Illegal seek (reprise)

Russ Allbery rra at stanford.edu
Sun Jan 25 22:11:16 UTC 2004


Aioe <tecniche at aioe.org> writes:

> I'm using INN 2.4.1 on a Debian Linux 3.0rc1 for x86 with cnfs/ovdb,
> perl filter and keywords generation enabled, tcl disabled. I'm using a
> single UUCP feed.

> Sometimes (two times in a week), innd dies with no logs and rnews
> reports: rnews: cant fgets after article: Illegal seek

Note again, as discussed in previous threads, that this has nothing to do
with rnews.  This indicates that INN is crashing on an article that is
being fed to it by rnews; there isn't anything wrong with rnews other than
a bad error message.

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 1024 (LWP 16525)]
> 0x402f221f in malloc () from /lib/libc.so.6
> (gdb) bt
> #0 =A00x402f221f in malloc () from /lib/libc.so.6
> #1 =A00x402f2074 in malloc () from /lib/libc.so.6
> #2 =A00x401e8c08 in Perl_safemalloc () from /usr/lib/libperl.so.5.6
> #3 =A00x401fe85a in Perl_sv_grow () from /usr/lib/libperl.so.5.6
> #4 =A00x40201892 in Perl_sv_setsv () from /usr/lib/libperl.so.5.6
> #5 =A00x401f871c in Perl_pp_aassign () from /usr/lib/libperl.so.5.6
> #6 =A00x401f6401 in Perl_runops_standard () from /usr/lib/libperl.so.5.6
> #7 =A00x401aeb1c in S_call_body () from /usr/lib/libperl.so.5.6
> #8 =A00x401ae88e in perl_call_sv () from /usr/lib/libperl.so.5.6
> #9 =A00x08062a4a in PLartfilter (data=3D0x413e6788,
> =A0 =A0 artBody=3D0x831271f "\r\n3573 bytes free <ready at 0.0.0.0> wrote in
> message\r\npan.2004.01.22.00.08.11.858605 at 0.0.0.0...\r\n> On Thu, 22 Jan =
2004=20
> 00:04:18 +0100, Paolo Levi Sandri wrote:\r\n>\r\n> > quoto\r\n>\r\n>
> quoto\r\n\r\nROTFL!\r\n\r\n\r\n."..., artLen=3D202, lines=3D12) at perl.c=
:114
> #10 0x08054b69 in ARTpost (cp=3D0x413e62dc) at art.c:1899
> #11 0x0805da24 in NCpostit (cp=3D0x413e62dc) at nc.c:196
> #12 0x0805f255 in NCproc (cp=3D0x413e62dc) at nc.c:985
> #13 0x0805f9cf in NCreader (cp=3D0x413e62dc) at nc.c:1188
> #14 0x0805adbc in CHANreadloop () at chan.c:1062
> #15 0x0805cf14 in main (ac=3D4, av=3D0xbffffea4) at innd.c:666

So you have malloc arena corruption.  Something is doing a double-free,
overwriting memory, or otherwise breaking malloc.  Now we have to figure
out how to track that down, and whether it's in Perl or in INN and what
triggers it.

Could you send us a copy of the article that triggers the crash?  Maybe
that will help (although it could also not be that article that caused the
real problem).

--=20
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list