[Bug 17] New: segfault in msg_send_internal_message
https://bugzilla.balabit.com/show_bug.cgi?id=17 Summary: segfault in msg_send_internal_message Product: syslog-ng Version: 2.0.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: anders.henke@1und1.de Type of the Report: bug Estimated Hours: 0.0 On my central log server, syslog-ng 2.0.7 randomly segfaults (signal 11); I haven't noticed this earlier (as syslog-ng is respawned from init), but according to 19 core dumps, it's always at the same position: # core.syslog-ng.sig11.16453 GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/ld-linux-x86-64.so.2...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib/libnss_compat.so.2...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_nis.so.2...done. Loaded symbols for /lib/libnss_nis.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Failed to read a valid object file image from memory. Core was generated by `/sbin/syslog-ng -f /var/run/syslog-ng.conf.519 -F -p /var/run/syslog-ng.pid.519'. Program terminated with signal 11, Segmentation fault. #0 0x00000000004051d7 in msg_send_internal_message (prio=43, msg=0x0) at messages.c:59 59 m = log_msg_new(buf, strlen(buf), NULL, LP_INTERNAL | LP_LOCAL, NULL); (gdb) I'm running Debian Linux 4.0 (Etch) in 64-Bit-flavour. Syslog-NG 2.0.7 has been compiled using the supplied debian/rules file, except two changes: don't strip the symbol table from the binary and use --enable-debug. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=17 --- Comment #1 from Anders Henke <anders.henke@1und1.de> 2008-02-01 15:12:08 --- Ouch, some notes were missing in the first report. Core was generated by `/sbin/syslog-ng -f /var/run/syslog-ng.conf.516 -F -p /var/run/syslog-ng.pid.516'. Program terminated with signal 11, Segmentation fault. #0 0x00000000004051d7 in msg_send_internal_message (prio=46, msg=0x0) at messages.c:59 59 m = log_msg_new(buf, strlen(buf), NULL, LP_INTERNAL | LP_LOCAL, NULL); (gdb) print buf $1 = (gchar *) 0x0 (gdb) print m $2 = (LogMessage *) 0x0 (gdb) backtrace #0 0x00000000004051d7 in msg_send_internal_message (prio=46, msg=0x0) at messages.c:59 #1 0x0000000000405400 in msg_log_func (log_domain=0x445eb2 "GLib", log_flags=G_LOG_LEVEL_CRITICAL, msg=0x0, user_data=0x0) at messages.c:112 #2 0x00000000004236b0 in g_logv () #3 0x0000000000423861 in g_log () #4 0x000000000042ae5e in g_string_append_len () #5 0x000000000042ae82 in g_string_append_printf_internal () #6 0x000000000042af26 in g_string_append_printf () #7 0x0000000000419426 in log_macro_expand (result=0x3f67060, id=11, flags=1, ts_format=0, zone_offset=3600, frac_digits=0, msg=0x3f67e30) at macros.c:358 #8 0x000000000040fbcd in log_template_format (self=0x89d960, lm=0x3f67e30, macro_flags=0, ts_format=0, zone_offset=3600, frac_digits=0, result=0x3f67060) at templates.c:144 #9 0x00000000004128ae in affile_dd_queue (s=0x89d860, msg=0x3f67e30, path_flags=0) at affile.c:774 #10 0x000000000040eaa8 in log_pipe_queue (s=0x89d860, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #11 0x000000000040ea41 in log_dest_group_queue (s=0x89d420, msg=0x3f67e30, path_flags=0) at dgroup.c:95 #12 0x000000000040f74f in log_pipe_queue (s=0x89d420, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #13 0x000000000040f6a9 in log_center_queue (s=0x896d00, msg=0x3f67e30, path_flags=0) at center.c:371 #14 0x000000000040e761 in log_pipe_queue (s=0x896d00, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #15 0x000000000040e729 in log_source_group_queue (s=0x89d600, msg=0x3f67e30, path_flags=0) at sgroup.c:140 #16 0x000000000040e19d in log_pipe_queue (s=0x89d600, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #17 0x000000000040e173 in log_pipe_forward_msg (self=0x89d4e0, msg=0x3f67e30, path_flags=0) at logpipe.c:60 #18 0x0000000000413b22 in log_pipe_queue (s=0x89d4e0, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #19 0x0000000000413af8 in afsocket_sc_queue (s=0x9c46e0, msg=0x3f67e30, path_flags=0) at afsocket.c:261 #20 0x0000000000419976 in log_pipe_queue (s=0x9c46e0, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #21 0x000000000041994c in log_source_queue (s=0x9c4760, msg=0x3f67e30, path_flags=0) at logsource.c:49 #22 0x0000000000419fa8 in log_pipe_queue (s=0x9c4760, msg=0x3f67e30, path_flags=0) at logpipe.h:72 #23 0x0000000000419f75 in log_reader_handle_line (self=0x9c4760, line=0xad6b10 "<39>Feb 1 13:35:51 infongd9941 sshd[30118]: debug1: /root/.ssh/authorized_keys, line 73: non ssh1 key syntax <39>Feb 1 13:35:51 infongd9941 sshd[30118]: debug1: /root/.ssh/authorized_keys, line 77: "..., length=109, saddr=0x0, parse_flags=0) at logreader.c:210 #24 0x000000000041a256 in log_reader_iterate_buf (self=0x9c4760, saddr=0x0, flush=0, msg_count=0x7fffcab693bc) at logreader.c:295 #25 0x000000000041a6aa in log_reader_fetch_log (self=0x9c4760, fd=0x9c4740) at logreader.c:400 #26 0x0000000000419d99 in log_reader_fd_dispatch (source=0x9c47e0, callback=0, user_data=0x0) at logreader.c:153 #27 0x000000000041eea8 in g_main_context_dispatch () #28 0x0000000000421916 in g_main_context_iterate () #29 0x0000000000421dea in g_main_context_iteration () #30 0x000000000040431d in main_loop_run (cfg=0x7fffcab69788) at main.c:165 #31 0x0000000000404997 in main (argc=6, argv=0x7fffcab69888) at main.c:433 -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=17 Balazs Scheidler <bazsi@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |DUPLICATE Status|NEW |RESOLVED --- Comment #2 from Balazs Scheidler <bazsi@balabit.hu> 2008-02-01 16:49:23 --- This is probably the same as bug 18, not enough memory, the vasprintf() in glib could not allocate memory and passed a NULL pointer to g_string_append_len() which caused a failed assertion that formatted another message, which failed again, thus sent a NULL to the internal message handler. syslog-ng assumes that mallocs never fails and aborts in this case (see bug 18), the interesting point is whether syslog-ng actually leaks, or uses the memory for legitimate reasons. It's been a while since I last fixed a memory leak problem. So I dup this bug to bug #18. *** This bug has been marked as a duplicate of bug 18 *** -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com