Bug 426087

Summary: rsyslog crashes with segfault
Product: [Fedora] Fedora Reporter: Jan "Yenya" Kasprzak <kas>
Component: rsyslogAssignee: Peter Vrabec <pvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: theinric
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-18 14:13:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan "Yenya" Kasprzak 2007-12-18 11:59:49 UTC 
Description of problem:
I have seen two rsyslog crashes on my FTP and mail server recently. I have logs
only from the second occurence: dmesg says:

rsyslogd[2804]: segfault at 0000000000000035 rip 00000000004118dd rsp
00007fffcff77210 error 4

and in the /var/log/messages:

*** glibc detected *** rsyslogd: double free or corruption (!prev): 0x0000000001
0e35e0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x36ae072832]
/lib64/libc.so.6(cfree+0x8c)[0x36ae075f2c]
rsyslogd[0x406881]
rsyslogd[0x406abd]
rsyslogd(llExecFunc+0x5d)[0x41777d]
rsyslogd[0x407067]
rsyslogd[0x407e28]
/lib64/libpthread.so.0[0x36af406407]
/lib64/libc.so.6(clone+0x6d)[0x36ae0d4b0d]
======= Memory map: ========
00400000-00421000 r-xp 00000000 09:00 327108                            
/sbin/rsyslogd
00620000-00623000 rw-p 00020000 09:00 327108                            
/sbin/rsyslogd
00623000-01647000 rw-p 00623000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0 
40001000-40801000 rw-p 40001000 00:00 0 
36adc00000-36adc1b000 r-xp 00000000 09:00 3630183                       
/lib64/ld-2.7.so
36ade1a000-36ade1b000 r--p 0001a000 09:00 3630183                       
/lib64/ld-2.7.so
36ade1b000-36ade1c000 rw-p 0001b000 09:00 3630183                       
/lib64/ld-2.7.so
36ae000000-36ae14d000 r-xp 00000000 09:00 3630280                       
/lib64/libc-2.7.so
36ae14d000-36ae34d000 ---p 0014d000 09:00 3630280                       
/lib64/libc-2.7.so
36ae34d000-36ae351000 r--p 0014d000 09:00 3630280                       
/lib64/libc-2.7.so
36ae351000-36ae352000 rw-p 00151000 09:00 3630280                       
/lib64/libc-2.7.so
36ae352000-36ae357000 rw-p 36ae352000 00:00 0 
36ae400000-36ae402000 r-xp 00000000 09:00 3630330                       
/lib64/libdl-2.7.so
36ae402000-36ae602000 ---p 00002000 09:00 3630330                       
/lib64/libdl-2.7.so
36ae602000-36ae603000 r--p 00002000 09:00 3630330                       
/lib64/libdl-2.7.so
36ae603000-36ae604000 rw-p 00003000 09:00 3630330                       
/lib64/libdl-2.7.so
36aec00000-36aec14000 r-xp 00000000 09:00 3630356                       
/lib64/libz.so.1.2.3
36aec14000-36aee13000 ---p 00014000 09:00 3630356                       
/lib64/libz.so.1.2.3
36aee13000-36aee14000 rw-p 00013000 09:00 3630356                       
/lib64/libz.so.1.2.3
36af400000-36af416000 r-xp 00000000 09:00 3630350                       
/lib64/libpthread-2.7.so
36af416000-36af615000 ---p 00016000 09:00 3630350                       
/lib64/libpthread-2.7.so
36af615000-36af616000 r--p 00015000 09:00 3630350                       
/lib64/libpthread-2.7.so
36af616000-36af617000 rw-p 00016000 09:00 3630350                       
/lib64/libpthread-2.7.so
36af617000-36af61b000 rw-p 36af617000 00:00 0 
36af800000-36af80d000 r-xp 00000000 09:00 3630739                       
/lib64/libgcc_s-4.1.2-20070925.so.1
36af80d000-36afa0d000 ---p 0000d000 09:00 3630739                       
/lib64/libgcc_s-4.1.2-20070925.so.1
36afa0d000-36afa0e000 rw-p 0000d000 09:00 3630739                       
/lib64/libgcc_s-4.1.2-20070925.so.1
36b0c00000-36b0c08000 r-xp 00000000 09:00 3630352                       
/lib64/librt-2.7.so
36b0c08000-36b0e07000 ---p 00008000 09:00 3630352                       
/lib64/librt-2.7.so
36b0e07000-36b0e08000 r--p 00007000 09:00 3630352                       
/lib64/librt-2.7.so
36b0e08000-36b0e09000 rw-p 00008000 09:00 3630352                       
/lib64/librt-2.7.so
2aaaac000000-2aaaad31d000 rw-p 2aaaac000000 00:00 0 
2aaaad31d000-2aaab0000000 ---p 2aaaad31d000 00:00 0 
2aaab0000000-2aaab14f1000 rw-p 2aaab0000000 00:00 0 
2aaab14f1000-2aaab4000000 ---p 2aaab14f1000 00:00 0 
2b089ef6f000-2b089ef72000 rw-p 2b089ef6f000 00:00 0 
2b089ef7f000-2b089ef82000 rw-p 2b089ef7f000 00:00 0 
7fff0bb26000-7fff0bb3b000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff0bbfd000-7fff0bc00000 r-xp 7fff0bbfd000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

I have a pretty standard rsyslog.conf (migrated from F7 syslog.conf):

*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

the only nonstandard thing is the asynchronous output to /var/log/maillog,
because there is too much mail traffic going through the server.
After /etc/init.d/rsyslog restart it runs again. No MCE or other hardware
problems are logged on the system, and the system is pretty much stock
Fedora 8/x86_64 (altough upgraded from previous releases, not a clean install).

I _think_ I have seen the rsyslog crash even on some other system, but I am not
able to find it now.

Version-Release number of selected component (if applicable):
rsyslog-1.19.6-3.fc8

How reproducible:
random - I am reporting it there just in case somebody else can see this as
well. Do not bother to investigate this now if there is too little data.
Comment 1 Jan "Yenya" Kasprzak 2007-12-18 12:02:09 UTC 
Hmm, maybe a related problem?

http://rgerhards.blogspot.com/2007/11/found-another-part-of-code-that-is-not.html
Comment 2 Peter Vrabec 2007-12-18 14:13:48 UTC 

*** This bug has been marked as a duplicate of 384341 ***