/sbin/ifup:11:__GI_strncpy:strncpy:do_interface:main

I was manually able to retrace one of the crashes.

Stacktrace:
 #0 __GI_strncpy (s1=0xbe86aa6f "", s1@entry=0xbe86aa70 "lo", s2=0x5 <error: Cannot access memory at address 0x5>, n=n@entry=80) at strncpy.c:41
         n4 = <optimized out>
         c = <optimized out>
         s = 0xbe86aa70 "lo"
 #1 0x00013032 in strncpy (__len=80, __src=<optimized out>, __dest=0xbe86aa70 "lo") at /usr/include/arm-linux-gnueabihf/bits/string3.h:126
 No locals.
 #2 do_interface (target_iface=<optimized out>) at main.c:846
         iface = "lo", '\000' <repeats 77 times>
         liface = "lo", '\000' <repeats 77 times>
         pch = <optimized out>
         envname = "IFUPDOWN_lo\000\000\000\000\000\070\000\000\000[\000\000\000n\000\000\000\005\000\000\000\000\320\362\266\003\000\000\000\000\000\000\000\344\240\002\000\000\000\000\000\204\t\001\000\220S\366\266PX\366\266\001\000\000\000\000\000\000\000\267\277\364\266\000\320\362\266\001\000\000\000\001\000\000\000\000\000\000\000\003\000\000\000\f\240\344\266 \242\002\000\220~\001\000\t\000\000\000\000\000\000\000\220\240\311\000`\240\311\000h\247\002\000\t\000\000\000\b\240\311\000\220\240\311\000ﺀ\002\000\210\242\311\000\004\000\000\000\337S\001\000\000\000\000"
         siface = <optimized out>
         envval = <optimized out>
         piface = "lo", '\000' <repeats 77 times>
         plock = 0x0
         success = false
         lock = 0x0
         current_state = 0x1 <error: Cannot access memory at address 0x1>
         __PRETTY_FUNCTION__ = "do_interface"
         have_mapping = <optimized out>
         okay = <optimized out>
         failed = <optimized out>
 #3 0x00011994 in main (argc=<optimized out>, argv=0xbe86ade8) at main.c:1146
         i = 0
         success = true

Let me know if you need any more information.

Thanks Brian, this was really helpful!

This stack trace pinpoints the particular strncpy() call in do_interface:

                       if (current_state != NULL) {
                                strncpy(liface, current_state, 80);

liface is correct ("lo"), but current_state is bogus (0x1). We see that lock_interface() failed as lock == NULL, but lock isn't being tested after calling lock_interface(). Hence "current_state" never actually gets initialized. The obvious exit path in lock_interface() is

        if (lock_fp == NULL) {
                if (!no_act) {
                        fprintf(stderr, "%s: failed to open lockfile %s: %s\n", argv0, filename, strerror(errno));
                        exit(1);
                } else {
                        return NULL;
                }
        }

i. e. this happens if the interface is locked.

For the record, I set bug 1337873 to failed, which is the SRU tracking bug for landing the per-interface locking into stables.

This should only happen when calling with --no-act, i. e. when being called as "ifquery", as I don't think we regularly call ifup with --no-act. It's also in the "if (cmds == iface_query)" code path.

When trying to recreate this on my amd64 laptop, gdb shows that current_state gets initialized to NULL. However, the crashes on errors.ubuntu.com are all on armhf, where the local stack variable apparently just happens to be non-zero. I can force this behaviour by changing the initialization to

        char *current_state = (char*) 1;

then

     sudo rm /run/network/ifstate.lo
     $ ./ifquery lo

crashes in this manner.

So the solution is rather simple -- initialize current_state.

I sent a patch to the Debian bug and uploaded it to xenial.

This bug was fixed in the package ifupdown - 0.8.6ubuntu2

---------------
ifupdown (0.8.6ubuntu2) xenial; urgency=medium

  * Fix ifquery crash if interface state file does not exist yet.
    (Closes: #810779, LP: #1532722)

 -- Martin Pitt <email address hidden> Tue, 12 Jan 2016 08:13:08 +0100

Hello errors.ubuntu.com, or anyone else affected,

Accepted ifupdown into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ifupdown/0.7.47.2ubuntu4.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello errors.ubuntu.com, or anyone else affected,

Accepted ifupdown into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ifupdown/0.7.54ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

This bug was fixed in the package ifupdown - 0.7.47.2ubuntu4.3

---------------
ifupdown (0.7.47.2ubuntu4.3) trusty; urgency=medium

  [ Martin Pitt ]
  * Fix ifquery crash if interface state file does not exist yet.
    (Closes: #810779, LP: #1532722)

 -- Dariusz Gadomski <email address hidden> Tue, 12 Jan 2016 11:05:16 +0100

This bug was fixed in the package ifupdown - 0.7.54ubuntu1.2

---------------
ifupdown (0.7.54ubuntu1.2) wily; urgency=medium

  [ Martin Pitt ]
  * Fix ifquery crash if interface state file does not exist yet.
    (Closes: #810779, LP: #1532722)

 -- Dariusz Gadomski <email address hidden> Tue, 12 Jan 2016 11:07:00 +0100