segfault in inadyn-mt

[Miyamoto]

Tach zusammen!
Hat außer mir noch jemand das Problem, daß inadyn-mt nicht tut?
Zur Situation:

• 7390 mit Trunk r6611, kompiliert auf aktuellem Kubuntu 10.10 (keine VM)
• inadyn-mt konfiguriert
• Start wird quittiert -> kein passender Prozeß in ps-Ausgabe
• In der Dienste-Übersicht steht es wieder als gestoppt drin

Auf der Kommandozeile auf der Box endet jeder Aufruf (mit Ausnahme von --help) mit einem Segmentation Fault. :gruebel:

Wie könnte ich hier weiterkommen?

 

[frank_m24]

Jup, jetzt wo du es sagst. Ist mir auch aufgefallen (Firmware siehe Signatur). Ist dann aber irgendwie in Vergessenheit geraten, und ich habs noch nicht näher analysiert, bzw. das Forum und Trac nach Lösungen durchforstet. (Letzteres ist der erste Hinweis bezgl. des Weiterkommens).

 

[olistudent]

Wir haben noch opendd als Paket. Bitte nehmt das. inadyn-mt ist in vielen Belangen nicht stabil...

Gruß
Oliver

 

[Bryan Hoover]

Sorry für Ihre Mühe.

Ich frage mich, wenn Sie Log-Ausgabe könnte Post? (mit versuchen - debug 7).

Ich würde mich sehr interessieren, um das Problem zu kennen.

Meine Vermutung ist, möglicherweise nur kleine Stack-Größe.

Kompilieren von Grund auf neu?

Wenn ja, versuchen Sie:

./ configure --disable-sound --enable-debug
make

ausführbare Datei wird in ./src Verzeichnis.

Wenn Englisch sprechen, geben Sie bitte einen Fehlerbericht hier:

https://sourceforge.net/tracker/?group_id=209367&atid=1009430

(Anmeldung erforderlich bis sf).

Grüße,

Bryan

 

[olistudent]

Hi Bryan.
It's a pleasure to read you here. The problem is that we are using version 2.12.24 of inadyn-mt because of the multi-services.patch. For me the segfault disappears if I turn of the optimisation flag (-Os). This makes debugging very difficult.

Regards
Oliver

 

[Bryan Hoover]

Mich würde interessieren zu erfahren, was das Problem ist. Wäre schön, einige Log-Ausgang, und die Befehlszeile verwendet werden, um das Programm zu starten sehen.

Angesichts dieser, kann ich den Patch anwenden und versuchen, das Problem zu duplizieren.

Bryan

 

[Bryan Hoover]

Ja, viele Veränderungen seit dieser Version.

Ich habe die neueste Version gepatcht:

http://sourceforge.net/tracker/?func=detail&aid=3258189&group_id=209367&atid=1009432

Mehrere Update-Server in einzelnen Programm-Instanz.

* nix-Systemen, kopieren Sie die komprimierte Patch inadyn-mt.v.02.24.34 und Ausgabe:

patch -p1 <./inadyn-mt-ms-02.24.34.patch

Siehe dyndns_system, ip_server_name, ip_server_name_global Optionen readme.html und / oder Mann-Dateien.

Grüße,
Bryan

 

[Bryan Hoover]

Vergessen zu erwähnen. Wenn kompilieren, kann wünschen Sound-Funktionalität ausschließen, so:

./configure --disable-sound
make

oder

./configure --disable-sound --enable-threads
make

Kann auch makefile-deprecated

cp makefile-deprecated makefile (keine Optionen, es sei denn, damit wollen)

make

oder

make USE_SOUND=1 USE_THREADS=1

Es gibt auch andere Optionen (siehe konfigurieren helfen, oder das Make-Datei).

Grüße,
Bryan

 

[MaxMuster]

Falls es mal jemand ausprobieren möchte (mit --enable debug). Übersetzt und das Binary gibt die Hilfe aus, noch nicht mit GUI getestet.


@Bryan
I included your patch "seded" to fit our script (doing a "patch -p0" ;-))
BTW: You might also post in english, if it is more convenient for you



Jörg


EDIT:
Erstes Ergebnis: Manchmal Segfault (abhängig von der Anzahl der Parameter?)
Mit Config-File bekomme ich es nicht gestartet (Invalid option name at position XXX ('(null)') oder auch "Segfault)

First Test:
Binary will somtimes segfault seems depending on command line parameters ???
I didn't get it working using an input-file (leading to Invalid option name at position XXX ('(null)') or "Segfault)

Command Line:

root@fritz:/var/tmp# inadyn-mt -u username -p password -a my.registrated.name
Sat Jan  1 01:23:43 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 01:23:43 2000: I:PATH: Found program meta file:  (null)...
Segmentation fault
root@fritz:/var/tmp# inadyn-mt -u username -p password -a my.registrated.name --verbose 0
Sat Jan  1 01:23:59 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 01:23:59 2000: I:PATH: Found program meta file:  ...
Sat Jan  1 01:23:59 2000: S:INADYN: Started 'inadyn-mt version (null)' - dynamic DNS updater.
Sat Jan  1 01:23:59 2000: I:DYNDNS: dyn_dns_update_ip entering connect loop...
Sat Jan  1 01:24:00 2000: I:INADYN: Entering Loop.  Got 0 sockets...
Sat Jan  1 01:24:00 2000: I:INADYN: In It.  SOCKET family:  (null)...
Sat Jan  1 01:24:00 2000: I:INADYN: Transaction 0 DONE...
Sat Jan  1 01:24:00 2000: I:DYNDNS: IP server response: (null)
Sat Jan  1 01:24:00 2000: I:INADYN: GONNA PARSE...
Sat Jan  1 01:24:00 2000: N:DYNDNS: My IP address: (null)
Sat Jan  1 01:24:00 2000: I:DYNDNS: dyn_dns_update_ip checking alias table...
Sat Jan  1 01:24:00 2000: W:INADYN: IP address for alias '(null):(null)' needs update to '(null)'...
Sat Jan  1 01:24:00 2000: I:DYNDNS: dyn_dns_update_ip entering update loop...
Sat Jan  1 01:24:00 2000: OS_UNIX: Signal '0x0' received. Sending 'Shutdown cmd'.
Sat Jan  1 01:24:00 2000: E:INADYN: Init error:  (null) updating alias (null)
Sat Jan  1 01:24:00 2000: W:INADYN: One or more (0) alias updates failed...
Sat Jan  1 01:24:00 2000: W:DYNDNS: Failed updating alias table...
Sat Jan  1 01:24:00 2000: W:'(null)' (0x0) updating the IPs. (it 0)
Sat Jan  1 01:24:00 2000: D:INADYN: STOP command received. Exiting.
root@fritz:/var/tmp#

Using File:

root@fritz:/var/tmp# cat inadyn.conf 
u username
p password
a my.registrated.name
root@fritz:/var/tmp# inadyn-mt --input_file /tmp/inadyn.conf
Sat Jan  1 01:24:37 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 01:24:37 2000: I:PATH: Found program meta file:  (null)...
Sat Jan  1 01:24:37 2000: W:GETCMD: Invalid option name at position 0 ('(null)')



			INADYN-MT Help

[... you know the help/usage message  ;-) ...]

Sat Jan  1 01:24:37 2000: W:MAIN: Main: Error '(null)' (0x0).
root@fritz:/var/tmp#
root@fritz:/var/tmp# inadyn-mt --input_file /tmp/inadyn.conf --verbose 0
Sat Jan  1 01:24:43 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 01:24:43 2000: I:PATH: Found program meta file:  (null)...
Segmentation fault
root@fritz:/var/tmp#

 

[Bryan Hoover]

Interessant, alle Nullen in der Debug-Ausgabe.

Die erste Debug-Ausgabe:

Sa 01.23.59 1. Januar 2000: I: SPRACHE: Language file Suche locale: (null) ...

steht im Einklang mit Programm, wenn setlocale (LC_ALL, "") null zurück. Ich nehme an, das ist, was passiert ist.

Aber bedeutet dies nicht allgemein Konto für die Probleme, die Sie sehen. Obwohl es sein könnte, Freetz Input / Output-Subsystem ist nicht der Bewältigung der Null, gleich aus welchem ​​Grund? Und dies ist in den nachfolgenden NULL resultierende in Debug-Ausgabe? Die Suche locale NULL ist die einzige in Kongruenz mit Programm.

Eine weitere Möglichkeit, die mir einfällt ist, dass die Debug-Ausgabe-Routinen kann eine Menge Stack verwenden, und konnte die Korruption dort sein?

So testen Sie die NULL locale Idee, ich habe ein anderes Patch, dass die Sprache Code null eliminiert erstellt.

http://sourceforge.net/tracker/download.php?group_id=209367&atid=1009432&file_id=406013&aid=3258189

Ich hoffe, Sie arbeiten mit mir nach unten zu verfolgen. Ich bin sehr daran interessiert zu sehen, was los ist.

(Ja, ich bin mit Google Translate. Ich habe nichts dagegen. Aber wenn Google ist nicht die Übersetzung gut, und Sie lieber verwende ich Englisch, kein Problem.)

Grüße,
Bryan

 

[olistudent]

We will understand you much better if you write in English. ;-)

Oliver

 

[Bryan Hoover]

Okay, well I'll post again in case was too opaque.

It's interesting, all the NULL's in debug output following the the one about locale and languge file search.

The first debug output:

Sat 1st 1:23:59 January 2000: I: LANGUAGE: Language file locale Search: (null) ...

is in line with program, when setlocale (LC_ALL, "") returns null. I suppose that's what happened.

But this does not generally account for the problems you see. Although it could be Freetz input/output subsystem is not coping with the NULL in the first debug output, for whatever reason? And this is resulting in the subsequent NULL's in debug output? The search locale null, is the only one in congruence with the program -- the only one that makes sense -- the other NULL's must be memory corruption related to the first NULL.

Another possibility that occurs to me is that the debug output routines can use a lot of stack, and this could be the cause of corruption?

To test the null locale idea I have another patch that eliminates the language code NULL.

http://sourceforge.net/tracker/download.php?group_id=209367&atid=1009432&file_id=406013&aid=3258189

I hope you will work with me to track this down. I am very interested to see what's going on.

Regards,
Bryan

 

[RalfFriedl]

The printf from the library is coping with NULL for %s, otherwise there would be no output of "(null)", but instead a segfault.

On the other hand, set debug output function may be broken. Notice also "Signal '0x0' received". The signal number can't be 0.

 

[Bryan Hoover]

Yes, well, clearly there is corruption somewhere. But, I'm am unable to reproduce it on Windows 2000 Prof, Ubuntu, Fedora, or FreeBSD.

Sat Jan 1 01:24:00 2000: I:INADYN: Entering Loop. Got 0 sockets...
Sat Jan 1 01:24:00 2000: I:INADYN: In It. SOCKET family: (null)...

It is impossible, "Entering Loop" if sockets count (loop invariant) is 0. (rofl)

But, seriously...Wacky stack?

Bryan

 

[olistudent]

I did a test on a bit different hardware than MaxMuster's. I used your first patch (not the one from yesterday).

root@fritz:/var/mod/root# ./inadyn-mt-fault
Segmentation fault

Some gdb output:

Starting program: /var/mod/root/inadyn-mt

Breakpoint 1, langStr (szDest=0x7fad6a60 "",
    szDefault=0x7fad7260 ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????, buff_size=2048) at lang.c:742
742     lang.c: No such file or directory.
        in lang.c
(gdb) next
744     in lang.c
(gdb)
761     in lang.c
(gdb)

Program received signal SIGSEGV, Segmentation fault.
0x2ab093b4 in ?? () from /lib/libc.so.0
(gdb) bt
#0  0x2ab093b4 in ?? () from /lib/libc.so.0
---
(gdb) bt
#0  langStr (szDest=0x7f887010 "",
    szDefault=0x7f887810 ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????, buff_size=2048) at lang.c:744
#1  0x00407a18 in formatted_message (message=0x7f888050 "",
    fmt=<value optimized out>, args=<value optimized out>,
    is_wide=<value optimized out>, buff_size=2048) at os.c:276
#2  0x00407e10 in os_printf (prio=6,
    fmt=0x4147b8 ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????) at os.c:526
#3  0x0040d30c in init_lang_strings (pLOG_FILE=0x0, szLocale=0x2ab51140 ??????)
    at lang.c:662
#4  0x00408048 in main (argc=1, argv=0x7f8889b4) at os_unix.c:224

No I did some digging and added "-fno-caller-saves" to the cflags:

Thu Mar 31 16:36:03 2011: I:LANG: Language file search locale:  C...
Thu Mar 31 16:36:03 2011: W:LANG: Cannot open language file.  Will use english defaults, or default override (--lang_file <path/file_name>...)
Thu Mar 31 16:36:03 2011: I:CMD_OPTS: Attempting using default config file /etc/inadyn-mt.conf
Thu Mar 31 16:36:03 2011: W:CMD_OPTS: Cannot open cfg file:/etc/inadyn-mt.conf
Thu Mar 31 16:36:03 2011: W:GETCMD: Error parsing option 2 ('--input_file')
Thu Mar 31 16:36:03 2011: I:CMD_OPTS: Attempting using default config file /etc/inadyn-mt/inadyn-mt.conf
Thu Mar 31 16:36:03 2011: W:CMD_OPTS: Cannot open cfg file:/etc/inadyn-mt/inadyn-mt.conf
Thu Mar 31 16:36:03 2011: W:GETCMD: Error parsing option 2 ('--input_file')
Thu Mar 31 16:36:03 2011: I:CMD_OPTS: Attempting using default config file /etc/inadyn.conf
Thu Mar 31 16:36:03 2011: W:CMD_OPTS: Cannot open cfg file:/etc/inadyn.conf
Thu Mar 31 16:36:03 2011: W:GETCMD: Error parsing option 2 ('--input_file')
...

Thu Mar 31 16:36:03 2011: W:MAIN: Main: Error 'RC_FILE_IO_OPEN_ERROR' (0x70).

It does not happen with "-O0 -fcaller-saves" so there must be some interaction with another optimisation flag.

Regards
Oliver

 

[MaxMuster]

Not sure, but maybe this can help?

It seems to me the SEGFAULT depends on the command line (tried with your latest patch):
It segfaults with Params: "-u user -p pass -a a"
It "works" with "-u user -p pass -a account"
It segfaults with Params: "-u user -p pass -a acco"

(gdb) run -u user -p pass -a a
Starting program: /var/tmp/inadyn-mt -u user -p pass -a a
Sat Jan  1 08:24:05 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 08:24:05 2000: I:PATH: Found program meta file:  (null)...

Program received signal SIGSEGV, Segmentation fault.
0x2ab0ef94 in strnlen () from /lib/libc.so.0
(gdb) bt
#0  0x2ab0ef94 in strnlen () from /lib/libc.so.0
#1  0x2ab07d40 in vfprintf () from /lib/libc.so.0
#2  0x2ab047d0 in vsnprintf () from /lib/libc.so.0
#3  0x00406ae4 in T.20 ()
#4  0x00406b54 in os_printf ()
#5  0x00403d90 in init_update_loop ()
#6  0x00404e78 in dyn_dns_main ()
#7  0x004065dc in inadyn_main ()
#8  0x00406ec0 in main ()
(gdb) step
Single stepping until exit from function strnlen, 
which has no line number information.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) run -u user -p pass -a account
Starting program: /var/tmp/inadyn-mt -u user -p pass -a account
Sat Jan  1 08:24:26 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 08:24:26 2000: I:PATH: Found program meta file:  (null)...
Sat Jan  1 08:24:26 2000: S:INADYN: Started 'inadyn-mt version (null)' - dynamic DNS updater.
Sat Jan  1 08:24:26 2000: I:DYNDNS: dyn_dns_update_ip entering connect loop...
Sat Jan  1 08:24:27 2000: The request for IP server:
(null)
Sat Jan  1 08:24:27 2000: I:INADYN: Entering Loop.  Got 0 sockets...
Sat Jan  1 08:24:27 2000: I:INADYN: In It.  SOCKET family:  (null)...
Sat Jan  1 08:24:27 2000: I:INADYN: Transaction 0 DONE...
Sat Jan  1 08:24:27 2000: I:DYNDNS: IP server response: (null)
Sat Jan  1 08:24:27 2000: I:INADYN: GONNA PARSE...
Sat Jan  1 08:24:27 2000: N:DYNDNS: My IP address: (null)
Sat Jan  1 08:24:27 2000: I:DYNDNS: dyn_dns_update_ip checking alias table...
Sat Jan  1 08:24:27 2000: W:INADYN: IP address for alias '(null):(null)' needs update to '(null)'...
Sat Jan  1 08:24:27 2000: I:DYNDNS: dyn_dns_update_ip entering update loop...

Program received signal SIGINT, Interrupt.
0x2aaead6c in select () from /lib/libc.so.0
(gdb) 
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) run -u user -p pass -a acco 
Starting program: /var/tmp/inadyn-mt -u user -p pass -a acco
Sat Jan  1 08:36:47 2000: I:LANG: Language file search locale:  (null)...
Sat Jan  1 08:36:47 2000: I:PATH: Found program meta file:  (null)...

Program received signal SIGSEGV, Segmentation fault.
0x2ab0ef94 in strnlen () from /lib/libc.so.0
(gdb) bt
#0  0x2ab0ef94 in strnlen () from /lib/libc.so.0
#1  0x2ab07d40 in vfprintf () from /lib/libc.so.0
#2  0x2ab047d0 in vsnprintf () from /lib/libc.so.0
#3  0x00406ae4 in T.20 ()
#4  0x00406b54 in os_printf ()
#5  0x00403d90 in init_update_loop ()
#6  0x00404e78 in dyn_dns_main ()
#7  0x004065dc in inadyn_main ()
#8  0x00406ec0 in main ()
(gdb) bt full
#0  0x2ab0ef94 in strnlen () from /lib/libc.so.0
No symbol table info available.
#1  0x2ab07d40 in vfprintf () from /lib/libc.so.0
No symbol table info available.
#2  0x2ab047d0 in vsnprintf () from /lib/libc.so.0
No symbol table info available.
#3  0x00406ae4 in T.20 ()
No symbol table info available.
#4  0x00406b54 in os_printf ()
No symbol table info available.
#5  0x00403d90 in init_update_loop ()
No symbol table info available.
#6  0x00404e78 in dyn_dns_main ()
No symbol table info available.
#7  0x004065dc in inadyn_main ()
No symbol table info available.
#8  0x00406ec0 in main ()
No symbol table info available.
(gdb)

@Oliver: My gdb knowledge is quite rusty so please forgive if its a dumb question. How come you have all the nice Information? I even took the unstripped binary, but it claims no symbol table info ?!?

Joerg

 

[olistudent]

You have to compile with "-g". And normally with "-O0" to disable optimisations.

Oliver

 

[Bryan Hoover]

Guys, thanks so much!

From the trace/stack output you gave I was able to see what appears to be the rather glaring problem. As stack top indicates, it's in the function formatted_message. There are a couple of misaprehended character array (string) indexes, one of which gives out of bounds and fails to terminate the string.

Dumb, I know. Though I'm confident there are no other such as this in the program.

For convenience of choice, I've updated the patch to 02.24.34, and released 02.24.36, and corresponding multi-services patch.

02.24.34 (bug fix and multi services):

http://sourceforge.net/tracker/?func=detail&aid=3258189&group_id=209367&atid=1009432

02.24.36 (release is bug fixed; patch for multi-services):

http://sourceforge.net/tracker/?func=detail&aid=3265689&group_id=209367&atid=1009432

In other words, a patched 02.24.34 is the same as a patched 02.24.36.

It appears with a high degree of certainty this should fix the problem. Please feedback if not as without the hardware it seems, I can't reproduce it.

Regards,
Bryan

 

[olistudent]

Hi Bryan.

Your newest version works for me. So I updated our repository (http://freetz.org/changeset/6744). Hopefully users will give feedback in the next days.
Thank you for your great effort.

Regards
Oliver

 

[MaxMuster]

Thank you, for me it works like a charm now!
The only part "missing" was the pid-patch, I did include it in the patch for freetz.
I also attached it as a seperate patch, maybe you can "revise" it, because I just "copied" the old patch.
Only difference in "src/inadyn_cmd.c", the "old" patch did change like this (patch included both multi and pid)

@@ -152,8 +155,9 @@
 	{"--update_period_sec",	1,	{get_update_period_sec_handler, NULL,0},	"how often the IP is checked. The period is in [sec]. Default is about 1 min. Max is 10 days"},
 	{"--forced_update_period", 1,   {get_forced_update_period_handler, NULL,0},"how often the IP is updated even if it is not changed. [in sec]"},
 
-	{"--log_file",	1,	{get_logfile_name, NULL,0},		"log file path abd name"},
-	{"--background", 0,	{set_silent_handler, NULL,0},		"run in background. output to log file or to syslog"},
+	{"--log_file",	1,	{get_logfile_name, NULL},		"log file path abd name"},
+	{"--pid_file",	1,	[B]{get_pidfile_name, NULL}[/B],		"pid file path abd name"},
+	{"--background", 0,	{set_silent_handler, NULL},		"run in background. output to log file or to syslog"},
 
 	{"--verbose",	1,	{set_verbose_handler, NULL,0},	"set dbg level. 0 to 5"},

now to

@@ -215,6 +216,7 @@
 #endif
 
         {"--log_file",	1,	{get_logfile_name, NULL,0},		"<path/file> - log file path and name"},
+        {"--pid_file",	1,	[B]{get_pidfile_name, NULL,0}[/B],		"pid file path abd name"},
         {"--background", 0,	{set_silent_handler, NULL,0},		"run in background. output to log file or to syslog"},
 
 		{"--verbose",	1,	{set_verbose_handler, NULL,0},	"<#> - set dbg level. 0 to 5"},

Once again, thanks!

Jörg

EDIT: Seems I'm little slow in posting ;-)