207589 – dns/fastresolve broken, builds but does not run (segfaults)

Bug 207589 - dns/fastresolve broken, builds but does not run (segfaults)

Summary: dns/fastresolve broken, builds but does not run (segfaults)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Many People
Assignee:	Kurt Jaeger

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-02-29 11:56 UTC by Miroslav Lachman
Modified:	2016-03-02 08:09 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	pi: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Miroslav Lachman 2016-02-29 11:56:00 UTC

I am using dns/fastresolve for years, but it no longer works on FreeBSD 10.x amd64. It always segfaults.

# dns-terror -p 1000 -d /var/tmp/ip2host.db -o < /tmp/access.log
Segmentation fault (core dumped)

I tried to compiled it WITH_DEBUG=yes and got this (with help of Dan Lukes)

# gdb dns-terror
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) core dns-terror.core
Core was generated by `dns-terror'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /usr/local/lib/libadns.so.1...done.
Loaded symbols for /usr/local/lib/libadns.so.1
Reading symbols from /lib/libz.so.6...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /usr/local/lib/libdb_cxx-5.3.so.0...done.
Loaded symbols for /usr/local/lib/libdb_cxx-5.3.so.0
Reading symbols from /usr/lib/libc++.so.1...done.
Loaded symbols for /usr/lib/libc++.so.1
Reading symbols from /lib/libcxxrt.so.1...done.
Loaded symbols for /lib/libcxxrt.so.1
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000000405c26 in BoolString::operator= (this=0x802816130, other=@0x7fffffffdc40)
    at BoolString.h:58
58      BoolString.h: No such file or directory.
        in BoolString.h
[New Thread 802806400 (LWP 100132/<unknown>)]

(gdb) bt
#0  0x0000000000405c26 in BoolString::operator= (this=0x802816130, other=@0x7fffffffdc40)
    at BoolString.h:58
#1  0x000000000040291a in submit_query (ads=0x802817400, reslist=@0x7fffffffe1a0,
    lp=0x8028bc080) at dns-terror.cc:347
#2  0x0000000000404870 in main (argc=6, argv=0x7fffffffe690) at dns-terror.cc:763 


(gdb) set disassembly-flavor intel

(gdb) disassemble 0x405c26
Dump of assembler code for function _ZN10BoolStringaSERKS_:
0x0000000000405c00 <_ZN10BoolStringaSERKS_+0>:  push   rbp
0x0000000000405c01 <_ZN10BoolStringaSERKS_+1>:  mov    rbp,rsp
0x0000000000405c04 <_ZN10BoolStringaSERKS_+4>:  mov    QWORD PTR [rbp-0x10],rdi
0x0000000000405c08 <_ZN10BoolStringaSERKS_+8>:  mov    QWORD PTR [rbp-0x18],rsi
0x0000000000405c0c <_ZN10BoolStringaSERKS_+12>: mov    rsi,QWORD PTR [rbp-0x10]
0x0000000000405c10 <_ZN10BoolStringaSERKS_+16>: mov    rdi,QWORD PTR [rbp-0x18]
0x0000000000405c14 <_ZN10BoolStringaSERKS_+20>: mov    rdi,QWORD PTR [rdi]
0x0000000000405c17 <_ZN10BoolStringaSERKS_+23>: mov    QWORD PTR [rsi],rdi
0x0000000000405c1a <_ZN10BoolStringaSERKS_+26>: mov    rdi,QWORD PTR [rbp-0x18]
0x0000000000405c1e <_ZN10BoolStringaSERKS_+30>: mov    al,BYTE PTR [rdi+0x8]
0x0000000000405c21 <_ZN10BoolStringaSERKS_+33>: and    al,0x1
0x0000000000405c23 <_ZN10BoolStringaSERKS_+35>: mov    BYTE PTR [rsi+0x8],al
0x0000000000405c26 <_ZN10BoolStringaSERKS_+38>: ud2a
End of assembler dump. 



There are many warnings on compile time and it seems somebody should fix the source code.

I tried it with GCC 4.8 (same segfault) and GCC 4.7 (segfaults too)


# gdb dns-terror
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

(gdb) core dns-terror.core
Core was generated by 'dns-terror'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libadns.so.1...done.
Loaded symbols for /usr/local/lib/libadns.so.1
Reading symbols from /lib/libz.so.6...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /usr/local/lib/libdb_cxx-5.3.so.0...done.
Loaded symbols for /usr/local/lib/libdb_cxx-5.3.so.0
Reading symbols from /usr/local/lib/gcc47/libstdc++.so.6...done.
Loaded symbols for /usr/local/lib/gcc47/libstdc++.so.6
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/lib/gcc47/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/gcc47/libgcc_s.so.1
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /usr/lib/libc++.so.1...done.
Loaded symbols for /usr/lib/libc++.so.1
Reading symbols from /lib/libcxxrt.so.1...done.
Loaded symbols for /lib/libcxxrt.so.1
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000000000000 in ?? ()
[New Thread 802c06400 (LWP 100134/<unknown>)]

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000008013283ed in __dynamic_cast (src_ptr=0x8015d0480, src_type=0x8015b5fd0,
    dst_type=0x8015b5d60, src2dst=0)
    at ../../.././../gcc-4.7.4/libstdc++-v3/libsupc++/dyncast.cc:61
#2  0x0000000801353f50 in std::has_facet<std::ctype<char> > (__loc=@0x8015cffb8)
    at locale_classes.tcc:257
#3  0x0000000801348e44 in std::basic_ios<char, std::char_traits<char> >::_M_cache_locale (
    this=0x8015cfee8, __loc=@0x8015cffb8) at basic_ios.tcc:160
#4  0x0000000801348ee8 in std::basic_ios<char, std::char_traits<char> >::init (
    this=0x8015cfee8, __sb=0x8015cf7c0) at basic_ios.tcc:133
#5  0x000000080133b241 in std::ios_base::Init::Init (this=Unhandled dwarf expression opcode 0xf3
) at ostream:83
#6  0x000000000040466a in __static_initialization_and_destruction_0 (__initialize_p=Could not find the frame base for "__static_initialization_and_destruction_0".
) at new:111
#7  0x000000000060a488 in ?? ()
#8  0x00007fffffffd7a0 in ?? ()
#9  0x0000000800827560 in ?? () from /libexec/ld-elf.so.1
#10 0x0000000000000000 in ?? ()

Comment 1 Chris Hutchinson 2016-02-29 18:34:46 UTC

(In reply to Miroslav Lachman from comment #0)
> I am using dns/fastresolve for years, but it no longer works on FreeBSD 10.x
> amd64. It always segfaults.
> 
> # dns-terror -p 1000 -d /var/tmp/ip2host.db -o < /tmp/access.log
> Segmentation fault (core dumped)

Thank you, Miroslav, for all your valuable input.
I use this on a 9-STABLE box, without trouble(s). But given that
you are using this on a 10.x box, I just installed a fresh copy
on my 11-CURRENT dev box, and tested it with the exact command
you reported having used it with. My experience was as expected.
I had no problems.

As to the errors emitted during build time. My experience was
that dns/adns emitted far worse error messages, than dns/fastresolve.
But I would agree that *any* errors should idealy be delt with.

Perhaps you're dealing with symbol clash. Are your external
dependencies in sync? What versions are you using?

I'm working with:
adns-1.5.0
p5-BerkeleyDB-0.55
fastresolve-2.10_5

Working Copy Root Path: /usr/ports
URL: svn://svn.freebsd.org/ports/head
Repository Root: svn://svn.freebsd.org/ports
Revision: 406193

Thanks again, for your feedback, Miroslav.

--Chris

Comment 2 Miroslav Lachman 2016-02-29 18:50:11 UTC

It is strange. I already asked few other people on Czech FreeBSD mailinglist and fastresolve doen't work for them too.
http://www.freebsd.cz/listserv/archive/users-l/2016q1/029182.html

I have this problem for about one year on all 10.x installations. I previously used it on 8.4 without any problems, but after upgrade to 10.1 or 10.2 it stops (after recompilation from fresh ports tree). The behavior is the same on all our webservers (15+ machines). Some of them were upgraded from older releases, some of them freshly installed from 10.2 ISO media.
Then I migrated from individual ports tree to centralized private pkg repo with poudriere.
All machines have kernel and userland in sync, all machines have installed fastresolve from the same repo where packages are built in 10.2-RELEASE-p8 amd64 environment:

# poudriere jail -l
JAILNAME   VERSION          ARCH  METHOD TIMESTAMP           PATH
10_1_amd64 10.1-RELEASE-p22 amd64 ftp    2015-10-03 19:21:59 /vol0/poudriere/jails/10_1_amd64
10_2_amd64 10.2-RELEASE-p8  amd64 ftp    2016-01-07 10:34:52 /vol0/poudriere/jails/10_2_amd64

Did you tested fastresolve package from official repo or did you compiled it from ports tree?

Info from one of our machines

# uname -srmi
FreeBSD 10.2-RELEASE-p10 amd64 GENERIC

# pkg info -d -r fastresolve
fastresolve-2.10_5
Depends on     :
        adns-1.5.0
        p5-BerkeleyDB-0.55
        perl5-5.20.3_8
        db5-5.3.28_3


adns (adnslogres command) works without problem

I am really out of ideas what to try next to make fastresolve work on 10.2 amd64 machines.

Thank you for your reply anyway.

Comment 3 Chris Hutchinson 2016-02-29 18:57:40 UTC

(In reply to Miroslav Lachman from comment #2)

Thanks for your quick reply, Miroslav.

I have done some more testing, and I can *confirm*
there are problems. If I feed dns-terror a file that *only*
has IP addresses, one per line. I receive the following error:

Bus error (core dumped)

So, there is more investigation to do. I'll see if I can trace
it down.

> Did you tested fastresolve package from official repo or did
> you compiled it from ports tree?

I build it from the ports tree.

Thanks again, Miroslav!

--Chris

Comment 4 Chris Hutchinson 2016-02-29 20:08:11 UTC

(In reply to Chris Hutchinson from comment #3)
> (In reply to Miroslav Lachman from comment #2)
> 
> Thanks for your quick reply, Miroslav.
> 
> I have done some more testing, and I can *confirm*
> there are problems. If I feed dns-terror a file that *only*
> has IP addresses, one per line. I receive the following error:
> 
> Bus error (core dumped)
> 
> So, there is more investigation to do. I'll see if I can trace
> it down.
> 
> > Did you tested fastresolve package from official repo or did
> > you compiled it from ports tree?
> 
> I build it from the ports tree.
> 
> Thanks again, Miroslav!
> 
> --Chris

OK. I've narrowed it down to an issue with dns/adns. I've
confirmed it works with dns/adns-1.42. I'll attempt to find
out at which version it no longer works. But even at
version 1.42, it (adns) chokes on a stabdard FreeBSD
resolv.conf(5) file.

But frankly this is *really* a dns/adns issue. :-/

--Chris

Comment 5 Miroslav Lachman 2016-02-29 20:54:17 UTC

Hmm I am completely lost, because adns (adnslogres) works for me and I assume it uses the same way to read resolv.conf as library used by dns-terror.

Comment 6 Dan Lukes 2016-03-01 08:05:05 UTC

Well, lets allow me to publish results of this night research.

Note the ud2a instruction on the end of disassembly of _ZN10BoolStringaSERKS_ function. The ud2a is instruction guaranteed by Intel to be invalid.

Some compilers use it to fire intentional "Illegal instruction" abort at runtime in the case they can't compile c++ code correctly, but the cause should generate warning only at compile time.

The function _ZN10BoolStringaSERKS_ come from following source code function:

 ----------------------
  BoolString &operator=(const BoolString &other) {
    str = other.str;
    flag = other.flag;
  }
 ----------------------

The compilation of such code produce
1. ./BoolString.h:59:3: warning: control reaches end of non-void function 
2. ud2a instruction in the code

Lets patch the code to be correct:

 ----------------------
  BoolString &operator=(const BoolString &other) {
    str = other.str;
    flag = other.flag;
    return *this;
  }
 ----------------------

Compiler no longer produce a warning - and no longer emit ud2a into code.

I consider it solution of the reported bug.

 ............

Note that there are other warnings during compilation as well, so there may be severe issues with the resulting code.

warning: conversion from string literal to 'char *' is deprecated
is fired at
dns-terror.cc:346:34
dns-terror.cc:373:11
dns-terror.cc:431:27
dns-terror.cc:581

and 
format specifies type 'int' but the argument has type 'size_type' (aka 'unsigned long')
is fired at
dns-terror.cc:706:33

I didn't analyzed them. They may be "warnings safe to be ignored" or may be warnings fatal for proper function of resulting code.

 ..............

Some additional data. Analyzed on:

 -------------
OS: 10.2-RELEASE-p12 amd64

c++ -v
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
Target: x86_64-unknown-freebsd10.2
Thread model: posix
Selected GCC installation:

Command to compile:
c++ -DPACKAGE=\"fastresolve\" -DVERSION=\"2.10\" -DHAVE_FGETLN=1 -DHAVE_LIBZ=1 -DHAVE_LIBADNS=1  -I. -I. -g -O0 -pipe -fstack-protector -fno-strict-aliasing  -I/usr/local/include -I/usr/local/include/db6 -c dns-terror.cc

Command to link:
c++ -g -O0 -pipe -fstack-protector -fno-strict-aliasing  -I/usr/local/include -I/usr/local/include/db6 -L/usr/local/lib -L/usr/local/lib/db6 -fstack-protector -o dns-terror  dns-terror.o getline.o fgetln.o DatedStringDb.o  -ladns -lz  -ldb_cxx-6.1

Comment 7 Chris Hutchinson 2016-03-01 14:25:35 UTC

(In reply to Dan Lukes from comment #6)
> Well, lets allow me to publish results of this night research.
> 
Thanks for the feedback, Dan. I too considered the warnings
emitted, and determined that it *might* be the version/brand
of c++. But given that dns/fastresolve hasn't changed versions,
yet the demends; dns/adns && databases/p5-BerkeleyDB *have*.
I felt they were good first candidates. I have already submitted
a patch for databases/p5-BerkeleyDB, as a result. But then
ran out of time to further investigate. I've already determined
that it's a string related issue. So it's either a change in
dns/adns, or the version/brand of c++ that causes it. I'll
have time today to completely sort it out.

Thanks again, Dan!

--Chris

Comment 8 Chris Hutchinson 2016-03-01 22:25:40 UTC

OK Dan. Further investigation reveals (at least for now)
that your suggestion will prevent the fatal crash -- thanks!

Miroslav, and others; please see pr
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207628
for an svn diff to patch your current version. Or wait until
that diff gets committed, and svn up your current ports tree.

Thanks!

--Chris

Comment 9 commit-hook freebsd_committer

2016-03-02 07:58:29 UTC

A commit references this bug:

Author: pi
Date: Wed Mar  2 07:58:13 UTC 2016
New revision: 409915
URL: https://svnweb.freebsd.org/changeset/ports/409915

Log:
  dns/fastresolve: fix segfault

  PR:		207589, 207628
  Submitted by:	Miroslav Lachman <000.fbsd@quip.cz>, Dan Lukes <dan@obluda.cz>, Chris Hutchinsin <portmaster@bsdforge.com> (maintainer)

Changes:
  head/dns/fastresolve/Makefile
  head/dns/fastresolve/files/patch-dns-terror_BoolString.h
  head/dns/fastresolve/files/patch-dns-terror__DatedStringDb.cc
  head/dns/fastresolve/files/patch-dns-terror__dns-terror.cc
  head/dns/fastresolve/files/patch-dns-terror_getline.c

Comment 10 Kurt Jaeger freebsd_committer

2016-03-02 08:07:54 UTC

Committed, thanks.