SIGBUS inn-STABLE-20010726

Bettina Fink laura at hydrophil.de
Fri Jul 27 02:07:56 UTC 2001


Hi,

leading actors: Solaris 8 (64bit, UltraSPARC-II), inn-STABLE-20010726, 
gcc 2.95.3 and a reproduceable crashing innd (core dumped, SIGBUS).

innd starts up, if you telnet to port 119 the banner pops up, you can
do everything but "quit", that triggers the crash.

This is truss:

[...]
6673:   setsockopt(42, 65535, 4098, 0xFFBEF634, 4, 1)   = 0
6673:   setsockopt(42, 65535, 8, 0xFFBEF634, 4, 1)      = 0
6673:   write(42, " 2 0 0   e u s c . i n t".., 78)     = 78
6673:   fstat(3, 0xFFBEF3F0)                            = 0
6673:   time()                                          = 996197909
6673:   putmsg(3, 0xFFBEEAA8, 0xFFBEEA9C, 0)            = 0
6673:   open("/var/run/syslog_door", O_RDONLY)          = 43
6673:   door_info(43, 0xFFBEE9E0)                       = 0
6673:   getpid()                                        = 6673 [1]
6673:   door_call(43, 0xFFBEE9C8)                       = 0
6673:   close(43)                                       = 0
6673:   poll(0xFFBEF990, 4, 283000)     (sleeping...)
6673:   poll(0xFFBEF990, 4, 283000)                     = 1
6673:   read(42, " q u i t\r\n", 1023)                  = 6
6673:   write(42, " 2 0 5   .\r\n", 7)                  = 7
6673:       Incurred fault #5, FLTACCESS  %pc = 0x0001F834
6673:         siginfo: SIGBUS BUS_ADRALN addr=0xFFBEF594
6673:       Received signal #10, SIGBUS [default]
6673:         siginfo: SIGBUS BUS_ADRALN addr=0xFFBEF594
6673:           *** process killed ***

We tracked it down to innd/chan.c (around line 291), this is 
where is happens:

            syslog(L_NOTICE,
                "%s closed seconds %ld accepted %ld refused %ld rejected %ld duplicate %ld accepted size %.0f duplicate size %.0f",
                name, (long)(Now.time - cp->Started),
                cp->Received, cp->Refused, cp->Rejected,
                cp->Duplicate, cp->Size, cp->DuplicateSize);

We tried to find the exact location of the problem and "protracted"
the code as follows:

            syslog(L_NOTICE,"name %s", name);
            syslog(L_NOTICE,"closed seconds %ld", (long)(Now.time - cp->Started));
            syslog(L_NOTICE,"accepted %ld", cp->Received);
            syslog(L_NOTICE,"refused %ld", cp->Refused);
            syslog(L_NOTICE,"rejected %ld", cp->Rejected);
            syslog(L_NOTICE,"duplicate %ld", cp->Duplicate);
            syslog(L_NOTICE,"accepted size %.0f", cp->Size);
            syslog(L_NOTICE,"duplicate size %.0f", cp->DuplicateSize);

But to our surprise, the in that way changed new innd didn't crash
anymore. We changed back to the original code and it started crashing
again. So we're a bit stunned ... Any idea what might be wrong with
the original code?

If you need any additional information or data, just let me know.

Bye,
Bettina


More information about the inn-workers mailing list