NetBSD Problem Report #49284

From gson@gson.org  Tue Oct 14 09:37:03 2014
Return-Path: <gson@gson.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id D5095A668A
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 14 Oct 2014 09:37:03 +0000 (UTC)
Message-Id: <20141014093655.5E115745341@guava.gson.org>
Date: Tue, 14 Oct 2014 12:36:55 +0300 (EEST)
From: gson@gson.org (Andreas Gustafsson)
Reply-To: gson@gson.org (Andreas Gustafsson)
To: gnats-bugs@gnats.NetBSD.org
Subject: sysinst segfaults when configuring network manually
X-Send-Pr-Version: 3.95

>Number:         49284
>Category:       install
>Synopsis:       sysinst segfaults when configuring network manually
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    install-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 14 09:40:00 +0000 2014
>Closed-Date:    Thu Oct 16 10:26:07 +0000 2014
>Last-Modified:  Thu Oct 16 10:26:07 +0000 2014
>Originator:     Andreas Gustafsson
>Release:        NetBSD-current, releng daily build of 201410140110Z
>Organization:
>Environment:
System: NetBSD
Architecture: x86_64
Machine: amd64
>Description:

About a week ago, during the period of build breakage between CVS
dates 2014.10.07.21.50.36 and 2014.10.08.05.44.03, sysinst started
segfaulting during installation when the network is configured
manually (as opposed to using autoconfiguration).  The segfault
occurs at the point where the network configuration has been entered
and approved by answering "yes" to the question "Are they OK?".

Most of the changes made during the period in case involved the libc
time facilities, with the commit message "Sync with tzcode2014h".
I suspect the crash happens when sysinst calls ctime() as part
of setting up /etc/resolv.conf, in src/usr.sbin/sysinst/net.c:

               scripting_fprintf(f, ";\n; BIND data file\n; %s %s;\n",
                    "Created by NetBSD sysinst on", ctime(&now));

This suspicion is supported by the presence of a zero-byte resolv.conf
after the crash.

I have only been able to reproduce this when booting from the install
media, and not by running sysinst on an already-installed system.
This makes the problem hard to track down since the install media lack
debugging tools.

>How-To-Repeat:

Assuming the 201410140110Z build is still on nyftp:

  pkg_add qemu
  ftp http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/201410140110Z/amd64/installation/cdrom/boot-com.iso
  qemu-system-x86_64 -nographic -cdrom boot-com.iso

Then answer the prompts as follows:

  Terminal type (just hit ENTER for 'vt220'): vt220
  a: Installation messages in English         
  Keyboard type a: unchanged
  e: Utility menu
  c: Configure network
  a: wm0
  network media type: autoselect
  Perform autoconfiguration? b: No
  Your host name: foo
  Your DNS domain: bar
  Your IPv4 number: 10.0.0.2
  IPv4 Netmask [0xff000000]: 255.0.0.0
  IPv4 gateway: 10.0.0.1
  Select DNS server: a: google-public-dns-a.google.com (IPv4)
  Are they OK? a: Yes

After selecting the final "Yes", you will see:

  [1]   Segmentation fault      ${cmd}
  To return to the installer, quit this shell by typing 'exit' or ^D.
  #                 

>Fix:

>Release-Note:

>Audit-Trail:
From: Andreas Gustafsson <gson@gson.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: install/49284: sysinst segfaults when configuring network manually
Date: Tue, 14 Oct 2014 13:24:58 +0300

 Here's another data point in support of the hypothesis that the
 segfault is ctime() related, and a simpler way of triggering it:

 If you boot the install CD, escape to a shell from sysinst and run
 "sysctl -a", sysctl segfaults after printing the value of
 kern.ipc.semmnu.  The next variable would have been kern.boottime,
 which is also the first and only variable that is formatted using
 ctime().
 -- 
 Andreas Gustafsson, gson@gson.org

From: Andreas Gustafsson <gson@gson.org>
To: gnats-bugs@NetBSD.org
Cc: christos@NetBSD.org
Subject: Re: install/49284: sysinst segfaults when configuring network manually
Date: Wed, 15 Oct 2014 18:03:55 +0300

 I managed to get a stack trace from the crashing "sysctl -a" by
 booting the install media, mounting a disk image containing an
 installed system built with MKDEBUG=YES on /mnt, and setting up a
 twisty little maze of null and union mounts to get the necessary
 libraries and debug symbol files to show up in the right places.

 Here's where it's crashing:

 (gdb) where
 #0  0x00007f7ff74ae212 in settzname ()
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:307
 #1  tzsetlcl (name=<optimized out>)
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:1243
 #2  0x00007f7ff74ae361 in tzset_unlocked ()
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:1260
 #3  0x00007f7ff74afc08 in localtime_tzset (setname=true, tmp=0x7f7ff7768dc0, 
     timep=0x7f7fffffcd30)
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:1427
 #4  __locatime50 (timep=timep@entry=0x7f7fffffcd30)
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:1438
 #5  0x00007f7ff74afdae in __ctime50 (timep=timep@entry=0x7f7fffffcd30)
     at /tmp/bracket/build/2014.10.15.06.57.27-amd64-debug/src/lib/libc/time/localtime.c:1675
 [...]
 (gdb) l
 302             ** And to get the latest zone names into tzname. . .
 303             */
 304             for (i = 0; i < sp->typecnt; ++i) {
 305                     const struct ttinfo * const     ttisp = &sp->ttis[i];
 306     
 307                     tzname[ttisp->tt_isdst] = &sp->chars[ttisp->tt_abbrind];
 308     #ifdef USG_COMPAT
 309                     if (ttisp->tt_isdst)
 310                             daylight = 1;
 311                     if (!ttisp->tt_isdst)

 and *sp contains garbage:

 (gdb) print *sp
 $36 = {leapcnt = 808475203, timecnt = 12340, typecnt = 318726532, 
   charcnt = 19884106, goback = false, goahead = false, ats = {54100216535619, 
     85401585298923907, 8751729935641018392, 54100216535619, 85401585298923906, 
     8751747527827062808, 55199728163395, 85401585298923905, 
     8751729935641018392, 55199728163395, 85401585298923904, 
 [...]

 I think what happens is that the malloced block pointed to by "lclptr"
 never gets initialized.  It is malloced in tzsetlcl() which tries to
 initialize it by calling zoneinit(), which in turn calls tzload().
 The tzload() fails, causing zoneinit() to return NULL, but tzsetcl()
 never checks the return value from zoneinit() and proceeds to call
 settzname() with lclptr still pointing to uninitialized data.
 -- 
 Andreas Gustafsson, gson@gson.org

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/49284 CVS commit: src/lib/libc/time
Date: Wed, 15 Oct 2014 11:13:45 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Wed Oct 15 15:13:45 UTC 2014

 Modified Files:
 	src/lib/libc/time: localtime.c

 Log Message:
 PR/49284: Andreas Gustafsson: sysinst segfaults when configuring network
 manually. When tzload() fails called from zoneinit(), when trying to set the
 local timezone for the first time in tzsetlcl(), we end up with a lclptr
 that contains garbage, so settzname() core-dumps.

 Thanks Andreas for the analysis!


 To generate a diff of this commit:
 cvs rdiff -u -r1.88 -r1.89 src/lib/libc/time/localtime.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: christos@zoulas.com (Christos Zoulas)
To: Andreas Gustafsson <gson@gson.org>, gnats-bugs@NetBSD.org
Cc: 
Subject: Re: install/49284: sysinst segfaults when configuring network manually
Date: Wed, 15 Oct 2014 11:17:04 -0400

 On Oct 15,  6:03pm, gson@gson.org (Andreas Gustafsson) wrote:
 -- Subject: Re: install/49284: sysinst segfaults when configuring network man

 | I managed to get a stack trace from the crashing "sysctl -a" by
 | booting the install media, mounting a disk image containing an
 | installed system built with MKDEBUG=YES on /mnt, and setting up a
 | twisty little maze of null and union mounts to get the necessary
 | libraries and debug symbol files to show up in the right places.

 Thanks,  I think I fixed it.

 christos

State-Changed-From-To: open->closed
State-Changed-By: gson@NetBSD.org
State-Changed-When: Thu, 16 Oct 2014 10:26:07 +0000
State-Changed-Why:
Confirmed fixed by src/lib/libc/time/localtime.c 1.89.


>Unformatted:

Home	PR Database Search