I have some Samba 3.6.4 printer servers and sometimes queues are frozen, the reason is a strange core. The backtrace is this: #0 0x00007f23fa3a9a45 in raise () from /lib64/libc.so.6 #1 0x00007f23fa3ab225 in abort () from /lib64/libc.so.6 #2 0x00007f23fd7133e5 in dump_core () at lib/fault.c:391 #3 0x00007f23fd725ad2 in smb_panic (why=0x7f23fdce08f0 "internal error") at lib/util.c:1133 #4 0x00007f23fd712c00 in fault_report (sig=11) at lib/fault.c:53 #5 0x00007f23fd712c15 in sig_fault (sig=11) at lib/fault.c:76 #6 <signal handler called> #7 0x00007f23fa3f70c2 in __strlen_sse2 () from /lib64/libc.so.6 #8 0x00007f23fd758b8f in ndr_push_charset (ndr=0x7f23fe3336d0, ndr_flags=1, var=0x0, length=32, byte_mul=2 '\002', chset=CH_UTF16LE) at ../librpc/ndr/ndr_string.c:749 #9 0x00007f23fda33348 in ndr_push_spoolss_DeviceMode (ndr=0x7f23fe3336d0, ndr_flags=3, r=0x7f23fe3336d0) at librpc/gen_ndr/ndr_spoolss.c:1358 #10 0x00007f23fd74de23 in ndr_push_struct_blob (blob=0x7fff92cc8fc0, mem_ctx=0x7f23fe0c55a0, p=0x7f23fe3336d0, fn=0x7f23fda332b1 <ndr_push_spoolss_DeviceMode>) at ../librpc/ndr/ndr.c:1000 #11 0x00007f23fd76a962 in pack_devicemode (devmode=0x7f23fe3336d0, buf=0x90 <Address 0x90 out of bounds>, buflen=-144) at printing/printing.c:299 #12 0x00007f23fd76bc65 in pjob_store (ev=0x7f23fe0a7550, msg_ctx=0x7f23fe0a9a40, sharename=0x7fff92cca440 "IMP-CICE-WTC-1SE-01", jobid=103, pjob=0x7fff92cc96f0) at printing/printing.c:756 #13 0x00007f23fd76c697 in traverse_fn_delete (t=0x7f23fe3370a0, key=..., data=..., state=0x7fff92cc9fd0) at printing/printing.c:989 #14 0x00007f23fab3a4d7 in tdb_traverse_internal (tdb=0x7f23fe3370a0, fn=0x7f23fd76c2fd <traverse_fn_delete>, private_data=0x7fff92cc9fd0, tl=0x7fff92cc9d20) at ../lib/tdb/common/traverse.c:190 #15 0x00007f23fab3a711 in tdb_traverse (tdb=0x7f23fe3370a0, fn=0x7f23fd76c2fd <traverse_fn_delete>, private_data=0x7fff92cc9fd0) at ../lib/tdb/common/traverse.c:260 #16 0x00007f23fd76db7f in print_queue_update_internal (ev=0x7f23fe0a7550, msg_ctx=0x7f23fe0a9a40, sharename=0x7fff92cca440 "IMP-CICE-WTC-1SE-01", current_printif=0x7f23fe09d440, lpq_command=0x7f23fe28eee0 "IMP-CICE-WTC-1SE-01", lprm_command=0x7f23fe177a20 "/usr/bin/lprm -PIMP-CICE-WTC-1SE-01 %j") at printing/printing.c:1429 #17 0x00007f23fd76e140 in print_queue_update_with_lock (ev=0x7f23fe0a7550, msg_ctx=0x7f23fe0a9a40, sharename=0x7fff92cca440 "IMP-CICE-WTC-1SE-01", current_printif=0x7f23fe09d440, lpq_command=0x7f23fe28eee0 "IMP-CICE-WTC-1SE-01", lprm_command=0x7f23fe177a20 "/usr/bin/lprm -PIMP-CICE-WTC-1SE-01 %j") at printing/printing.c:1556 #18 0x00007f23fd76e317 in print_queue_receive (msg=0x7f23fe0a9a40, private_data=0x0, msg_type=517, server_id=..., data=0x7f23fe334018) at printing/printing.c:1592 #19 0x00007f23fd6f6c0f in messaging_dispatch_rec (msg_ctx=0x7f23fe0a9a40, rec=0x7f23fe333ff0) at lib/messages.c:376 #20 0x00007f23fd6f98f6 in message_dispatch (msg_ctx=0x7f23fe0a9a40) at lib/messages_local.c:478 #21 0x00007f23fd6f86b6 in messaging_tdb_signal_handler (ev_ctx=0x7f23fe0a7550, se=0x7f23fe0cfb50, signum=10, count=1, _info=0x0, private_data=0x7f23fe0a9840) at lib/messages_local.c:76 #22 0x00007f23fd73cf6e in tevent_common_check_signal (ev=0x7f23fe0a7550) at ../lib/tevent/tevent_signal.c:366 #23 0x00007f23fd738bfe in run_events_poll (ev=0x7f23fe0a7550, pollrtn=-1, pfds=0x7f23fe0d1360, num_pfds=3) at lib/events.c:193 #24 0x00007f23fd739584 in s3_event_loop_once (ev=0x7f23fe0a7550, location=0x7f23fdcf19d4 "printing/printing.c:1704") at lib/events.c:349 #25 0x00007f23fd73a6bf in _tevent_loop_once (ev=0x7f23fe0a7550, location=0x7f23fdcf19d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:494 #26 0x00007f23fd73a8fc in tevent_common_loop_wait (ev=0x7f23fe0a7550, location=0x7f23fdcf19d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:595 #27 0x00007f23fd73a9c7 in _tevent_loop_wait (ev=0x7f23fe0a7550, location=0x7f23fdcf19d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:614 #28 0x00007f23fd76e8e8 in start_background_queue (ev=0x7f23fe0a7550, msg_ctx=0x7f23fe0a9a40) at printing/printing.c:1704 #29 0x00007f23fdb61476 in main (argc=2, argv=0x7fff92ccad78) at smbd/server.c:1270
Another backtrace: #0 0x00007f8b24b4ca45 in raise () from /lib64/libc.so.6 #1 0x00007f8b24b4e225 in abort () from /lib64/libc.so.6 #2 0x00007f8b27eb63e5 in dump_core () at lib/fault.c:391 #3 0x00007f8b27ec8ad2 in smb_panic (why=0x7f8b284838f0 "internal error") at lib/util.c:1133 #4 0x00007f8b27eb5c00 in fault_report (sig=11) at lib/fault.c:53 #5 0x00007f8b27eb5c15 in sig_fault (sig=11) at lib/fault.c:76 #6 <signal handler called> #7 0x00007f8b24b9a0c2 in __strlen_sse2 () from /lib64/libc.so.6 #8 0x00007f8b27efbb8f in ndr_push_charset (ndr=0x7f8b2aa08ae0, ndr_flags=1, var=0x0, length=32, byte_mul=2 '\002', chset=CH_UTF16LE) at ../librpc/ndr/ndr_string.c:749 #9 0x00007f8b281d6348 in ndr_push_spoolss_DeviceMode (ndr=0x7f8b2aa08ae0, ndr_flags=3, r=0x7f8b2aa0eac0) at librpc/gen_ndr/ndr_spoolss.c:1358 #10 0x00007f8b27ef0e23 in ndr_push_struct_blob (blob=0x7fffbdd592d0, mem_ctx=0x7f8b2a624a40, p=0x7f8b2aa0eac0, fn=0x7f8b281d62b1 <ndr_push_spoolss_DeviceMode>) at ../librpc/ndr/ndr.c:1000 #11 0x00007f8b27f0d962 in pack_devicemode (devmode=0x7f8b2aa0eac0, buf=0x85 <Address 0x85 out of bounds>, buflen=-133) at printing/printing.c:299 #12 0x00007f8b27f0ec65 in pjob_store (ev=0x7f8b2a606550, msg_ctx=0x7f8b2a608a40, sharename=0x7fffbdd5a750 "IMP-CICE-WTC-2SE-01", jobid=1489, pjob=0x7fffbdd59a00) at printing/printing.c:756 #13 0x00007f8b27f0f697 in traverse_fn_delete (t=0x7f8b2aa08be0, key=..., data=..., state=0x7fffbdd5a2e0) at printing/printing.c:989 #14 0x00007f8b252dd4d7 in tdb_traverse_internal (tdb=0x7f8b2aa08be0, fn=0x7f8b27f0f2fd <traverse_fn_delete>, private_data=0x7fffbdd5a2e0, tl=0x7fffbdd5a030) at ../lib/tdb/common/traverse.c:190 #15 0x00007f8b252dd711 in tdb_traverse (tdb=0x7f8b2aa08be0, fn=0x7f8b27f0f2fd <traverse_fn_delete>, private_data=0x7fffbdd5a2e0) at ../lib/tdb/common/traverse.c:260 #16 0x00007f8b27f10b7f in print_queue_update_internal (ev=0x7f8b2a606550, msg_ctx=0x7f8b2a608a40, sharename=0x7fffbdd5a750 "IMP-CICE-WTC-2SE-01", current_printif=0x7f8b28840440, lpq_command=0x7f8b2a644770 "IMP-CICE-WTC-2SE-01", lprm_command=0x7f8b2a988d90 "/usr/bin/lprm -PIMP-CICE-WTC-2SE-01 %j") at printing/printing.c:1429 #17 0x00007f8b27f11140 in print_queue_update_with_lock (ev=0x7f8b2a606550, msg_ctx=0x7f8b2a608a40, sharename=0x7fffbdd5a750 "IMP-CICE-WTC-2SE-01", current_printif=0x7f8b28840440, lpq_command=0x7f8b2a644770 "IMP-CICE-WTC-2SE-01", lprm_command=0x7f8b2a988d90 "/usr/bin/lprm -PIMP-CICE-WTC-2SE-01 %j") at printing/printing.c:1556 #18 0x00007f8b27f11317 in print_queue_receive (msg=0x7f8b2a608a40, private_data=0x0, msg_type=517, server_id=..., data=0x7f8b2aa08958) at printing/printing.c:1592 #19 0x00007f8b27e99c0f in messaging_dispatch_rec (msg_ctx=0x7f8b2a608a40, rec=0x7f8b2aa08930) at lib/messages.c:376 #20 0x00007f8b27e9c8f6 in message_dispatch (msg_ctx=0x7f8b2a608a40) at lib/messages_local.c:478 #21 0x00007f8b27e9b6b6 in messaging_tdb_signal_handler (ev_ctx=0x7f8b2a606550, se=0x7f8b2a6359a0, signum=10, count=1, _info=0x0, private_data=0x7f8b2a608840) at lib/messages_local.c:76 #22 0x00007f8b27edff6e in tevent_common_check_signal (ev=0x7f8b2a606550) at ../lib/tevent/tevent_signal.c:366 #23 0x00007f8b27edbbfe in run_events_poll (ev=0x7f8b2a606550, pollrtn=-1, pfds=0x7f8b2a631240, num_pfds=3) at lib/events.c:193 #24 0x00007f8b27edc584 in s3_event_loop_once (ev=0x7f8b2a606550, location=0x7f8b284949d4 "printing/printing.c:1704") at lib/events.c:349 #25 0x00007f8b27edd6bf in _tevent_loop_once (ev=0x7f8b2a606550, location=0x7f8b284949d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:494 #26 0x00007f8b27edd8fc in tevent_common_loop_wait (ev=0x7f8b2a606550, location=0x7f8b284949d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:595 #27 0x00007f8b27edd9c7 in _tevent_loop_wait (ev=0x7f8b2a606550, location=0x7f8b284949d4 "printing/printing.c:1704") at ../lib/tevent/tevent.c:614 #28 0x00007f8b27f118e8 in start_background_queue (ev=0x7f8b2a606550, msg_ctx=0x7f8b2a608a40) at printing/printing.c:1704 #29 0x00007f8b28304476 in main (argc=2, argv=0x7fffbdd5b088) at smbd/server.c:1270
Appear to be resolved at 2.6.15