https://bugzilla.balabit.com/show_bug.cgi?id=97 --- Comment #3 from zhengxiang pan <zhengxiang.pan@alcatel-lucent.com> 2010-12-02 16:08:05 --- What I did is multiple times of syslog-ng.conf modification following "killall -SIGHUP syslog-ng". I could easily reproduce it with my script, but which requires many special setup. I realized that the core trace I posted originally may not correct as the core file and binary may not match. I attached core file of syslog-ng 3.1.3 for your analysis. The binary of syslog-ng 3.1.3 is too big to attach, but I use the following to build on Ubuntu 9.0.4: ./configure --prefix=<dir> --enable-ipv6 --enable-mixed-linking --enable-debug The core trace below: Program terminated with signal 11, Segmentation fault. [New process 28303] #0 0x0806b4fe in log_source_group_queue (s=0x8afec98, msg=0x8afb068, path_options=0xbfa4f0f8) at sgroup.c:98 98 (*self->processed_messages)++; (gdb) bt #0 0x0806b4fe in log_source_group_queue (s=0x8afec98, msg=0x8afb068, path_options=0xbfa4f0f8) at sgroup.c:98 #1 0x08055070 in log_pipe_queue (s=0x8afec98, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.h:121 #2 0x08055038 in log_pipe_forward_msg (self=0x8afeb70, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.c:72 #3 0x08055070 in log_pipe_queue (s=0x8afeb70, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.h:121 #4 0x08055038 in log_pipe_forward_msg (self=0x8ae57a8, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.c:72 #5 0x0807b9f7 in log_pipe_queue (s=0x8ae57a8, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.h:121 #6 0x0807b96f in log_source_queue (s=0x8ae7898, msg=0x8afb068, path_options=0xbfa4f164) at logsource.c:186 #7 0x0806c438 in log_pipe_queue (s=0x8ae7898, msg=0x8afb068, path_options=0xbfa4f164) at logpipe.h:121 #8 0x0806c405 in log_reader_handle_line (self=0x8ae7898, line=0x8ae5890 "<46>syslog-ng[28303]: Closing log transport fd; fd='16'\n", length=57, saddr=0x8b00730, parse_flags=0) at logreader.c:295 #9 0x0806c65e in log_reader_fetch_log (self=0x8ae7898, proto=0x8ae5830) at logreader.c:374 #10 0x0806c1d8 in log_reader_fd_dispatch (source=0x8ae7910, callback=0, user_data=0x0) at logreader.c:228 #11 0x0808c6a1 in g_main_context_dispatch () #12 0x0808f723 in g_main_context_iterate () #13 0x0808f89f in g_main_context_iteration () #14 0x0804b7ba in main_loop_run (cfg=0xbfa4f400) at main.c:166 #15 0x0804bfb2 in main (argc=1, argv=0xbfa4f4a4) at main.c:480 (gdb) p s (LogPipe *) 0x8afec98 (gdb) p *s $1 = {ref_cnt = 145684656, flags = 0, cfg = 0x0, pipe_next = 0x8afaae8, queue = 0x806b480 <log_source_group_queue>, init = 0x806b128 <log_source_group_init>, deinit = 0x806b399 <log_source_group_deinit>, free_fn = 0x806b52b <log_source_group_free>, notify = 0} (gdb) up #2 0x08055038 in log_pipe_forward_msg (self=0x8afeb70, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.c:72 72 log_pipe_queue(self->pipe_next, msg, path_options); (gdb) p *self <------------------------------------------------------ self=0x8afeb70 $2 = {ref_cnt = 1, flags = 0, cfg = 0x0, pipe_next = 0x8afec98, queue = 0x805500c <log_pipe_forward_msg>, init = 0x8074784 <afsocket_sd_init>, deinit = 0x8074c02 <afsocket_sd_deinit>, free_fn = 0x8074e15 <afsocket_sd_free>, notify = 0x8074dae <afsocket_sd_notify>} (gdb) up #4 0x08055038 in log_pipe_forward_msg (self=0x8ae57a8, msg=0x8afb068, path_options=0xbfa4f0f8) at logpipe.c:72 72 log_pipe_queue(self->pipe_next, msg, path_options); (gdb) p *self $3 = {ref_cnt = 2, flags = 1, cfg = 0x0, pipe_next = 0x8afeb70, queue = 0x805500c <log_pipe_forward_msg>, init = 0x8073943 <afsocket_sc_init>, deinit = 0x8073c38 <afsocket_sc_deinit>, free_fn = 0x8073e23 <afsocket_sc_free>, gdb) up #6 0x0807b96f in log_source_queue (s=0x8ae7898, msg=0x8afb068, path_options=0xbfa4f164) at logsource.c:186 186 log_pipe_queue(s->pipe_next, msg, &local_options); (gdb) p *s $4 = {ref_cnt = 2, flags = 1, cfg = 0x0, pipe_next = 0x8ae57a8, queue = 0x807b670 <log_source_queue>, init = 0x806c72f <log_reader_init>, deinit = 0x806c8b5 <log_reader_deinit>, free_fn = 0x806c915 <log_reader_free>, notify = 0}
From the trace, you can see that both pipe 0x8afec98 and 0x8afeb70 has been freed, pipe 0x8ae57a8 and 0x8ae7898 are persistent socket and reader pipes, which still refer to the freed pipes.
-- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.