Jerry Haltom
2004-Feb-04 23:35 UTC
[Samba] Signal 11 in smbd 3.0.2rc2 on printer operation!
Our computers in our office ceased being able to print to a shared cups
printer today. Could not find the cause. Seems the smbd processes are
dying. Below is the stack trace produced by gdb bt full.
The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for pid 5839 (/usr/opt/samba-3.0.2rc2/sbin/smbd).
0x40150a59 in wait4 () from /lib/libc.so.6
#0 0x40150a59 in wait4 () from /lib/libc.so.6
No symbol table info available.
#1 0x401c7e48 in __check_rhosts_file () from /lib/libc.so.6
No symbol table info available.
#2 0x400f57c5 in system () from /lib/libc.so.6
No symbol table info available.
#3 0x081e7625 in smb_panic (why=0x82af4fe "internal error") at
lib/util.c:1391
cmd = 0x83ec268 "/usr/share/samba/panic-action 5839"
result = 1074632376
backtrace_stack = {0x0, 0xbfffeee0, 0xbfffefd4, 0x81d174f, 0x82af3e2,
0x82e43e0, 0x0, 0xbfffef08, 0x400c9319, 0xbffff628, 0xbfffefd4, 0x81d1757,
0xbffff51c, 0x4e4ec24c, 0xbffff55c, 0x8299000, 0x0, 0x400fa582, 0x82f6c4b,
0x83d4ae3, 0xbfffef3c, 0x81dd474, 0x83d4ad8, 0x82f6c40, 0x0, 0x0, 0x0, 0x0,
0xbffff36c, 0x821a08b, 0x83d4ad8, 0x82f6c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xbffff598, 0x81d4704, 0x1c, 0x84038d4, 0x68, 0x0, 0x83d4c40, 0x0,
0xbfffefcc, 0x81eafe1, 0x400c9319, 0x401c7e48, 0xbffff0fc, 0x401c7e48,
0xbffff628, 0x0, 0xbffffd94, 0x4011e1d6, 0x401c7e48, 0x401c56a0, 0x0, 0x0,
0x8200b20, 0x4000000}
backtrace_size = 138426576
backtrace_strings = (char **) 0x1c
#4 0x081d1951 in fault_report (sig=11) at lib/fault.c:41
counter = 1
#5 0x081d19ba in sig_fault (sig=11) at lib/fault.c:61
No locals.
#6 0x400d96b8 in sigaction () from /lib/libc.so.6
No symbol table info available.
#7 0x0820b54b in print_queue_status (snum=1, ppqueue=0xbffff4d0,
status=0xbffff4d4) at printing/printing.c:2283
keystr = "STATUS/hpljet8100n\0\0\001\0\0\0 ??? V\034@?B<\b?\006
\b@L=\b\0\0\0\0\0\0\0\0?\021}\034_duB\227P??.\232:?\0\0\0\0\0\0\0\0D???,???Q0\026\b\004\0\0\0D???\024\0\0\0\0\0\0\0\001\0\0\0\0\0\0\0\004\0\0\0\0\0\0\0\002\0\0\08U=\bL???\0361\026\b\220\026=\bD???x???\004\0\0\0\0\0\0\0\001\0\0\0|????\214!\b\001\0\0\0D???x???,L\023\b\0\0\0\0\224???\214???K?\017\b"...
data = {dptr = 0x0, dsize = 264}
key = {dptr = 0xbffff3ac "STATUS/hpljet8100n", dsize = 18}
printername = 0x82f6c40 "hpljet8100n"
pdb = (struct tdb_print_db *) 0x83d4ac8
count = 0
#8 0x0813d5b1 in _spoolss_enumjobs (p=0x83d1690, q_u=0xbffff644,
r_u=0xbffff634) at rpc_server/srv_spoolss_nt.c:6517
handle = (POLICY_HND *) 0xbffff644
level = 2
buffer = (NEW_BUFFER *) 0x83dd788
offered = 1024
needed = (unsigned int *) 0xbffff638
returned = (unsigned int *) 0xbffff63c
wret = {v = 135905801}
snum = 1
prt_status = {
message = "no entries\0 is ready", '\0' <repeats 235
times>, qcount = 0,
status = 0}
queue = (print_queue_struct *) 0x0
#9 0x0812b825 in api_spoolss_enumjobs (p=0x83d1690)
at rpc_server/srv_spoolss.c:693
q_u = {handle = {data1 = 0, data2 = 3, data3 = 0, data4 = 0,
data5 = "?\200!@?\026\0"}, firstjob = 0, numofjobs = 4294967295,
level = 2, buffer = 0x83dd788, offered = 1024}
r_u = {buffer = 0x83dd788, needed = 0, returned = 0, status = {v = 0}}
data = (prs_struct *) 0x83d3138
rdata = (prs_struct *) 0x83d315c
#10 0x081624f9 in api_rpcTNP (p=0x83d1690, rpc_name=0x83d169e
"spoolss",
api_rpc_cmds=0x82daa0c, n_cmds=51) at rpc_server/srv_pipe.c:1530
fn_num = 19
name = "in_spoolss\0\b0\0\0\0 V\034@\f???Q?\021@H~\034@
V\034@\224???l\021\022@?X\034@\0\0\0\0`\004\0\0\220?>\b?<A\b$B-\b<???Q?\021@H~\034@\210?>\b`\004\0\0??\021@H~\034@
V\034@ V\034@??\021@0\004\0\0
V\034@L?????\021@?Y\034@,\004\0\0?V\034@??\021@H~\034@
V\034@H\f?\bX\0\0\0d\0\0\0Y\0\0\0d\0\0\0\210\022\0\0?\020\0\0
V\034@\214???t?\021@,\004\0\0\0\0\0\0\224???"...
offset1 = 0
offset2 = 4
#11 0x08162180 in api_pipe_request (p=0x83d1690) at rpc_server/srv_pipe.c:1476
ret = 0
pipe_fns = (PIPE_RPC_FNS *) 0x83cda10
#12 0x0815aecc in process_request_pdu (p=0x83d1690, rpc_in_p=0xbffff848)
at rpc_server/srv_pipe_hnd.c:669
ret = 0
auth_verify = 0
data_len = 1068
#13 0x0815b164 in process_complete_pdu (p=0x83d1690)
at rpc_server/srv_pipe_hnd.c:741
rpc_in = {io = 1, bigendian_data = 0, align = 4 '\004',
is_dynamic = 0, data_offset = 8, buffer_size = 1076, grow_size = 0,
data_p = 0x83d2078 ",\004", mem_ctx = 0x83cc3f0}
data_len = 1076
data_p = 0x83d2078 ",\004"
reply = 0
#14 0x0815b4d4 in process_incoming_data (p=0x83d1690, data=0x83ef2c8
",\004",
n=1076) at rpc_server/srv_pipe_hnd.c:839
data_to_copy = 1076
old_pdu_received_len = 0
#15 0x0815b723 in write_to_internal_pipe (np_conn=0x83d1690,
data=0x83ef2c8 ",\004", n=1092) at rpc_server/srv_pipe_hnd.c:878
data_used = 0
p = (pipes_struct *) 0x83d1690
data_left = 1076
#16 0x0815b67a in write_to_pipe (p=0x83cc2b0, data=0x83ef2b8 "\005",
n=1092)
at rpc_server/srv_pipe_hnd.c:861
No locals.
#17 0x0808e674 in api_fd_reply (conn=0x83ccf88, vuid=100,
outbuf=0x404a4008 "", setup=0x83cf230, data=0x83ef2b8
"\005", params=0x0,
suwcnt=2, tdscnt=1092, tpscnt=0, mdrcnt=3208, mprcnt=0) at smbd/ipc.c:306
vuid = 100
reply = 0
p = (smb_np_struct *) 0x83cc2b0
pnum = 30334
subcommand = 38
#18 0x0808e93a in named_pipe (conn=0x83ccf88, vuid=100, outbuf=0x404a4008
"",
name=0xbffffa52 "", setup=0x83cf230, data=0x83ef2b8
"\005", params=0x0,
suwcnt=2, tdscnt=1092, tpscnt=0, msrcnt=0, mdrcnt=3208, mprcnt=0)
at smbd/ipc.c:350
vuid = 100
#19 0x0808f80b in reply_trans (conn=0x83ccf88, inbuf=0x40483008 "",
outbuf=0x404a4008 "", size=1180, bufsize=131072) at smbd/ipc.c:558
name = "\\PIPE\\", '\0' <repeats 249 times>
name_offset = 6
data = 0x83ef2b8 "\005"
params = 0x0
setup = (short unsigned int *) 0x83cf230
outsize = 0
vuid = 100
tpscnt = 0
tdscnt = 1092
mprcnt = 0
mdrcnt = 3208
msrcnt = 0
close_on_completion = 0
one_way = 0
pscnt = 0
psoff = 84
dscnt = 1092
dsoff = 84
suwcnt = 2
#20 0x080d5d1f in switch_message (type=37, inbuf=0x40483008 "",
outbuf=0x404a4008 "", size=1180, bufsize=131072) at
smbd/process.c:767
flags = 9
last_session_tag = 100
session_tag = 100
conn = (connection_struct *) 0x83ccf88
pid = 5839
outsize = 0
#21 0x080d5def in construct_reply (inbuf=0x40483008 "",
outbuf=0x404a4008 "",
size=1180, bufsize=131072) at smbd/process.c:797
type = 37
outsize = 0
msg_type = 0
#22 0x080d618b in process_smb (inbuf=0x40483008 "", outbuf=0x404a4008
"")
at smbd/process.c:897
trans_num = 28
msg_type = 0
len = 1176
nread = 1180
#23 0x080d6f05 in smbd_process () at smbd/process.c:1328
deadtime = 604800
select_timeout = 60000
num_echos = 0
last_timeout_processing_time = 1075937457
num_smbs = 28
total_buffer_size = 132161
#24 0x08256fd7 in main (argc=2, argv=0xbffffe04) at smbd/server.c:887
is_daemon = 1
interactive = 0
Fork = 1
log_stdout = 0
ports = 0x0
opt = -1
pc = 0x82f3f38
long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4,
arg = 0x82dd25c, val = 0, descrip = 0x82d3ff3 "Help options",
argDescrip = 0x0}, {longName = 0x82d4000 "daemon", shortName = 68
'D',
argInfo = 7, arg = 0x82dd248, val = 1,
descrip = 0x82d4007 "Become a daemon (default)", argDescrip =
0x0}, {
longName = 0x82d4021 "interactive", shortName = 105 'i',
argInfo = 7,
arg = 0x82dd24c, val = 1,
descrip = 0x82d4040 "Run interactive (not a daemon)", argDescrip =
0x0}, {
longName = 0x82d405f "foreground", shortName = 70 'F',
argInfo = 7,
arg = 0x82dd250, val = 0,
descrip = 0x82d4080 "Run daemon in foreground (for daemontools &
etc)",
argDescrip = 0x0}, {longName = 0x82d40b1 "log-stdout", shortName =
83 'S',
argInfo = 7, arg = 0x82dd254, val = 1,
descrip = 0x82d40bc "Log to stdout", argDescrip = 0x0}, {
longName = 0x82d40ca "build-options", shortName = 98 'b',
argInfo = 0,
arg = 0x0, val = 98, descrip = 0x82d40d8 "Print build options",
argDescrip = 0x0}, {longName = 0x82d40ec "port", shortName = 112
'p',
argInfo = 1, arg = 0x82dd258, val = 0,
descrip = 0x82d40f1 "Listen on the specified ports", argDescrip =
0x0}, {
longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x82dcce8,
val = 0,
descrip = 0x82d410f "Common samba options:", argDescrip = 0x0}, {
longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0,
descrip = 0x0, argDescrip = 0x0}}
--
Jerry Haltom <jhaltom@feedbackplusinc.com>
Feedback Plus, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040204/0e556c60/attachment.bin
Jeremy Allison
2004-Feb-05 01:17 UTC
[Samba] Signal 11 in smbd 3.0.2rc2 on printer operation!
On Wed, Feb 04, 2004 at 05:35:11PM -0600, Jerry Haltom wrote:> Our computers in our office ceased being able to print to a shared cups > printer today. Could not find the cause. Seems the smbd processes are > dying. Below is the stack trace produced by gdb bt full. > > > > The Samba 'panic action' script, /usr/share/samba/panic-action, > was called for pid 5839 (/usr/opt/samba-3.0.2rc2/sbin/smbd). > > 0x40150a59 in wait4 () from /lib/libc.so.6 > #0 0x40150a59 in wait4 () from /lib/libc.so.6 > No symbol table info available. > #1 0x401c7e48 in __check_rhosts_file () from /lib/libc.so.6 > No symbol table info available. > #2 0x400f57c5 in system () from /lib/libc.so.6 > No symbol table info available. > #3 0x081e7625 in smb_panic (why=0x82af4fe "internal error") at lib/util.c:1391 > cmd = 0x83ec268 "/usr/share/samba/panic-action 5839" > result = 1074632376 > backtrace_stack = {0x0, 0xbfffeee0, 0xbfffefd4, 0x81d174f, 0x82af3e2, > 0x82e43e0, 0x0, 0xbfffef08, 0x400c9319, 0xbffff628, 0xbfffefd4, 0x81d1757, > 0xbffff51c, 0x4e4ec24c, 0xbffff55c, 0x8299000, 0x0, 0x400fa582, 0x82f6c4b, > 0x83d4ae3, 0xbfffef3c, 0x81dd474, 0x83d4ad8, 0x82f6c40, 0x0, 0x0, 0x0, 0x0, > 0xbffff36c, 0x821a08b, 0x83d4ad8, 0x82f6c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, > 0x0, 0x0, 0xbffff598, 0x81d4704, 0x1c, 0x84038d4, 0x68, 0x0, 0x83d4c40, 0x0, > 0xbfffefcc, 0x81eafe1, 0x400c9319, 0x401c7e48, 0xbffff0fc, 0x401c7e48, > 0xbffff628, 0x0, 0xbffffd94, 0x4011e1d6, 0x401c7e48, 0x401c56a0, 0x0, 0x0, > 0x8200b20, 0x4000000} > backtrace_size = 138426576 > backtrace_strings = (char **) 0x1c > #4 0x081d1951 in fault_report (sig=11) at lib/fault.c:41 > counter = 1 > #5 0x081d19ba in sig_fault (sig=11) at lib/fault.c:61 > No locals. > #6 0x400d96b8 in sigaction () from /lib/libc.so.6 > No symbol table info available. > #7 0x0820b54b in print_queue_status (snum=1, ppqueue=0xbffff4d0, > status=0xbffff4d4) at printing/printing.c:2283 > keystr = "STATUS/hpljet8100n\0\0\001\0\0\0 ??? V\034@?B<\b?\006 \b@L=\b\0\0\0\0\0\0\0\0?\021}\034_duB\227P??.\232:?\0\0\0\0\0\0\0\0D???,???Q0\026\b\004\0\0\0D???\024\0\0\0\0\0\0\0\001\0\0\0\0\0\0\0\004\0\0\0\0\0\0\0\002\0\0\08U=\bL???\0361\026\b\220\026=\bD???x???\004\0\0\0\0\0\0\0\001\0\0\0|????\214!\b\001\0\0\0D???x???,L\023\b\0\0\0\0\224???\214???K?\017\b"... > data = {dptr = 0x0, dsize = 264} > key = {dptr = 0xbffff3ac "STATUS/hpljet8100n", dsize = 18} > printername = 0x82f6c40 "hpljet8100n" > pdb = (struct tdb_print_db *) 0x83d4ac8 > count = 0This is a strange crash location. It appears to be in the call here : if (!get_stored_queue_info(pdb, snum, &count, ppqueue)) { release_print_db(pdb); return 0; I don't immediately see any bad pointers etc. in this call... Jeremy.