Mail from Jeremy:

> The problem seems to occur when I am dealing with a 
> HP printer, I have installed the printer using the 
> cups admin page, and after setting the Guest Ok flag 
> in Swat to YES move on to installing the driver which 
> is when the panic occurs.
> 
> Steps Taken:-
> 
> 1) Click Start and Run on my PC \\servername
> 
> 2) Double click on Printers And Faxes when the 
> window appears detailing what printer etc are 
> installed on \\servername
> 
> 3) Right click on printer requiring drivers to be 
> installed on and click properties
> 
> 4) Click No to the 'Do you want to install a driver 
> now message'
> 
> 5) Click Advanced tab, and click New Driver
> 
> 6) Follow the wizard through, and pick the HP 8550 PCL 
> or PS from the Windows XP list (not a 3rd party driver)
> 
> 7) Complete the wizard and click apply on the printer 
> properties page
> 
> 8) Checking the samba logs reveals a Panic
> 
> I have about 20 more printers on the server to set the 
> drivers on, I will continue down the list and post any 
> others that cause the issue. I will get the 303RC source 
> and install it today, to continue the testing.
> 

changing version based on mail (and after adding 3.0.3pre2 to 
the list of possibilities).

another backtrace (from jeremy) and one other 
person on this list.


> [2004/04/20 15:21:02, 0] lib/util.c:smb_panic2(1406) 
>>    BACKTRACE: 27 stack frames: 
>>     #0 smbd(smb_panic2+0x128) [0x81cb288] 
>>     #1 smbd(smb_panic+0x19) [0x81cb159] 
>>     #2 smbd [0x81b96f2] 
>>     #3 /lib/tls/libc.so.6 [0x420275c8] 
>>     #4 /lib/tls/libc.so.6(malloc+0x8b) [0x4207335b] 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>>     #5 smbd(tdb_unpack+0x13b) [0x81e0b8b] 
>>     #6 smbd [0x81f10ce] 
>>     #7 smbd [0x81f1cd6] 
>>     #8 smbd(get_a_printer+0x126) [0x81f3026] 
>>     #9 smbd(_spoolss_getprinterdataex+0x1be) [0x8131dce] 

The bug was originally reported on a RedHat 9 box 
running Samba 3.0.2.  Has been reproduced by original 
reporter against 3.0.1pre[12] and rc1.

I cannot reproduce this on a SuSE 9.1 pro box, a RH 
7.3 or a RH 9 box.

nor can I reproduce this with build 395 running under 
valgrind 2.1.1 on SuSE 9.1 pro.

Have you tried moving the $(lockdir)/nt*tdb to 
somewhere out of the way incase they are corrupt.

I can try that. To give you some background, I first saw this message when I 
was running a SUSE 9.0 Pro box, with samba and cups. It was a production box, 
and the isssue seemed to start right out of the blue. We tried the patches 
etc. from here that were suggested but to no avail. We rebuilt to RH9, fresh 
install, complete format of the HDD and the issue came back straight away. At 
present I have a box with 1 printer on for test purposes and can pretty much 
crash it on demand. This box is not a production box, so I can try anything 
with it that you wish.

could you recompile and add --enable-debug to the 
configure options ?  That should give a more complete 
backtrace.

I have now recompiled as requested and repeated the same procedure, the stack 
trace is below:-

Apr 29 14:40:13 gandalf2 smbd[9675]: [2004/04/29 14:40:13, 0] 
lib/fault.c:fault_report(36) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   
=============================================================== 
Apr 29 14:40:13 gandalf2 smbd[9675]: [2004/04/29 14:40:13, 0] 
lib/fault.c:fault_report(37) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   INTERNAL ERROR: Signal 11 in pid 9675 
(3.0.3rc1) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   Please read the appendix Bugs of the 
Samba HOWTO collection 
Apr 29 14:40:13 gandalf2 smbd[9675]: [2004/04/29 14:40:13, 0] 
lib/fault.c:fault_report(39) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   
=============================================================== 
Apr 29 14:40:13 gandalf2 smbd[9675]: [2004/04/29 14:40:13, 0] 
lib/util.c:smb_panic2(1398) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   PANIC: internal error 
Apr 29 14:40:13 gandalf2 smbd[9675]: [2004/04/29 14:40:13, 0] 
lib/util.c:smb_panic2(1406) 
Apr 29 14:40:13 gandalf2 smbd[9675]:   BACKTRACE: 18 stack frames: 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #0 /usr/local/samba/sbin/smbd
(smb_panic2+0x1d2) [0x81e38d1] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #1 /usr/local/samba/sbin/smbd
(smb_panic+0x13) [0x81e36fa] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #2 /usr/local/samba/sbin/smbd 
[0x81cf296] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #3 /usr/local/samba/sbin/smbd 
[0x81cf2fd] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #4 /lib/tls/libc.so.6 [0x420275c8] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #5 /lib/tls/libc.so.6 [0x42073f99] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #6 /lib/tls/libc.so.6(malloc+0x8b) 
[0x4207335b] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #7 /usr/local/samba/sbin/smbd 
[0x808e389] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #8 /usr/local/samba/sbin/smbd 
[0x808e958] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #9 /usr/local/samba/sbin/smbd 
[0x808eb8a] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #10 /usr/local/samba/sbin/smbd
(reply_trans+0xcf3) [0x808f8f5] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #11 /usr/local/samba/sbin/smbd 
[0x80d7353] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #12 /usr/local/samba/sbin/smbd 
[0x80d740a] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #13 /usr/local/samba/sbin/smbd
(process_smb+0x1fa) [0x80d7772] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #14 /usr/local/samba/sbin/smbd
(smbd_process+0x18f) [0x80d8490] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #15 /usr/local/samba/sbin/smbd
(main+0x806) [0x8255d57] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #16 /lib/tls/libc.so.6
(__libc_start_main+0xe4) [0x42015574] 
Apr 29 14:40:13 gandalf2 smbd[9675]:    #17 /usr/local/samba/sbin/smbd
(chroot+0x31) [0x8077885] 
Apr 29 14:40:13 gandalf2 smbd[9675]: 
Apr 29 14:40:13 gandalf2 smbd[9676]: [2004/04/29 14:40:13, 0] 
smbd/connection.c:register_message_flags(220) 
Apr 29 14:40:13 gandalf2 smbd[9676]:   register_message_flags: tdb_fetch 
failed 

Do I need to up the log level to 10?

Correction my log level is already 10.

Has any progress been made on this problem? I am still running on Windows 2000 
due to the previous issues and would really like to get back to a Linux server 
as soon as possible.

Could you mail me the complete level 10 debug log directly ?
Thanks.

Created attachment 495 [details]
set initial value of pointer to NULL to prevent a false negativein error check

I can see where we would get a seg fault here but 
cannot reproduce the original bug report to test 
this solution.	Please let me know if this does solve
things for you.

I have patched my samba source and and recompile etc., and the problem still 
persists. Are any other people experiencing this problem? If it just me it may 
point to the hardware, I am open to all suggestions, I can rebuild on another 
box if required.

Created attachment 497 [details]
fix double free() of memory when publishing printers

Thanks for the log file.  I was able to reproduce the crash 
locally once I new where to look.  The new patch fixes the 
bug for me.  I'm checking it in for 3.0.4.

originally reported against 3.0.3pre2.  Moving back to version to 3.0.2a
to remove preX and rcX versions.

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.

database cleanup