Control: fixed 918106 logrotate/3.14.0-4 Control: tags 918106 = upstream fixed-upstream
Dear Maintainer, Hello Marc, > (gdb) print log->numFiles > $1 = 2122453 > stack size (kbytes, -s) 8192 That would match my assumption. A maximum stack size of 8192 kb * 1024 / 4/*sizeof(int)*/ would result in a maximum number of files allowed 2097152. (If the program would not need any stack otherwise). By having more files than that the callq instruction tries to push the return address beyond the allowed stack limits and crashes therefore. I found upstream patches [1] and [2] that make the array logHasErrors to be allocated from the heap instead of the stack, and should therefore not fail that way. The patches seem not strictly targeted to fix a crash instead should remove compiler warnings. This patches are already contained in current buster/testing release [3]. Therefore this crash should not happen with that version. How this should be handled in stretch/stable is now up to the maintainer, I guess. Kind regards, Bernhard [1] https://github.com/logrotate/logrotate/commit/8ab56603fe700a2dfbf3c70112bd73b785aa12ef [2] https://github.com/logrotate/logrotate/commit/5835875a945ce963f4cf29afc59f0a743824e8a6 [3] https://sources.debian.org/src/logrotate/3.14.0-4/logrotate.c/#L1964 Can be reproduced with following commands: mkdir /tmp/testfiles mount -t tmpfs -o size=500M,nr_inodes=3000000 tmpfs /tmp/testfiles mkdir /tmp/testfiles/x cd /tmp/testfiles/x (for i in {0..2300000}; do echo $i.log; done) | xargs touch cat <<EOF > /tmp/testfiles/logrotate.conf /tmp/testfiles/x/*.log { rotate 4 daily missingok notifempty } EOF /usr/sbin/logrotate -f /tmp/testfiles/logrotate.conf Speicherzugriffsfehler (Speicherabzug geschrieben) # took 5 hours [16996.303550] logrotate[14583]: segfault at 7ffd5e89d588 ip 000055a28985188a sp 00007ffd5e89d590 error 6 in logrotate[55a289845000+11000] root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Tue 2019-01-22 21:17:36 CET 14583 0 0 11 present /usr/sbin/logrotate (gdb) bt #0 0x000055a28985188a in rotateLogSet (log=0x55a28a3d6c80, force=1) at logrotate.c:1880 #1 0x000055a28984898d in main (argc=<optimized out>, argv=<optimized out>) at logrotate.c:2561 (gdb) display/i $pc 1: x/i $pc => 0x55a28985188a <rotateLogSet+74>: callq 0x55a28984cec0 <message>
