pkg/56746: news/inn: innbind & nnrpd segfaulting on startup - INN server failure

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/56746: news/inn: innbind & nnrpd segfaulting on startup - INN server failure
From: sehnsucht%SDF.ORG@localhost
Date: Sun, 13 Mar 2022 17:30:01 +0000 (UTC)

>Number:         56746
>Category:       pkg
>Synopsis:       news/inn: innbind & nnrpd segfaulting on startup - INN server failure
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 13 17:30:00 +0000 2022
>Originator:     Paolo Vincenzo Olivo
>Release:        pkgsrc-2021Q4
>Organization:
SDF Public Access UNIX System
>Environment:
NetBSD rpi4 9.99.93 NetBSD 9.99.93 (GENERIC64) #0: Tue Mar  1 06:41:27 UTC 2022  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/evbarm/compile/GENERIC64 evbarm
>Description:
I was trying to set up a news server on my local arm board, but upon startup the INN service reported: 

innd: SERVER descriptors 255
innd: SERVER outgoing 242
innd: SERVER ccsetup control:12
innd: SERVER lcsetup localconn:14
innd: innbind returned no output, assuming failure
innd: innbind failed for 127.0.0.1, port 563
innd: SERVER cant listen on any sockets

And killing service I got:

Stopping innd: ctlinnd: no innd.pid file; did server die?
ctlinnd: cannot send "shutdown" command (sendto failure): Connection refused

This  happens regardless of port (same at 119). At first I assumed this to be the consequence of improper configuration, so I invoked /usr/pkg/libexec/rc.news manually but it didn't reveal any fatal configuration error:

Starting innd.
Scheduled start of /usr/pkg/libexec/inn/innwatch.

I tried to start the server through inetd. This is normally done by relying on nnrpd(8) instead of innd(8), like follows:

nntps           stream  tcp     nowait  news    /usr/pkg/libexec/inn/nnrpd nnrpd -S
nntps           stream  tcp6    nowait  news    /usr/pkg/libexec/inn/nnrpd nnrpd -S

This will make inetd listen on 563, yet clients (telnet, slrn) will find no server running. In fact, `pgrep nnrpd` returns nothing.

I hereby attempted invoking innbind(8) and nnrpd(8) directly from the command line (as root) and found the both segfault upon startup.

/usr/pkg/libexec/inn # ./innbind 3,10,127.0.0.1,119
[1]   Segmentation fault      ./innbind 3,10,127.0.0.1,119

/usr/pkg/libexec/inn # ./nnrpd -4 127.0.0.1 -p 119
[1]   Segmentation fault      ./nnrpd -4 127.0.0.1 -p 119

I recompiled news/inn with default options and CFLAGS+=-Og -g -DDEBUG=1 -ggdb -Wfatal-errors. Also, removed any CPUFLAGS. 

Again, with gdb.

(gdb) file innbind
Reading symbols from innbind...
(gdb) run 3,10,127.0.1.1,119
Starting program: /usr/pkg/libexec/inn/innbind 3,10,127.0.1.1,119

Program received signal SIGSEGV, Segmentation fault.
0x0000fad26079bda0 in vector_split (string=string@entry=0xffffff9603c5 "3,10,127.0.1.1,119", 
    separator=separator@entry=44 ',', vector=0xfad2607bb020, vector@entry=0x0) at vector.c:269
warning: Source file is more recent than executable.
269	            start = p + 1;
(gdb) l
264	
265	    /* Walk the string and create the new strings with xstrndup. */
266	    for (start = string, p = string, i = 0; *p != '\0'; p++)
267	        if (*p == separator) {
268	            vector->strings[i++] = xstrndup(start, p - start);
269	            start = p + 1;
270	        }
271	    vector->strings[i++] = xstrndup(start, p - start);
272	    vector->count = i;
273	    return vector;
(gdb) b
Breakpoint 1 at 0xf25405bdbda0: file vector.c, line 269.

---------------------------------------------------------

(gdb) file nnrpd
Reading symbols from nnrpd...
(gdb) run -p 127.0.0.1 -p 119
Starting program: /usr/pkg/libexec/inn/nnrpd -p 127.0.0.1 -p 119

Program received signal SIGSEGV, Segmentation fault.
0x0000f0e6733cbaec in vector_add (vector=vector@entry=0xf0e6733a5c80, 
    string=string@entry=0xf0e673413188 "Xref") at vector.c:122
122	    vector->count++;
(gdb) l
117	{
118	    assert(vector != NULL);
119	    if (vector->count == vector->allocated)
120	        vector_resize(vector, vector->allocated + 1);
121	    vector->strings[vector->count] = xstrdup(string);
122	    vector->count++;
123	}
124	
125	void
126	cvector_add(struct cvector *vector, const char *string)
(gdb) b
Breakpoint 1 at 0xf44e0cd2baec: file vector.c, line 122.

---------------------------------------------------------------

I got vector.c from https://downloads.isc.org/isc/inn/
A mirror is here https://raw.githubusercontent.com/InterNetNews/inn/d1d29768a3e980ad32bec990317de5e7b1444824/lib/vector.c

I reproduced the issue also on my laptop running NetSD/amd64 9.2_STABLE.
>How-To-Repeat:
Install news/inn and do not touch default configuration files but essential settings inside inn.conf. Either start the INN service and look at /var/log/messages or run innd in foreground (easier with /usr/pkg/libexec/rc.news) to confirm it fails to bind. Any attempt to manually innbind ad nnrpd binaries located at /usr/pkg/libexec/inn will result in segmentation fault. See above for more detail.  
>Fix:
Unfortunately I lack any form of competence seemingly required to fix this.

Follow-Ups:
- Re: pkg/56746: news/inn: innbind & nnrpd segfaulting on startup - INN server failure
  - From: S.P.Zeidler

Prev by Date: Re: pkg/56746 (news/inn: innbind & nnrpd segfaulting on startup - INN server failure)
Next by Date: pkg/56749: audio/alsa-lib fails to build on Solarish
Previous by Thread: Re: pkg/56746 (news/inn: innbind & nnrpd segfaulting on startup - INN server failure)
Next by Thread: Re: pkg/56746: news/inn: innbind & nnrpd segfaulting on startup - INN server failure
Indexes:

Home | Main Index | Thread Index | Old Index