[Comm] p6, vixie-cron-4.1.20060426-alt8

Sergey Vlasov vsu на altlinux.ru
Пн Сен 19 19:12:58 UTC 2011


On Mon, Sep 19, 2011 at 05:46:09PM +0400, Sergey wrote:
[...]
> writev(2, [{"*** glibc has detected an error "..., 35}, {"/usr/sbin/crond", 15}, {": ", 2}, {"free(): invalid pointer", 23}, {": 0x", 4}, {"00293720", 8}, {" ***\n", 5}], 7) = 92
> mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xb75fb000
> munmap(0xb75fb000, 20480)               = 0
> munmap(0xb7700000, 1028096)             = 0
> mprotect(0xb7600000, 135168, PROT_READ|PROT_WRITE) = 0
> open("/etc/ld.so.cache", O_RDONLY)      = 8
> fstat64(8, {st_mode=S_IFREG|0644, st_size=203564, ...}) = 0
> mmap2(NULL, 203564, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb77fd000
> close(8)                                = 0
> open("/lib/libgcc_s.so.1", O_RDONLY)    = 8
> read(8, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320 \0\0004\0\0\0"..., 512) = 512
> fstat64(8, {st_mode=S_IFREG|0644, st_size=112184, ...}) = 0
> mmap2(NULL, 115244, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x74e000
> fadvise64(8, 0, 115244, POSIX_FADV_WILLNEED) = 0
> mmap2(0x769000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x1a) = 0x769000
> close(8)                                = 0
> mprotect(0x769000, 4096, PROT_READ)     = 0
> munmap(0xb77fd000, 203564)              = 0
> write(2, "======= Backtrace: =========\n", 29) = 29
> writev(2, [{"/lib/libc.so.6", 14}, {"(", 1}, {"+0x", 3}, {"6bc4a", 5}, {")", 1}, {"[0x", 3}, {"19fc4a", 6}, {"]\n", 2}], 8) = 35
> writev(2, [{"/lib/libc.so.6", 14}, {"(", 1}, {"+0x", 3}, {"6d58b", 5}, {")", 1}, {"[0x", 3}, {"1a158b", 6}, {"]\n", 2}], 8) = 35
> writev(2, [{"/lib/libc.so.6", 14}, {"(", 1}, {"cfree", 5}, {"+0x", 3}, {"71", 2}, {")", 1}, {"[0x", 3}, {"1a4811", 6}, {"]\n", 2}], 9) = 37
> writev(2, [{"/lib/libselinux.so.1", 20}, {"(", 1}, {"freecon", 7}, {"+0x", 3}, {"1d", 2}, {")", 1}, {"[0x", 3}, {"4e56bd", 6}, {"]\n", 2}], 9) = 45
> writev(2, [{"/usr/sbin/crond", 15}, {"[0x", 3}, {"804b7ab", 7}, {"]\n", 2}], 4) = 27
> writev(2, [{"/usr/sbin/crond", 15}, {"[0x", 3}, {"804b320", 7}, {"]\n", 2}], 4) = 27
> writev(2, [{"/usr/sbin/crond", 15}, {"[0x", 3}, {"804b602", 7}, {"]\n", 2}], 4) = 27
> writev(2, [{"/usr/sbin/crond", 15}, {"[0x", 3}, {"804ab7a", 7}, {"]\n", 2}], 4) = 27
> writev(2, [{"/lib/libc.so.6", 14}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"e6", 2}, {")", 1}, {"[0x", 3}, {"14ac96", 6}, {"]\n", 2}], 9) = 49
> writev(2, [{"/usr/sbin/crond", 15}, {"[0x", 3}, {"804a161", 7}, {"]\n", 2}], 4) = 27

https://bugzilla.altlinux.org/show_bug.cgi?id=26285

Там неинициализированный указатель, поэтому падать может по-разному, а
у кого-то, если повезёт, может и не упасть вовсе.  Впрочем, valgrind
эту ошибку ловит, и с опцией --track-origins=yes даже показывает,
откуда взялось неинициализированное значение:

==17531== Conditional jump or move depends on uninitialised value(s)
==17531==    at 0x4C267F2: free (vg_replace_malloc.c:366)
==17531==    by 0x404588: free_user (user.c:43)
==17531==    by 0x40411A: process_crontab.clone.0 (database.c:295)
==17531==    by 0x4043F5: load_database (database.c:134)
==17531==    by 0x4039CF: main (cron.c:295)
==17531==  Uninitialised value was created by a heap allocation
==17531==    at 0x4C276DD: malloc (vg_replace_malloc.c:236)
==17531==    by 0x404607: load_user (user.c:67)
==17531==    by 0x40414A: process_crontab.clone.0 (database.c:299)
==17531==    by 0x4043F5: load_database (database.c:134)
==17531==    by 0x403652: main (cron.c:156)
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : отсутствует
Тип     : application/pgp-signature
Размер  : 198 байтов
Описание: Digital signature
Url     : <http://lists.altlinux.org/pipermail/community/attachments/20110919/239faf2d/attachment.bin>


Подробная информация о списке рассылки community