I installed canon and epson windows printer driver to samba3.0.20a. Printing is OK from windows XP. I changed the printer driver to other printer driver. After printer driver files copy finished,I clicked OK. But I can't change it with XP error message. I checked log.smbd, [2006/01/06 11:32:30, 0] lib/fault.c:fault_report(40) =============================================================== [2006/01/06 11:32:30, 0] lib/util.c:smb_panic2(1554) PANIC: internal error [2006/01/06 11:32:30, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 27 stack frames: #0 /usr/local/samba/sbin/smbd(smb_panic2+0x18c) [0x81c9e3a] #1 /usr/local/samba/sbin/smbd(smb_panic+0x10) [0x81c9cac] #2 /usr/local/samba/sbin/smbd [0x81b96ba] #3 /usr/local/samba/sbin/smbd [0x81b970f] #4 /lib/tls/libc.so.6 [0x420277b8] #5 /usr/local/samba/sbin/smbd(add_printer_data+0x43) [0x81ebeed] #6 /usr/local/samba/sbin/smbd(set_printer_dataex+0x27) [0x81294bf] #7 /usr/local/samba/sbin/smbd [0x812ffc6] #8 /usr/local/samba/sbin/smbd(_spoolss_setprinter+0x11a) [0x813027b] #9 /usr/local/samba/sbin/smbd [0x81230d8] #10 /usr/local/samba/sbin/smbd(api_rpcTNP+0x1f3) [0x814ffb1] #11 /usr/local/samba/sbin/smbd(api_pipe_request+0xed) [0x814fd46] #12 /usr/local/samba/sbin/smbd [0x814a3e0] #13 /usr/local/samba/sbin/smbd [0x814a583] #14 /usr/local/samba/sbin/smbd [0x814ab08] #15 /usr/local/samba/sbin/smbd [0x814acbe] #16 /usr/local/samba/sbin/smbd(write_to_pipe+0xd9) [0x814ac42] #17 /usr/local/samba/sbin/smbd [0x80913f0] #18 /usr/local/samba/sbin/smbd [0x80915e0] #19 /usr/local/samba/sbin/smbd(reply_trans+0x976) [0x8091fbe] #20 /usr/local/samba/sbin/smbd [0x80d0cba] #21 /usr/local/samba/sbin/smbd [0x80d0d44] #22 /usr/local/samba/sbin/smbd(process_smb+0x1b9) [0x80d103f] #23 /usr/local/samba/sbin/smbd(smbd_process+0x136) [0x80d1c9f] #24 /usr/local/samba/sbin/smbd(main+0x77d) [0x8242877] #25 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015704] #26 /usr/local/samba/sbin/smbd(chroot+0x31) [0x807e035] I want to change printer driver. Please tell me how to fix.
Samba OS:redhat9 Client OS:Windows XP SP2 and Windows2000 printer driver:epson and canon windows XP/2000 driver (not linux printing bug.) I tried to reinstall printer driver from XP SP2 and 2000, but failed.
added smbd -d 3 log. I can find STATUS_BUFFER_OVERFLOW message. ---- api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 1276 [2006/01/06 15:20:30, 3] smbd/error.c:error_packet(146) error packet at smbd/ipc.c(97) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 87 of length 63 ----- -- all -d 3 log -- [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 50 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 51 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 52 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 53 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 54 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 55 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 56 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 57 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 58 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 59 of length 4348 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70ea nwritten=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 60 of length 3928 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=3840 params=0 setup=2 [2006/01/06 15:20:29, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:29, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:29, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERS [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/01/06 15:20:29, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/06 15:20:29, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 22486 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 61 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 62 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 63 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 64 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 65 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 66 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 67 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 68 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 69 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=4280 [2006/01/06 15:20:29, 3] smbd/process.c:process_smb(1194) Transaction 70 of length 63 [2006/01/06 15:20:29, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:29, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70ea min=4280 max=4280 nread=3796 [2006/01/06 15:20:29, 3] printing/printing.c:print_queue_update_internal(1144) print_queue_update_internal: 0 jobs in queue for PR04F12 [2006/01/06 15:20:29, 3] printing/printing.c:print_queue_update_internal(1144) print_queue_update_internal: 0 jobs in queue for PR09F03C [2006/01/06 15:20:29, 3] printing/printing.c:print_queue_update_internal(1144) print_queue_update_internal: 0 jobs in queue for PR08F95C [2006/01/06 15:20:29, 3] printing/printing.c:print_queue_update_internal(1144) print_queue_update_internal: 0 jobs in queue for PR04F11 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 71 of length 304 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=216 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(416) Setting printer type=\\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 170 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 72 of length 168 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 22 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 73 of length 132 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 74 of length 304 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=216 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(416) Setting printer type=\\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 170 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 75 of length 132 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 76 of length 3696 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=3608 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2006/01/06 15:20:30, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(271) find_printer_index_by_hnd: Printer handle not found: find_printer_index_by_hnd: Printer handle not found: get_printer_snum: Invalid handle (OTHER:21738:21747) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 52 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 77 of length 132 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/01/06 15:20:30, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(271) find_printer_index_by_hnd: Printer handle not found: find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OTHER:21738:21747) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 78 of length 106 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe spoolss opening. [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 79 of length 1856 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=1768 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(416) Setting printer type=\\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 1734 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 80 of length 140 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1483) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\spoolss [2006/01/06 15:20:30, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=70eb nwritten=72 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 81 of length 63 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70eb min=1024 max=1024 nread=68 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 82 of length 1856 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=1768 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70eb) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 71 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(416) Setting printer type=\\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 1734 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 83 of length 132 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 84 of length 304 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=216 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(416) Setting printer type=\\printer-server\PRINTER1 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 170 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 85 of length 132 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 86 of length 3696 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=3608 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70eb) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 1276 [2006/01/06 15:20:30, 3] smbd/error.c:error_packet(146) error packet at smbd/ipc.c(97) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 87 of length 63 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=70eb min=2564 max=2564 nread=2564 [2006/01/06 15:20:30, 3] smbd/process.c:process_smb(1194) Transaction 88 of length 648 [2006/01/06 15:20:30, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 21747) conn 0x832ae30 [2006/01/06 15:20:30, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=560 params=0 setup=2 [2006/01/06 15:20:30, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/01/06 15:20:30, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "spoolss" (pnum 70ea) [2006/01/06 15:20:30, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/01/06 15:20:30, 3] rpc_server/srv_pipe.c:api_rpcTNP(2214) api_rpcTNP: rpc command: SPOOLSS_SETPRINTER [2006/01/06 15:20:30, 0] lib/fault.c:fault_report(36) =============================================================== [2006/01/06 15:20:30, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 21747 (3.0.21a) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/01/06 15:20:30, 0] lib/fault.c:fault_report(39) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/01/06 15:20:30, 0] lib/fault.c:fault_report(40) =============================================================== [2006/01/06 15:20:30, 0] lib/util.c:smb_panic2(1554) PANIC: internal error [2006/01/06 15:20:30, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 27 stack frames: #0 /usr/local/samba/sbin/smbd(smb_panic2+0x18c) [0x81c9e3a] #1 /usr/local/samba/sbin/smbd(smb_panic+0x10) [0x81c9cac] #2 /usr/local/samba/sbin/smbd [0x81b96ba] #3 /usr/local/samba/sbin/smbd [0x81b970f] #4 /lib/tls/libc.so.6 [0x420277b8] #5 /usr/local/samba/sbin/smbd(add_printer_data+0x43) [0x81ebeed] #6 /usr/local/samba/sbin/smbd(set_printer_dataex+0x27) [0x81294bf] #7 /usr/local/samba/sbin/smbd [0x812ffc6] #8 /usr/local/samba/sbin/smbd(_spoolss_setprinter+0x11a) [0x813027b] #9 /usr/local/samba/sbin/smbd [0x81230d8] #10 /usr/local/samba/sbin/smbd(api_rpcTNP+0x1f3) [0x814ffb1] #11 /usr/local/samba/sbin/smbd(api_pipe_request+0xed) [0x814fd46] #12 /usr/local/samba/sbin/smbd [0x814a3e0] #13 /usr/local/samba/sbin/smbd [0x814a583] #14 /usr/local/samba/sbin/smbd [0x814ab08] #15 /usr/local/samba/sbin/smbd [0x814acbe] #16 /usr/local/samba/sbin/smbd(write_to_pipe+0xd9) [0x814ac42] #17 /usr/local/samba/sbin/smbd [0x80913f0] #18 /usr/local/samba/sbin/smbd [0x80915e0] #19 /usr/local/samba/sbin/smbd(reply_trans+0x976) [0x8091fbe] #20 /usr/local/samba/sbin/smbd [0x80d0cba] #21 /usr/local/samba/sbin/smbd [0x80d0d44] #22 /usr/local/samba/sbin/smbd(process_smb+0x1b9) [0x80d103f] #23 /usr/local/samba/sbin/smbd(smbd_process+0x136) [0x80d1c9f] #24 /usr/local/samba/sbin/smbd(main+0x77d) [0x8242877] #25 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015704] #26 /usr/local/samba/sbin/smbd(chroot+0x31) [0x807e035] --
I checked,samba version down to 3.0.20b has no problem. New windows printer driver install is OK, changed to listed installed printer driver is OK. samba-3.0.21a has this problem. I don't know samba-3.0.21 has same problem.
The STATUS_BUFFER_OVERFLOW is a normal message when fragmenting rpc pdus. I'll try to reproduce it.
Thank you for the reply. This problem is expected to be fix.
The crash is not fixed yet. but when I have a patch I will post it here for you to test.
do you have a link to the specific print driver you are using?
reproduced it. working on a fix.
Created attachment 1678 [details] zero printer data pointer after freeing the data
This patch fixes the crash on my box. Please test. Checking it in for 3.0.21b
I will try today or tomorrow. And I will report again. Thank you very much.
I patched to samba-3.0.21b and rebuild. 1) No probrem to installing new printer driver.(bug fixed) 2) No probrem to changing installed drivers. (bug fixed) Thank you.
Well,I have a question. will this patch be included main source tree or next new samba-3.0.x include this patch?
Yes. This patch will be in 3.0.21b