RE: sessionid.tdb missing after build and client read failutre

[Esh, Andrew]

Title: RE: sessionid.tdb missing after build and client read failutre

The problem appears to be this line in lib/time.c, timestring(709):

 

   strftime(TimeBuf,100,"%Y/%m/%d %H:%M:%S",tm);

 

The problem is: TimeBuf is a local fstring, and it's filled from the tm structure, which is the product of calls to GetTimeOfDay and LocalTime, both of which should be returning fairly well formatted data.

 

Perhaps you could set a breakpoint at timestring, and step through that. I wonder what the time functions are returning such that the formatting of the data into TimeBuf is enough to overflow its 256 character length. strftime should be limiting that output to 100 characters.

 

Could you also check your time zone settings? Maybe you have /etc/localtime pointing at something weird. What time zone does the 'date' command report?

 

Also, this debug output would be a lot more clear if you could just let gdb run to the segfault without any breakpoints or stepping. Then just run the 'bt' command. That would show us the whole call chain.

-----Original Message-----
From: David Shapiro [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 03, 2002 3:03 PM
To: 'Esh, Andrew'; David Shapiro; 'Andrew Bartlett'
Cc: 'Richard Sharpe'; '[EMAIL PROTECTED]'
Subject: RE: sessionid.tdb missing after build and client read failutre

I recompiled with CFLAGS option -g and ran again:

 

313                                     fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
(gdb)
314                                     break;
(gdb)
368                                     break;
(gdb)
400                             state = DP_S_DEFAULT;
(gdb)
401                             flags = cflags = min = 0;
(gdb)
402                             max = -1;
(gdb)
408                             break; /* some picky compilers need this */
(gdb)
185                     switch(state) {
(gdb)
187                             if (ch == '%')
(gdb)
190                                     dopr_outch (buffer, &currlen, maxlen, ch);
(gdb)
192                             break;
(gdb)
408                             break; /* some picky compilers need this */
(gdb)
185                     switch(state) {
(gdb)
408                             break; /* some picky compilers need this */
(gdb)
411             if (maxlen != 0) {
(gdb)
412                     if (currlen < maxlen - 1)
(gdb)
413                             buffer[currlen] = '\0';
(gdb)
419     }
(gdb)
vsnprintf (str=0x15 <Address 0x15 out of bounds>, count=1023, fmt=0x1c482e "", args=0xffbef50c) at lib/snprintf.c:777
777     }
(gdb)
dbgtext (format_str=0x1c4818 "got smb length of %d\n") at lib/debug.c:982
982       format_debug_text( msgbuf );
(gdb)
985       } /* dbgtext */
(gdb)
read_smb_length_return_keepalive (fd=13, inbuf=0x26af68 "", timeout=0) at lib/util_sock.c:541
541             return(len);
(gdb)
542     }
(gdb)
receive_smb (fd=13, buffer=0x26af68 "", timeout=0) at lib/util_sock.c:588
588             if (len < 0) {
(gdb)
607             if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
(gdb)
624                     ret = read_socket_data(fd,buffer+4,len);
(gdb)
625                     if (ret != len) {
(gdb)
632             return(True);
(gdb)
633     }
(gdb)
receive_message_or_smb (buffer=0x26af68 "", buffer_len=131137, timeout=60000) at smbd/process.c:271
271     }
(gdb)
smbd_process () at smbd/process.c:1267
1267                    num_echos = smb_echo_count;
(gdb)
1269                    process_smb(InBuffer, OutBuffer);
(gdb)

 

Program received signal SIGSEGV, Segmentation fault.
0xff132e84 in strcmp () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function strcmp,
which has no line number information.
0xff1544ec in _tzload () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _tzload,
which has no line number information.
0xff152df8 in _ltzset_u () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _ltzset_u,
which has no line number information.

 

 

 

 

 

 

 

 

 

 

 

0xff152994 in mktime () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function mktime,
which has no line number information.
0xff1736dc in strftime () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function strftime,
which has no line number information.
timestring (hires=0) at lib/time.c:709
709     }
(gdb)
dbghdr (level=0, file=0x1c18e0 "lib/fault.c", func=0x1c18f0 "fault_report", line=36) at lib/debug.c:956
956       errno = old_errno;
(gdb)
957       return( True );
(gdb)
958     }
(gdb)
fault_report (sig=11) at lib/fault.c:37
37              DEBUG(0,("INTERNAL ERROR: Signal %d in pid %d (%s)",sig,(int)sys_getpid(),VERSION));
(gdb)
38              DEBUG(0,("\nPlease read the file BUGS.txt in the distribution\n"));
(gdb)
39              DEBUG(0,("===============================================================\n"));
(gdb)
41              smb_panic("internal error");
(gdb)

 

Program received signal SIGABRT, Aborted.
0xff19c724 in _libc_kill () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _libc_kill,
which has no line number information.
procfs: couldn't stop process 84866: wait returned -1

-----Original Message-----
From: Esh, Andrew [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 11:10 AM
To: 'David Shapiro'; 'Andrew Bartlett'
Cc: 'Richard Sharpe'; '[EMAIL PROTECTED]'
Subject: RE: sessionid.tdb missing after build and client read failutre

Don't step at that point. The process has already run the CPU into the wrong segment, or accessed memory using a bad pointer. Stepping will only destroy information.

Do a 'bt' instead. That will dump the call stack, and show what path the code ran to get to this point. What I expect to see is somewhere above the strcmp routine, a Samba routine will call strcmp with a bad pointer, or a non-terminated string buffer. We need to know which routine did that.

-----Original Message-----
From: David Shapiro [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 9:17 AM
To: 'Andrew Bartlett'; David Shapiro
Cc: 'Richard Sharpe'; '[EMAIL PROTECTED]'
Subject: RE: sessionid.tdb missing after build and client read failutre

Trying to get better at this gdb here.  I see a segmentation fault:

which has no line number information.

Program received signal SIGSEGV, Segmentation fault.
0xff132e84 in strcmp () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function strcmp,
which has no line number information.
0xff1544ec in _tzload () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function _tzload,
which has no line number information.
0xff152df8 in _ltzset_u () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function _ltzset_u,
which has no line number information.
0xff152994 in mktime () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function mktime,
which has no line number information.
0xff1736dc in strftime () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function strftime,
which has no line number information.
0x136db0 in timestring ()
(gdb) step
Single stepping until exit from function timestring,

-----Original Message-----
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 9:01 AM
To: David Shapiro
Cc: 'Andrew Bartlett'; 'Richard Sharpe';
'[EMAIL PROTECTED]'
Subject: Re: sessionid.tdb missing after build and client read failutre

David Shapiro wrote:
>
> Thank you Andrew.  I was looking at joining because it was mentioned that
to
> get sessionid.tdb, you needed to join domain.  I looked ing smbd.log and
saw
> a connection from davidsha, and then in my workstation log and saw at the
> bottom:
>

>   ===============================================================
> [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(37)
>   INTERNAL ERROR: Signal 11 in pid 8127 (3.0-alpha17)
>   Please read the file BUGS.txt in the distribution
> [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(39)
>   ===============================================================
>
> I also keep getting an xterm session pop up that says:
>
> xterm: Can't execvp /usr/local/bin/gdb
>
> I think this comes from the line in smb.conf:
>
> panic action = /usr/openwin/bin/xterm -display $DISPLAY -e
> /usr/local/bin/gbd -p %d
>
> gdb is in /usr/local/bin.  What does it mean it can't execvp it?

I dunno - but just make it a simple 'panic action = /bin/sleep 9000' and
attach manually.  Then lets look at it from there.

Andrew Bartlett

--
Andrew Bartlett                                 [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org     http://build.samba.org     http://hawkerc.net