[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Confirmation of syslogd bug

Package: sysklogd
Version: 1.3-31

I can confirm bug #22673, syslogd "freezing" a system that sends syslogd
messages to a host that's down, while syslogd was started with "-r".
This is for syslogd 1.3-31 and on another system with Slackware 7.0 with
syslogd-1.3-33 (from the Debian sources).

machine "sahara" starts "syslogd" with "-r" switch - although there is
no machine that sends log messages to it. 

At sahara, "syslog.conf" ends with a line that says: 

*.*	@

Now this machine sometimes is up without a syslogd
(killall syslogd). When that happens, I get the infamous

syslog.0:Apr 30 20:53:33 sahara syslogd: sendto: Connection refused

This, results in sahara becoming "non-responsive". This is not due to a
hang, but due to the fact that syslogd simply refuses to handle any
messages. So if I, for example, do a "telnet sahara 110" it will
connect, but it will not let me type any command.
Same with logging in at the console: I can login, but once "login" tries
to log a message, it simply "hangs" - it never returns from sending the
log message.

If I then (while the login session is still between authentication and
starting a shell) kill syslogd, I get a perfectly normal login shell.

strace -p `ps ax|grep [s]yslogd|cut -c1-5` will show a looping
recvfrom(21, 0xbffff808, 1022, 0, 0xbffffc0c, 0xbffff804) = ?
--- SIGALRM (Alarm clock) ---
time(NULL)                              = 957111450
sigaction(SIGALRM, {0x804b700, [], SA_RESTART}, {0x804b700, [],
alarm(30)                               = 0
sigreturn()                             = ? (mask now [])

... ad infinum ad nauseam.

However, if I start "syslogd" without the -r switch at sahara, it *will*
syslog.0:Apr 30 20:53:33 sahara syslogd: sendto: Connection refused
... but it keeps working - so the machine keeps working too.

There seems, however, a timeout involved, since eventually a simple
"logger hello" *will* return, even on a frozen machine, but it takes a
whole lot of time. So if you, like we have, have a machine that logs
more than 1 message per minute, your "syslogd -r" will effectively
freeze (or "hang", or "DOS" if that's a verb) the machine.

Roughly looking through the sources, it seems that syslogd -r tries to
"recvfrom" the sockets that were specially opened for sending purposes.
But unfortunately I'm not too much into socket programming so I can't
help you too good with this one.

I hope this helps.

Best regards,


Reply to: