NetBSD Problem Report #48514

From www@NetBSD.org  Sun Jan 12 18:26:27 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id E709DA646B
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 12 Jan 2014 18:26:27 +0000 (UTC)
Message-Id: <20140112182626.04622A6475@mollari.NetBSD.org>
Date: Sun, 12 Jan 2014 18:26:26 +0000 (UTC)
From: yaneurabeya@gmail.com
Reply-To: yaneurabeya@gmail.com
To: gnats-bugs@NetBSD.org
Subject: nmtree segfaults on "malformed mtree files"
X-Send-Pr-Version: www-1.0

>Number:         48514
>Category:       bin
>Synopsis:       nmtree segfaults on "malformed mtree files"
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 12 18:30:00 +0000 2014
>Last-Modified:  Tue Jan 14 03:25:00 +0000 2014
>Originator:     Garrett Cooper
>Release:        n/a
>Organization:
n/a
>Environment:
FreeBSD fuji-current.local 11.0-CURRENT FreeBSD 11.0-CURRENT #17 r258654+de0b0b0(master)-dirty: Tue Nov  5 23:31:59 PST 2013     root@fuji-current.local:/usr/obj/usr/src/sys/FUJI-NOCOMPAT  i386
>Description:
Looks like the memory has already been scrubbed by jemalloc:

# mtree -deU -f /usr/src/etc/mtree/BSD.tests.dist -p /var/tmp/temproot/usr/
Segmentation fault (core dumped)
[root@ /usr/src]# gdb `which mtree` /var/tmp/temproot/usr/mtree.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `mtree'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libmd.so.6...done.
Loaded symbols for /lib/libmd.so.6
Reading symbols from /lib/libutil.so.9...done.
Loaded symbols for /lib/libutil.so.9
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x080529b5 in addchild (pathparent=0x5a5a5a5a, centry=0x2885d710) at /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
728 cur = pathparent->child;
(gdb) x *pathparent
Cannot access memory at address 0x5a5a5a5a
>How-To-Repeat:
fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/
>Fix:

>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 16:34:58 -0500

 On Jan 12,  6:30pm, yaneurabeya@gmail.com (yaneurabeya@gmail.com) wrote:
 -- Subject: bin/48514: nmtree segfaults on "malformed mtree files"

 | fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
 | mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/

 I can't reproduce this on NetBSD/amd64. 

 christos

From: Garrett Cooper <yaneurabeya@gmail.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,
 "netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,
 Brooks Davis <brooks@FreeBSD.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 17:32:15 -0800

 > On Jan 12, 2014, at 13:40, christos@zoulas.com (Christos Zoulas) wrote:
 >=20
 > The following reply was made to PR bin/48514; it has been noted by GNATS.
 >=20
 > From: christos@zoulas.com (Christos Zoulas)
 > To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
 > Cc:=20
 > Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
 > Date: Sun, 12 Jan 2014 16:34:58 -0500
 >=20
 > On Jan 12,  6:30pm, yaneurabeya@gmail.com (yaneurabeya@gmail.com) wrote:
 > -- Subject: bin/48514: nmtree segfaults on "malformed mtree files"
 >=20
 > | fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/=
 cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
 > | mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/
 >=20
 > I can't reproduce this on NetBSD/amd64.

 - I reproed this on FreeBSD/x86 originally.
 - it might be local to my environment.
 - not sure when our copy of mtree was switched from the FreeBSD version over=
  to the netbsd version.

 Christos,

 What version of netbsd did you try and repro this on?

 Thanks!
 -Garrett=

From: christos@zoulas.com (Christos Zoulas)
To: Garrett Cooper <yaneurabeya@gmail.com>, 
	"gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>, 
	"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>, 
	Brooks Davis <brooks@FreeBSD.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 20:38:05 -0500

 On Jan 12,  5:32pm, yaneurabeya@gmail.com (Garrett Cooper) wrote:
 -- Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"

 | - I reproed this on FreeBSD/x86 originally.
 | - it might be local to my environment.
 | - not sure when our copy of mtree was switched from the FreeBSD version ove=
 | r to the netbsd version.
 | 
 | Christos,
 | 
 | What version of netbsd did you try and repro this on?

 current as of:
 NetBSD quasar.astron.com 6.99.28 NetBSD 6.99.28 (QUASAR) #42: Fri Dec 27 13:31:17 EST 2013  christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64

 Can you show a gdb full stack trace to see the path it took?

 christos

From: Garrett Cooper <yaneurabeya@gmail.com>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org,
 netbsd-bugs@netbsd.org
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 20:44:37 -0800

 On Jan 12, 2014, at 5:40 PM, Christos Zoulas <christos@zoulas.com> =
 wrote:

 > The following reply was made to PR bin/48514; it has been noted by =
 GNATS.
 >=20
 > From: christos@zoulas.com (Christos Zoulas)
 > To: Garrett Cooper <yaneurabeya@gmail.com>,=20
 > 	"gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
 > Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,=20
 > 	"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,=20
 > 	Brooks Davis <brooks@FreeBSD.org>
 > Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
 > Date: Sun, 12 Jan 2014 20:38:05 -0500
 >=20
 > On Jan 12,  5:32pm, yaneurabeya@gmail.com (Garrett Cooper) wrote:
 > -- Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
 >=20
 > | - I reproed this on FreeBSD/x86 originally.
 > | - it might be local to my environment.
 > | - not sure when our copy of mtree was switched from the FreeBSD =
 version ove=3D
 > | r to the netbsd version.
 > |=20
 > | Christos,
 > |=20
 > | What version of netbsd did you try and repro this on?
 >=20
 > current as of:
 > NetBSD quasar.astron.com 6.99.28 NetBSD 6.99.28 (QUASAR) #42: Fri Dec =
 27 13:31:17 EST 2013  =
 christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
 >=20
 > Can you show a gdb full stack trace to see the path it took?

 It worked with amd64 of the same vintage=85 weird=85
 -Garrett=

From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Tue, 14 Jan 2014 02:51:30 +0000

 On Mon, Jan 13, 2014 at 04:45:01AM +0000, Garrett Cooper wrote:
  >  It worked with amd64 of the same vintage=85 weird=85

 32/64 bugs don't only bite 64-bit platforms :-/

 -- 
 David A. Holland
 dholland@netbsd.org

From: Garrett Cooper <yaneurabeya@gmail.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@netbsd.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>, 
	"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Mon, 13 Jan 2014 19:21:09 -0800

 --f46d04440208031e6404efe5af72
 Content-Type: text/plain; charset=ISO-8859-1

 On Mon, Jan 13, 2014 at 6:55 PM, David Holland <dholland-bugs@netbsd.org> wrote:
 > The following reply was made to PR bin/48514; it has been noted by GNATS.
 >
 > From: David Holland <dholland-bugs@netbsd.org>
 > To: gnats-bugs@NetBSD.org
 > Cc:
 > Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
 > Date: Tue, 14 Jan 2014 02:51:30 +0000
 >
 >  On Mon, Jan 13, 2014 at 04:45:01AM +0000, Garrett Cooper wrote:
 >   >  It worked with amd64 of the same vintage=85 weird=85
 >
 >  32/64 bugs don't only bite 64-bit platforms :-/

 First off, I forgot that I enabled MALLOC_PRODUCTION on my amd64 host.
 Secondly, my BSD.test.dist file is different on my amd64 and i386
 hosts. I attached the failing file for reference. Note that tests/bin/
 is duplicated -- that's the key to reproing this issue on FreeBSD (I
 did that on purpose before to diff reduce between mainline FreeBSD and
 my fork so I didn't have to deal with as many merge conflicts; this
 works with fmtree and not nmtree on FreeBSD):

     tests
         bin
             cut
             ..
             date
             ..
             mv
             ..
             pax
             ..
         ..
     ..

 I've attached the full backtrace with some more info.

 Thanks!
 -Garrett

 [root@fbsd-vm /usr/src/usr.sbin/nmtree]# gdb `which nmtree`
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd"...
 (gdb) set args -deU -f /usr/src/etc/mtree/BSD.tests.dist -p
 /var/tmp/temproot/usr/
 (gdb) r
 The program being debugged has been started already.
 Start it from the beginning? (y or n) y
 Starting program: /usr/sbin/nmtree -deU -f
 /usr/src/etc/mtree/BSD.tests.dist -p /var/tmp/temproot/usr/
 line 6: {/set type=dir uname=root gname=wheel mode=0755}
 line 7: {.}
 line 8: {include}
 line 9: {atf-c}
 line 10: {..}
 line 11: {atf-c++}
 line 12: {..}
 line 13: {..}
 line 14: {share}
 line 15: {atf}
 line 16: {..}
 line 17: {doc}
 line 18: {atf}
 line 19: {..}
 line 20: {..}
 line 21: {..}
 line 22: {tests}
 line 23: {bin}
 line 24: {date}
 line 25: {..}
 line 26: {mv}
 line 27: {..}
 line 28: {pax}
 line 29: {..}
 line 30: {sh}
 line 31: {builtins}
 line 32: {..}
 line 33: {errors}
 line 34: {..}
 line 35: {execution}
 line 36: {..}
 line 37: {expansion}
 line 38: {..}
 line 39: {parameters}
 line 40: {..}
 line 41: {parser}
 line 42: {..}
 line 43: {set-e}
 line 44: {..}
 line 45: {..}
 line 46: {test}
 line 47: {..}
 line 48: {..}
 line 49: {lib}
 line 50: {atf}
 line 51: {libatf-c}
 line 52: {..}
 line 53: {libatf-c++}
 line 54: {..}
 line 55: {test-programs}
 line 56: {..}
 line 57: {..}
 line 58: {libcrypt}
 line 59: {..}
 line 60: {..}
 line 61: {libexec}
 line 62: {atf}
 line 63: {atf-check}
 line 64: {..}
 line 65: {..}
 line 66: {..}
 line 67: {share}
 line 68: {examples}
 line 69: {tests}
 line 70: {atf}
 line 71: {..}
 line 72: {plain}
 line 73: {..}
 line 74: {..}
 line 75: {..}
 line 76: {..}
 line 77: {usr.bin}
 line 78: {atf}
 line 79: {atf-sh}
 line 80: {..}
 line 81: {..}
 line 82: {..}
 line 83: {..}
 line 84: {tests}
 line 85: {bin}

 Program received signal SIGSEGV, Segmentation fault.
 0x080529d5 in addchild (pathparent=0x5a5a5a5a, centry=0x2884d710) at
 /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
 728             cur = pathparent->child;
 (gdb) bt
 #0  0x080529d5 in addchild (pathparent=0x5a5a5a5a, centry=0x2884d710)
 at /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
 #1  0x08051130 in spec (fp=0x281e2700) at
 /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:260
 #2  0x080538a1 in verify (fi=0x281e2700) at
 /usr/src/usr.sbin/nmtree/../../contrib/mtree/verify.c:71
 #3  0x0805080a in main (argc=0, argv=0xbfbfdc88) at
 /usr/src/usr.sbin/nmtree/../../contrib/mtree/mtree.c:309

 --f46d04440208031e6404efe5af72
 Content-Type: application/octet-stream; name="BSD.tests.dist"
 Content-Disposition: attachment; filename="BSD.tests.dist"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_hqelfsph0

 IyAkRnJlZUJTRCQKIwojIFBsZWFzZSBzZWUgdGhlIGZpbGUgc3JjL2V0Yy9tdHJlZS9SRUFETUUg
 YmVmb3JlIG1ha2luZyBjaGFuZ2VzIHRvIHRoaXMgZmlsZS4KIwoKL3NldCB0eXBlPWRpciB1bmFt
 ZT1yb290IGduYW1lPXdoZWVsIG1vZGU9MDc1NQouCiAgICBpbmNsdWRlCiAgICAgICAgYXRmLWMK
 ICAgICAgICAuLgogICAgICAgIGF0Zi1jKysKICAgICAgICAuLgogICAgLi4KICAgIHNoYXJlCiAg
 ICAgICAgYXRmCiAgICAgICAgLi4KICAgICAgICBkb2MKICAgICAgICAgICAgYXRmCiAgICAgICAg
 ICAgIC4uCiAgICAgICAgLi4KICAgIC4uCiAgICB0ZXN0cwogICAgICAgIGJpbgogICAgICAgICAg
 ICBkYXRlCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIG12CiAgICAgICAgICAgIC4uCiAgICAg
 ICAgICAgIHBheAogICAgICAgICAgICAuLgogICAgICAgICAgICBzaAogICAgICAgICAgICAgICAg
 YnVpbHRpbnMKICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICBlcnJvcnMKICAgICAg
 ICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICBleGVjdXRpb24KICAgICAgICAgICAgICAgIC4u
 CiAgICAgICAgICAgICAgICBleHBhbnNpb24KICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAg
 ICAgICBwYXJhbWV0ZXJzCiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgcGFyc2Vy
 CiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgc2V0LWUKICAgICAgICAgICAgICAg
 IC4uCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIHRlc3QKICAgICAgICAgICAgLi4KICAgICAg
 ICAuLgogICAgICAgIGxpYgogICAgICAgICAgICBhdGYKICAgICAgICAgICAgICAgIGxpYmF0Zi1j
 CiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgbGliYXRmLWMrKwogICAgICAgICAg
 ICAgICAgLi4KICAgICAgICAgICAgICAgIHRlc3QtcHJvZ3JhbXMKICAgICAgICAgICAgICAgIC4u
 CiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIGxpYmNyeXB0CiAgICAgICAgICAgIC4uCiAgICAg
 ICAgLi4KICAgICAgICBsaWJleGVjCiAgICAgICAgICAgIGF0ZgogICAgICAgICAgICAgICAgYXRm
 LWNoZWNrCiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAuLgogICAgICAgIC4uCiAgICAg
 ICAgc2hhcmUKICAgICAgICAgICAgZXhhbXBsZXMKICAgICAgICAgICAgICAgIHRlc3RzCiAgICAg
 ICAgICAgICAgICAgICAgYXRmCiAgICAgICAgICAgICAgICAgICAgLi4KICAgICAgICAgICAgICAg
 ICAgICBwbGFpbgogICAgICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICAuLgogICAg
 ICAgICAgICAuLgogICAgICAgIC4uCiAgICAgICAgdXNyLmJpbgogICAgICAgICAgICBhdGYKICAg
 ICAgICAgICAgICAgIGF0Zi1zaAogICAgICAgICAgICAgICAgLi4KICAgICAgICAgICAgLi4KICAg
 ICAgICAuLgogICAgLi4KICAgIHRlc3RzCiAgICAgICAgYmluCiAgICAgICAgICAgIGN1dAogICAg
 ICAgICAgICAuLgogICAgICAgICAgICBkYXRlCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIG12
 CiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIHBheAogICAgICAgICAgICAuLgoJLi4KICAgIC4u
 Ci4uCg==
 --f46d04440208031e6404efe5af72--

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.