netfilter buglog - Aug 2011 - [Bug 741] New: ULOGD segfaults on init

http://bugzilla.netfilter.org/show_bug.cgi?id=741

           Summary: ULOGD segfaults on init
           Product: ulogd
           Version: SVN (please provide timestamp)
          Platform: i386
        OS/Version: other
            Status: NEW
          Severity: blocker
          Priority: P5
         Component: ulogd_MYSQL
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: martinbarrowcliff at gmail.com
   Estimated Hours: 0.0


Linux server.localdomain 3.0.3_mfb #1 SMP Sat Aug 27 16:32:30 EDT 2011 i686
i686 i386 GNU/Linux
This is my server, running LFS. unpatched kern.

ulogd-2 snapshot from aug 27 2011

2011-08-28 16:45:54     kernel: ulogd[1815]: segfault at 90 ip 0804a012 sp
bfaddd20 error 4 in ulogd[8048000+6000]
2011-08-28 16:45:33     kernel: ulogd[1774]: segfault at 90 ip 0804a012 sp
bfd31e80 error 4 in ulogd[8048000+6000]
2011-08-28 16:43:18     kernel: ulogd[1627]: segfault at 90 ip 0804a012 sp
bfe5b860 error 4 in ulogd[8048000+6000]
2011-08-28 16:42:47     kernel: ulogd[1585]: segfault at 90 ip 0804a012 sp
bfbb1e20 error 4 in ulogd[8048000+6000]

hmmm. valgrind won't run on this kern.

ulogd logged this every time; nothing more
init never completed.

Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFLOG'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFCT'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IFINDEX'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IP2STR'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IP2BIN'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `PRINTPKT'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `HWHDR'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `MARK'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `SYSLOG'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `PCAP'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `MYSQL'
Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `BASE'
Sun Aug 28 16:40:24 2011 <1> ulogd.c:820 building new pluginstance stack
(ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL):
Sun Aug 28 16:40:24 2011 <1> ulogd.c:829 tok=`ct1:NFCT'

After here it was crashed...

The same config works on first beta4 release, which I have reverted to...
That is working fine...

built with:

./autogen.sh
./configure  --prefix=/usr --sysconfdir=/etc --with-pic \
 --libdir=/usr/lib  --with-mysql-inc=/usr/lib/mysql \
 --with-mysql-lib=/usr/include/mysql \
 --with-pcap-lib=/usr/lib --with-pcap-inc=/usr/include/pcap
make
make install

Marty B.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=741





--- Comment #1 from martin barrowcliff <martinbarrowcliff at gmail.com> 
2011-11-28 03:59:34 ---
Bug Updated with valgrind

System

Intel Atom-330
2G memory
250G SATA drive

Linux server.localdomain 3.1.1_mfb #1 SMP \
Wed Nov 23 12:22:11 EST 2011 i686 i686 i386 GNU/Linux

iptables-1.4.12.1
libcap-ng-0.6.6
libnetfilter_log-1.0.0
libmnl-1.0.1
libnet-1.1.4
libnetfilter_conntrack-0.9.1
libnetfilter_queue-1.0.0
libnfnetlink-1.0.0
libpcap-1.0.2_pre
xtables-addons-1.39


ulogd.log

Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `NFLOG'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `BASE'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IFINDEX'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IP2STR'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IP2BIN'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `PRINTPKT'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `HWHDR'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `MARK'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `SYSLOG'
Sun Nov 27 21:05:55 2011 <1> ulogd.c:821 building new pluginstance stack
(log3:NFLOG,base3:BASE,ifi3:IFINDEX,ip2str3:IP2STR,print3:PRINTPKT,sys3:SYSLOG):
Sun Nov 27 21:05:55 2011 <1> ulogd.c:830 tok=`log3:NFLOG'



ulogd.conf


[global]
logfile="/var/log/ulogd.log"
loglevel=1;
plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
#
stack=log3:NFLOG,base3:BASE,ifi3:IFINDEX,ip2str3:IP2STR,print3:PRINTPKT,sys3:SYSLOG
#
# Logging through NFLOG group 3
[log3]
# (syslog messages)
netlink_socket_buffer_size=300000
netlink_socket_buffer_maxsize=1085440
netlink_qthreshold=5
netlink_qtimeout=100
numeric_label=3
bind=1
#


ulogd build conf

./configure --with-pic --prefix=/usr --sysconfdir=/etc \
 --libdir=/usr/lib  --with-mysql-lib=/usr/lib/mysql \
 --with-mysql-inc=/usr/include/mysql --disable-silent-rules \
 --with-pcap-lib=/usr/lib --with-pcap-inc=/usr/include/pcap


valgrind output

==10784== Memcheck, a memory error detector
==10784== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==10784== Using Valgrind-3.8.0.SVN and LibVEX; rerun with -h for copyright info
==10784== Command: /usr/sbin/ulogd -d
==10784== 
--10784-- Valgrind options:
--10784--    -v
--10784--    --leak-check=full
--10784--    --show-reachable=yes
--10784-- Contents of /proc/version:
--10784--   Linux version 3.1.1_mfb (root at server.localdomain) (gcc version
4.4.4 (GCC) ) #1 SMP Wed Nov 23 12:22:11 EST 2011
--10784-- Arch and hwcaps: X86, x86-sse1-sse2
--10784-- Page sizes: currently 4096, max supported 4096
--10784-- Valgrind library directory: /usr/lib/valgrind
--10784-- Reading syms from /lib/ld-2.11.1.so (0x4000000)
--10784-- Reading syms from /usr/sbin/ulogd (0x8048000)
--10784-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux (0x38000000)
--10784--    object doesn't have a dynamic symbol table
--10784-- Reading suppressions file: /usr/lib/valgrind/default.supp
==10784== embedded gdbserver: reading from
/tmp/vgdb-pipe-from-vgdb-to-10784-by-root-on-???
==10784== embedded gdbserver: writing to  
/tmp/vgdb-pipe-to-vgdb-from-10784-by-root-on-???
==10784== embedded gdbserver: shared mem  
/tmp/vgdb-pipe-shared-mem-vgdb-10784-by-root-on-???
==10784== 
==10784== TO CONTROL THIS PROCESS USING vgdb (which you probably
==10784== don't want to do, unless you know exactly what you're doing,
==10784== or are doing some strange experiment):
==10784==   /usr/lib/valgrind/../../bin/vgdb --pid=10784 ...command...
==10784== 
==10784== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==10784==   /path/to/gdb /usr/sbin/ulogd
==10784== and then give GDB the following command
==10784==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=10784
==10784== --pid is optional if only one valgrind process is running
==10784== 
--10784-- REDIR: 0x4019000 (strlen) redirected to 0x380439b8
(vgPlain_x86_linux_REDIR_FOR_strlen)
--10784-- REDIR: 0x4018e30 (index) redirected to 0x38043993
(vgPlain_x86_linux_REDIR_FOR_index)
--10784-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so
(0x4023000)
--10784-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so
(0x4025000)
--10784-- Reading syms from /lib/libdl-2.11.1.so (0x4033000)
--10784-- Reading syms from /lib/libc-2.11.1.so (0x4037000)
--10784-- REDIR: 0x40b1ff0 (rindex) redirected to 0x4028c20 (rindex)
--10784-- REDIR: 0x40acd20 (malloc) redirected to 0x4027f8f (malloc)
--10784-- REDIR: 0x40b1ba0 (strlen) redirected to 0x40290b0 (strlen)
--10784-- REDIR: 0x40b14a0 (index) redirected to 0x4028ce0 (index)
--10784-- REDIR: 0x40b1680 (strcpy) redirected to 0x40290f0 (strcpy)
--10784-- REDIR: 0x40b2cb0 (strstr) redirected to 0x402b0c0 (strstr)
--10784-- REDIR: 0x40b3410 (memchr) redirected to 0x40297f0 (memchr)
--10784-- REDIR: 0x40b3de0 (memcpy) redirected to 0x4029d00 (memcpy)
--10784-- REDIR: 0x40b1e90 (strncpy) redirected to 0x40292b0 (strncpy)
--10784-- REDIR: 0x40b1610 (strcmp) redirected to 0x4029670 (strcmp)
--10784-- REDIR: 0x40ae420 (free) redirected to 0x4027ba9 (free)
--10784-- REDIR: 0x40ae990 (calloc) redirected to 0x4027273 (calloc)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_inppkt_NFLOG.so (0x459f000)
--10784-- Reading syms from /usr/lib/libnetfilter_log.so.1.1.0 (0x45a9000)
--10784-- Reading syms from /usr/lib/libnfnetlink.so.0.2.0 (0x45ad000)
--10784-- REDIR: 0x40b6850 (strchrnul) redirected to 0x402aeb0 (strchrnul)
--10784-- REDIR: 0x40b1c50 (strnlen) redirected to 0x4029030 (strnlen)
--10784-- REDIR: 0x40b3970 (mempcpy) redirected to 0x402af20 (mempcpy)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_raw2packet_BASE.so (0x45a4000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IFINDEX.so (0x4030000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IP2STR.so (0x45b3000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IP2BIN.so (0x45b5000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_PRINTPKT.so (0x45b7000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_HWHDR.so (0x45bc000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_MARK.so (0x45be000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_output_SYSLOG.so (0x45c0000)
==10784== Invalid read of size 4
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  Address 0x28 is not stack'd, malloc'd or (recently)
free'd
==10784== 
==10784== 
==10784== Process terminating with default action of signal 11 (SIGSEGV)
==10784==  Access not within mapped region at address 0x28
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  If you believe this happened as a result of a stack
==10784==  overflow in your program's main thread (unlikely but
==10784==  possible), you can try to increase the size of the
==10784==  main thread stack using the --main-stacksize= flag.
==10784==  The main thread stack size used in this run was 8388608.
==10784== 
==10784== HEAP SUMMARY:
==10784==     in use at exit: 9,866 bytes in 70 blocks
==10784==   total heap usage: 89 allocs, 19 frees, 11,709 bytes allocated
==10784== 
==10784== Searching for pointers to 70 not-freed blocks
==10784== Checked 130,616 bytes
==10784== 
==10784== 16 bytes in 1 blocks are still reachable in loss record 1 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x804C941: config_register_file (conffile.c:99)
==10784==    by 0x804B4C0: main (ulogd.c:1176)
==10784== 
==10784== 19 bytes in 1 blocks are still reachable in loss record 2 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40B1900: strdup (strdup.c:43)
==10784==    by 0x804A8AA: logfile_open (ulogd.c:924)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 20 bytes in 1 blocks are still reachable in loss record 3 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x8049EEF: create_stack (ulogd.c:813)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 48 bytes in 2 blocks are still reachable in loss record 4 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400E032: _dl_map_object_deps (dl-deps.c:470)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 58 bytes in 2 blocks are still reachable in loss record 5 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40058BF: local_strdup (dl-load.c:162)
==10784==    by 0x4008D08: _dl_map_object (dl-load.c:2146)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784== 
==10784== 58 bytes in 2 blocks are still reachable in loss record 6 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400B9CF: _dl_new_object (dl-object.c:146)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784== 
==10784== 78 bytes in 1 blocks are still reachable in loss record 7 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40B1900: strdup (strdup.c:43)
==10784==    by 0x8049ED3: create_stack (ulogd.c:803)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 108 bytes in 9 blocks are still reachable in loss record 8 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x804A9D8: load_plugin (ulogd.c:604)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 332 bytes in 9 blocks are still reachable in loss record 9 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400E1B5: _dl_map_object_deps (dl-deps.c:506)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 343 bytes in 9 blocks are still reachable in loss record 10 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x4008196: expand_dynamic_string_token (dl-load.c:162)
==10784==    by 0x40089A8: _dl_map_object (dl-load.c:2173)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784== 
==10784== 343 bytes in 9 blocks are still reachable in loss record 11 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400B9CF: _dl_new_object (dl-object.c:146)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784== 
==10784== 352 bytes in 1 blocks are still reachable in loss record 12 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x409859F: __fopen_internal (iofopen.c:76)
==10784==    by 0x409866C: fopen@@GLIBC_2.1 (iofopen.c:107)
==10784==    by 0x804C6A8: config_parse_file (conffile.c:121)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 352 bytes in 1 blocks are still reachable in loss record 13 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x409859F: __fopen_internal (iofopen.c:76)
==10784==    by 0x409866C: fopen@@GLIBC_2.1 (iofopen.c:107)
==10784==    by 0x804A8E8: logfile_open (ulogd.c:933)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 624 bytes in 11 blocks are still reachable in loss record 14 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x4011195: _dl_check_map_versions (dl-version.c:299)
==10784==    by 0x4014340: dl_open_worker (dl-open.c:297)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 1,264 bytes in 2 blocks are still reachable in loss record 15 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x400B741: _dl_new_object (dl-object.c:52)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784== 
==10784== 5,851 bytes in 9 blocks are still reachable in loss record 16 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x400B741: _dl_new_object (dl-object.c:52)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784== 
==10784== LEAK SUMMARY:
==10784==    definitely lost: 0 bytes in 0 blocks
==10784==    indirectly lost: 0 bytes in 0 blocks
==10784==      possibly lost: 0 bytes in 0 blocks
==10784==    still reachable: 9,866 bytes in 70 blocks
==10784==         suppressed: 0 bytes in 0 blocks
==10784== 
==10784== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 68 from 11)
==10784== 
==10784== 1 errors in context 1 of 1:
==10784== Invalid read of size 4
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  Address 0x28 is not stack'd, malloc'd or (recently)
free'd
==10784== 
--10784-- 
--10784-- used_suppression:     68 U1004-ARM-_dl_relocate_object
==10784== 
==10784== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 68 from 11)
Segmentation fault


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=741





--- Comment #2 from martin barrowcliff <martinbarrowcliff at gmail.com> 
2011-12-09 01:20:06 ---
I have been told that the ulogd2 git actually builds and runs on 64 bit
systems.
But nobody has confirmed it actually works on x86-32. 

I have absolutely NO problem using the older beta4; it always compiles and runs
on my ATOM-330. 
But not matter what I have tried the git version segfaults.
Also, last update to the git version was 3 months ago and unrelated.

So I looked at both source dirs for the changes to the offending files.
Here's my diff between the one that works for me, and the one that
segfaults.
Not much change but therin is a problem. Line 23?

--- old.ulogd-2.0.0beta4/src/ulogd.c    2010-06-17 10:30:43.000000000 -0400
+++ ulogd2/src/ulogd.c  2011-12-08 11:55:09.000000000 -0500
@@ -762,6 +762,15 @@
        return 0;
 }

+static int pluginstance_stop(struct ulogd_pluginstance *npi)
+{
+       if (--npi->plugin->usage > 0 &&
+           npi->plugin->input.type == ULOGD_DTYPE_SOURCE) {
+               return 0;
+       }
+       return 1;
+}
+
 static int create_stack_start_instances(struct ulogd_pluginstance_stack
*stack)
 {
        int ret;
@@ -839,6 +848,7 @@
                        ret = -ENODEV;
                        goto out;
                }
+               pl->usage++;

                /* allocate */
                pi = pluginstance_alloc_init(pl, pi_id, stack);
@@ -989,8 +999,8 @@

        llist_for_each_entry(stack, &ulogd_pi_stacks, stack_list) {
                llist_for_each_entry_safe(pi, npi, &stack->list, list) {
-                       if (((pi->plugin->priv_size == 0) ||
pi->private[0])
-                                       && *pi->plugin->stop) {
+                       if ((pi->plugin->priv_size > 0 ||
*pi->plugin->stop) &&
+                           pluginstance_stop(pi)) {
                                ulogd_log(ULOGD_DEBUG, "calling stop for
%s\n",
                                          pi->plugin->name);
                                (*pi->plugin->stop)(pi);
@@ -1037,7 +1047,7 @@
        unload_plugins();
 #endif

-       if (logfile != NULL  && logfile != stdout) {
+       if (logfile != NULL  && logfile != stdout && logfile !=
&syslog_dummy)
{
                fclose(logfile);
                logfile = NULL;
        }
@@ -1218,7 +1228,7 @@
                if (fork()) {
                        exit(0);
                }
-               if (logfile != stdout && logfile != &syslog_dummy)
+               if (logfile != stdout)
                        fclose(stdout);
                fclose(stderr);
                fclose(stdin);
--- old.ulogd-2.0.0beta4/include/ulogd/ulogd.h  2010-06-17 11:07:33.000000000
-0400
+++ ulogd2/include/ulogd/ulogd.h        2011-12-08 11:55:09.000000000 -0500
@@ -208,6 +208,8 @@
        char name[ULOGD_MAX_KEYLEN+1];
        /* ID for this plugin (dynamically assigned) */
        unsigned int id;
+       /* how many stacks are using this plugin? initially set to zero. */
+       unsigned int usage;

        struct ulogd_keyset input;
        struct ulogd_keyset output;


Marty B.



-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=741


martin barrowcliff <martinbarrowcliff at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |REMIND




--- Comment #3 from martin barrowcliff <martinbarrowcliff at gmail.com> 
2011-12-09 15:45:38 ---
I have finally discovered the cause of the segfaults.

The segfaults occur because ulogd is loading plugins from a previous
installation.
Apparently no version checking on the shared objects. 

Somehere in the code, the default installation dir for the plugins changed
from EPREFIX/lib to EPREFIX/libexec, and this was not noted in the changelog.

On a new installation this would never be an issue, however my posted info
clearly shows I used the same build configs and config file from the previous
version(s), which result in a CRASH.  
After defining libexecdir everything worked normally with no other changes.

I missed that simple discrepancy and pity nobody noticed or pointed it out to
me. 

Marty B.











-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.