Bug 674859 - "service pulse reload" is resulting in lvsd segfaulting
"service pulse reload" is resulting in lvsd segfaulting
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: piranha (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Marek Grac
Cluster QE
Depends On:
Blocks: 703146
  Show dependency treegraph
Reported: 2011-02-03 10:04 EST by Debbie Johnson
Modified: 2016-04-18 01:55 EDT (History)
3 users (show)

See Also:
Fixed In Version: piranha-0.8.4-20.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 703146 (view as bug list)
Last Closed: 2011-07-21 07:23:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
core file (300.00 KB, application/octet-stream)
2011-02-03 10:55 EST, Debbie Johnson
no flags Details
lvs files (17.45 KB, application/x-zip-compressed)
2011-02-03 11:01 EST, Debbie Johnson
no flags Details

  None (edit)
Description Debbie Johnson 2011-02-03 10:04:23 EST
Description of problem:
Piranha-gui is used to add and remove virtual services.

After removing the Virtual Service description, a reload of pulse daemon results in

Jan  6 20:27:59 spylvs4 kernel: lvsd[28193]: segfault at ffffffff00000019 rip 00000000004021d8 rsp 00007fffe8386d00 error 4

Reproduction steps

1. Define  Virtual Service description in the LVS configuration via piranha-gui [Only LVS Virtual Service definition. no need to include Real Server's]


service pulse reload

lvsd segfaults

2. Remove a service and then do service pulse reload

lvsd segfaults

After removing the patch described in the BZ https://bugzilla.redhat.com/show_bug.cgi?id=571544, segfaults are not seen

This does not look to be a regression. Probably the above patch simply exposes the bug

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel 2.6.18-194.3.1.el5

Additional info:

[New process 13534]
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
#1  0x00000039b3046b69 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1587
#2  0x00000039b30e6e48 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, args=<value optimized out>)
    at vsnprintf_chk.c:65
#3  0x00000000004093ab in doSyslog (format=0x40a248 "shutting down virtual service %s", args=0x7fff874d7d10)
    at util.c:54
#4  0x00000000004094d0 in piranha_log (flags=<value optimized out>, format=0x41 <Address 0x41 out of bounds>)
    at util.c:93
#5  0x0000000000402431 in shutdownVirtualServer (config=0x7fff874d82b0, vserver=0x18928008, flags=1744830464, 
    clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:614
#6  0x0000000000402ff4 in restartVirtualServer (config=0x7fff874d82b0, oldVserver=0x18928008, vserver=0x18929558, 
    flags=1744830464, clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:833
#7  0x000000000040377b in rereadConfigFiles (oldConfig=0x7fff874d8650, clientsPtr=0x7fff874d8470, 
    numClientsPtr=0x7fff874d848c, numClientsAllocedPtr=<value optimized out>, configFile=<value optimized out>, 
    flags=1744830464) at lvsd.c:1036
#8  0x0000000000403bd1 in startServices (config=0x7fff874d8650, flags=1744830464, 
    configFile=0x18927410 "/etc/sysconfig/ha/lvs.cf") at lvsd.c:1297
#9  0x0000000000403ef8 in main (argc=<value optimized out>, argv=<value optimized out>) at lvsd.c:1434

static void
doSyslog (char *format, va_list args)
  int bufLen = 80;
  char *buf = malloc (bufLen);
  int ret;

  while (1)
      va_list try_args;
      va_copy(try_args, args);
      ret = vsnprintf (buf, bufLen, format, try_args);
      if ((ret > -1) && (ret < bufLen))
          bufLen += 80;
          buf = realloc (buf, bufLen);

  syslog (LOG_INFO, buf);

  free (buf);

It segfaulting here:

   ret = vsnprintf (buf, bufLen, format, try_args);

try_args looks to be an invalid addr

Will attach core.
Comment 1 Debbie Johnson 2011-02-03 10:55:15 EST
Created attachment 476810 [details]
core file
Comment 2 Debbie Johnson 2011-02-03 11:01:58 EST
Created attachment 476813 [details]
lvs files
Comment 9 errata-xmlrpc 2011-07-21 07:23:38 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.