Bug 674859

Summary: "service pulse reload" is resulting in lvsd segfaulting
Product: Red Hat Enterprise Linux 5 Reporter: Debbie Johnson <dejohnso>
Component: piranhaAssignee: Marek Grac <mgrac>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: cluster-maint, djansa, ndoane
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: piranha-0.8.4-20.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 703146 (view as bug list) Environment:
Last Closed: 2011-07-21 11:23:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 703146    
Attachments:
Description Flags
core file
none
lvs files none

Description Debbie Johnson 2011-02-03 15:04:23 UTC 
Description of problem:
Piranha-gui is used to add and remove virtual services.

After removing the Virtual Service description, a reload of pulse daemon results in

Jan  6 20:27:59 spylvs4 kernel: lvsd[28193]: segfault at ffffffff00000019 rip 00000000004021d8 rsp 00007fffe8386d00 error 4

Reproduction steps
******************

1. Define  Virtual Service description in the LVS configuration via piranha-gui [Only LVS Virtual Service definition. no need to include Real Server's]

Execute 

service pulse reload

lvsd segfaults

2. Remove a service and then do service pulse reload

lvsd segfaults

After removing the patch described in the BZ https://bugzilla.redhat.com/show_bug.cgi?id=571544, segfaults are not seen

This does not look to be a regression. Probably the above patch simply exposes the bug


Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
piranha-0.8.4-16.el5
Kernel 2.6.18-194.3.1.el5



Additional info:

[New process 13534]
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
#1  0x00000039b3046b69 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1587
#2  0x00000039b30e6e48 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, args=<value optimized out>)
    at vsnprintf_chk.c:65
#3  0x00000000004093ab in doSyslog (format=0x40a248 "shutting down virtual service %s", args=0x7fff874d7d10)
    at util.c:54
#4  0x00000000004094d0 in piranha_log (flags=<value optimized out>, format=0x41 <Address 0x41 out of bounds>)
    at util.c:93
#5  0x0000000000402431 in shutdownVirtualServer (config=0x7fff874d82b0, vserver=0x18928008, flags=1744830464, 
    clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:614
#6  0x0000000000402ff4 in restartVirtualServer (config=0x7fff874d82b0, oldVserver=0x18928008, vserver=0x18929558, 
    flags=1744830464, clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:833
#7  0x000000000040377b in rereadConfigFiles (oldConfig=0x7fff874d8650, clientsPtr=0x7fff874d8470, 
    numClientsPtr=0x7fff874d848c, numClientsAllocedPtr=<value optimized out>, configFile=<value optimized out>, 
    flags=1744830464) at lvsd.c:1036
#8  0x0000000000403bd1 in startServices (config=0x7fff874d8650, flags=1744830464, 
    configFile=0x18927410 "/etc/sysconfig/ha/lvs.cf") at lvsd.c:1297
#9  0x0000000000403ef8 in main (argc=<value optimized out>, argv=<value optimized out>) at lvsd.c:1434

static void
doSyslog (char *format, va_list args)
{
  int bufLen = 80;
  char *buf = malloc (bufLen);
  int ret;

  while (1)
    {
      va_list try_args;
      va_copy(try_args, args);
      ret = vsnprintf (buf, bufLen, format, try_args);
      va_end(try_args);
      if ((ret > -1) && (ret < bufLen))
        {
          break;
        }
      else
        {
          bufLen += 80;
          buf = realloc (buf, bufLen);
        }
    }

  syslog (LOG_INFO, buf);

  free (buf);
}

It segfaulting here:

   ret = vsnprintf (buf, bufLen, format, try_args);

try_args looks to be an invalid addr

Will attach core.
Comment 1 Debbie Johnson 2011-02-03 15:55:15 UTC 
Created attachment 476810 [details]
core file
Comment 2 Debbie Johnson 2011-02-03 16:01:58 UTC 
Created attachment 476813 [details]
lvs files
Comment 9 errata-xmlrpc 2011-07-21 11:23:38 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1059.html