Ubuntu
samba package

smbd crashes when connection status changes

Bug #489201 reported by Eric R Peterson on 2009-11-27

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	samba	Fix Released	Medium	samba-bugs #6940
	samba (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: samba

Crash and core dump occurs in smbd on server when accessing Samba share in XP Samba client.
Server is using AD credentials for XP users to access shares. As part of this pam_winbind.so modules are specified in /etc/pam.d/common-* files.

Fault appears to occur in the static routine _pam_delete_cred() which is located at line 2420 of the file ./samba-3.3.2/source/nsswitch/pam_winbind.c:
out:
        if (logoff.blobs) {
                wbcFreeMemory(logoff.blobs);
        }
It appears clear to me there are two logic paths that lead to this memory getting freed from a field in an uninitialized data structure (logoff).

Additional information about the system configuration is below.

eric@tedstestsvr:~$ lsb_release -rd
Description: Ubuntu 9.04
Release: 9.04

eric@tedstestsvr:~$ sudo apt-cache policy samba
samba:
  Installed: 2:3.3.2-1ubuntu3.2
  Candidate: 2:3.3.2-1ubuntu3.2
  Version table:
*** 2:3.3.2-1ubuntu3.2 0
        500 http://us.archive.ubuntu.com jaunty-updates/main Packages
        500 http://security.ubuntu.com jaunty-security/main Packages
        100 /var/lib/dpkg/status
     2:3.3.2-1ubuntu3 0
        500 http://us.archive.ubuntu.com jaunty/main Packages

===Output from /var/log/samba/log.tedstestwxp (The Samba client is tedstestwxp)
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service IPC$
[2009/11/27 07:12:31, 3] smbd/connection.c:yield_connection(31)
  Yielding connection to IPC$
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 1] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service klpeterson
[2009/11/27 07:12:31, 3] smbd/connection.c:yield_connection(31)
  Yielding connection to klpeterson
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 3080 (3.3.2)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/11/27 07:12:32, 0] lib/util.c:smb_panic(1673)
  PANIC (pid 3080): internal error
[2009/11/27 07:12:32, 0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7bac25c]
   #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7bac3b9]
   #2 /usr/sbin/smbd [0xb7b97d5e]
   #3 [0xb79df400]
   #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb759c098]
   #5 /usr/lib/libtalloc.so.1(talloc_free+0x22d) [0xb76e35dd]
   #6 /usr/lib/libwbclient.so.0(wbcFreeMemory+0x21) [0xb76d3d93]
   #7 /lib/security/pam_winbind.so(pam_sm_setcred+0x3cb) [0xb7267092]
   #8 /lib/libpam.so.0 [0xb773b3b1]
   #9 /lib/libpam.so.0(pam_setcred+0x3f) [0xb773ab4f]
   #10 /usr/sbin/smbd [0xb7bf98f6]
   #11 /usr/sbin/smbd(smb_pam_close_session+0x81) [0xb7bf99b0]
   #12 /usr/sbin/smbd(session_yield+0x13e) [0xb7a82692]
   #13 /usr/sbin/smbd(invalidate_vuid+0x48) [0xb7a86ffd]
   #14 /usr/sbin/smbd(invalidate_all_vuids+0x2b) [0xb7a87620]
   #15 /usr/sbin/smbd [0xb7a6eb28]
   #16 /usr/sbin/smbd [0xb7a6ed33]
   #17 /usr/sbin/smbd [0xb7aa7452]
   #18 /usr/sbin/smbd(smbd_process+0x61a) [0xb7aa938e]
   #19 /usr/sbin/smbd(main+0x1126) [0xb7a712ff]
   #20 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7585775]
   #21 /usr/sbin/smbd [0xb7a6e071]
[2009/11/27 07:12:32, 0] lib/util.c:smb_panic(1678)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 3080]
Cannot access memory at address 0xc08
[2009/11/27 07:12:33, 0] lib/util.c:smb_panic(1686)
  smb_panic(): action returned status 0
[2009/11/27 07:12:33, 0] lib/fault.c:dump_core(231)
  dumping core in /var/log/samba/cores/smbd

Output from email sent to root:
The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for PID 3080 (/usr/sbin/smbd).

This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows
the state of the program at the time the error occurred. The Samba log
files may contain additional information about the problem.

If the problem persists, you are encouraged to first install the
samba-dbg package, which contains the debugging symbols for the Samba
binaries. Then submit the provided information as a bug report to
Ubuntu by visiting this link:
https://launchpad.net/ubuntu/+source/samba/+filebug

[Thread debugging using libthread_db enabled]
[New Thread 0xb74c76e0 (LWP 3080)]
0xb79df422 in __kernel_vsyscall ()
#0 0xb79df422 in __kernel_vsyscall ()
#1 0xb760e2a3 in waitpid () from /lib/tls/i686/cmov/libc.so.6
#2 0xb75a857b in ?? () from /lib/tls/i686/cmov/libc.so.6
#3 0xb77ab4fd in system () from /lib/tls/i686/cmov/libpthread.so.0
#4 0xb7bac431 in smb_panic (why=0xb7f4ff97 "internal error")
    at lib/util.c:1679
#5 0xb7b97d5e in sig_fault (sig=6) at lib/fault.c:46
#6 <signal handler called>
#7 0xb79df422 in __kernel_vsyscall ()
#8 0xb759a6d0 in raise () from /lib/tls/i686/cmov/libc.so.6
#9 0xb759c098 in abort () from /lib/tls/i686/cmov/libc.so.6
#10 0xb76e35dd in talloc_free () from /usr/lib/libtalloc.so.1
#11 0xb76d3d93 in wbcFreeMemory () from /usr/lib/libwbclient.so.0
#12 0xb7267092 in pam_sm_setcred (pamh=0xb8974d68, flags=32772, argc=0,
    argv=0xb898bdf0) at nsswitch/pam_winbind.c:2420
#13 0xb773b3b1 in ?? () from /lib/libpam.so.0
#14 0xb773ab4f in pam_setcred () from /lib/libpam.so.0
#15 0xb7bf98f6 in smb_internal_pam_session (pamh=0xb897eb70,
    user=<value optimized out>, tty=0x0, flag=false) at auth/pampass.c:654
#16 0xb7bf99b0 in smb_pam_close_session (user=0xbfdd8c08 "MBHB\\erpeterson",
    tty=0xbfdd9008 "smb/3080/101", rhost=0xbfdd8d08 "10.0.0.203")
    at auth/pampass.c:764
#17 0xb7a82692 in session_yield (vuser=0xb897c3f8) at smbd/session.c:251
#18 0xb7a86ffd in invalidate_vuid (vuid=101) at smbd/password.c:120
#19 0xb7a87620 in invalidate_all_vuids () at smbd/password.c:146
#20 0xb7a6eb28 in exit_server_common (how=SERVER_EXIT_NORMAL,
    reason=0xb7f1f26e "termination signal") at smbd/server.c:919
#21 0xb7a6ed33 in exit_server_cleanly (
    explanation=0xb7f1f26e "termination signal") at smbd/server.c:985
#22 0xb7aa7452 in async_processing (pfds=0xbfdd9400) at smbd/process.c:683
#23 0xb7aa938e in smbd_process () at smbd/process.c:876
#24 0xb7a712ff in main (argc=) at smbd/server.c:1512
The program is running. Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]

Revision history for this message

Chuck Short (zulcss) wrote on 2009-11-30:

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at:

https://bugzilla.samba.org/show_bug.cgi?id=6940

Changed in samba (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged

Bug Watch Updater (bug-watch-updater) on 2009-11-30

Changed in samba:
status:	Unknown → Confirmed

Revision history for this message

Eric R Peterson (ericrpeterson) wrote on 2009-11-30: Re: [Bug 489201] Re: smbd crashes when connection status changes

Download full text (8.7 KiB)

Hi Chuck,

I've just started using Samba and this is my first bug report so I will be
interested to see how the process works.
My application is using Samba to provide shares to users on XP that connect
via AD (Active Directory) credentials.
In case it was not clear from my report, smb dumps core every time a user
connects to a share (and I think when they disconnect).
Given the core dumps, it would seem to me that the importance should be
higher than medium.
Of course I do not have insight into what other problems need to be fixed.

Should I also make this comment on the link provided below?

Thanks,
Eric
----- Original Message -----
From: "Chuck Short" <email address hidden>
To: <email address hidden>
Sent: Monday, November 30, 2009 7:08 AM
Subject: [Bug 489201] Re: smbd crashes when connection status changes

Thank you for your bug report. This bug has been reported to the
developers of the software. You can track it and make comments at:

https://bugzilla.samba.org/show_bug.cgi?id=6940

** Bug watch added: Samba Bugzilla #6940
https://bugzilla.samba.org/show_bug.cgi?id=6940

** Changed in: samba (Ubuntu)
Importance: Undecided => Medium

** Changed in: samba (Ubuntu)
Status: New => Triaged

--
smbd crashes when connection status changes
https://bugs.launchpad.net/bugs/489201
You received this bug notification because you are a direct subscriber
of the bug.

Status in “samba” package in Ubuntu: Triaged

Bug description:
Binary package hint: samba

Crash and core dump occurs in smbd on server when accessing Samba share in
XP Samba client.
Server is using AD credentials for XP users to access shares. As part of
this pam_winbind.so modules are specified in /etc/pam.d/common-* files.

Fault appears to occur in the static routine _pam_delete_cred() which is
located at line 2420 of the file
./samba-3.3.2/source/nsswitch/pam_winbind.c:
out:
        if (logoff.blobs) {
                wbcFreeMemory(logoff.blobs);
        }
It appears clear to me there are two logic paths that lead to this memory
getting freed from a field in an uninitialized data structure (logoff).

Additional information about the system configuration is below.

eric@tedstestsvr:~$ lsb_release -rd
Description: Ubuntu 9.04
Release: 9.04

Hi Chuck,

I've just started using Samba and this is my first bug report so I will be 
interested to see how the process works.
My application is using Samba to provide shares to users on XP that connect 
via AD (Active Directory) credentials.
In case it was not clear from my report, smb dumps core every time a user 
connects to a share (and I think when they disconnect).
Given the core dumps, it would seem to me that the importance should be 
higher than medium.
Of course I do not have insight into what other problems need to be fixed.

Should I also make this comment on the link provided below?

Thanks,
Eric
----- Original Message ----- 
From: "Chuck Short" <chuck.short@canonical.com>
To: <ericrpeterson@sbcglobal.net>
Sent: Monday, November 30, 2009 7:08 AM
Subject: [Bug 489201] Re: smbd crashes when connection status changes

Thank you for your bug report. This bug has been reported to the
developers of the software. You can track it and make comments at:

https://bugzilla.samba.org/show_bug.cgi?id=6940

** Bug watch added: Samba Bugzilla #6940
   https://bugzilla.samba.org/show_bug.cgi?id=6940

** Changed in: samba (Ubuntu)
   Importance: Undecided => Medium

** Changed in: samba (Ubuntu)
       Status: New => Triaged

-- 
smbd crashes when connection status changes
https://bugs.launchpad.net/bugs/489201
You received this bug notification because you are a direct subscriber
of the bug.

Status in “samba” package in Ubuntu: Triaged

Bug description:
Binary package hint: samba

Crash and core dump occurs in smbd on server when accessing Samba share in 
XP Samba client.
Server is using AD credentials for XP users to access shares. As part of 
this pam_winbind.so modules are specified in /etc/pam.d/common-* files.

Fault appears to occur in the static routine _pam_delete_cred() which is 
located at line 2420  of the file 
./samba-3.3.2/source/nsswitch/pam_winbind.c:
out:
        if (logoff.blobs) {
                wbcFreeMemory(logoff.blobs);
        }
It appears clear to me there are two logic paths that lead to this memory 
getting freed from a field in an uninitialized data structure (logoff).

Additional information about the system configuration is below.

eric@tedstestsvr:~$ lsb_release -rd
Description:    Ubuntu 9.04
Release:        9.04

eric@tedstestsvr:~$ sudo apt-cache policy samba
samba:
  Installed: 2:3.3.2-1ubuntu3.2
  Candidate: 2:3.3.2-1ubuntu3.2
  Version table:
 *** 2:3.3.2-1ubuntu3.2 0
        500 http://us.archive.ubuntu.com jaunty-updates/main Packages
        500 http://security.ubuntu.com jaunty-security/main Packages
        100 /var/lib/dpkg/status
     2:3.3.2-1ubuntu3 0
        500 http://us.archive.ubuntu.com jaunty/main Packages

===Output from /var/log/samba/log.tedstestwxp (The Samba client is 
tedstestwxp)
[2009/11/27 07:12:31,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31,  3] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service IPC$
[2009/11/27 07:12:31,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to IPC$
[2009/11/27 07:12:31,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31,  1] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service klpeterson
[2009/11/27 07:12:31,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to klpeterson
[2009/11/27 07:12:31,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:32,  0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/11/27 07:12:32,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 3080 (3.3.2)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/11/27 07:12:32,  0] lib/fault.c:fault_report(43)

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/11/27 07:12:32,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/11/27 07:12:32,  0] lib/util.c:smb_panic(1673)
  PANIC (pid 3080): internal error
[2009/11/27 07:12:32,  0] lib/util.c:log_stack_trace(1777)
  BACKTRACE: 22 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7bac25c]
   #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7bac3b9]
   #2 /usr/sbin/smbd [0xb7b97d5e]
   #3 [0xb79df400]
   #4 /lib/tls/i686/cmov/libc.so.6(abort+0x188) [0xb759c098]
   #5 /usr/lib/libtalloc.so.1(talloc_free+0x22d) [0xb76e35dd]
   #6 /usr/lib/libwbclient.so.0(wbcFreeMemory+0x21) [0xb76d3d93]
   #7 /lib/security/pam_winbind.so(pam_sm_setcred+0x3cb) [0xb7267092]
   #8 /lib/libpam.so.0 [0xb773b3b1]
   #9 /lib/libpam.so.0(pam_setcred+0x3f) [0xb773ab4f]
   #10 /usr/sbin/smbd [0xb7bf98f6]
   #11 /usr/sbin/smbd(smb_pam_close_session+0x81) [0xb7bf99b0]
   #12 /usr/sbin/smbd(session_yield+0x13e) [0xb7a82692]
   #13 /usr/sbin/smbd(invalidate_vuid+0x48) [0xb7a86ffd]
   #14 /usr/sbin/smbd(invalidate_all_vuids+0x2b) [0xb7a87620]
   #15 /usr/sbin/smbd [0xb7a6eb28]
   #16 /usr/sbin/smbd [0xb7a6ed33]
   #17 /usr/sbin/smbd [0xb7aa7452]
   #18 /usr/sbin/smbd(smbd_process+0x61a) [0xb7aa938e]
   #19 /usr/sbin/smbd(main+0x1126) [0xb7a712ff]
   #20 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7585775]
   #21 /usr/sbin/smbd [0xb7a6e071]
[2009/11/27 07:12:32,  0] lib/util.c:smb_panic(1678)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 3080]
Cannot access memory at address 0xc08
[2009/11/27 07:12:33,  0] lib/util.c:smb_panic(1686)
  smb_panic(): action returned status 0
[2009/11/27 07:12:33,  0] lib/fault.c:dump_core(231)
  dumping core in /var/log/samba/cores/smbd

Output from email sent to root:
The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for PID 3080 (/usr/sbin/smbd).

This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows
the state of the program at the time the error occurred.  The Samba log
files may contain additional information about the problem.

If the problem persists, you are encouraged to first install the
samba-dbg package, which contains the debugging symbols for the Samba
binaries.  Then submit the provided information as a bug report to
Ubuntu by visiting this link:
https://launchpad.net/ubuntu/+source/samba/+filebug

[Thread debugging using libthread_db enabled]
[New Thread 0xb74c76e0 (LWP 3080)]
0xb79df422 in __kernel_vsyscall ()
#0  0xb79df422 in __kernel_vsyscall ()
#1  0xb760e2a3 in waitpid () from /lib/tls/i686/cmov/libc.so.6
#2  0xb75a857b in ?? () from /lib/tls/i686/cmov/libc.so.6
#3  0xb77ab4fd in system () from /lib/tls/i686/cmov/libpthread.so.0
#4  0xb7bac431 in smb_panic (why=0xb7f4ff97 "internal error")
    at lib/util.c:1679
#5  0xb7b97d5e in sig_fault (sig=6) at lib/fault.c:46
#6  <signal handler called>
#7  0xb79df422 in __kernel_vsyscall ()
#8  0xb759a6d0 in raise () from /lib/tls/i686/cmov/libc.so.6
#9  0xb759c098 in abort () from /lib/tls/i686/cmov/libc.so.6
#10 0xb76e35dd in talloc_free () from /usr/lib/libtalloc.so.1
#11 0xb76d3d93 in wbcFreeMemory () from /usr/lib/libwbclient.so.0
#12 0xb7267092 in pam_sm_setcred (pamh=0xb8974d68, flags=32772, argc=0,
    argv=0xb898bdf0) at nsswitch/pam_winbind.c:2420
#13 0xb773b3b1 in ?? () from /lib/libpam.so.0
#14 0xb773ab4f in pam_setcred () from /lib/libpam.so.0
#15 0xb7bf98f6 in smb_internal_pam_session (pamh=0xb897eb70,
    user=<value optimized out>, tty=0x0, flag=false) at auth/pampass.c:654
#16 0xb7bf99b0 in smb_pam_close_session (user=0xbfdd8c08 "MBHB\\erpeterson",
    tty=0xbfdd9008 "smb/3080/101", rhost=0xbfdd8d08 "10.0.0.203")
    at auth/pampass.c:764
#17 0xb7a82692 in session_yield (vuser=0xb897c3f8) at smbd/session.c:251
#18 0xb7a86ffd in invalidate_vuid (vuid=101) at smbd/password.c:120
#19 0xb7a87620 in invalidate_all_vuids () at smbd/password.c:146
#20 0xb7a6eb28 in exit_server_common (how=SERVER_EXIT_NORMAL,
    reason=0xb7f1f26e "termination signal") at smbd/server.c:919
#21 0xb7a6ed33 in exit_server_cleanly (
    explanation=0xb7f1f26e "termination signal") at smbd/server.c:985
#22 0xb7aa7452 in async_processing (pfds=0xbfdd9400) at smbd/process.c:683
#23 0xb7aa938e in smbd_process () at smbd/process.c:876
#24 0xb7a712ff in main (argc=) at smbd/server.c:1512
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y; 
input not from terminal]

--------------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.426 / Virus Database: 270.14.87/2536 - Release Date: 11/30/09 
07:31:00

Revision history for this message

Volker (w-launchpad-lendecke-de) wrote on 2009-12-06:

This was fixed for 3.3.4.

Revision history for this message

Eric R Peterson (ericrpeterson) wrote on 2009-12-07:

Download full text (7.9 KiB)

Excellent. I did not see the (crash) behavior in Ubuntu 9.10 (which uses
3.4).

Thanks,
Eric Peterson

----- Original Message -----
From: "Volker" <email address hidden>
To: <email address hidden>
Sent: Sunday, December 06, 2009 3:47 PM
Subject: [Bug 489201] Re: smbd crashes when connection status changes

This was fixed for 3.3.4.

--
smbd crashes when connection status changes
https://bugs.launchpad.net/bugs/489201
You received this bug notification because you are a direct subscriber
of the bug.

Status in Samba: Confirmed
Status in “samba” package in Ubuntu: Triaged

Bug description:
Binary package hint: samba

Crash and core dump occurs in smbd on server when accessing Samba share in
XP Samba client.
Server is using AD credentials for XP users to access shares. As part of
this pam_winbind.so modules are specified in /etc/pam.d/common-* files.

Fault appears to occur in the static routine _pam_delete_cred() which is
located at line 2420 of the file
./samba-3.3.2/source/nsswitch/pam_winbind.c:
out:
        if (logoff.blobs) {
                wbcFreeMemory(logoff.blobs);
        }
It appears clear to me there are two logic paths that lead to this memory
getting freed from a field in an uninitialized data structure (logoff).

Additional information about the system configuration is below.

eric@tedstestsvr:~$ lsb_release -rd
Description: Ubuntu 9.04
Release: 9.04

===Output from /var/log/samba/log.tedstestwxp (The Samba client is
tedstestwxp)
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service IPC$
[2009/11/27 07:12:31, 3] smbd/connection.c:yield_connection(31)
  Yielding connection to IPC$
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:31, 1] smbd/service.c:close_cnum(1327)
  tedstestwxp (10.0.0.203) closed connection to service klpeterson
[2009/11/27 07:12:31, 3] smbd/connection.c:yield_connection(31)
  Yielding connection to klpeterson
[2009/11/27 07:12:31, 3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2009/11/27 07:12:32, 0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 6 in pid 3080 (3.3.2)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/11/27 07:12:32,...

Excellent. I did not see the (crash) behavior in Ubuntu 9.10 (which uses 
3.4).

Thanks,
Eric Peterson

----- Original Message ----- 
From: "Volker" <launchpad@lendecke.de>
To: <ericrpeterson@sbcglobal.net>
Sent: Sunday, December 06, 2009 3:47 PM
Subject: [Bug 489201] Re: smbd crashes when connection status changes