syslogd

Tito farmatito at tiscali.it
Sun Jan 6 13:19:42 UTC 2008


On Sunday 06 January 2008 13:42:12 Alex Landau wrote:
> Hi,
> 
> As a side effect of my problems with syslogd described below, I found a bug (return value from shmat()
> checked for error incorrectly), which is fixed by the attached patch.
> 
> I'm running on NOMMU and using busybox 1.7 (and checked the relevant changes in syslogd.c till trunk head - none seems to be related).
> The problem itself: Once in a while (about once a week), syslogd crashes. I traced the point of the crash,
> and it is in log_to_shmem() in the "memcpy(G.shbuf->data + old_tail, msg, k);" line (line no. 268 in trunk head).
> 
> The pointer (G.shbuf->data + old_tail) points to a bizarre place (very far from the shm area shown in /proc/pid/maps), and naturally trying to write there crashes syslog. I thought the problem happens due to the circular buffer overflowing, but running "logger" several times in order to fill the whole buffer didn't crash syslog, so this does not seem to be related.
> 
> I didn't succeed in finding the cause of the crash (memory corruption? something overwriting G.shbuf?), and would appreciate any help.
> 
> Oh, and how did I find the "shmat() return value" bug? If after syslogd crashes, I (or actually runsv) runs it again, it crashes at the memset in ipcsyslog_init() trying to write to 0xFFFFFFFF. Maybe shmat() failed due to the crash of the previous instance of syslogd, for which the kernel probably haven't released all resources (NOMMU, remember), maybe not... But shmget() succeeded and that's strange.
> 
> Anyway, any help will be greatly appreciated.
> Thanks,
> Alex
> 
> 
> 
Alex, you attached a man page rather than the patch. :-)

Ciao,
Tito



More information about the busybox mailing list