Bug 429815 - logrotate segfaults in logrotate.d/samba
Summary: logrotate segfaults in logrotate.d/samba
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: 8
Hardware: i386
OS: Linux
low
high
Target Milestone: ---
Assignee: Tomas Smetana
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-01-23 08:01 UTC by J. Randall Owens
Modified: 2008-01-24 12:07 UTC (History)
1 user (show)

Fixed In Version: 3.7.6-2.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-24 11:45:03 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
logrotate -d output (73.53 KB, text/plain)
2008-01-23 08:01 UTC, J. Randall Owens 		no flags Details
View All

Description J. Randall Owens 2008-01-23 08:01:57 UTC 
Description of problem:
Logrotate segfaults during run

Version-Release number of selected component (if applicable):
logrotate-3.7.6-2.1.fc8
samba-3.0.28-0.fc8

How reproducible:
allow crond to run logrotate, or manually '/usr/sbin/logrotate /etc/logrotate.conf`

Actual results:
/etc/cron.daily/logrotate: line 3: 12579 Segmentation fault     
/usr/sbin/logrotate /etc/logrotate.conf
(I believe "line 3" here refers to the /etc/cron.daily/logrotate script, so
doesn't tell us much of anything about what brought it on.)

Expected results:
quietly rotates logs as needed

Additional info:
I've had a lot of trouble with logrotate in /var/log/samba, usually due to the
sheer number of files I'd end up with after logrotate would madly attach more
and more '.1's at the end of empty files and create new ones, and eventually the
wildcard expanded line would just be too long for it.  But this time, things
seem to be staying pretty clean, and the number of characters in a `echo
/var/log/samba(/old)?/* | wc` (if I may mix my expressions) only comes to 24807
for the main directory, 8143 for old.  This did start happening the first run
after the latest logrotate update (Jan 20 for me).

I have attached the output of a typical run (with -d debugging option).  With a
little prompting, I could attach debug output; I've done it before, and just
installed the logrotate-debuginfo package, but don't recall the details of what
to do. Here's a little snippet from using what I've recalled:
Program received signal SIGSEGV, Segmentation fault.
0x0498212b in strlen () from /lib/libc.so.6

(gdb) bt
#0  0x0498212b in strlen () from /lib/libc.so.6
#1  0x054f1098 in ?? () from /lib/libselinux.so.1
#2  0x0804aa4e in rotateSingleLog (log=0x92ed150, logNum=0, state=0x931460c,
    rotNames=0x92f0548) at logrotate.c:1013
#3  0x0804ca01 in rotateLogSet (log=0x92ed150, sip=0xbfda75c4, force=0)
    at logrotate.c:1202
#4  0x0804d2ca in main (argc=Cannot access memory at address 0x3
) at logrotate.c:1529
#5  0x04928390 in __libc_start_main (main=0x804cec0 <main>, argc=3,
    ubp_av=0xbfda7aa4, init=0x80513f0 <__libc_csu_init>,
    fini=0x80513e0 <__libc_csu_fini>, rtld_fini=0x269940 <_dl_fini>,
    stack_end=0xbfda7a9c) at libc-start.c:220
#6  0x080497f1 in _start ()
(gdb)


I also just reinstalled samba, to see if a standard /etc/logrotate.d/samba might
help, since mine had been modified in trying to deal with the aforementioned
problems.  It still segfaults the same way.  I believe none of my other
logrotate.d files have been changed from the defaults.

I noted similar segfault bugs in the past, but they don't quite seem a match for
this: bug 110683, bug 170904, bug 170955, bug 214572
Comment 1 J. Randall Owens 2008-01-23 08:01:57 UTC 
Created attachment 292612 [details]
logrotate -d output
Comment 2 Tomas Smetana 2008-01-23 08:33:00 UTC 
Please post also your /etc/logrotate.d/samba so I could try to reproduce the bug
exactly.  Thanks.
Comment 3 Tomas Smetana 2008-01-23 08:39:16 UTC 
And one more question -- do you still have those files with '*.1.1.1.1.1'-like
suffixes somewhere in the olddir?  This may be the problem -- some of those file
names might have grown too long and this could have triggered the buffer overflow.
Comment 4 J. Randall Owens 2008-01-23 22:00:28 UTC 
Right now, the logrotate.d/samba is completely vanilla:
/var/log/samba/* {
    notifempty
    olddir /var/log/samba/old
    missingok
    sharedscripts
    copytruncate
}
 For a while, it had looked more like this:
/var/log/samba/log.* {
    notifempty
    missingok
    sharedscripts
    copytruncate
    minsize 32k
}

And yes, I spent a *long* time cleaning up all those *.1.1... files, and they're
all gone now.
Comment 5 J. Randall Owens 2008-01-23 22:07:18 UTC 
Oh, and the ones in the olddir are all labeled with the new-style '*-20080120'
style filenames.  No exceptions anymore.
Comment 6 Tomas Smetana 2008-01-24 07:41:12 UTC 
So the problem is elsewhere...  Please try to upgrade to the new
logrotate-3.7.6-2.2 so I'm sure it's not caused by the SELinux patch (doesn't
look like though) and let me know.  Thanks.
Comment 7 J. Randall Owens 2008-01-24 11:20:45 UTC 
OK, 3.7.6-2.2 (from testing, right?) seems to have fixed it.  No more segfault
when I run it.  Thanks for your help, Tomas.
Comment 8 Tomas Smetana 2008-01-24 11:45:03 UTC 
Hmmm...  I'm glad it helped.  Although I would be even more glad knowing what
exactly caused the problem.  And 3.7.6-2.2 should be in stable already.  Maybe
it'll take some time for the mirrors to sync...

I'm closing the bug. Feel free to reopen or file a new one in case any new
problem comes up.
Comment 9 J. Randall Owens 2008-01-24 12:07:25 UTC 
Well, if you're worried about it cropping up again, I'll add one more thing I
noticed towards the end.  Running `logrotate -d /etc/logrotate.conf` as an
unprivileged user, who can't read the /var/log/samba directory, did not segfault
at all.  (Of course, it also didn't rotate anything.)  So apparently, the
directory listing contributes, either directly or indirectly.
Note You need to log in before you can comment on or make changes to this bug.