smbclient_tar flapping

Wed Jun 22 23:34:37 UTC 2016

On Wed, Jun 22, 2016 at 08:04:56PM +0200, Aurélien Aptel wrote:
> On Wed, 22 Jun 2016 07:29:41 +0200 Andreas Schneider <asn at samba.org>
> wrote:
> > >         status = dbwrap_fetch(db_ctx, mem_ctx,
> > >                               make_tdb_data(id_buf, sizeof(id_buf)),
> > >                               &data);
> > >         if (!NT_STATUS_IS_OK(status)) {
> > >                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
> > >         }
> > > 	..
> > 
> 
> Jeremy was right, all occurences of the corruption status were
> originally a NT_STATUS_NOT_FOUND. I've added a bunch of debug messages
> but the xattr fetching code is called several times at different
> locations (stat_cache, dosmode), I'm still trying to make sense of the
> dense logs.
> 
> > Is it possible that in this case it reads uninitialized memory and
> > that's why we and up with random attributes?
> > 
> > Aurélien did you try running it with valgrind? I can show you how to
> > do that on IRC ...
> 
> valgrind only detected the same invalid read a million times:
> 
> Invalid read of size 4
>    at 0x114105: remove_child_pid (server.c:580)
>    by 0x114505: smbd_sig_chld_handler (server.c:664)
>    by 0x68FC01D: tevent_common_check_signal (tevent_signal.c:461)
>    by 0x8379BB5: run_events_poll (events.c:187)
>    by 0x837A361: s3_event_loop_once (events.c:326)
>    by 0x68F5D62: _tevent_loop_once (tevent.c:533)
>    by 0x68F5FAC: tevent_common_loop_wait (tevent.c:637)
>    by 0x68F6077: _tevent_loop_wait (tevent.c:656)
>    by 0x11570E: smbd_parent_loop (server.c:1130)
>    by 0x1170C4: main (server.c:1785)

That is on this line:

        if (child->pid == procid_to_pid(&parent->cleanupd)) {

I'd love to know if the invalid read is 'child->pid' or
parent->cleanupd...

Can you add dummy reads for both of thse on separate lines
so we can see what's not initialized ?

test = child_pid;
test1 = parent->cleanupd;