Bug 1306509 - keepalived-1.2.13-7.el7: keepalived killed by SIGSEGV
keepalived-1.2.13-7.el7: keepalived killed by SIGSEGV
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: keepalived (Show other bugs)
7.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Ryan O'Hara
Brandon Perkins
:
Depends On:
Blocks: 1420851
  Show dependency treegraph
 
Reported: 2016-02-11 00:24 EST by Manish Saxena
Modified: 2017-08-01 15:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 15:36:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Manish Saxena 2016-02-11 00:24:19 EST
Description of problem:

[abrt] keepalived-1.2.13-7.el7: keepalived killed by SIGSEGV

time:           Tue 02 Feb 2016 02:03:57 PM CET
cmdline:        /usr/sbin/keepalived -D
uid:            0 (root)
abrt_version:   2.1.11
event_log:      
executable:     /usr/sbin/keepalived
global_pid:     1197
kernel:         3.10.0-327.4.5.el7.x86_64
last_occurrence: 1454481626
pid:            1197
pkg_arch:       x86_64
pkg_epoch:      0
pkg_name:       keepalived
pkg_release:    7.el7
pkg_version:    1.2.13
pwd:            /etc/keepalived
runlevel:       unknown
username:       root

maps:           Text file, 20150 bytes
sosreport.tar.xz: Binary file, 7789200 bytes
var_log_messages: Text file, 24184 bytes

cgroup:
:10:perf_event:/
:9:hugetlb:/
:8:freezer:/
:7:memory:/
:6:net_cls:/
:5:cpuacct,cpu:/
:4:devices:/
:3:cpuset:/
:2:blkio:/
:1:name=systemd:/system.slice/keepalived.service

comment:
:Keepalived starts correct but during VRRP initiation a segmentation fault occurs. The keepalived child processes are killed and respawned continously.
:
:[   13.574862] keepalived[1338]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe886515c8 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.625053] nf_conntrack version 0.5.0 (65536 buckets, 262144 max)
:[   13.629515] keepalived[1438]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.666238] keepalived[1507]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.671493] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
:[   13.671506] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
:[   13.671541] IPVS: Creating netns size=2040 id=0
:[   13.671758] IPVS: ipvs loaded.
:[   13.740283] keepalived[1633]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.784003] keepalived[1720]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.814997] keepalived[1782]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.860464] keepalived[1844]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.891023] keepalived[1920]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.934354] keepalived[1978]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   13.978036] keepalived[2060]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   15.913717] Bridge firewalling registered
:[   18.632313] show_signal_msg: 150 callbacks suppressed
:[   18.632318] keepalived[3142]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.662206] keepalived[3155]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.701213] keepalived[3175]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.736432] keepalived[3189]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.778970] keepalived[3219]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.817175] keepalived[3282]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.858331] keepalived[3342]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.907308] keepalived[3411]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.941416] keepalived[3426]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:[   18.977325] keepalived[3475]: segfault at 7f77d6e30070 ip 00007f77d2d1f915 sp 00007ffe88651548 error 4 in libc-2.17.so[7f77d2bbd000+1b6000]
:
:We downgraded to version 1.3.13-6 to resolve the issue temporarily.

core_backtrace:
:{   "signal": 11
:,   "executable": "/usr/sbin/keepalived"
:,   "stacktrace":
:      [ {   "crash_thread": true
:        ,   "frames":
:              [ {   "address": 140509307844885
:                ,   "build_id": "508f7ff5f9802fe2fe52fd9f5d19d0d732d55a56"
:                ,   "build_id_offset": 1452309
:                ,   "function_name": "__strlen_sse2_pminub"
:                ,   "file_name": "/lib64/libc.so.6"
:                }
:              , {   "address": 140509350976028
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 84508
:                ,   "function_name": "vrrp_auth_pass_handler"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509351063577
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 172057
:                ,   "function_name": "process_stream"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509351063598
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 172078
:                ,   "function_name": "process_stream"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509351063598
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 172078
:                ,   "function_name": "process_stream"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509351063855
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 172335
:                ,   "function_name": "read_conf_file"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509351065708
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 174188
:                ,   "function_name": "init_data"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509350988258
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 96738
:                ,   "function_name": "start_vrrp"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509350989045
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 97525
:                ,   "function_name": "start_vrrp_child"
:                ,   "file_name": "/usr/sbin/keepalived"
:                }
:              , {   "address": 140509350918008
:                ,   "build_id": "ee10a08b9fcd335b76548d8c2dfafb9690bece2d"
:                ,   "build_id_offset": 26488
:                ,   "function_name": "main"
:                ,   "file_name": "/usr/sbin/keepalived"
:                } ]
:        } ]
:}

dso_list:
:/usr/lib64/libplc4.so nspr-4.10.8-2.el7_1.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/libwrap.so.0.7.6 tcp_wrappers-libs-7.6-77.el7.x86_64 (Red Hat, Inc.) 1435566312
:/usr/lib64/libc-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libattr.so.1.1.0 libattr-2.4.46-12.el7.x86_64 (Red Hat, Inc.) 1435566310
:/usr/lib64/libpopt.so.0.0.0 popt-1.13-16.el7.x86_64 (Red Hat, Inc.) 1435566309
:/usr/lib64/perl5/CORE/libperl.so perl-libs-4:5.16.3-286.el7.x86_64 (Red Hat, Inc.) 1454416638
:/usr/lib64/libpcre.so.1.2.0 pcre-8.32-15.el7.x86_64 (Red Hat, Inc.) 1454416643
:/usr/lib64/librt-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libnl-3.so.200.16.1 libnl3-3.2.21-10.el7.x86_64 (Red Hat, Inc.) 1454416640
:/usr/lib64/libdl-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libcap.so.2.22 libcap-2.22-8.el7.x86_64 (Red Hat, Inc.) 1435566310
:/usr/lib64/libkrb5.so.3.3 krb5-libs-1.13.2-10.el7.x86_64 (Red Hat, Inc.) 1454416643
:/usr/lib64/libssl.so.1.0.1e openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 (Red Hat, Inc.) 1454416644
:/usr/lib64/libz.so.1.2.7 zlib-1.2.7-15.el7.x86_64 (Red Hat, Inc.) 1454416636
:/usr/lib64/ld-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libresolv-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libnss3.so nss-3.19.1-19.el7_2.x86_64 (Red Hat, Inc.) 1454416652
:/usr/lib64/libutil-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libnssutil3.so nss-util-3.19.1-4.el7_1.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/libnetsnmpagent.so.31.0.2 net-snmp-agent-libs-1:5.7.2-24.el7.x86_64 (Red Hat, Inc.) 1454416655
:/usr/lib64/libbz2.so.1.0.6 bzip2-libs-1.0.6-13.el7.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/libgssapi_krb5.so.2.2 krb5-libs-1.13.2-10.el7.x86_64 (Red Hat, Inc.) 1454416643
:/usr/lib64/libm-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libfreebl3.so nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64 (Red Hat, Inc.) 1442213957
:/usr/lib64/libcrypt-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libelf-0.163.so elfutils-libelf-0.163-3.el7.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/libkrb5support.so.0.1 krb5-libs-1.13.2-10.el7.x86_64 (Red Hat, Inc.) 1454416643
:/usr/lib64/libsensors.so.4.3.2 lm_sensors-libs-3.3.4-11.el7.x86_64 (Red Hat, Inc.) 1435566322
:/usr/lib64/libselinux.so.1 libselinux-2.2.2-6.el7.x86_64 (Red Hat, Inc.) 1435566309
:/usr/lib64/libcom_err.so.2.1 libcom_err-1.42.9-7.el7.x86_64 (Red Hat, Inc.) 1435566309
:/usr/lib64/libplds4.so nspr-4.10.8-2.el7_1.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/librpmio.so.3.2.2 rpm-libs-4.11.3-17.el7.x86_64 (Red Hat, Inc.) 1454416654
:/usr/lib64/libnsl-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/libdb-5.3.so libdb-5.3.21-19.el7.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/liblua-5.1.so lua-5.1.4-14.el7.x86_64 (Red Hat, Inc.) 1435566312
:/usr/lib64/libnetsnmpmibs.so.31.0.2 net-snmp-agent-libs-1:5.7.2-24.el7.x86_64 (Red Hat, Inc.) 1454416655
:/usr/lib64/libnl-genl-3.so.200.16.1 libnl3-3.2.21-10.el7.x86_64 (Red Hat, Inc.) 1454416640
:/usr/lib64/librpm.so.3.2.2 rpm-libs-4.11.3-17.el7.x86_64 (Red Hat, Inc.) 1454416654
:/usr/lib64/libpthread-2.17.so glibc-2.17-106.el7_2.1.x86_64 (Red Hat, Inc.) 1454416631
:/usr/lib64/liblzma.so.5.0.99 xz-libs-5.1.2-12alpha.el7.x86_64 (Red Hat, Inc.) 1454416636
:/usr/lib64/libcrypto.so.1.0.1e openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 (Red Hat, Inc.) 1454416644
:/usr/lib64/libnspr4.so nspr-4.10.8-2.el7_1.x86_64 (Red Hat, Inc.) 1454416637
:/usr/lib64/libacl.so.1.1.0 libacl-2.2.51-12.el7.x86_64 (Red Hat, Inc.) 1435566310
:/usr/sbin/keepalived keepalived-1.2.13-7.el7.x86_64 (Red Hat, Inc.) 1454416681
:/usr/lib64/libkeyutils.so.1.5 keyutils-libs-1.5.8-3.el7.x86_64 (Red Hat, Inc.) 1435566319
:/usr/lib64/libk5crypto.so.3.1 krb5-libs-1.13.2-10.el7.x86_64 (Red Hat, Inc.) 1454416643
:/usr/lib64/libnetsnmp.so.31.0.2 net-snmp-libs-1:5.7.2-24.el7.x86_64 (Red Hat, Inc.) 1454416648

environ:
:LANG=en_US.UTF-8
:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
:KEEPALIVED_OPTIONS=-D

exploitable:
:Likely crash reason: Jump to an invalid address
:Exploitable rating (0-9 scale): 6

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            8388608              unlimited            bytes     
:Max core file size        0                    unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             47343                47343                processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       47343                47343                signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

machineid:
:systemd=e090a090e51f44b2a6f337e9a6a51786
:sosreport_uploader-dmidecode=d3f029fc4b01dd6b4423b25e1b154c080736614a9c4761d6039beda7a0e753df

open_fds:
:0:/dev/null
:pos:	0
:flags:	0100002
:mnt_id:	19
:1:/dev/null
:pos:	0
:flags:	0100002
:mnt_id:	19
:2:/dev/null
:pos:	0
:flags:	0100002
:mnt_id:	19
:3:socket:[16135]
:pos:	0
:flags:	02000002
:mnt_id:	7
:4:pipe:[16139]
:pos:	0
:flags:	04000
:mnt_id:	9
:5:pipe:[16139]
:pos:	0
:flags:	04001
:mnt_id:	9
:6:socket:[16142]
:pos:	0
:flags:	04002
:mnt_id:	7
:7:socket:[16143]
:pos:	0
:flags:	04002
:mnt_id:	7
:8:socket:[16144]
:pos:	0
:flags:	02
:mnt_id:	7
:9:socket:[16145]
:pos:	0
:flags:	02
:mnt_id:	7
:10:/etc/keepalived/keepalived.conf
:pos:	606
:flags:	0100000
:mnt_id:	59

proc_pid_status:
:Name:	keepalived
:State:	S (sleeping)
:Tgid:	1197
:Ngid:	0
:Pid:	1197
:PPid:	1195
:TracerPid:	0
:Uid:	0	0	0	0
:Gid:	0	0	0	0
:FDSize:	64
:Groups:	
:VmPeak:	  111644 kB
:VmSize:	  111644 kB
:VmLck:	       0 kB
:VmPin:	       0 kB
:VmHWM:	    1640 kB
:VmRSS:	    1640 kB
:VmData:	    1960 kB
:VmStk:	     136 kB
:VmExe:	     276 kB
:VmLib:	   16384 kB
:VmPTE:	     208 kB
:VmSwap:	       0 kB
:Threads:	1
:SigQ:	0/47343
:SigPnd:	0000000000000000
:ShdPnd:	0000000000000000
:SigBlk:	0000000000000000
:SigIgn:	0000000000000000
:SigCgt:	0000000180005003
:CapInh:	0000000000000000
:CapPrm:	0000001fffffffff
:CapEff:	0000001fffffffff
:CapBnd:	0000001fffffffff
:Seccomp:	0
:Cpus_allowed:	f
:Cpus_allowed_list:	0-3
:Mems_allowed:	00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
:Mems_allowed_list:	0
:voluntary_ctxt_switches:	4
:nonvoluntary_ctxt_switches:	0

reported_to:
:uReport: BTHASH=36c941f1653fc5ecda52f8e2b85aa5e5182a3e2c
:ABRT Server: URL=https://api.access.redhat.com/rs/telemetry/abrt/reports/bthash/36c941f1653fc5ecda52f8e2b85aa5e5182a3e2c
Version-Release number of selected component (if applicable):


How reproducible:

Everytime when auth_pass value set the first character to  "!".

keepalived is crashing at the time of parsing auth_pass token from keepalived.conf. as per the configuration if in auth_pass value first character it ! and keepalived considered it as a comment so it is showing NULL and crashed. 

>>>>>>>

 auth_pass !"##!F24g234g13r3dojijf94

>>>>>>>>>

Steps to Reproduce:

RHEL7.2
keepalived-1.2.13-7.el7.x86_64

If in auth_pass value first character it ! and keepalived considered it as a comment so it is showing NULL and crashed. 

Actual results:
ABRT - keepalived killed by SIGSEGV

Expected results:
Should not crash

Additional info:

Customer confirmed that it works with version "keepalived-1.2.13-6.el7.x86_64" and does not segfault with a "!" in the beginning of the password.
Comment 2 Ryan O'Hara 2016-02-11 19:02:46 EST
(In reply to Manish Saxena from comment #0)
> Description of problem:
> 
> [abrt] keepalived-1.2.13-7.el7: keepalived killed by SIGSEGV
> 
> time:           Tue 02 Feb 2016 02:03:57 PM CET
> cmdline:        /usr/sbin/keepalived -D
> uid:            0 (root)
> abrt_version:   2.1.11
> event_log:      
> executable:     /usr/sbin/keepalived
> global_pid:     1197
> kernel:         3.10.0-327.4.5.el7.x86_64
> last_occurrence: 1454481626
> pid:            1197
> pkg_arch:       x86_64
> pkg_epoch:      0
> pkg_name:       keepalived
> pkg_release:    7.el7
> pkg_version:    1.2.13
> pwd:            /etc/keepalived
> runlevel:       unknown
> username:       root

[snip]

> Additional info:
> 
> Customer confirmed that it works with version
> "keepalived-1.2.13-6.el7.x86_64" and does not segfault with a "!" in the
> beginning of the password.

So this bug does not occur in keepalived-1.2.13-6.el7 but does occur in keepalived-1.2.13-7.el7? Just want to be perfectly clear on this point
Comment 11 errata-xmlrpc 2017-08-01 15:36:38 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2169

Note You need to log in before you can comment on or make changes to this bug.