Bug 4552 - smbd segfaults when browsing printers & faxes folder
Summary: smbd segfaults when browsing printers & faxes folder
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Printing (show other bugs)
Version: 3.0.24
Hardware: x64 All
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-25 08:56 UTC by John Hynes
Modified: 2012-01-09 11:03 UTC (History)
0 users

See Also:


Attachments
Level 10 debug log for the host who's browsing causes the segfault (205.71 KB, application/gzip)
2007-04-25 08:57 UTC, John Hynes
no flags Details
My smb.conf for this print server (864 bytes, text/plain)
2007-04-25 08:59 UTC, John Hynes
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description John Hynes 2007-04-25 08:56:55 UTC
After setting up print services only, and initializing the printers/setting up point-n-print, viewing the p&f folder worked fine, as did automatic driver download with all the default options I set.

After restarting, the print queues still show and function when browsing the host, but viewing the p&f folder for more detailed information causes smbd to segfault.
Comment 1 John Hynes 2007-04-25 08:57:56 UTC
Created attachment 2410 [details]
Level 10 debug log for the host who's browsing causes the segfault
Comment 2 John Hynes 2007-04-25 08:59:40 UTC
Created attachment 2411 [details]
My smb.conf for this print server
Comment 3 John Hynes 2007-05-01 14:31:24 UTC
I tried to re-setup a few printers after removing all the TDBs.  Completely clean re-configure.

After setting up 2 printers, I was unable to initialize a third.  These messages appeared in the log:

[2007/05/01 15:24:41, 1] smbd/ipc.c:api_fd_reply(290)
  api_fd_reply: INVALID PIPE HANDLE: 749b
[2007/05/01 15:24:43, 0] smbd/service.c:make_connection(1111)
  pba-ss1 (192.168.254.9) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d}
[2007/05/01 15:25:00, 1] smbd/service.c:make_connection_snum(950)
  pba-ss1 (192.168.254.9) connect to service print$ initially as user administrator (uid=1001, gid=1000) (pid 1992)
[2007/05/01 15:25:01, 0] smbd/nttrans.c:call_nt_transact_ioctl(2338)
  call_nt_transact_ioctl(0x90100): Currently not implemented.
[2007/05/01 15:25:23, 1] smbd/service.c:make_connection_snum(950)
  pba-ss1 (192.168.254.9) connect to service print$ initially as user administrator (uid=1001, gid=1000) (pid 1992)
[2007/05/01 15:25:23, 1] smbd/service.c:close_cnum(1150)
  pba-ss1 (192.168.254.9) closed connection to service print$
[2007/05/01 15:25:23, 1] smbd/service.c:make_connection_snum(950)
  pba-ss1 (192.168.254.9) connect to service print$ initially as user administrator (uid=1001, gid=1000) (pid 1992)
[2007/05/01 15:25:23, 1] smbd/service.c:close_cnum(1150)
  pba-ss1 (192.168.254.9) closed connection to service print$
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_oob len 1111638598 beyond eof at 417792
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): remove_from_freelist: not on list at off=6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_free: left free failed at 6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_oob len 1111638598 beyond eof at 417792
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): remove_from_freelist: not on list at off=6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_free: left free failed at 6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_oob len 1111638598 beyond eof at 417792
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): remove_from_freelist: not on list at off=6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): tdb_free: left free failed at 6472
[2007/05/01 15:25:27, 0] tdb/tdbutil.c:tdb_log(783)
  tdb(/usr/local/samba/var/locks/ntprinters.tdb): rec_free_read bad magic 0x42424242 at offset=163596
[2007/05/01 15:26:30, 1] smbd/service.c:close_cnum(1150)
  pba-ss1 (192.168.254.9) closed connection to service print$

Definitely seems to be a TDB corruption issue.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2007-05-01 14:52:03 UTC
What server OS and file system are you using to store the tdb files ?
Comment 5 John Hynes 2007-05-01 15:07:22 UTC
It's Fedora Core 6 x86_64, EXT3 FS.  It's not pre-packaged samba - it's self-compiled.
Comment 6 Andreas Schneider 2012-01-09 11:03:44 UTC
This is probably fixed with a newer Samba version. If you still see the error. Please open a new bug with 'debug level = 10' logfiles of the new Samba version 3.5 or 3.6. Thanks!