thr3ads.net - samba - [Samba] Panic or segfault in Samba 3.6.1

If this information is useful, please help other people find it:
Share via:

Dale Schroeder

2011-Dec-21 16:04 UTC

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing

Since upgrading to 3.6.1 in Debian testing, I receive a panic/segfault 
message with each print job.  Printing succeeds and continues to work, 
but an email with the info below is sent each time.
The system is standalone.  Kernel is 3.1.0-1-686-pae, and the system is 
fully updated.  testparm returns no errors.

Does this mean anything to anyone?

Dale


[Thread debugging using libthread_db enabled]
0xb6eee424 in __kernel_vsyscall ()
#0 0xb6eee424 in __kernel_vsyscall ()
#1 0xb6b4def3 in waitpid () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#2 0xb6af0073 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#3 0xb736c0ab in smb_panic (why=0xb778cf41 "internal error") at 
lib/util.c:1123
#4 0xb735b232 in fault_report (sig=11) at lib/fault.c:53
#5 sig_fault (sig=11) at lib/fault.c:76
#6 <signal handler called>
#7 dcerpc_binding_handle_call (h=0x0, object=0x0, table=0xb78f6b00, 
opnum=60, r_mem=0xb96a3bb8, r_ptr=0xbfd985a4) at 
../librpc/rpc/binding_handle.c:524
#8 0xb72599e4 in dcerpc_spoolss_ReplyClosePrinter_r (h=0x0, 
mem_ctx=0xb96a3bb8, r=0xbfd985a4) at librpc/gen_ndr/ndr_spoolss_c.c:10389
#9 0xb7259c5a in dcerpc_spoolss_ReplyClosePrinter (h=0x0, 
mem_ctx=0xb96a3bb8, _handle=0xb96a8d28, result=0xbfd9860c) at 
librpc/gen_ndr/ndr_spoolss_c.c:10514
#10 0xb71d8687 in srv_spoolss_replycloseprinter (snum=2, 
prn_hnd=0xb96a8af8) at rpc_server/spoolss/srv_spoolss_nt.c:259
#11 0xb71e468e in _spoolss_FindClosePrinterNotify (p=0xb96ac728, 
r=0xb96a3be8) at rpc_server/spoolss/srv_spoolss_nt.c:6782
#12 0xb71f5758 in api_spoolss_FindClosePrinterNotify (p=0xb96ac728) at 
librpc/gen_ndr/srv_spoolss.c:4467
#13 0xb722eeba in api_rpcTNP (p=0xb96ac728, api_rpc_cmds=0xb7905020, 
n_cmds=110, pkt=<optimized out>) at rpc_server/srv_pipe.c:1647
#14 0xb723175d in api_pipe_request (pkt=0xb96ac518, p=0xb96ac728) at 
rpc_server/srv_pipe.c:1580
#15 process_request_pdu (pkt=0xb96ac518, p=0xb96ac728) at 
rpc_server/srv_pipe.c:1837
#16 process_complete_pdu (p=0xb96ac728) at rpc_server/srv_pipe.c:1894
#17 0xb7232fa0 in process_incoming_data (p=0xb96ac728, data=0xb96a3a48 
"\024", n=28) at rpc_server/srv_pipe_hnd.c:218
#18 0xb72337dc in write_to_internal_pipe (n=44, data=0xb96a3a48
"\024",
p=0xb96ac728) at rpc_server/srv_pipe_hnd.c:244
#19 np_write_send (mem_ctx=0xb96a39f8, ev=0xb967cad8, handle=0xb9694910, 
data=0xb96a3a38 "\005", len=44) at rpc_server/srv_pipe_hnd.c:538
#20 0xb6fe4fc1 in api_dcerpc_cmd (max_read=1024, length=44, 
data=0xb96acfb8 "\005", fsp=<optimized out>, req=0xb96a3928, 
conn=0xb96992f0) at smbd/ipc.c:271
#21 api_fd_reply (conn=0xb96992f0, vuid=<optimized out>, req=0xb96a3928, 
setup=0xb96adb50, data=0xb96acfb8 "\005", params=0x0, suwcnt=2, 
tdscnt=44, tpscnt=0, mdrcnt=1024, mprcnt=<optimized out>) at
smbd/ipc.c:482
#22 0xb6fe555b in named_pipe (mprcnt=0, mdrcnt=1024, tpscnt=0, 
tdscnt=44, suwcnt=2, params=0x0, data=0xb96acfb8 "\005", 
setup=0xb96adb50, name=0xb96a65f6 "", req=0xb96a3928, vuid=101, 
conn=0xb96992f0, msrcnt=<optimized out>) at smbd/ipc.c:537
#23 handle_trans (conn=0xb96992f0, req=0xb96a3928, state=0xb96ad0a0) at 
smbd/ipc.c:594
#24 0xb6fe5e56 in reply_trans (req=0xb96a3928) at smbd/ipc.c:779
#25 0xb7056ca1 in switch_message (type=37 '%', req=0xb96a3928, size=132)
at smbd/process.c:1573
#26 0xb70570f6 in construct_reply (deferred_pcd=0x0, encrypted=false, 
seqnum=0, unread_bytes=0, size=132, inbuf=0x0, sconn=0xb967cb48) at 
smbd/process.c:1609
#27 process_smb (sconn=0xb967cb48, inbuf=<optimized out>, nread=132, 
unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at 
smbd/process.c:1687
#28 0xb7057545 in smbd_server_connection_read_handler (conn=0xb967cb48, 
fd=<optimized out>) at smbd/process.c:2316
#29 0xb737e4ec in run_events_poll (num_pfds=2, pfds=0xb9680988, 
pollrtn=1, ev=0xb967cad8) at lib/events.c:286
#30 run_events_poll (ev=0xb967cad8, pollrtn=1, pfds=0xb9680988, 
num_pfds=2) at lib/events.c:184
#31 0xb7058f68 in smbd_server_connection_loop_once (conn=0xb967cb48) at 
smbd/process.c:1016
#32 smbd_process (sconn=0xb967cb48) at smbd/process.c:3157
#33 0xb7636630 in smbd_accept_connection (ev=0xb967cad8, fde=0xb968f5a8, 
flags=1, private_data=0xb9692578) at smbd/server.c:505
#34 0xb737e4ec in run_events_poll (num_pfds=5, pfds=0xb968fbe0, 
pollrtn=1, ev=0xb967cad8) at lib/events.c:286
#35 run_events_poll (ev=0xb967cad8, pollrtn=1, pfds=0xb968fbe0, 
num_pfds=5) at lib/events.c:184
#36 0xb737e6ab in s3_event_loop_once (ev=0xb967cad8, location=0xb7810504 
"smbd/server.c:838") at lib/events.c:349
#37 0xb737f478 in _tevent_loop_once (ev=0xb967cad8, location=0xb7810504 
"smbd/server.c:838") at ../lib/tevent/tevent.c:494
#38 0xb6fc67cc in smbd_parent_loop (parent=<optimized out>) at 
smbd/server.c:838
#39 main (argc=) at smbd/server.c:1320
A debugging session is active.

Inferior 1 [process 25974] will be detached.

Jeremy Allison

2011-Dec-21 18:16 UTC

head link

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing

On Wed, Dec 21, 2011 at 10:04:18AM -0600, Dale Schroeder
wrote:> Since upgrading to 3.6.1 in Debian testing, I receive a
> panic/segfault message with each print job.  Printing succeeds and
> continues to work, but an email with the info below is sent each
> time.
> The system is standalone.  Kernel is 3.1.0-1-686-pae, and the system
> is fully updated.  testparm returns no errors.
> 
> Does this mean anything to anyone?
This is bug #8384 - fixed in v3-6-test with the following
patch (attached). This will be in 3.6.2.

Jeremy.

Jeremy Allison

2011-Dec-21 18:17 UTC

head link

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing

On Wed, Dec 21, 2011 at 10:16:32AM -0800, Jeremy Allison
wrote:> On Wed, Dec 21, 2011 at 10:04:18AM -0600, Dale Schroeder wrote:
> > Since upgrading to 3.6.1 in Debian testing, I receive a
> > panic/segfault message with each print job.  Printing succeeds and
> > continues to work, but an email with the info below is sent each
> > time.
> > The system is standalone.  Kernel is 3.1.0-1-686-pae, and the system
> > is fully updated.  testparm returns no errors.
> > 
> > Does this mean anything to anyone?
> 
> This is bug #8384 - fixed in v3-6-test with the following
> patch (attached). This will be in 3.6.2.
Arg - patch got stripped. Can be found by :

git diff
b01b1faafe32fbb88739ae8aaaf9f2fe5e1dcdcf..cb6795bea659e884e23173960e68a2f970fc5dd3

in branch v3-6-test.

(inline - although it may get mangled).

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index c886f34..bfec3cc 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -295,6 +295,7 @@ static void srv_spoolss_replycloseprinter(int snum,
 
        if (prn_hnd->notify.cli_chan) {
                prn_hnd->notify.cli_chan->active_connections--;
+               prn_hnd->notify.cli_chan = NULL;
        }
 }


Jeremy.

samba - Dec 2011 - Panic or segfault in Samba 3.6.1 - Debian testing

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing

[Samba] Panic or segfault in Samba 3.6.1 - Debian testing