FS#41581 : [lirc-utils] 1:0.9.1.a-1 fails to start ending in a segfault

FS#41581 - [lirc-utils] 1:0.9.1.a-1 fails to start ending in a segfault

Attached to Project: Arch Linux
Opened by John (graysky) - Sunday, 17 August 2014, 01:06 GMT
Last edited by Lukas Fleischer (lfleischer) - Monday, 18 August 2014, 11:17 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Lukas Fleischer (lfleischer)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	6 Andreas (Evilandi666) (2014-08-19) Simon Perry (pezz) (2014-08-18) patrick (potomac) (2014-08-17) Ash (eta-carinae) (2014-08-17) Curtis Lee Bolin (curtisleebolin) (2014-08-17) John (graysky) (2014-08-17)
Private	No

Details

Seems to segfault on my system; downgrading to 1:0.9.1-1 fixes the issue.

% sudo systemctl status lircd
* lircd.service - LIRC Infrared Signal Decoder
Loaded: loaded (/usr/lib/systemd/system/lircd.service; enabled)
Active: failed (Result: signal) since Sat 2014-08-16 21:01:44 EDT; 42s ago
Process: 510 ExecStart=/usr/sbin/lircd --nodaemon (code=killed, signal=SEGV)
Main PID: 510 (code=killed, signal=SEGV)

Aug 16 21:01:44 myth2 systemd[1]: lircd.service: main process exited, code=killed, status=11/SEGV
Aug 16 21:01:44 myth2 systemd[1]: Unit lircd.service entered failed state.

Handpicking lines from `sudo journalctl`:

Aug 16 21:01:41 phobos kernel: lirc_dev: IR Remote Control driver registered, major 248
Aug 16 21:01:41 phobos kernel: rc rc0: lirc_dev: driver ir-lirc-codec (streamzap) registered at minor = 0
Aug 16 21:01:41 phobos kernel: IR LIRC bridge handler initialized
Aug 16 21:01:41 phobos kernel: IR RC5 (streamzap) protocol handler initialized
Aug 16 21:01:44 phobos systemd[1]: lircd.service: main process exited, code=killed, status=11/SEGV
Aug 16 21:01:44 phobos systemd[1]: Unit lircd.service entered failed state.
Aug 16 21:01:44 phobos kernel: lircd[510]: segfault at 0 ip 00007f16bbf7c69a sp 00007fff16ce7738 error 4 in libc-2.19.so[7f16bbe5

Additional info:
* package version(s) 1:0.9.1.a-1

This task depends upon

Closed by Lukas Fleischer (lfleischer)
Monday, 18 August 2014, 11:17 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 1:0.9.1.a-2.

Comment by Curtis Lee Bolin (curtisleebolin) - Sunday, 17 August 2014, 11:14 GMT

I can confirm.
Aug 17 06:03:00 nd kernel: lircd[494]: segfault at 8 ip 00007f14079fe59e sp 00007fffbc770e08 error 4 in libc-2.19.so[7f140796d000+1a4000]

$ strace lircd
execve("/usr/bin/lircd", ["lircd"], [/* 16 vars */]) = 0
...
+++ killed by SIGSEGV +++
Segmentation fault

strace.log (11.6 KiB)

Comment by Ash (eta-carinae) - Sunday, 17 August 2014, 12:02 GMT

Same issue here:

regulus systemd[1]: lircd.service: main process exited, code=killed, status=11/SEGV
Aug 17 07:58:57 regulus systemd[1]: Unit lircd.service entered failed state.
Aug 17 07:58:57 regulus kernel: lircd[2396]: segfault at 0 ip 00007f59a150569a sp 00007fff9547ba88 error 4 in libc-2.19.so[7f59a13dd000+1a4000]

# strace lircd

...
open("/sys/class/rc/rc0/protocols", O_WRONLY) = 4
write(4, "lirc\n", 5) = 5
close(4) = 0
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault

strace.log (11.7 KiB)

Comment by Curtis Lee Bolin (curtisleebolin) - Sunday, 17 August 2014, 12:03 GMT

I built both of these and still had the segmentation fault:
commit: 4e89e3a2112f29f91564ca1c92283355576d0334 'upgpkg: lirc 1:0.9.1.a-1'
commit: b8998983f07ee5d7279fb5da46d274c3f51434a4 'Use upstream unit files'

But building this worked fine:
commit: f0961e38336a495819a95ab225bd1a13d57f405b 'lirc: Minor PKGBUILD cleanups'

I even used lircd.service, and lircd.socket from lirc 1:0.9.1.a-1 and it worked fine.

Comment by Jan Visser (starquake) - Sunday, 17 August 2014, 12:12 GMT

I also have these segfaults but downgrading does not help.

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 16:48 GMT

Curtis: That sounds really strange, because the only thing that has changed between f0961e3 and b899898 are the systemd units. Could you please try once again building b899898 and confirm that the bug persists?

John, Ash, Jan: Could you please downgrade to 0.9.0-76 first, then try 0.9.1-1 and in a last step try 0.9.1.a-1 again? We need to pinpoint the change that introduced the bug.

Comment by Ash (eta-carinae) - Sunday, 17 August 2014, 17:12 GMT

OK, I've tried each version successively. Both 0.9.0-76 and 0.9.1-1 work fine for me. I get the segfault only with 0.9.1.a-1, regardless of which previous version I upgrade from.

Comment by John (graysky) - Sunday, 17 August 2014, 17:28 GMT

I too can confirm this.

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 17:32 GMT

I am in a hurry now but I tried to contact upstream. I will get back to you later.

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 20:29 GMT

As a workaround, could you please try whether removing read permissions from /etc/lirc/lirc_options.conf (`chmod a-r /etc/lirc/lirc_options.conf` as root) fixes the segfault under 0.9.1.a for you? This means that the config file will no longer be read but the code loading that file seems to be broken in 0.9.1 anyway.

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 20:31 GMT

Also, a full backtrace might be useful (start lircd under gdb manually, use `bt full` to get a trace).

Comment by Jan Visser (starquake) - Sunday, 17 August 2014, 20:45 GMT

All those three versions give segmentation faults for me. I've never sent a trace before so I will have a look into that.

This is what I got so far:
(gdb) bt full
#0 0x00007ffff6f9259e in __strcmp_sse2_unaligned () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x0000000000404beb in ?? ()
No symbol table info available.
#2 0x00007ffff6f21000 in __libc_start_main () from /usr/lib/libc.so.6
No symbol table info available.
#3 0x0000000000404f88 in ?? ()
No symbol table info available.

Do you need more info? I guess this is where I should get started?
https://wiki.archlinux.org/index.php/Debug_-_Getting_Traces

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 20:52 GMT

Unfortunately, this isn't too useful if debug symbols are stripped. Can you try to fetch the PKGBUILD (and related source files) via ABS or Git [1] and recompile with debugging symbols? Replacing the "options=('strip')" line in package_lirc-utils() by "options=(debug !strip)" and running `makepkg -is` should work.

[1] https://projects.archlinux.org/svntogit/packages.git/tree/lirc/trunk

Comment by Jan Visser (starquake) - Sunday, 17 August 2014, 21:13 GMT

Oh silly me, It seems I was downgrading lirc and not lirc-utils. It seems my behavior is the same as Ash and John now. Will try getting a trace with debug symbols later. When I update ABS i get lirc-utils-1:0.9.1-1 though and that is the version that is working. Why don't I get lirc-utils-1:0.9.1a-1 ?

Comment by Lukas Fleischer (lfleischer) - Sunday, 17 August 2014, 21:52 GMT

No idea. ABS sync seems to be slow. You can download everything using ABS, change into the lirc directory and run `curl https://projects.archlinux.org/svntogit/packages.git/plain/trunk/PKGBUILD?h=packages/lirc >PKGBUILD` to fetch the latest PKGBUILD from cgit.

Comment by Ash (eta-carinae) - Monday, 18 August 2014, 00:22 GMT

I built 0.9.1.1-1 with debugging symbols and ran it to get a backtrace (attached). The segfault is due to lircdfile having a null value when passed to strcmp() at line 2337 of lircd.c. lircdfile gets set on line 2300 in a call to get_options(), so perhaps the problem with the options file suggested above is the culprit. Removing read permissions from lirc_options.conf didn't fix the problem for me, but commenting out line 2300 so that lircdfile keeps its default value did solve the problem.

backtrace (2.3 KiB)

Comment by Alec Leamas (alec_leamas) - Monday, 18 August 2014, 06:06 GMT

Hi!

I'm the upstream responsible for this mess.

Looking at the situation, my gut feeling is that this could be worked around by patching lircd_options.conf, changing the line

output = /var/run/lirc/lircd

to

lircdfile = /var/run/lirc/lircd

Could you please give this a try?

This said, here is an obvious bug in the parsing code which should set lircdfile to something meaningful even it does not exist in lircd_options.conf. I will checkin a fix for this in a new branch 0.9.1b. This might or might not become yet another hotfix release.

Comment by Curtis Lee Bolin (curtisleebolin) - Monday, 18 August 2014, 06:34 GMT

I can confirm that changing

output = /var/run/lirc/lircd

to

lircdfile = /var/run/lirc/lircd

in lircd_options.conf with package lirc 1:0.9.1.a-1 does stop the segmentation fault.

It is working fine now.

Comment by Lukas Fleischer (lfleischer) - Monday, 18 August 2014, 10:53 GMT

Should be fixed in 1:0.9.1.a-2. Please confirm.

Comment by Ash (eta-carinae) - Monday, 18 August 2014, 11:15 GMT

Yep, that did the trick. Thanks!

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#41581 - [lirc-utils] 1:0.9.1.a-1 fails to start ending in a segfault

Details

Loading...