[syslog-ng] [Bug 253] New: Segfault when reloading configuration

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Sun Sep 15 04:18:32 CEST 2013 

https://bugzilla.balabit.com/show_bug.cgi?id=253

           Summary: Segfault when reloading configuration
           Product: syslog-ng
           Version: 3.4.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: gonzalo.paniagua+slng1 at acquia.com
Type of the Report: bug
   Estimated Hours: 0.0


syslog-ng version: 3.4.3 built from sources
syslog-ng -V:
syslog-ng 3.4.3
Installer-Version: 3.4.3
Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.4#no_branch#64d670f3cbfb90769f3c7f0fdd9c70bb9136ec5b
Compile-Date: Sep 11 2013 05:33:29
Available-Modules: confgen,afsocket-tls,csvparser,affile,system-source,syslogformat,afuser,dbparser,afsocket-notls,basicfuncs,cryptofuncs,afsocket,afprog
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
Enable-Pcre: on


On rare occasions (I can't reproduce it reliably) syslog-ng segfaults when reloading (syslog-ng-ctl reload). I have a core dump file that gave me this stack
trace:
#0  0x00007fbd30102131 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fbd30101d76 in strdup () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fbd2f868b19 in evt_tag_str (tag=0x7fbd309a42f0 "encoding", value=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>) at evttags.c:76
#3  0x00007fbd3097918c in log_proto_server_options_validate (options=<optimized out>) at logproto-server.c:138
#4  0x00007fbd3097d191 in log_proto_server_validate_options (self=<optimized out>) at logproto-server.h:82
#5  log_reader_init (s=0x14a6a30) at logreader.c:638
#6  0x00007fbd2e9d5b07 in log_pipe_init (cfg=0x0, s=0x14a6a30) at ../../lib/logpipe.h:253
#7  log_pipe_init (cfg=0x0, s=0x14a6a30) at afsocket-source.c:763
#8  afsocket_sc_init (s=0x14a68f0) at afsocket-source.c:149
#9  0x00007fbd2e9d67fd in log_pipe_init (cfg=0x0, s=0x14a68f0) at ../../lib/logpipe.h:253
#10 log_pipe_init (cfg=0x0, s=0x14a68f0) at afsocket-source.c:763
#11 afsocket_sd_init (s=0x1489630) at afsocket-source.c:548
#12 0x00007fbd2e9d9719 in afunix_sd_init (s=<optimized out>) at afunix-source.c:194
#13 0x00007fbd3096d27a in log_pipe_init (cfg=<optimized out>, s=0x1489630) at logpipe.h:253
#14 cfg_tree_start (self=0x1c15c48) at cfg-tree.c:1064
#15 0x00007fbd309685de in cfg_init (cfg=0x1c15ae0) at cfg.c:220
#16 0x00007fbd30984faf in main_loop_reload_config_apply () at mainloop.c:501
#17 0x00007fbd3096d699 in control_connection_reload (self=0x1d09e90, command=<optimized out>) at control.c:150
#18 0x00007fbd3096dae8 in control_connection_io_input (s=0x1d09e90) at control.c:242
#19 control_connection_io_input (s=0x1d09e90) at control.c:172
#20 0x00007fbd309a106c in iv_fd_poll_and_run (st=0x1482580, to=<optimized out>) at iv_fd.c:163
#21 0x00007fbd309a1aac in iv_main () at iv_main_posix.c:117
#22 0x00007fbd309859fb in main_loop_run () at mainloop.c:736
#23 0x000000000040142b in main (argc=1, argv=0x7fffd8212a58) at main.c:267

When at frame #5, I got this:
(gdb) print *self->proto->options
$19 = {destroy = 0, initialized = -1, encoding = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, convert = 0xffffffffffffffff, max_msg_size =
-1, 
  max_buffer_size = 0, init_buffer_size = 0}

I could not find anywhere in the code where initialized is set to -1, so I assume this is some kind of memory corruption.

Let me know if you need anything else from me.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list