Nut upsuser - Feb 2009 - NUT 2.4.1 crashes on FreeBSD - additional info

Hi Volker,

I forward your request to the user list since I don't currently have much
time to process it.
quickly testing 2.4.1, I wasn't able to reproduce it.

a question: was it working with the exact same context/config with 2.2.2?

cheers,
Arnaud
-- 
Linux / Unix Expert R&D - Eaton - http://www.eaton.com/mgeops
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://people.debian.org/~aquette/
Free Software Developer - http://arnaud.quette.free.fr/

2009/2/18 Volker Theile <votdev at gmx.de>
> Hi again,
>
> forgot to mention that i did the tests the following way:
>
> freenas:~# setenv UPSNAME ups
> freenas:~# setenv NOTIFYTYPE ONLINE
> freenas:~# upssched
> Executing command: resume
> Segmentation fault (core dumped)
>
> freenas:~# truss upssched
> __sysctl(0xbfbfea24,0x2,0xbfbfea2c,0xbfbfea30,0x0,0x0) = 0 (0x0)
> mmap(0x0,280,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 671584256 (0x28079000)
> munmap(0x28079000,280)                           = 0 (0x0)
> __sysctl(0xbfbfea88,0x2,0x28075d7c,0xbfbfea90,0x0,0x0) = 0 (0x0)
> mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) >
671584256 (0x28079000)
> issetugid(0x2806eeac,0xbfbfeb50,0x104,0x0,0x0,0x0) = 0 (0x0)
> open("/etc/libmap.conf",O_RDONLY,0666)           ERR#2 'No
such file or
> directory'
> open("/var/run/ld-elf.so.hints",O_RDONLY,00)     = 3 (0x3)
> read(3,"Ehnt\^A\0\0\0\M^@\0\0\0\^]\0\0\0"...,128) = 128 (0x80)
> lseek(3,0x80,SEEK_SET)                           = 128 (0x80)
> read(3,"/usr/lib:/usr/local/lib:/lib\0",29)      = 29 (0x1d)
> close(3)                                         = 0 (0x0)
> access("/usr/lib/libc.so.7",0)                   ERR#2 'No
such file or
> directory'
> access("/usr/local/lib/libc.so.7",0)             ERR#2 'No
such file or
> directory'
> access("/lib/libc.so.7",0)                       = 0 (0x0)
> open("/lib/libc.so.7",O_RDONLY,00)               = 3 (0x3)
> fstat(3,{ mode=-rwxr-xr-x ,inode=8054,size=1057976,blksize=4096 }) = 0
> (0x0)
> read(3,"\^?ELF\^A\^A\^A\t\0\0\0\0\0\0\0"...,4096) = 4096 (0x1000)
> mmap(0x0,1056768,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_NOCORE,3,0x0) >
671617024 (0x28081000)
> mprotect(0x28168000,4096,PROT_READ|PROT_WRITE|PROT_EXEC) = 0 (0x0)
> mprotect(0x28168000,4096,PROT_READ|PROT_EXEC)    = 0 (0x0)
> mmap(0x28169000,24576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0xe8000)
> = 672567296 (0x28169000)
>
mmap(0x2816f000,81920,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0)
> = 672591872 (0x2816f000)
> close(3)                                         = 0 (0x0)
> sysarch(0xa,0xbfbfeaf0,0x2804f16b,0x28074734,0x28060529,0x28074734) = 0
> (0x0)
> mmap(0x0,608,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 672673792 (0x28183000)
> munmap(0x28183000,608)                           = 0 (0x0)
> mmap(0x0,21112,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 672673792
> (0x28183000)
> munmap(0x28183000,21112)                         = 0 (0x0)
>
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0)
> = 0 (0x0)
> sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
> __sysctl(0xbfbfeaa4,0x2,0x2816fae0,0xbfbfeaac,0x0,0x0) = 0 (0x0)
>
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0)
> = 0 (0x0)
> sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
> __sysctl(0xbfbfe678,0x2,0x281738c0,0xbfbfe684,0x0,0x0) = 0 (0x0)
> __sysctl(0xbfbfe188,0x2,0x2818005c,0xbfbfe190,0x0,0x0) = 0 (0x0)
> __sysctl(0xbfbfe1d8,0x2,0xbfbfe1e4,0xbfbfe1e8,0x0,0x0) = 0 (0x0)
> readlink("/etc/malloc.conf",0xbfbfe277,1024)     ERR#2 'No
such file or
> directory'
> issetugid(0x28160aa0,0xbfbfe277,0x400,0xbfbfe684,0x0,0x0) = 0 (0x0)
> break(0x8100000)                                 = 0 (0x0)
> __sysctl(0xbfbfe514,0x2,0xbfbfe51c,0xbfbfe520,0x0,0x0) = 0 (0x0)
> mmap(0x0,1048576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) >
672673792 (0x28183000)
> mmap(0x28283000,512000,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0)
> 673722368 (0x28283000)
> munmap(0x28183000,512000)                        = 0 (0x0)
> open("/var/etc/upssched.conf",O_RDONLY,0666)     = 3 (0x3)
> fstat(3,{ mode=-rw------- ,inode=63,size=507,blksize=4096 }) = 0 (0x0)
> read(3,"CMDSCRIPT /usr/local/bin/upssche"...,4096) = 507 (0x1fb)
> socket(PF_LOCAL,SOCK_STREAM,0)                   = 4 (0x4)
> connect(4,{ AF_UNIX "/var/run/upssched.pipe" },106) ERR#2 'No
such file or
> directory'
> Executing command: resume
> write(2,"Executing command: resume\n",26)        = 26 (0x1a)
> gettimeofday({1234996218.667506 },0x0)           = 0 (0x0)
> SIGNAL 11 (SIGSEGV)
>
>  Hello,
>>
>> i'm the developer and project leader of FreeNAS which uses NUT UPS.
During
>> upgrading from 2.2.2 to 2.4 i realized that i get a core dump in
upssched
>> when an event occurs. During my research i found out that this happens
when
>> the line:
>>
>> AT ONBATT * START-TIMER shutdown 30
>>
>> is parsed. It crashed then in add_arg_word at the following line:
>>
>> ctx->arglist[argpos] = realloc(ctx->arglist[argpos], newlen);
>>
>> I looked at the code (and did a diff to the previous stable code) but
did
>> not find anything. I'm at the end of my knowledge now, so i want to
ask you
>> if you did have any idea?
>>
>> Regards
>> Volker Theile
>>
>> The output of some variables before the crash:
>>
>> argpos: 5
>> ctx->numargs: 6
>> ctx->maxargs: 5
>> ctx->wordbuf: 30
>> wbuflen: 2
>> ctx->argsize[argpos]: 0
>> ctx->arglist[argpos]: 0
>> newlen: 3
>>
>> gdb backtrace:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x280e84ad in realloc () from /lib/libc.so.7
>> (gdb)
>> (gdb)
>> (gdb)
>> (gdb)
>> (gdb) bt
>> #0  0x280e84ad in realloc () from /lib/libc.so.7
>> #1  0x0804ba40 in add_arg_word (ctx=0xbfbfe8f4) at parseconf.c:152
>> #2  0x0804bc18 in endofword (ctx=0xbfbfe8f4) at parseconf.c:212
>> #3  0x0804bedb in collect (ctx=0xbfbfe8f4) at parseconf.c:317
>> #4  0x0804c2e5 in parse_char (ctx=0xbfbfe8f4) at parseconf.c:449
>> #5  0x0804c41d in pconf_file_next (ctx=0xbfbfe8f4) at parseconf.c:499
>> #6  0x0804a9e0 in checkconf () at upssched.c:874
>> #7  0x0804aaa9 in main () at upssched.c:924
>> (gdb)
>>
>> upssched.conf:
>>
>> CMDSCRIPT /usr/local/bin/upssched-cmd
>> PIPEFN /var/run/upssched.pipe
>> LOCKFN /var/run/upssched.lock
>>
>> AT COMMOK * EXECUTE notify
>> AT COMMBAD * EXECUTE notify
>> AT REPLBATT * EXECUTE notify
>> AT NOCOMM * EXECUTE notify
>> AT FSD * EXECUTE forced-shutdown
>> AT NOPARENT * EXECUTE notify
>> AT SHUTDOWN * EXECUTE notify
>> AT ONLINE * CANCEL-TIMER shutdown
>> AT ONLINE * EXECUTE resume
>> AT ONBATT * START-TIMER shutdown 30
>> AT ONBATT * EXECUTE shutdown-warning
>> AT LOWBATT * START-TIMER shutdown
>> AT LOWBATT * EXECUTE shutdown-warning
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20090219/5b0b59ef/attachment.htm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thu, 19 Feb 2009, Arnaud Quette wrote:
> Hi Volker,
>
> I forward your request to the user list since I don't currently have
much
> time to process it.
> quickly testing 2.4.1, I wasn't able to reproduce it.
>
> a question: was it working with the exact same context/config with 2.2.2?
Dear Arnaud and Volker,

attached is a very small patch which fixes the problem.
I don't know when this obviously wrong change slipped in as i'm not the 
big expert in working with SVN and the web frontends where not really 
helpful.

Anyway, i will submit a PR for the FreeBSD port now, that we get back a 
fully functional version in the tree.

Kind regards
Joerg

- -- 
The beginning is the most important part of the work.
 				-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iD8DBQFJnbELSPOsGF+KA+MRAqukAJ0RFX6UbTj6l+5rZTdWQmpjGnRXzgCeP4yU
sws8IUikZzpfm8Yptw6ftm4=9qu/
-----END PGP SIGNATURE-----
-------------- next part --------------
--- clients/upssched.c.orig	2009-02-19 20:01:40.000000000 +0100
+++ clients/upssched.c	2009-02-19 20:02:00.000000000 +0100
@@ -595,7 +595,7 @@
 	int	pipefd, ret;
 	struct	sockaddr_un saddr;
 
-	memset(&sa, '\0', sizeof(saddr));
+	memset(&saddr, '\0', sizeof(saddr));
 	saddr.sun_family = AF_UNIX;
 	snprintf(saddr.sun_path, sizeof(saddr.sun_path), "%s", pipefn);