Crash of inn 2.5.1pre r8634 in the keywords code

Nix nix at esperi.org.uk
Tue Sep 29 20:12:52 UTC 2009 

So I upgraded my ancient INN 1.7.1 to 2.5.1pre on Sunday... and last
night it coredumped just after midnight. It seems to have died inside
the keywords code, which is odd, 'cos I've done a total overview rebuild
of this entire news server (several million articles) and it never
crashed then. So this could be a sign of something deeper. (I'm not
actually using the keywords yet, but expect to use them soon.)

Here's a backtrace:

#0  0x00007fb7637d0b2f in strlen () from /lib/libc.so.6
#1  0x00000000004142a6 in KEYgenerate (hc=0x7fb762d48e18,
    body=0x7fb75a70c9a2 "Matt,\r\n\r\n> I know that you can get ld to output the default linker\r\n> script when\r\n> using --verbose mode, or passing -Wl,--verbose to gcc,\r\n> \r\n> you can also specify a linker script using -T or --sc"..., v=0x0, l=0) at keywords.c:148
#2  0x000000000040b5cf in ARTpost (cp=0x7fb762d48210) at art.c:1888
#3  0x0000000000416b35 in NCproc (cp=0x7fb762d48210) at nc.c:212
#4  0x000000000041181b in CHANreadloop () at chan.c:1022
#5  0x0000000000413df6 in main (ac=1, av=<value optimized out>) at innd.c:719

This crash is *frequent* if keywords are on, but no single article
consistently causes a crash. So there's some cross-article corruption or
other going on here.

(The fact that the line that crashes is strlen(body) is really quite
worrying.)

valgrind output (this is during an rnews-drive reinjection of all the
inews-gated mailing list articles that were held up by the earlier
crash):

Tue Sep 29 21:08:52 2009: starting
==9610==
==9610== Conditional jump or move depends on uninitialised value(s)
==9610==    at 0x4C24FD7: strlen (in /pkg/valgrind/3.4-090606/lib/valgrind/amd64-linux/vgpreload_memcheck.so)
==9610==    by 0x4142A5: KEYgenerate (keywords.c:148)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
==9610==
==9610== Conditional jump or move depends on uninitialised value(s)
==9610==    at 0x4C24FD7: strlen (in /pkg/valgrind/3.4-090606/lib/valgrind/amd64-linux/vgpreload_memcheck.so)
==9610==    by 0x5283D2B: x_strdup (xmalloc.c:127)
==9610==    by 0x4142E1: KEYgenerate (keywords.c:152)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
==9610==
==9610== Conditional jump or move depends on uninitialised value(s)
==9610==    at 0x414318: KEYgenerate (keywords.c:157)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
==9610==
==9610== Use of uninitialised value of size 8
==9610==    at 0x63452C6: strspn (in /lib/libc-2.10.1.so)
==9610==    by 0x4143B0: KEYgenerate (keywords.c:179)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
Sep 29 21:09:02.851 + news.srvr.nix <ba0bd44d0909290732h2f5ca520q62f27bac2fe33f6c at mail.gmail.com> 2727
==9610==
==9610== Use of uninitialised value of size 8
==9610==    at 0x63452CE: strspn (in /lib/libc-2.10.1.so)
==9610==    by 0x4143B0: KEYgenerate (keywords.c:179)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
Sep 29 21:09:03.263 + news.srvr.nix <4AC21B70.7040304 at oarcorp.com> 3427
Sep 29 21:09:03.360 + news.srvr.nix <mcrmy4ddcyw.fsf at dhcp-172-17-9-151.mtv.corp.google.com> 5886
Sep 29 21:09:03.457 + news.srvr.nix <mcriqf1dcuu.fsf at dhcp-172-17-9-151.mtv.corp.google.com> 4309
Sep 29 21:09:03.488 + news.srvr.nix <b798aad50909290756h73c40c10y183cebaee8b40e30 at mail.gmail.com> 3099
Sep 29 21:09:03.536 + news.srvr.nix <mcreippdccx.fsf at dhcp-172-17-9-151.mtv.corp.google.com> 3841
Sep 29 21:09:03.567 + news.srvr.nix <4AC222BB.1060003 at oarcorp.com> 3628
Sep 29 21:09:03.603 + news.srvr.nix <26121254237214 at webmail120.yandex.ru> 3154
Sep 29 21:09:03.642 + news.srvr.nix <m3ske5zrye.fsf at redhat.com> 3685
Sep 29 21:09:03.683 + news.srvr.nix <4AC23642.9080104 at redhat.com> 2996
Sep 29 21:09:04.036 + news.srvr.nix <4AC2391D.7000209 at gnu.org> 2842
Sep 29 21:09:04.120 + news.srvr.nix <666F1F49-7E43-4A77-9949-AD34C95BB0A5 at sandoe-acoustics.co.uk> 5279
Sep 29 21:09:04.168 + news.srvr.nix <4AC23984.7090702 at gnu.org> 3058
Sep 29 21:09:04.201 + news.srvr.nix <mcrws3hbsm2.fsf at dhcp-172-17-9-151.mtv.corp.google.com> 3592
Sep 29 21:09:04.248 + news.srvr.nix <4AC23C1C.6090101 at gnu.org> 3592
Sep 29 21:09:04.275 + news.srvr.nix <4AC23CC0.5090506 at users.sourceforge.net> 3650
Sep 29 21:09:04.313 + news.srvr.nix <5b7094580909291007w6f946dd9g4b4ad061405b1984 at mail.gmail.com> 4121
Sep 29 21:09:04.351 + news.srvr.nix <4AC24120.1070106 at sbcglobal.net> 2218
Sep 29 21:09:04.420 + news.srvr.nix <4AC24161.7030307 at redhat.com> 4226
Sep 29 21:09:04.465 + news.srvr.nix <yddr5tpwtf7.fsf at manam.CeBiTec.Uni-Bielefeld.DE> 3836
Sep 29 21:09:04.825 + news.srvr.nix <4AC24501.1050500 at users.sourceforge.net> 4062
Sep 29 21:09:04.910 + news.srvr.nix <4AC246FB.8030706 at redhat.com> 5468
Sep 29 21:09:04.987 + news.srvr.nix <863b0cbf0909291052h48f7a957v5906fffcecb87e9d at mail.gmail.com> 4724
Sep 29 21:09:05.027 + news.srvr.nix <20090929175855.GB17393 at NANO-67-180.grenoble.cnrs.fr> 3738
Sep 29 21:09:05.055 + news.srvr.nix <4AC24B06.4070507 at st.com> 3857
Sep 29 21:09:05.089 + news.srvr.nix <19138.19866.618410.130885 at komagatake.TechFak.Uni-Bielefeld.DE> 3803
Sep 29 21:09:05.121 + news.srvr.nix <303e1d290909291123t480939f6oe83d76c7536419e1 at mail.gmail.com> 3587
Sep 29 21:09:05.151 + news.srvr.nix <6dc9ffc80909291125m2e5b3d97q39e934bb6b72706f at mail.gmail.com> 2289
Sep 29 21:09:05.178 + news.srvr.nix <4AC253CF.1020903 at digium.com> 4066
==9610==
==9610== Use of uninitialised value of size 8
==9610==    at 0x63452BE: strspn (in /lib/libc-2.10.1.so)
==9610==    by 0x4143B0: KEYgenerate (keywords.c:179)
==9610==    by 0x40B5CE: ARTpost (art.c:1888)
==9610==    by 0x416B34: NCproc (nc.c:212)
==9610==    by 0x41181A: CHANreadloop (chan.c:1022)
==9610==    by 0x413DF5: main (innd.c:719)
Sep 29 21:09:05.250 + news.srvr.nix <mcrpr99bmzt.fsf at dhcp-172-17-9-151.mtv.corp.google.com> 4327
Sep 29 21:09:05.596 + news.srvr.nix <280676.81298.qm at web112606.mail.gq1.yahoo.com> 2993
Sep 29 21:09:05.625 + news.srvr.nix <20090929192935.GA24014 at caradoc.them.org> 3407

More information about the inn-workers mailing list