Red Hat Bugzilla – Bug 439411
ipmi-sel aborts reading empty SEL log
Last modified: 2013-04-15 04:55:28 EDT
Description of problem: After clearing the System Event Log with "impi-sel -c", ipmi-sel aborts with a glibc detected double free/corruption message. Version-Release number of selected component (if applicable): freeipmi-0.5.1-5.el5 How reproducible: 100% on this system right now - will update after generating some new SEL events and clearing the log again. Steps to Reproduce: 1. ipmi-sel -c 2. ipmi-sel Actual results: # ipmi-sel -c # ipmi-sel ipmi_cmd_get_sel_entry: bad completion code: request data/parameter invalid *** glibc detected *** ipmi-sel: double free or corruption (out): 0x0000003479f4fa50 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3479c71674] /lib64/libc.so.6(cfree+0x8c)[0x3479c74cbc] ipmi-sel[0x4045e7] ipmi-sel[0x405893] ipmi-sel[0x40601e] ipmi-sel[0x406591] ipmi-sel[0x40671a] ipmi-sel[0x4109ce] ipmi-sel[0x405ddb] /lib64/libc.so.6(__libc_start_main+0xf4)[0x3479c1d8b4] ipmi-sel[0x403669] ======= Memory map: ======== 00400000-0041d000 r-xp 00000000 fd:00 1789533 /usr/sbin/ipmi-sel 0061d000-0061e000 rw-p 0001d000 fd:00 1789533 /usr/sbin/ipmi-sel 0061e000-00623000 rw-p 0061e000 00:00 0 0c579000-0c61c000 rw-p 0c579000 00:00 0 3479800000-347981a000 r-xp 00000000 fd:00 9503007 /lib64/ld-2.5.so 3479a1a000-3479a1b000 r--p 0001a000 fd:00 9503007 /lib64/ld-2.5.so 3479a1b000-3479a1c000 rw-p 0001b000 fd:00 9503007 /lib64/ld-2.5.so 3479c00000-3479d4a000 r-xp 00000000 fd:00 9503008 /lib64/libc-2.5.so 3479d4a000-3479f4a000 ---p 0014a000 fd:00 9503008 /lib64/libc-2.5.so 3479f4a000-3479f4e000 r--p 0014a000 fd:00 9503008 /lib64/libc-2.5.so 3479f4e000-3479f4f000 rw-p 0014e000 fd:00 9503008 /lib64/libc-2.5.so 3479f4f000-3479f54000 rw-p 3479f4f000 00:00 0 347a000000-347a082000 r-xp 00000000 fd:00 9503009 /lib64/libm-2.5.so 347a082000-347a281000 ---p 00082000 fd:00 9503009 /lib64/libm-2.5.so 347a281000-347a282000 r--p 00081000 fd:00 9503009 /lib64/libm-2.5.so 347a282000-347a283000 rw-p 00082000 fd:00 9503009 /lib64/libm-2.5.so 347a800000-347a815000 r-xp 00000000 fd:00 9503014 /lib64/libpthread-2.5.so 347a815000-347aa14000 ---p 00015000 fd:00 9503014 /lib64/libpthread-2.5.so 347aa14000-347aa15000 r--p 00014000 fd:00 9503014 /lib64/libpthread-2.5.so 347aa15000-347aa16000 rw-p 00015000 fd:00 9503014 /lib64/libpthread-2.5.so 347aa16000-347aa1a000 rw-p 347aa16000 00:00 0 347d400000-347d415000 r-xp 00000000 fd:00 9503028 /lib64/libnsl-2.5.so 347d415000-347d614000 ---p 00015000 fd:00 9503028 /lib64/libnsl-2.5.so 347d614000-347d615000 r--p 00014000 fd:00 9503028 /lib64/libnsl-2.5.so 347d615000-347d616000 rw-p 00015000 fd:00 9503028 /lib64/libnsl-2.5.so 347d616000-347d618000 rw-p 347d616000 00:00 0 348aa00000-348aa0d000 r-xp 00000000 fd:00 9503019 /lib64/libgcc_s-4.1.2-20080102.so.1 348aa0d000-348ac0d000 ---p 0000d000 fd:00 9503019 /lib64/libgcc_s-4.1.2-20080102.so.1 348ac0d000-348ac0e000 rw-p 0000d000 fd:00 9503019 /lib64/libgcc_s-4.1.2-20080102.so.1 348da00000-348da4a000 r-xp 00000000 fd:00 1789486 /usr/lib64/libgcrypt.so.11.2.2 348da4a000-348dc4a000 ---p 0004a000 fd:00 1789486 /usr/lib64/libgcrypt.so.11.2.2 348dc4a000-348dc4c000 rw-p 0004a000 fd:00 1789486 /usr/lib64/libgcrypt.so.11.2.2 348dc4c000-348dc4d000 rw-p 348dc4c000 00:00 0 348f200000-348f203000 r-xp 00000000 fd:00 1775967 /usr/lib64/libgpg-error.so.0.3.0 348f203000-348f402000 ---p 00003000 fd:00 1775967 /usr/lib64/libgpg-error.so.0.3.0 348f402000-348f403000 rw-p 00002000 fd:00 1775967 /usr/lib64/libgpg-error.so.0.3.0 2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0 2aaaaaaba000-2aaaaaabb000 rw-p 2aaaaaaba000 00:00 0 2aaaaaabb000-2aaaaaac4000 r-xp 00000000 fd:00 1789524 /usr/lib64/libipmidetect.so.0.0.0 2aaaaaac4000-2aaaaacc3000 ---p 00009000 fd:00 1789524 /usr/lib64/libipmidetect.so.0.0.0 2aaaaacc3000-2aaaaacc4000 rw-p 00008000 fd:00 1789524 /usr/lib64/libipmidetect.so.0.0.0 2aaaaacc4000-2aaaaad4c000 r-xp 00000000 fd:00 1782001 /usr/lib64/libfreeipmi.so.5.0.0 2aaaaad4c000-2aaaaaf4c000 ---p 00088000 fd:00 1782001 /usr/lib64/libfreeipmi.so.5.0.0 2aaaaaf4c000-2aaaab027000 rw-p 00088000 fd:00 1782001 /usr/lib64/libfreeipmi.so.5.0.0 2aaaab027000-2aaaab02b000 rw-p 2aaaab027000 00:00 0 2aaaab039000-2aaaab043000 r-xp 00000000 fd:00 9502748 /lib64/libnss_files-2.5.so 2aaaab043000-2aaaab242000 ---p 0000a000 fd:00 9502748 /lib64/libnss_files-2.5.so 2aaaab242000-2aaaab243000 r--p 00009000 fd:00 9502748 /lib64/libnss_files-2.5.so 2aaaab243000-2aaaab244000 rw-p 0000a000 fd:00 9502748 /lib64/libnss_files-2.5.so 2aaaac000000-2aaaac021000 rw-p 2aaaac000000 00:00 0 2aaaac021000-2aaab0000000 ---p 2aaaac021000 00:00 0 7fff13df3000-7fff13e08000 rw-p 7fff13df3000 00:00 0 [stack] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso] Aborted Expected results: ipmi-sel reports that there are no SEL events logged. Additional info:
Doesn't seem to want to drop a core for me - let me know if it'd be useful and I'll try to grab one through gdb.
Could you get an output with the debuginfo package installed, too? Otherwise it's kinda hard to see where the double free happens. Thanks, Read ya, Phil
glibc's abort handlers don't seem to read debuginfo - you get the same output with/without the debuginfo RPM installed.
After tracking down the owner of the box to get the OK to install gdb et al: [Switching to Thread 47032056158928 (LWP 27483)] 0x0000003542c30145 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x0000003542c30145 in raise () from /lib64/libc.so.6 #1 0x0000003542c31be0 in abort () from /lib64/libc.so.6 #2 0x0000003542c6a3cb in __libc_message () from /lib64/libc.so.6 #3 0x0000003542c71674 in _int_free () from /lib64/libc.so.6 #4 0x0000003542c74cbc in free () from /lib64/libc.so.6 #5 0x00000000004045e7 in destroy_sel_record (sel_rec=0x1244a810) at ipmi-sel-wrapper.c:833 #6 0x0000000000405893 in get_sel_record (state_data=0x7fff29ab9d70, record_id=0, next_record_id=0x7fff29ab98ee) at ipmi-sel-wrapper.c:823 #7 0x000000000040601e in display_sel_records (state_data=0x7fff29ab9d70) at ipmi-sel.c:129 #8 0x0000000000406591 in run_cmd_args (state_data=0x7fff29ab9d70) at ipmi-sel.c:329 #9 0x000000000040671a in _ipmi_sel (pstate=0x7fff29aba240, hostname=0x0, arg=0x7fff29aba2f0) at ipmi-sel.c:387 #10 0x00000000004109ce in pstdout_launch (hostnames=0x0, pstdout_func=0x406670 <_ipmi_sel>, arg=0x7fff29aba2f0) at pstdout.c:1294 #11 0x0000000000405ddb in main (argc=1, argv=0x7fff29aba4c8) at ipmi-sel.c:434 #12 0x0000003542c1d8b4 in __libc_start_main () from /lib64/libc.so.6 #13 0x0000000000403669 in _start ()
Created attachment 303164 [details] gzipped corefile from ipmi-sel
Issue-tracker for this BZ closed & I no longer have access to the hardware to test with. We probably want the fix for this in impi-tools though..
This issue is present also in RHEL 5.5 and freeipmi-0.5.1-6.el5. Are there any plans to fix the problem?
Created attachment 469740 [details] fix Here is a fix. Regarding the update plan, I cannot promise anything, not all components get fixed in all updates. A support ticked might help here.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1499.html