smartctl segfaults on OpenBSD-powerpc

[gbechis]

On OpenBSD-current @powerpc smartctl 6.0 segfaults, here there are some info:

$ sudo smartctl -i /dev/wd0c
smartctl 6.0 2012-10-10 r3643 [powerpc-unknown-openbsd5.2] (local build)
Copyright (C) 2002-12, Bruce Allen, Christian Franke,
www.smartmontools.org

Segmentation fault (core dumped)

---

Program received signal SIGSEGV, Segmentation fault.
strcmp (s1=0xfffd5403 "ec2hour", s2=0x20436f6d <Address 0x20436f6d out
of bounds>) at /usr/src/lib/libc/string/strcmp.c:47
47 while (*s1 == *s2++)
Current language: auto; currently c
(gdb) bt
#0 strcmp (s1=0xfffd5403 "ec2hour", s2=0x20436f6d <Address 0x20436f6d
out of bounds>) at /usr/src/lib/libc/string/strcmp.c:47
#1 0x0180bd54 in parse_attribute_def (opt=Variable "opt" is not
available.
) at /usr/obj/ports/smartmontools-6.0/smartmontools-6.0/atacmds.cpp:213
#2 0x0181bf7c in parse_db_presets (presets=0x18588c4 "-v 9,seconds",
defs=0xfffd5620, firmwarebugs=0xfffd7858, type=0x0)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#3 0x0181bf7c in parse_db_presets (presets=0xfffd7858 "", defs=0x0,
firmwarebugs=0x0, type=0xfffd8269)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#4 0x0181bf7c in parse_db_presets (presets=0xffffffff <Address
0xffffffff out of bounds>, defs=0x30303800, firmwarebugs=0xf8c69177,
type=0x1c00)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#5 0x0181bf7c in parse_db_presets (presets=0x0, defs=0x0,
firmwarebugs=0x17, type=0xfffda354) at
/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#6 0x0181bf7c in parse_db_presets (presets=0x1890e1c "\001\210\r
",
defs=0x5, firmwarebugs=0x24000022, type=0x18a0f30)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#7 0x0181bf7c in parse_db_presets (presets=0x20 <Address 0x20 out of
bounds>, defs=0x1890e1c, firmwarebugs=0xfffda404, type=0xfffda3b0)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
#8 0x0181bf7c in parse_db_presets (presets=0x0, defs=0x20,
firmwarebugs=0x1801eb0, type=0x1890e18)

at

/usr/obj/ports/smartmontools-6.0/smartmontools-6.0/knowndrives.cpp:221
Previous frame inner to this frame (corrupt stack?)

[Christian Franke]

OpenBSD-powerpc is big-endian, correct?

Did it work with any previous versions of smartmontools on this machine?

Does the segfault also occur with other drive models?

Please test which of the commands below produce the segfault:

  smartctl -P showall > temp.out
  smartctl -B /dev/null -P showall
  sudo smartctl -B /dev/null -i /dev/wd0c
  sudo smartctl -P ignore -i /dev/wd0c 

[gbechis]

smartd 5.43 works well on this hardware, here the result of the commands:

---

$:~/ $sudo smartctl -P showall
MODEL REGEXP: -
FIRMWARE REGEXP: -
MODEL FAMILY: $Id: drivedb.h 3639 2012-10-09 20:54:29Z chrfranke $
ATTRIBUTE OPTIONS: None preset; no -v options are required.
WARNINGS: This is a dummy entry to hold the SVN-Id of
drivedb.h

MODEL REGEXP: APPLE SSD SM128
FIRMWARE REGEXP: .*
MODEL FAMILY: Apple SSD SM128
ATTRIBUTE OPTIONS: None preset; no -v options are required.

MODEL REGEXP: ASUS-PHISON SSD
FIRMWARE REGEXP: .*
MODEL FAMILY: Asus-Phison SSD
ATTRIBUTE OPTIONS: None preset; no -v options are required.

MODEL REGEXP:
C300-CTFDDA[AC](064|128|256)MAG|C400-MTFDDA[ACK](064|128|256|512)MAM|M4-CT(064|128|256|512)M4SSD2
FIRMWARE REGEXP: .*
MODEL FAMILY: Crucial/Micron RealSSD C300/C400/m4
Segmentation fault

smartctl -B /dev/null -P showall

$:~/ $sudo smartctl -B /dev/null -P showall
Total number of entries : 0
Entries read from file(s): 0

For information about adding a drive to the database see the FAQ on the
smartmontools home page: ​http://smartmontools.sourceforge.net/

sudo smartctl -B /dev/null -i /dev/wd0c

$:~/ $sudo smartctl -B /dev/null -i /dev/wd0c
smartctl 6.0 2012-10-10 r3643 [powerpc-unknown-openbsd5.2] (local build)
Copyright (C) 2002-12, Bruce Allen, Christian Franke,
www.smartmontools.org

START OF INFORMATION SECTION

Device Model: FUJITSU MHU2100AT
Serial Number: NQ04T462598E
Firmware Version: 00000008
User Capacity: 100,030,242,816 bytes [100 GB]
Sector Size: 512 bytes logical/physical
Device is: Not in smartctl database [for details use: -P showall]
ATA Version is: ATA/ATAPI-6 T13/1410D revision 3a
Local Time is: Wed Nov 21 21:29:27 2012 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

sudo smartctl -P ignore -i /dev/wd0c

$:~/ $sudo smartctl -P ignore -i /dev/wd0c
smartctl 6.0 2012-10-10 r3643 [powerpc-unknown-openbsd5.2] (local build)
Copyright (C) 2002-12, Bruce Allen, Christian Franke,
www.smartmontools.org

START OF INFORMATION SECTION

Device Model: FUJITSU MHU2100AT
Serial Number: NQ04T462598E
Firmware Version: 00000008
User Capacity: 100,030,242,816 bytes [100 GB]
Sector Size: 512 bytes logical/physical
Device is: Not in smartctl database [for details use: -P showall]
ATA Version is: ATA/ATAPI-6 T13/1410D revision 3a
Local Time is: Wed Nov 21 21:29:44 2012 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

$:~/ $smartctl -V
smartctl 6.0 2012-10-10 r3643 [powerpc-unknown-openbsd5.2] (local build)
Copyright (C) 2002-12, Bruce Allen, Christian Franke,
www.smartmontools.org

smartctl comes with ABSOLUTELY NO WARRANTY. This is free
software, and you are welcome to redistribute it under
the terms of the GNU General Public License; either
version 2, or (at your option) any later version.
See ​http://www.gnu.org for further details.

smartmontools release 6.0 dated 2012-10-10 at 11:53:34 UTC
smartmontools SVN rev 3643 dated 2012-10-10 at 11:54:24
smartmontools build host: powerpc-unknown-openbsd5.2
smartmontools build configured: 2012-10-31 21:30:04 UTC
smartctl compile dated Oct 31 2012 at 22:31:12
smartmontools configure arguments:
'--with-docdir=/usr/local/share/doc/smartmontools' '--with-libcap-ng=no'
'--disable-drivedb' '--prefix=/usr/local' '--sysconfdir=/etc'
'--mandir=/usr/local/man' '--infodir=/usr/local/info'
'--localstatedir=/var' '--disable-silent-rules' 'CXX=c++' 'CXXFLAGS=-O2
-pipe -g -DCFLAGSWASHERE -Wall -Wpointer-arith -Wuninitialized
-Wstrict-prototypes -Wmissing-prototypes -Wunused -Wsign-compare
-Wbounded -Wshadow -Wdeclaration-after-statement -DCXXFLAGSWASHERE'
'CC=cc' 'CFLAGS=-O2 -pipe -g -DCFLAGSWASHERE -Wall -Wpointer-arith
-Wuninitialized -Wstrict-prototypes -Wmissing-prototypes -Wunused
-Wsign-compare -Wbounded -Wshadow -Wdeclaration-after-statement'

[Christian Franke]

Thanks. The outputs suggest that this is a a reproducible and platform (or byte order) specific problem related to parsing of -v options in drive database. There were no similar reports for other platforms. There were no -v related changes between 5.43 and 6.0.

I don't have access to a PowerPC machine for testing. Please test whether the segfault appears when the option is specified on command line and no device is specified:

smartctl -v 9,seconds
smartctl -v 9,error

Could you possibly build smartmontools 5.43 and 6.0 from tarball and check whether the problem still appears only in 6.0 ?

BTW: Enclosing smartctl outputs in {{{...}}} makes it easier to read (the Preview button is your friend :-)

[gbechis]

The problem appears only in 6.0, here there is the output of the requested commands:

[15:05] mikey:~/ $ smartctl -v 9,seconds
Segmentation fault (core dumped) 
[15:06] mikey:~/ $ smartctl -v 9,error   
Segmentation fault (core dumped) 

[15:07] mikey:~/ $ smartctl -v help 
smartctl 6.0 2012-10-10 r3643 [powerpc-unknown-openbsd5.2] (local build)
Copyright (C) 2002-12, Bruce Allen, Christian Franke,
www.smartmontools.org

Segmentation fault (core dumped) 

[Christian Franke]

Thanks for the easy -v help testcase. Then parse_options()​ only calls create_vendor_attribute_arg_list()​ which calls strprintf()​. None of these functions were changed between 5.43 and 6.0 (r3573:3643) and work elsewhere for a long time now.

Meantime I got a positive test report for Linux-ppc, so a general problem related to PowerPC and/or big endian byte ordering is unlikely.

Is it actually the case that smartctl -v help does not segfault with 5.43 but with 6.0 if both are (re)build on same machine with same C++ toolchain and run with same shared libraries ? If yes, this problem cannot be resolved without access to this machine. Could you possibly provide remote access for debugging ? No devices are involved, so root access is not needed.

[gbechis]

I made some other tests and the problem arise on 5.43 too, some time ago it worked, now it does not (maybe related to some default compiler options).
Anyway here is a fix by landry at openbsd dot org that works:

--- atacmds.cpp.orig	Wed Nov 28 17:24:01 2012
+++ atacmds.cpp	Wed Nov 28 17:24:29 2012
@@ -109,7 +109,7 @@ struct format_name_entry
   ata_attr_raw_format format;
 };
 
-const format_name_entry format_names[] = {
+format_name_entry format_names[] = {
   {"raw8"           , RAWFMT_RAW8},
   {"raw16"          , RAWFMT_RAW16},
   {"raw48"          , RAWFMT_RAW48},

[Christian Franke]

Reopening ticket because this fix is not committed to upstream SVN.

There is probably a subtle compiler/library bug generating R/W accesses to R/O data. The fix above should normally move the table from R/O to R/W data section and should change format_names symbol from static to global.

[Christian Franke]

This is likely a compiler bug specific to OpenBSD-powerpc. There were no similar reports for other platforms.

If possible, please report the bug to maintainers of OpenBSD g++.

The proposed fix will not be committed for now. Another workaround may be a change of compiler optimization options. Please add any related info to this ticket.

[gbechis]

This was due to local g++ patches, no problem on another OpenBSD-powerpc install.

[Christian Franke]

Thanks for the info :-)