NetBSD Problem Report #48514
From www@NetBSD.org Sun Jan 12 18:26:27 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id E709DA646B
for <gnats-bugs@gnats.NetBSD.org>; Sun, 12 Jan 2014 18:26:27 +0000 (UTC)
Message-Id: <20140112182626.04622A6475@mollari.NetBSD.org>
Date: Sun, 12 Jan 2014 18:26:26 +0000 (UTC)
From: yaneurabeya@gmail.com
Reply-To: yaneurabeya@gmail.com
To: gnats-bugs@NetBSD.org
Subject: nmtree segfaults on "malformed mtree files"
X-Send-Pr-Version: www-1.0
>Number: 48514
>Category: bin
>Synopsis: nmtree segfaults on "malformed mtree files"
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jan 12 18:30:00 +0000 2014
>Last-Modified: Tue Jan 14 03:25:00 +0000 2014
>Originator: Garrett Cooper
>Release: n/a
>Organization:
n/a
>Environment:
FreeBSD fuji-current.local 11.0-CURRENT FreeBSD 11.0-CURRENT #17 r258654+de0b0b0(master)-dirty: Tue Nov 5 23:31:59 PST 2013 root@fuji-current.local:/usr/obj/usr/src/sys/FUJI-NOCOMPAT i386
>Description:
Looks like the memory has already been scrubbed by jemalloc:
# mtree -deU -f /usr/src/etc/mtree/BSD.tests.dist -p /var/tmp/temproot/usr/
Segmentation fault (core dumped)
[root@ /usr/src]# gdb `which mtree` /var/tmp/temproot/usr/mtree.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `mtree'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libmd.so.6...done.
Loaded symbols for /lib/libmd.so.6
Reading symbols from /lib/libutil.so.9...done.
Loaded symbols for /lib/libutil.so.9
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x080529b5 in addchild (pathparent=0x5a5a5a5a, centry=0x2885d710) at /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
728 cur = pathparent->child;
(gdb) x *pathparent
Cannot access memory at address 0x5a5a5a5a
>How-To-Repeat:
fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/
>Fix:
>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 16:34:58 -0500
On Jan 12, 6:30pm, yaneurabeya@gmail.com (yaneurabeya@gmail.com) wrote:
-- Subject: bin/48514: nmtree segfaults on "malformed mtree files"
| fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
| mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/
I can't reproduce this on NetBSD/amd64.
christos
From: Garrett Cooper <yaneurabeya@gmail.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,
"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,
Brooks Davis <brooks@FreeBSD.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 17:32:15 -0800
> On Jan 12, 2014, at 13:40, christos@zoulas.com (Christos Zoulas) wrote:
>=20
> The following reply was made to PR bin/48514; it has been noted by GNATS.
>=20
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
> Cc:=20
> Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
> Date: Sun, 12 Jan 2014 16:34:58 -0500
>=20
> On Jan 12, 6:30pm, yaneurabeya@gmail.com (yaneurabeya@gmail.com) wrote:
> -- Subject: bin/48514: nmtree segfaults on "malformed mtree files"
>=20
> | fetch -o /tmp/BSD.tests.dist https://raw.github.com/yaneurabeya/freebsd/=
cfc6ad9bc622f4196577ecf38575ca78dfe5c005/etc/mtree/BSD.tests.dist
> | mtree -deU -f /tmp/BSD.tests.dist -p /var/tmp/temproot/usr/
>=20
> I can't reproduce this on NetBSD/amd64.
- I reproed this on FreeBSD/x86 originally.
- it might be local to my environment.
- not sure when our copy of mtree was switched from the FreeBSD version over=
to the netbsd version.
Christos,
What version of netbsd did you try and repro this on?
Thanks!
-Garrett=
From: christos@zoulas.com (Christos Zoulas)
To: Garrett Cooper <yaneurabeya@gmail.com>,
"gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,
"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,
Brooks Davis <brooks@FreeBSD.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 20:38:05 -0500
On Jan 12, 5:32pm, yaneurabeya@gmail.com (Garrett Cooper) wrote:
-- Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
| - I reproed this on FreeBSD/x86 originally.
| - it might be local to my environment.
| - not sure when our copy of mtree was switched from the FreeBSD version ove=
| r to the netbsd version.
|
| Christos,
|
| What version of netbsd did you try and repro this on?
current as of:
NetBSD quasar.astron.com 6.99.28 NetBSD 6.99.28 (QUASAR) #42: Fri Dec 27 13:31:17 EST 2013 christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
Can you show a gdb full stack trace to see the path it took?
christos
From: Garrett Cooper <yaneurabeya@gmail.com>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Sun, 12 Jan 2014 20:44:37 -0800
On Jan 12, 2014, at 5:40 PM, Christos Zoulas <christos@zoulas.com> =
wrote:
> The following reply was made to PR bin/48514; it has been noted by =
GNATS.
>=20
> From: christos@zoulas.com (Christos Zoulas)
> To: Garrett Cooper <yaneurabeya@gmail.com>,=20
> "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
> Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,=20
> "netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>,=20
> Brooks Davis <brooks@FreeBSD.org>
> Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
> Date: Sun, 12 Jan 2014 20:38:05 -0500
>=20
> On Jan 12, 5:32pm, yaneurabeya@gmail.com (Garrett Cooper) wrote:
> -- Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
>=20
> | - I reproed this on FreeBSD/x86 originally.
> | - it might be local to my environment.
> | - not sure when our copy of mtree was switched from the FreeBSD =
version ove=3D
> | r to the netbsd version.
> |=20
> | Christos,
> |=20
> | What version of netbsd did you try and repro this on?
>=20
> current as of:
> NetBSD quasar.astron.com 6.99.28 NetBSD 6.99.28 (QUASAR) #42: Fri Dec =
27 13:31:17 EST 2013 =
christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
>=20
> Can you show a gdb full stack trace to see the path it took?
It worked with amd64 of the same vintage=85 weird=85
-Garrett=
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Tue, 14 Jan 2014 02:51:30 +0000
On Mon, Jan 13, 2014 at 04:45:01AM +0000, Garrett Cooper wrote:
> It worked with amd64 of the same vintage=85 weird=85
32/64 bugs don't only bite 64-bit platforms :-/
--
David A. Holland
dholland@netbsd.org
From: Garrett Cooper <yaneurabeya@gmail.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@netbsd.org>
Cc: "gnats-admin@netbsd.org" <gnats-admin@netbsd.org>,
"netbsd-bugs@netbsd.org" <netbsd-bugs@netbsd.org>
Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
Date: Mon, 13 Jan 2014 19:21:09 -0800
--f46d04440208031e6404efe5af72
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Jan 13, 2014 at 6:55 PM, David Holland <dholland-bugs@netbsd.org> wrote:
> The following reply was made to PR bin/48514; it has been noted by GNATS.
>
> From: David Holland <dholland-bugs@netbsd.org>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/48514: nmtree segfaults on "malformed mtree files"
> Date: Tue, 14 Jan 2014 02:51:30 +0000
>
> On Mon, Jan 13, 2014 at 04:45:01AM +0000, Garrett Cooper wrote:
> > It worked with amd64 of the same vintage=85 weird=85
>
> 32/64 bugs don't only bite 64-bit platforms :-/
First off, I forgot that I enabled MALLOC_PRODUCTION on my amd64 host.
Secondly, my BSD.test.dist file is different on my amd64 and i386
hosts. I attached the failing file for reference. Note that tests/bin/
is duplicated -- that's the key to reproing this issue on FreeBSD (I
did that on purpose before to diff reduce between mainline FreeBSD and
my fork so I didn't have to deal with as many merge conflicts; this
works with fmtree and not nmtree on FreeBSD):
tests
bin
cut
..
date
..
mv
..
pax
..
..
..
I've attached the full backtrace with some more info.
Thanks!
-Garrett
[root@fbsd-vm /usr/src/usr.sbin/nmtree]# gdb `which nmtree`
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) set args -deU -f /usr/src/etc/mtree/BSD.tests.dist -p
/var/tmp/temproot/usr/
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/sbin/nmtree -deU -f
/usr/src/etc/mtree/BSD.tests.dist -p /var/tmp/temproot/usr/
line 6: {/set type=dir uname=root gname=wheel mode=0755}
line 7: {.}
line 8: {include}
line 9: {atf-c}
line 10: {..}
line 11: {atf-c++}
line 12: {..}
line 13: {..}
line 14: {share}
line 15: {atf}
line 16: {..}
line 17: {doc}
line 18: {atf}
line 19: {..}
line 20: {..}
line 21: {..}
line 22: {tests}
line 23: {bin}
line 24: {date}
line 25: {..}
line 26: {mv}
line 27: {..}
line 28: {pax}
line 29: {..}
line 30: {sh}
line 31: {builtins}
line 32: {..}
line 33: {errors}
line 34: {..}
line 35: {execution}
line 36: {..}
line 37: {expansion}
line 38: {..}
line 39: {parameters}
line 40: {..}
line 41: {parser}
line 42: {..}
line 43: {set-e}
line 44: {..}
line 45: {..}
line 46: {test}
line 47: {..}
line 48: {..}
line 49: {lib}
line 50: {atf}
line 51: {libatf-c}
line 52: {..}
line 53: {libatf-c++}
line 54: {..}
line 55: {test-programs}
line 56: {..}
line 57: {..}
line 58: {libcrypt}
line 59: {..}
line 60: {..}
line 61: {libexec}
line 62: {atf}
line 63: {atf-check}
line 64: {..}
line 65: {..}
line 66: {..}
line 67: {share}
line 68: {examples}
line 69: {tests}
line 70: {atf}
line 71: {..}
line 72: {plain}
line 73: {..}
line 74: {..}
line 75: {..}
line 76: {..}
line 77: {usr.bin}
line 78: {atf}
line 79: {atf-sh}
line 80: {..}
line 81: {..}
line 82: {..}
line 83: {..}
line 84: {tests}
line 85: {bin}
Program received signal SIGSEGV, Segmentation fault.
0x080529d5 in addchild (pathparent=0x5a5a5a5a, centry=0x2884d710) at
/usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
728 cur = pathparent->child;
(gdb) bt
#0 0x080529d5 in addchild (pathparent=0x5a5a5a5a, centry=0x2884d710)
at /usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:728
#1 0x08051130 in spec (fp=0x281e2700) at
/usr/src/usr.sbin/nmtree/../../contrib/mtree/spec.c:260
#2 0x080538a1 in verify (fi=0x281e2700) at
/usr/src/usr.sbin/nmtree/../../contrib/mtree/verify.c:71
#3 0x0805080a in main (argc=0, argv=0xbfbfdc88) at
/usr/src/usr.sbin/nmtree/../../contrib/mtree/mtree.c:309
--f46d04440208031e6404efe5af72
Content-Type: application/octet-stream; name="BSD.tests.dist"
Content-Disposition: attachment; filename="BSD.tests.dist"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hqelfsph0
IyAkRnJlZUJTRCQKIwojIFBsZWFzZSBzZWUgdGhlIGZpbGUgc3JjL2V0Yy9tdHJlZS9SRUFETUUg
YmVmb3JlIG1ha2luZyBjaGFuZ2VzIHRvIHRoaXMgZmlsZS4KIwoKL3NldCB0eXBlPWRpciB1bmFt
ZT1yb290IGduYW1lPXdoZWVsIG1vZGU9MDc1NQouCiAgICBpbmNsdWRlCiAgICAgICAgYXRmLWMK
ICAgICAgICAuLgogICAgICAgIGF0Zi1jKysKICAgICAgICAuLgogICAgLi4KICAgIHNoYXJlCiAg
ICAgICAgYXRmCiAgICAgICAgLi4KICAgICAgICBkb2MKICAgICAgICAgICAgYXRmCiAgICAgICAg
ICAgIC4uCiAgICAgICAgLi4KICAgIC4uCiAgICB0ZXN0cwogICAgICAgIGJpbgogICAgICAgICAg
ICBkYXRlCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIG12CiAgICAgICAgICAgIC4uCiAgICAg
ICAgICAgIHBheAogICAgICAgICAgICAuLgogICAgICAgICAgICBzaAogICAgICAgICAgICAgICAg
YnVpbHRpbnMKICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICBlcnJvcnMKICAgICAg
ICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICBleGVjdXRpb24KICAgICAgICAgICAgICAgIC4u
CiAgICAgICAgICAgICAgICBleHBhbnNpb24KICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAg
ICAgICBwYXJhbWV0ZXJzCiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgcGFyc2Vy
CiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgc2V0LWUKICAgICAgICAgICAgICAg
IC4uCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIHRlc3QKICAgICAgICAgICAgLi4KICAgICAg
ICAuLgogICAgICAgIGxpYgogICAgICAgICAgICBhdGYKICAgICAgICAgICAgICAgIGxpYmF0Zi1j
CiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAgICAgbGliYXRmLWMrKwogICAgICAgICAg
ICAgICAgLi4KICAgICAgICAgICAgICAgIHRlc3QtcHJvZ3JhbXMKICAgICAgICAgICAgICAgIC4u
CiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIGxpYmNyeXB0CiAgICAgICAgICAgIC4uCiAgICAg
ICAgLi4KICAgICAgICBsaWJleGVjCiAgICAgICAgICAgIGF0ZgogICAgICAgICAgICAgICAgYXRm
LWNoZWNrCiAgICAgICAgICAgICAgICAuLgogICAgICAgICAgICAuLgogICAgICAgIC4uCiAgICAg
ICAgc2hhcmUKICAgICAgICAgICAgZXhhbXBsZXMKICAgICAgICAgICAgICAgIHRlc3RzCiAgICAg
ICAgICAgICAgICAgICAgYXRmCiAgICAgICAgICAgICAgICAgICAgLi4KICAgICAgICAgICAgICAg
ICAgICBwbGFpbgogICAgICAgICAgICAgICAgICAgIC4uCiAgICAgICAgICAgICAgICAuLgogICAg
ICAgICAgICAuLgogICAgICAgIC4uCiAgICAgICAgdXNyLmJpbgogICAgICAgICAgICBhdGYKICAg
ICAgICAgICAgICAgIGF0Zi1zaAogICAgICAgICAgICAgICAgLi4KICAgICAgICAgICAgLi4KICAg
ICAgICAuLgogICAgLi4KICAgIHRlc3RzCiAgICAgICAgYmluCiAgICAgICAgICAgIGN1dAogICAg
ICAgICAgICAuLgogICAgICAgICAgICBkYXRlCiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIG12
CiAgICAgICAgICAgIC4uCiAgICAgICAgICAgIHBheAogICAgICAgICAgICAuLgoJLi4KICAgIC4u
Ci4uCg==
--f46d04440208031e6404efe5af72--
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.