syslog-ng af_sql driver experiencing segfault
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xf7b12b90 (LWP 23608)] 0x00c5c7dc in memcpy () from /lib/libc.so.6 (gdb) bt #0 0x00c5c7dc in memcpy () from /lib/libc.so.6 #1 0xf7e21fed in g_string_insert_len () from /home/y/lib/libglib-2.0.so.0 #2 0xf7e223e8 in g_string_append_len () from /home/y/lib/libglib-2.0.so.0 #3 0xf7edc1d6 in result_append (result=0x8cc1780, sstr=0x910ffaf "", len=3160627, escape=0) at templates.c:213 #4 0xf7ede535 in log_template_append_format_with_context (self=0x8ba0098, messages=0xf7b12204, num_messages=1, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1058 #5 0xf7ede83f in log_template_append_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1109 #6 0xf7ede898 in log_template_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1116 #7 0xf7b459e6 in afsql_dd_insert_db (self=0x8bb8a58) at afsql.c:681 #8 0xf7b45fd9 in afsql_dd_database_thread (arg=0x8bb8a58) at afsql.c:823 #9 0xf7ed1405 in worker_thread_func (st=0x8ba4238) at misc.c:593 #10 0xf7e28c51 in ?? () from /home/y/lib/libglib-2.0.so.0 #11 0x08ba4238 in ?? () #12 0x08ba4248 in ?? () #13 0x00000005 in ?? () #14 0xf7e28b06 in ?? () from /home/y/lib/libglib-2.0.so.0 #15 0x00d352c6 in ?? () from /lib/libpthread.so.0 #16 0x00000000 in ?? () (gdb) Looks like I am running into problems with the database code. I'll investigate but it's going to take a while so I hope somebody else might have an idea. This is 3.2 verion 2010-01-31 git. Thanks, Matthew.
On Fri, 2011-02-04 at 15:27 -0800, Matthew Hall wrote:
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xf7b12b90 (LWP 23608)] 0x00c5c7dc in memcpy () from /lib/libc.so.6 (gdb) bt #0 0x00c5c7dc in memcpy () from /lib/libc.so.6 #1 0xf7e21fed in g_string_insert_len () from /home/y/lib/libglib-2.0.so.0 #2 0xf7e223e8 in g_string_append_len () from /home/y/lib/libglib-2.0.so.0 #3 0xf7edc1d6 in result_append (result=0x8cc1780, sstr=0x910ffaf "", len=3160627, escape=0) at templates.c:213 #4 0xf7ede535 in log_template_append_format_with_context (self=0x8ba0098, messages=0xf7b12204, num_messages=1, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1058 #5 0xf7ede83f in log_template_append_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1109 #6 0xf7ede898 in log_template_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1116 #7 0xf7b459e6 in afsql_dd_insert_db (self=0x8bb8a58) at afsql.c:681 #8 0xf7b45fd9 in afsql_dd_database_thread (arg=0x8bb8a58) at afsql.c:823 #9 0xf7ed1405 in worker_thread_func (st=0x8ba4238) at misc.c:593 #10 0xf7e28c51 in ?? () from /home/y/lib/libglib-2.0.so.0 #11 0x08ba4238 in ?? () #12 0x08ba4248 in ?? () #13 0x00000005 in ?? () #14 0xf7e28b06 in ?? () from /home/y/lib/libglib-2.0.so.0 #15 0x00d352c6 in ?? () from /lib/libpthread.so.0 #16 0x00000000 in ?? () (gdb)
Looks like I am running into problems with the database code.
I'll investigate but it's going to take a while so I hope somebody else might have an idea.
Not nice. Can you send me the core file and the binaries in private? The length of the string to be appended to the result certainly looks suspicios being 3160627 bytes. Can you show me the template that is being expanded here? The message syslog-ng is trying to operate on is probably bogus, but in order to diagnose I'd probably need the core file. -- Bazsi
On Sun, Feb 06, 2011 at 10:34:41AM +0100, Balazs Scheidler wrote:
On Fri, 2011-02-04 at 15:27 -0800, Matthew Hall wrote:
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xf7b12b90 (LWP 23608)] 0x00c5c7dc in memcpy () from /lib/libc.so.6 (gdb) bt #0 0x00c5c7dc in memcpy () from /lib/libc.so.6 #1 0xf7e21fed in g_string_insert_len () from /home/y/lib/libglib-2.0.so.0 #2 0xf7e223e8 in g_string_append_len () from /home/y/lib/libglib-2.0.so.0 #3 0xf7edc1d6 in result_append (result=0x8cc1780, sstr=0x910ffaf "", len=3160627, escape=0) at templates.c:213 #4 0xf7ede535 in log_template_append_format_with_context (self=0x8ba0098, messages=0xf7b12204, num_messages=1, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1058 #5 0xf7ede83f in log_template_append_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1109 #6 0xf7ede898 in log_template_format (self=0x8ba0098, lm=0x90d93b0, opts=0x8bb8aec, tz=1, seq_num=945, result=0x8cc1780) at templates.c:1116 #7 0xf7b459e6 in afsql_dd_insert_db (self=0x8bb8a58) at afsql.c:681 #8 0xf7b45fd9 in afsql_dd_database_thread (arg=0x8bb8a58) at afsql.c:823 #9 0xf7ed1405 in worker_thread_func (st=0x8ba4238) at misc.c:593 #10 0xf7e28c51 in ?? () from /home/y/lib/libglib-2.0.so.0 #11 0x08ba4238 in ?? () #12 0x08ba4248 in ?? () #13 0x00000005 in ?? () #14 0xf7e28b06 in ?? () from /home/y/lib/libglib-2.0.so.0 #15 0x00d352c6 in ?? () from /lib/libpthread.so.0 #16 0x00000000 in ?? () (gdb)
Looks like I am running into problems with the database code.
I'll investigate but it's going to take a while so I hope somebody else might have an idea.
Not nice. Can you send me the core file and the binaries in private? The length of the string to be appended to the result certainly looks suspicios being 3160627 bytes.
I can't send the core because it will have PII. If I try to reproduce it I might not be able to get it to happen without using real data. But I'll see if I can do it. I can definitely investigate anything you think would be suspicious or run any diagnostics you would like to have.
Can you show me the template that is being expanded here?
I put the sql related directives below.
The message syslog-ng is trying to operate on is probably bogus, but in order to diagnose I'd probably need the core file.
What did you mean by the message being bogus? If you clarify I might be able to track it down and file a better report.
Bazsi
destination d_database { sql( type(mysql) host("localhost") username("syslog") password("") database("syslog") table("syslog") flags(dont-create-tables, explicit-commits) columns( "raw varchar(4000) COLLATE utf8_unicode_ci NOT NULL", "device char(45) COLLATE utf8_unicode_ci NOT NULL", "msgtype char(60) COLLATE utf8_unicode_ci NOT NULL", "msgtime char(60) COLLATE utf8_unicode_ci NOT NULL", "src char(45) COLLATE utf8_unicode_ci NOT NULL", "xsrc char(45) COLLATE utf8_unicode_ci NOT NULL", "user char(40) COLLATE utf8_unicode_ci NOT NULL", "relay char(45) COLLATE utf8_unicode_ci NOT NULL", "task char(20) COLLATE utf8_unicode_ci NOT NULL", "sev char(20) COLLATE utf8_unicode_ci NOT NULL", "srcmac char(20) COLLATE utf8_unicode_ci NOT NULL", "dst char(45) COLLATE utf8_unicode_ci NOT NULL", "xdst char(45) COLLATE utf8_unicode_ci NOT NULL", "_group char(40) COLLATE utf8_unicode_ci NOT NULL", "action char(25) COLLATE utf8_unicode_ci NOT NULL", "svr char(30) COLLATE utf8_unicode_ci NOT NULL", "srcport smallint(5) unsigned NOT NULL", "xsrcport smallint(5) unsigned NOT NULL", "interface char(35) COLLATE utf8_unicode_ci NOT NULL", "tx char(15) COLLATE utf8_unicode_ci NOT NULL", "rx char(15) COLLATE utf8_unicode_ci NOT NULL", "reason char(15) COLLATE utf8_unicode_ci NOT NULL", "duration char(15) COLLATE utf8_unicode_ci NOT NULL", "protocol char(20) COLLATE utf8_unicode_ci NOT NULL", "dstport smallint(5) unsigned NOT NULL", "xdstport smallint(5) unsigned NOT NULL", "method char(25) COLLATE utf8_unicode_ci NOT NULL", "acl char(40) COLLATE utf8_unicode_ci NOT NULL", "status char(30) COLLATE utf8_unicode_ci NOT NULL", "ap char(15) COLLATE utf8_unicode_ci NOT NULL", "dstdns varchar(1000) COLLATE utf8_unicode_ci NOT NULL", "time char(50) COLLATE utf8_unicode_ci NOT NULL", "apmac char(15) COLLATE utf8_unicode_ci NOT NULL", "zone char(15) COLLATE utf8_unicode_ci NOT NULL", "vlan smallint(5) unsigned NOT NULL", "trunk char(35) COLLATE utf8_unicode_ci NOT NULL", "snmp char(25) COLLATE utf8_unicode_ci NOT NULL", "role char(15) COLLATE utf8_unicode_ci NOT NULL", "level char(15) COLLATE utf8_unicode_ci NOT NULL", "dstmac char(20) COLLATE utf8_unicode_ci NOT NULL", "count int(11) NOT NULL", "attack varchar(600) COLLATE utf8_unicode_ci NOT NULL", "activity char(15) COLLATE utf8_unicode_ci NOT NULL", "ssid char(35) COLLATE utf8_unicode_ci NOT NULL", "srcid char(25) COLLATE utf8_unicode_ci NOT NULL", "offset char(15) COLLATE utf8_unicode_ci NOT NULL", "interface1 char(35) COLLATE utf8_unicode_ci NOT NULL", "interface2 char(35) COLLATE utf8_unicode_ci NOT NULL", "file char(30) COLLATE utf8_unicode_ci NOT NULL", ) values( "$raw", "$device", "$msgtype", "$msgtime", "$src", "$xsrc", "$user", "$relay", "$task", "$sev", "$srcmac", "$dst", "$xdst", "$group", "$action", "$svr", "$srcport", "$xsrcport", "$interface", "$tx", "$rx", "$reason", "$duration", "$protocol", "$dstport", "$xdstport", "$method", "$acl", "$status", "$ap", "$dstdns", "$time", "$apmac", "$zone", "$vlan", "$trunk", "$snmp", "$role", "$level", "$dstmac", "$count", "$attack", "$activity", "$ssid", "$srcid", "$offset", "$interface1", "$interface2", "$file", ) indexes("date", "device", "level_num", "host", "r_date") ); }; parser p_database { db-parser(file("/.../database.xml")); }; template t_raw { template("${MSGONLY}\n"); }; rewrite r_strip_empty_values { subst('\b(\w+)="" ', "", value(MESSAGE), flags("global"), type("pcre")); }; destination d_raw { file(".../raw/raw_${YEAR}-${MONTH}-${DAY}.log" owner("root") group("root") perm(0640) create_dirs(no) template(t_raw) suppress(3) ); }; destination d_vpn_analysis { program("... perl code ..." flags(no-multi-line) suppress(0) template(t_raw) ); }; log { source(s_tcp); parser(p_database); destination(d_database); rewrite(r_strip_empty_values); destination(d_raw); destination(d_vpn_analysis); };
participants (2)
-
Balazs Scheidler
-
Matthew Hall