0) at printing/printing.c:2283 #2 0x0813c149 in _spoolss_enumjobs (p=0x839c530, q_u=0xbffff320, ~ r_u=0xbffff310) at rpc_server/srv_spoolss_nt.c:6517 #3 0x0812a99c in api_spoolss_enumjobs (p=0x839c530) ~ at rpc_server/srv_spoolss.c:693 #4 0x08160654 in api_rpcTNP (p=0x839c530, rpc_name=0x839c53e "spoolss", ~ api_rpc_cmds=0x82dab84, n_cmds=51) at rpc_server/srv_pipe.c:1530 #5 0x081602d3 in api_pipe_request (p=0x839c530) at rpc_server/srv_pipe.c:1476 #6 0x08159081 in process_request_pdu (p=0x839c530, rpc_in_p=0xbffff530) ~ at rpc_server/srv_pipe_hnd.c:669 #7 0x0815931f in process_complete_pdu (p=0x839c530) ~ at rpc_server/srv_pipe_hnd.c:741 #8 0x08159687 in process_incoming_data (p=0x839c530, data=0x83969b8 "(", n=48) ~ at rpc_server/srv_pipe_hnd.c:839 #9 0x081598b3 in write_to_internal_pipe (np_conn=0x839c530, ~ data=0x83969b8 "(", n=64) at rpc_server/srv_pipe_hnd.c:878 #10 0x0815981a in write_to_pipe (p=0x839c3f0, data=0x83969a8 "\005", n=64) ~ at rpc_server/srv_pipe_hnd.c:861 #11 0x0808e605 in api_fd_reply (conn=0x8397810, vuid=100, ~ outbuf=0x40547008 "", setup=0x82f5830, data=0x83969a8 "\005", params=0x0, ~ suwcnt=2, tdscnt=64, tpscnt=0, mdrcnt=1024, mprcnt=0) at smbd/ipc.c:306 #12 0x0808e889 in named_pipe (conn=0x8397810, vuid=100, outbuf=0x40547008 "", ~ name=0xbffff716 "", setup=0x82f5830, data=0x83969a8 "\005", params=0x0, ~ suwcnt=2, tdscnt=64, tpscnt=0, msrcnt=0, mdrcnt=1024, mprcnt=0) ~ at smbd/ipc.c:350 #13 0x0808f674 in reply_trans (conn=0x8397810, inbuf=0x40526008 "", ~ outbuf=0x40547008 "", size=152, bufsize=16644) at smbd/ipc.c:558 #14 0x080d5a4c in switch_message (type=37, inbuf=0x40526008 "", ~ outbuf=0x40547008 "", size=152, bufsize=16644) at smbd/process.c:767 #15 0x080d5b08 in construct_reply (inbuf=0x40526008 "", outbuf=0x40547008 "", ~ size=152, bufsize=16644) at smbd/process.c:797 #16 0x080d5eb0 in process_smb (inbuf=0x40526008 "", outbuf=0x40547008 "") ~ at smbd/process.c:897 #17 0x080d6c88 in smbd_process () at smbd/process.c:1328 #18 0x08258e07 in main (argc=2, argv=0xbffffac4) at smbd/server.c:887 #19 0x4026c306 in __libc_start_main (main=0x8258584 <main>, argc=2, ~ ubp_av=0xbffffac4, init=0x80754a0 <_init>, fini=0x8259160 <_fini>, ~ rtld_fini=0x4000d2fc <_dl_fini>, stack_end=0xbffffabc) ~ at ../sysdeps/generic/libc-start.c:129 (gdb) print cgdata $7 = {dptr = 0x83bff20 "~\006", dsize = 4520} And finally, my smb.conf file: [global] netbios name = FS5 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes workgroup = Task_84 server string = Server FS5 printcap name = /etc/printcap load printers = yes printing = cups guest account = nobody map to guest = never log file = /var/log/samba/samba3.log max log size = 0 security = user encrypt passwords = yes passdb backend = tdbsam:/usr/local/samba3/lib/passdb.tdb unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* add machine script = /usr/sbin/useradd -d /dev/null -g 800 -s /bin/false -M %u socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.0.1.32/24 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = script\%U.bat logon home= logon path= wins server = 10.0.1.34 dns proxy = no disable spoolss = no use client driver = yes dos filemode = yes [netlogon] path = /var/lib/samba3/netlogon comment = Servizio di Logon guest ok = yes browseable = No read only = yes write list = root,administrator [homes] comment = Home Directories browseable = no writable = yes hide dot files = yes # NOTE: this printer always works ! [laserjet] comment = Stampante in progettazione directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 guest ok = no read only = yes printer name = laserjet # Also this [hpdir] comment = Stampante in direzione directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 guest ok = no read only = yes printer name = LaserJet4000N [utprint002] comment = Stampante in ufficio tecnico 2 directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 guest ok = no read only = yes printer name = utprint002 # THESE are the printer which fails ! [UTHP_PS] comment = HP laserjet 5000 PostScript ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint #This printer fails near-sistematicly [UTHPGL_5] comment = HP laserjet 5000 HPGL 5e ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [UTHPGL_6] comment = HP laserjet 5000 HPGL 6e ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [UTEPLAFR] comment = HP laserjet 5000 HPGL 5e x Eplan Fronte/Retro ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [UTEPLA_S] comment = HP laserjet 5000 HPGL 5e x Eplan Singolo ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [UTHP_GEN] comment = HP laserjet 5000 generica ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [UTHPFAST] comment = HP laserjet 5000 prioritaria ufficio tecnico directory = /var/spool/samba browseable = yes public = yes printable = yes create mode = 0700 valid users = @uftec guest ok = no read only = yes printer name = utprint [lav] comment = Lavori progrettazione path = /home/prg/lavori public = no writable = yes printable = no valid users = @amminrete @analogico @lamiera @col_ana @col_lam force create mode = 660 force directory mode = 770 [apps] comment = Applicazioni comuni path = /home/prg/applicazioni public = no writable = yes printable = no valid users = @amminrete @analogico @lamiera @col_ana @col_lam @direzione @uftec @amministrazione force create mode = 660 force directory mode = 770 [uftec] comment = Ufficio Tecnico path = /home/gest/ut public = no writable = yes printable = no valid users = @uftec force create mode = 660 force directory mode = 770 [direz] comment = Direzione path = /home/gest/direzione public = no writable = yes printable = no valid users = @direzione force create mode = 660 force directory mode = 770 [ammin] comment = Amministrazione path = /home/gest/amministrazione public = no writable = yes printable = no valid users = @amministrazione force create mode = 660 force directory mode = 770 [com] comment = cartella con file in comune path = /home/gest/comuni public = no writable = yes printable = no force create mode = 666 force directory mode = 770
Created attachment 420 [details] fix pointer cast in get_stored_queue_info()
Looks like a bad pointer cast. Try this patch.
Patch applied, seems to works so far. I'll wait a bit to test it more extensively.
*** Bug 1192 has been marked as a duplicate of this bug. ***
*** Bug 1209 has been marked as a duplicate of this bug. ***
*** Bug 1231 has been marked as a duplicate of this bug. ***
*** Bug 1464 has been marked as a duplicate of this bug. ***
database cleanup