674859 – "service pulse reload" is resulting in lvsd segfaulting

Bug 674859 - "service pulse reload" is resulting in lvsd segfaulting

Summary: "service pulse reload" is resulting in lvsd segfaulting

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	piranha
Sub Component:
Version:	5.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Marek Grac
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	703146
TreeView+	depends on / blocked

Reported:	2011-02-03 15:04 UTC by Debbie Johnson
Modified:	2018-11-14 15:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:	piranha-0.8.4-20.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	703146 (view as bug list)
Environment:
Last Closed:	2011-07-21 11:23:38 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
core file (300.00 KB, application/octet-stream) 2011-02-03 15:55 UTC, Debbie Johnson	no flags	Details
lvs files (17.45 KB, application/x-zip-compressed) 2011-02-03 16:01 UTC, Debbie Johnson	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1059	0	normal	SHIPPED_LIVE	piranha bug fix update	2011-07-20 15:43:20 UTC

Description Debbie Johnson 2011-02-03 15:04:23 UTC

Description of problem:
Piranha-gui is used to add and remove virtual services.

After removing the Virtual Service description, a reload of pulse daemon results in

Jan  6 20:27:59 spylvs4 kernel: lvsd[28193]: segfault at ffffffff00000019 rip 00000000004021d8 rsp 00007fffe8386d00 error 4

Reproduction steps
******************

1. Define  Virtual Service description in the LVS configuration via piranha-gui [Only LVS Virtual Service definition. no need to include Real Server's]

Execute 

service pulse reload

lvsd segfaults

2. Remove a service and then do service pulse reload

lvsd segfaults

After removing the patch described in the BZ https://bugzilla.redhat.com/show_bug.cgi?id=571544, segfaults are not seen

This does not look to be a regression. Probably the above patch simply exposes the bug


Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
piranha-0.8.4-16.el5
Kernel 2.6.18-194.3.1.el5



Additional info:

[New process 13534]
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
#1  0x00000039b3046b69 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1587
#2  0x00000039b30e6e48 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, args=<value optimized out>)
    at vsnprintf_chk.c:65
#3  0x00000000004093ab in doSyslog (format=0x40a248 "shutting down virtual service %s", args=0x7fff874d7d10)
    at util.c:54
#4  0x00000000004094d0 in piranha_log (flags=<value optimized out>, format=0x41 <Address 0x41 out of bounds>)
    at util.c:93
#5  0x0000000000402431 in shutdownVirtualServer (config=0x7fff874d82b0, vserver=0x18928008, flags=1744830464, 
    clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:614
#6  0x0000000000402ff4 in restartVirtualServer (config=0x7fff874d82b0, oldVserver=0x18928008, vserver=0x18929558, 
    flags=1744830464, clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:833
#7  0x000000000040377b in rereadConfigFiles (oldConfig=0x7fff874d8650, clientsPtr=0x7fff874d8470, 
    numClientsPtr=0x7fff874d848c, numClientsAllocedPtr=<value optimized out>, configFile=<value optimized out>, 
    flags=1744830464) at lvsd.c:1036
#8  0x0000000000403bd1 in startServices (config=0x7fff874d8650, flags=1744830464, 
    configFile=0x18927410 "/etc/sysconfig/ha/lvs.cf") at lvsd.c:1297
#9  0x0000000000403ef8 in main (argc=<value optimized out>, argv=<value optimized out>) at lvsd.c:1434

static void
doSyslog (char *format, va_list args)
{
  int bufLen = 80;
  char *buf = malloc (bufLen);
  int ret;

  while (1)
    {
      va_list try_args;
      va_copy(try_args, args);
      ret = vsnprintf (buf, bufLen, format, try_args);
      va_end(try_args);
      if ((ret > -1) && (ret < bufLen))
        {
          break;
        }
      else
        {
          bufLen += 80;
          buf = realloc (buf, bufLen);
        }
    }

  syslog (LOG_INFO, buf);

  free (buf);
}

It segfaulting here:

   ret = vsnprintf (buf, bufLen, format, try_args);

try_args looks to be an invalid addr

Will attach core.

Comment 1 Debbie Johnson 2011-02-03 15:55:15 UTC

Created attachment 476810 [details]
core file

Comment 2 Debbie Johnson 2011-02-03 16:01:58 UTC

Created attachment 476813 [details]
lvs files

Comment 9 errata-xmlrpc 2011-07-21 11:23:38 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1059.html

Note You need to log in before you can comment on or make changes to this bug.