[Bug 741] ULOGD segfaults on init

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Mon Nov 28 03:59:34 CET 2011


http://bugzilla.netfilter.org/show_bug.cgi?id=741





--- Comment #1 from martin barrowcliff <martinbarrowcliff at gmail.com>  2011-11-28 03:59:34 ---
Bug Updated with valgrind

System

Intel Atom-330
2G memory
250G SATA drive

Linux server.localdomain 3.1.1_mfb #1 SMP \
Wed Nov 23 12:22:11 EST 2011 i686 i686 i386 GNU/Linux

iptables-1.4.12.1
libcap-ng-0.6.6
libnetfilter_log-1.0.0
libmnl-1.0.1
libnet-1.1.4
libnetfilter_conntrack-0.9.1
libnetfilter_queue-1.0.0
libnfnetlink-1.0.0
libpcap-1.0.2_pre
xtables-addons-1.39


ulogd.log

Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `NFLOG'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `BASE'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IFINDEX'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IP2STR'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `IP2BIN'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `PRINTPKT'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `HWHDR'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `MARK'
Sun Nov 27 21:05:55 2011 <5> ulogd.c:373 registering plugin `SYSLOG'
Sun Nov 27 21:05:55 2011 <1> ulogd.c:821 building new pluginstance stack
(log3:NFLOG,base3:BASE,ifi3:IFINDEX,ip2str3:IP2STR,print3:PRINTPKT,sys3:SYSLOG):
Sun Nov 27 21:05:55 2011 <1> ulogd.c:830 tok=`log3:NFLOG'



ulogd.conf


[global]
logfile="/var/log/ulogd.log"
loglevel=1;
plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
#
stack=log3:NFLOG,base3:BASE,ifi3:IFINDEX,ip2str3:IP2STR,print3:PRINTPKT,sys3:SYSLOG
#
# Logging through NFLOG group 3
[log3]
# (syslog messages)
netlink_socket_buffer_size=300000
netlink_socket_buffer_maxsize=1085440
netlink_qthreshold=5
netlink_qtimeout=100
numeric_label=3
bind=1
#


ulogd build conf

./configure --with-pic --prefix=/usr --sysconfdir=/etc \
 --libdir=/usr/lib  --with-mysql-lib=/usr/lib/mysql \
 --with-mysql-inc=/usr/include/mysql --disable-silent-rules \
 --with-pcap-lib=/usr/lib --with-pcap-inc=/usr/include/pcap


valgrind output

==10784== Memcheck, a memory error detector
==10784== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==10784== Using Valgrind-3.8.0.SVN and LibVEX; rerun with -h for copyright info
==10784== Command: /usr/sbin/ulogd -d
==10784== 
--10784-- Valgrind options:
--10784--    -v
--10784--    --leak-check=full
--10784--    --show-reachable=yes
--10784-- Contents of /proc/version:
--10784--   Linux version 3.1.1_mfb (root at server.localdomain) (gcc version
4.4.4 (GCC) ) #1 SMP Wed Nov 23 12:22:11 EST 2011
--10784-- Arch and hwcaps: X86, x86-sse1-sse2
--10784-- Page sizes: currently 4096, max supported 4096
--10784-- Valgrind library directory: /usr/lib/valgrind
--10784-- Reading syms from /lib/ld-2.11.1.so (0x4000000)
--10784-- Reading syms from /usr/sbin/ulogd (0x8048000)
--10784-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux (0x38000000)
--10784--    object doesn't have a dynamic symbol table
--10784-- Reading suppressions file: /usr/lib/valgrind/default.supp
==10784== embedded gdbserver: reading from
/tmp/vgdb-pipe-from-vgdb-to-10784-by-root-on-???
==10784== embedded gdbserver: writing to  
/tmp/vgdb-pipe-to-vgdb-from-10784-by-root-on-???
==10784== embedded gdbserver: shared mem  
/tmp/vgdb-pipe-shared-mem-vgdb-10784-by-root-on-???
==10784== 
==10784== TO CONTROL THIS PROCESS USING vgdb (which you probably
==10784== don't want to do, unless you know exactly what you're doing,
==10784== or are doing some strange experiment):
==10784==   /usr/lib/valgrind/../../bin/vgdb --pid=10784 ...command...
==10784== 
==10784== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==10784==   /path/to/gdb /usr/sbin/ulogd
==10784== and then give GDB the following command
==10784==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=10784
==10784== --pid is optional if only one valgrind process is running
==10784== 
--10784-- REDIR: 0x4019000 (strlen) redirected to 0x380439b8
(vgPlain_x86_linux_REDIR_FOR_strlen)
--10784-- REDIR: 0x4018e30 (index) redirected to 0x38043993
(vgPlain_x86_linux_REDIR_FOR_index)
--10784-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so
(0x4023000)
--10784-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so
(0x4025000)
--10784-- Reading syms from /lib/libdl-2.11.1.so (0x4033000)
--10784-- Reading syms from /lib/libc-2.11.1.so (0x4037000)
--10784-- REDIR: 0x40b1ff0 (rindex) redirected to 0x4028c20 (rindex)
--10784-- REDIR: 0x40acd20 (malloc) redirected to 0x4027f8f (malloc)
--10784-- REDIR: 0x40b1ba0 (strlen) redirected to 0x40290b0 (strlen)
--10784-- REDIR: 0x40b14a0 (index) redirected to 0x4028ce0 (index)
--10784-- REDIR: 0x40b1680 (strcpy) redirected to 0x40290f0 (strcpy)
--10784-- REDIR: 0x40b2cb0 (strstr) redirected to 0x402b0c0 (strstr)
--10784-- REDIR: 0x40b3410 (memchr) redirected to 0x40297f0 (memchr)
--10784-- REDIR: 0x40b3de0 (memcpy) redirected to 0x4029d00 (memcpy)
--10784-- REDIR: 0x40b1e90 (strncpy) redirected to 0x40292b0 (strncpy)
--10784-- REDIR: 0x40b1610 (strcmp) redirected to 0x4029670 (strcmp)
--10784-- REDIR: 0x40ae420 (free) redirected to 0x4027ba9 (free)
--10784-- REDIR: 0x40ae990 (calloc) redirected to 0x4027273 (calloc)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_inppkt_NFLOG.so (0x459f000)
--10784-- Reading syms from /usr/lib/libnetfilter_log.so.1.1.0 (0x45a9000)
--10784-- Reading syms from /usr/lib/libnfnetlink.so.0.2.0 (0x45ad000)
--10784-- REDIR: 0x40b6850 (strchrnul) redirected to 0x402aeb0 (strchrnul)
--10784-- REDIR: 0x40b1c50 (strnlen) redirected to 0x4029030 (strnlen)
--10784-- REDIR: 0x40b3970 (mempcpy) redirected to 0x402af20 (mempcpy)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_raw2packet_BASE.so (0x45a4000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IFINDEX.so (0x4030000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IP2STR.so (0x45b3000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_IP2BIN.so (0x45b5000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_PRINTPKT.so (0x45b7000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_HWHDR.so (0x45bc000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_filter_MARK.so (0x45be000)
--10784-- Reading syms from /usr/lib/ulogd/ulogd_output_SYSLOG.so (0x45c0000)
==10784== Invalid read of size 4
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  Address 0x28 is not stack'd, malloc'd or (recently) free'd
==10784== 
==10784== 
==10784== Process terminating with default action of signal 11 (SIGSEGV)
==10784==  Access not within mapped region at address 0x28
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  If you believe this happened as a result of a stack
==10784==  overflow in your program's main thread (unlikely but
==10784==  possible), you can try to increase the size of the
==10784==  main thread stack using the --main-stacksize= flag.
==10784==  The main thread stack size used in this run was 8388608.
==10784== 
==10784== HEAP SUMMARY:
==10784==     in use at exit: 9,866 bytes in 70 blocks
==10784==   total heap usage: 89 allocs, 19 frees, 11,709 bytes allocated
==10784== 
==10784== Searching for pointers to 70 not-freed blocks
==10784== Checked 130,616 bytes
==10784== 
==10784== 16 bytes in 1 blocks are still reachable in loss record 1 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x804C941: config_register_file (conffile.c:99)
==10784==    by 0x804B4C0: main (ulogd.c:1176)
==10784== 
==10784== 19 bytes in 1 blocks are still reachable in loss record 2 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40B1900: strdup (strdup.c:43)
==10784==    by 0x804A8AA: logfile_open (ulogd.c:924)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 20 bytes in 1 blocks are still reachable in loss record 3 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x8049EEF: create_stack (ulogd.c:813)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 48 bytes in 2 blocks are still reachable in loss record 4 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400E032: _dl_map_object_deps (dl-deps.c:470)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 58 bytes in 2 blocks are still reachable in loss record 5 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40058BF: local_strdup (dl-load.c:162)
==10784==    by 0x4008D08: _dl_map_object (dl-load.c:2146)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784== 
==10784== 58 bytes in 2 blocks are still reachable in loss record 6 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400B9CF: _dl_new_object (dl-object.c:146)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784== 
==10784== 78 bytes in 1 blocks are still reachable in loss record 7 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x40B1900: strdup (strdup.c:43)
==10784==    by 0x8049ED3: create_stack (ulogd.c:803)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 108 bytes in 9 blocks are still reachable in loss record 8 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x804A9D8: load_plugin (ulogd.c:604)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 332 bytes in 9 blocks are still reachable in loss record 9 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400E1B5: _dl_map_object_deps (dl-deps.c:506)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 343 bytes in 9 blocks are still reachable in loss record 10 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x4008196: expand_dynamic_string_token (dl-load.c:162)
==10784==    by 0x40089A8: _dl_map_object (dl-load.c:2173)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784== 
==10784== 343 bytes in 9 blocks are still reachable in loss record 11 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x400B9CF: _dl_new_object (dl-object.c:146)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784== 
==10784== 352 bytes in 1 blocks are still reachable in loss record 12 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x409859F: __fopen_internal (iofopen.c:76)
==10784==    by 0x409866C: fopen@@GLIBC_2.1 (iofopen.c:107)
==10784==    by 0x804C6A8: config_parse_file (conffile.c:121)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 352 bytes in 1 blocks are still reachable in loss record 13 of 16
==10784==    at 0x4028014: malloc (vg_replace_malloc.c:263)
==10784==    by 0x409859F: __fopen_internal (iofopen.c:76)
==10784==    by 0x409866C: fopen@@GLIBC_2.1 (iofopen.c:107)
==10784==    by 0x804A8E8: logfile_open (ulogd.c:933)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 624 bytes in 11 blocks are still reachable in loss record 14 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x4011195: _dl_check_map_versions (dl-version.c:299)
==10784==    by 0x4014340: dl_open_worker (dl-open.c:297)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784== 
==10784== 1,264 bytes in 2 blocks are still reachable in loss record 15 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x400B741: _dl_new_object (dl-object.c:52)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x400D9F1: openaux (dl-deps.c:65)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x400DFC9: _dl_map_object_deps (dl-deps.c:247)
==10784==    by 0x40140C1: dl_open_worker (dl-open.c:291)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784== 
==10784== 5,851 bytes in 9 blocks are still reachable in loss record 16 of 16
==10784==    at 0x4027353: calloc (vg_replace_malloc.c:566)
==10784==    by 0x400B741: _dl_new_object (dl-object.c:52)
==10784==    by 0x4006A47: _dl_map_object_from_fd (dl-load.c:969)
==10784==    by 0x4008A58: _dl_map_object (dl-load.c:2238)
==10784==    by 0x4014066: dl_open_worker (dl-open.c:254)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4013AB7: _dl_open (dl-open.c:583)
==10784==    by 0x4033BE1: dlopen_doit (dlopen.c:67)
==10784==    by 0x400F626: _dl_catch_error (dl-error.c:178)
==10784==    by 0x4033FDC: _dlerror_run (dlerror.c:164)
==10784==    by 0x4033B21: dlopen@@GLIBC_2.1 (dlopen.c:88)
==10784==    by 0x804A9BE: load_plugin (ulogd.c:598)
==10784== 
==10784== LEAK SUMMARY:
==10784==    definitely lost: 0 bytes in 0 blocks
==10784==    indirectly lost: 0 bytes in 0 blocks
==10784==      possibly lost: 0 bytes in 0 blocks
==10784==    still reachable: 9,866 bytes in 70 blocks
==10784==         suppressed: 0 bytes in 0 blocks
==10784== 
==10784== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 68 from 11)
==10784== 
==10784== 1 errors in context 1 of 1:
==10784== Invalid read of size 4
==10784==    at 0x804A012: create_stack (ulogd.c:536)
==10784==    by 0x804C83D: config_parse_file (conffile.c:198)
==10784==    by 0x804B4DC: main (ulogd.c:949)
==10784==  Address 0x28 is not stack'd, malloc'd or (recently) free'd
==10784== 
--10784-- 
--10784-- used_suppression:     68 U1004-ARM-_dl_relocate_object
==10784== 
==10784== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 68 from 11)
Segmentation fault


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list