Bug 439411 - ipmi-sel aborts reading empty SEL log
ipmi-sel aborts reading empty SEL log
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: freeipmi (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jan Safranek
Depends On:
  Show dependency treegraph
Reported: 2008-03-28 11:58 EDT by Bryn M. Reeves
Modified: 2013-04-15 04:55 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-11-29 09:04:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
gzipped corefile from ipmi-sel (99.46 KB, text/plain)
2008-04-21 11:47 EDT, Bryn M. Reeves
no flags Details
fix (809 bytes, patch)
2010-12-20 07:07 EST, Jan Safranek
no flags Details | Diff

  None (edit)
Description Bryn M. Reeves 2008-03-28 11:58:23 EDT
Description of problem:
After clearing the System Event Log with "impi-sel -c", ipmi-sel aborts with a
glibc detected double free/corruption message.

Version-Release number of selected component (if applicable):

How reproducible:
100% on this system right now - will update after generating some new SEL events
and clearing the log again.

Steps to Reproduce:
1. ipmi-sel -c
2. ipmi-sel

Actual results:
# ipmi-sel -c
# ipmi-sel
ipmi_cmd_get_sel_entry: bad completion code: request data/parameter invalid
*** glibc detected *** ipmi-sel: double free or corruption (out):
0x0000003479f4fa50 ***
======= Backtrace: =========
======= Memory map: ========
00400000-0041d000 r-xp 00000000 fd:00 1789533                           
0061d000-0061e000 rw-p 0001d000 fd:00 1789533                           
0061e000-00623000 rw-p 0061e000 00:00 0
0c579000-0c61c000 rw-p 0c579000 00:00 0
3479800000-347981a000 r-xp 00000000 fd:00 9503007                       
3479a1a000-3479a1b000 r--p 0001a000 fd:00 9503007                       
3479a1b000-3479a1c000 rw-p 0001b000 fd:00 9503007                       
3479c00000-3479d4a000 r-xp 00000000 fd:00 9503008                       
3479d4a000-3479f4a000 ---p 0014a000 fd:00 9503008                       
3479f4a000-3479f4e000 r--p 0014a000 fd:00 9503008                       
3479f4e000-3479f4f000 rw-p 0014e000 fd:00 9503008                       
3479f4f000-3479f54000 rw-p 3479f4f000 00:00 0
347a000000-347a082000 r-xp 00000000 fd:00 9503009                       
347a082000-347a281000 ---p 00082000 fd:00 9503009                       
347a281000-347a282000 r--p 00081000 fd:00 9503009                       
347a282000-347a283000 rw-p 00082000 fd:00 9503009                       
347a800000-347a815000 r-xp 00000000 fd:00 9503014                       
347a815000-347aa14000 ---p 00015000 fd:00 9503014                       
347aa14000-347aa15000 r--p 00014000 fd:00 9503014                       
347aa15000-347aa16000 rw-p 00015000 fd:00 9503014                       
347aa16000-347aa1a000 rw-p 347aa16000 00:00 0
347d400000-347d415000 r-xp 00000000 fd:00 9503028                       
347d415000-347d614000 ---p 00015000 fd:00 9503028                       
347d614000-347d615000 r--p 00014000 fd:00 9503028                       
347d615000-347d616000 rw-p 00015000 fd:00 9503028                       
347d616000-347d618000 rw-p 347d616000 00:00 0
348aa00000-348aa0d000 r-xp 00000000 fd:00 9503019                       
348aa0d000-348ac0d000 ---p 0000d000 fd:00 9503019                       
348ac0d000-348ac0e000 rw-p 0000d000 fd:00 9503019                       
348da00000-348da4a000 r-xp 00000000 fd:00 1789486                       
348da4a000-348dc4a000 ---p 0004a000 fd:00 1789486                       
348dc4a000-348dc4c000 rw-p 0004a000 fd:00 1789486                       
348dc4c000-348dc4d000 rw-p 348dc4c000 00:00 0
348f200000-348f203000 r-xp 00000000 fd:00 1775967                       
348f203000-348f402000 ---p 00003000 fd:00 1775967                       
348f402000-348f403000 rw-p 00002000 fd:00 1775967                       
2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0
2aaaaaaba000-2aaaaaabb000 rw-p 2aaaaaaba000 00:00 0
2aaaaaabb000-2aaaaaac4000 r-xp 00000000 fd:00 1789524                   
2aaaaaac4000-2aaaaacc3000 ---p 00009000 fd:00 1789524                   
2aaaaacc3000-2aaaaacc4000 rw-p 00008000 fd:00 1789524                   
2aaaaacc4000-2aaaaad4c000 r-xp 00000000 fd:00 1782001                   
2aaaaad4c000-2aaaaaf4c000 ---p 00088000 fd:00 1782001                   
2aaaaaf4c000-2aaaab027000 rw-p 00088000 fd:00 1782001                   
2aaaab027000-2aaaab02b000 rw-p 2aaaab027000 00:00 0
2aaaab039000-2aaaab043000 r-xp 00000000 fd:00 9502748                   
2aaaab043000-2aaaab242000 ---p 0000a000 fd:00 9502748                   
2aaaab242000-2aaaab243000 r--p 00009000 fd:00 9502748                   
2aaaab243000-2aaaab244000 rw-p 0000a000 fd:00 9502748                   
2aaaac000000-2aaaac021000 rw-p 2aaaac000000 00:00 0
2aaaac021000-2aaab0000000 ---p 2aaaac021000 00:00 0
7fff13df3000-7fff13e08000 rw-p 7fff13df3000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]

Expected results:
ipmi-sel reports that there are no SEL events logged.

Additional info:
Comment 1 Bryn M. Reeves 2008-03-28 12:02:20 EDT
Doesn't seem to want to drop a core for me - let me know if it'd be useful and
I'll try to grab one through gdb.
Comment 3 Phil Knirsch 2008-04-16 09:59:22 EDT
Could you get an output with the debuginfo package installed, too? Otherwise
it's kinda hard to see where the double free happens.


Read ya, Phil
Comment 4 Bryn M. Reeves 2008-04-21 11:31:50 EDT
glibc's abort handlers don't seem to read debuginfo - you get the same output
with/without the debuginfo RPM installed.
Comment 5 Bryn M. Reeves 2008-04-21 11:45:26 EDT
After tracking down the owner of the box to get the OK to install gdb et al:

[Switching to Thread 47032056158928 (LWP 27483)]
0x0000003542c30145 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003542c30145 in raise () from /lib64/libc.so.6
#1  0x0000003542c31be0 in abort () from /lib64/libc.so.6
#2  0x0000003542c6a3cb in __libc_message () from /lib64/libc.so.6
#3  0x0000003542c71674 in _int_free () from /lib64/libc.so.6
#4  0x0000003542c74cbc in free () from /lib64/libc.so.6
#5  0x00000000004045e7 in destroy_sel_record (sel_rec=0x1244a810) at
#6  0x0000000000405893 in get_sel_record (state_data=0x7fff29ab9d70,
record_id=0, next_record_id=0x7fff29ab98ee) at ipmi-sel-wrapper.c:823
#7  0x000000000040601e in display_sel_records (state_data=0x7fff29ab9d70) at
#8  0x0000000000406591 in run_cmd_args (state_data=0x7fff29ab9d70) at ipmi-sel.c:329
#9  0x000000000040671a in _ipmi_sel (pstate=0x7fff29aba240, hostname=0x0,
arg=0x7fff29aba2f0) at ipmi-sel.c:387
#10 0x00000000004109ce in pstdout_launch (hostnames=0x0, pstdout_func=0x406670
<_ipmi_sel>, arg=0x7fff29aba2f0) at pstdout.c:1294
#11 0x0000000000405ddb in main (argc=1, argv=0x7fff29aba4c8) at ipmi-sel.c:434
#12 0x0000003542c1d8b4 in __libc_start_main () from /lib64/libc.so.6
#13 0x0000000000403669 in _start ()
Comment 6 Bryn M. Reeves 2008-04-21 11:47:37 EDT
Created attachment 303164 [details]
gzipped corefile from ipmi-sel
Comment 8 Bryn M. Reeves 2010-02-22 06:26:26 EST
Issue-tracker for this BZ closed & I no longer have access to the hardware to test with. We probably want the fix for this in impi-tools though..
Comment 9 Jan "Yenya" Kasprzak 2010-12-17 03:42:46 EST
This issue is present also in RHEL 5.5 and freeipmi-0.5.1-6.el5.

Are there any plans to fix the problem?
Comment 11 Jan Safranek 2010-12-20 07:07:57 EST
Created attachment 469740 [details]

Here is a fix. Regarding the update plan, I cannot promise anything, not all components get fixed in all updates. A support ticked might help here.
Comment 19 errata-xmlrpc 2011-11-29 09:04:53 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.