Bug 674859 - "service pulse reload" is resulting in lvsd segfaulting
"service pulse reload" is resulting in lvsd segfaulting
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: piranha (Show other bugs)
5.4
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Marek Grac
Cluster QE
:
Depends On:
Blocks: 703146
  Show dependency treegraph
 
Reported: 2011-02-03 10:04 EST by Debbie Johnson
Modified: 2016-04-18 01:55 EDT (History)
3 users (show)

See Also:
Fixed In Version: piranha-0.8.4-20.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 703146 (view as bug list)
Environment:
Last Closed: 2011-07-21 07:23:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
core file (300.00 KB, application/octet-stream)
2011-02-03 10:55 EST, Debbie Johnson
no flags Details
lvs files (17.45 KB, application/x-zip-compressed)
2011-02-03 11:01 EST, Debbie Johnson
no flags Details

  None (edit)
Description Debbie Johnson 2011-02-03 10:04:23 EST
Description of problem:
Piranha-gui is used to add and remove virtual services.

After removing the Virtual Service description, a reload of pulse daemon results in

Jan  6 20:27:59 spylvs4 kernel: lvsd[28193]: segfault at ffffffff00000019 rip 00000000004021d8 rsp 00007fffe8386d00 error 4

Reproduction steps
******************

1. Define  Virtual Service description in the LVS configuration via piranha-gui [Only LVS Virtual Service definition. no need to include Real Server's]

Execute 

service pulse reload

lvsd segfaults

2. Remove a service and then do service pulse reload

lvsd segfaults

After removing the patch described in the BZ https://bugzilla.redhat.com/show_bug.cgi?id=571544, segfaults are not seen

This does not look to be a regression. Probably the above patch simply exposes the bug


Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
piranha-0.8.4-16.el5
Kernel 2.6.18-194.3.1.el5



Additional info:

[New process 13534]
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00000039b30796d0 in strlen () from /lib64/libc.so.6
#1  0x00000039b3046b69 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1587
#2  0x00000039b30e6e48 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, args=<value optimized out>)
    at vsnprintf_chk.c:65
#3  0x00000000004093ab in doSyslog (format=0x40a248 "shutting down virtual service %s", args=0x7fff874d7d10)
    at util.c:54
#4  0x00000000004094d0 in piranha_log (flags=<value optimized out>, format=0x41 <Address 0x41 out of bounds>)
    at util.c:93
#5  0x0000000000402431 in shutdownVirtualServer (config=0x7fff874d82b0, vserver=0x18928008, flags=1744830464, 
    clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:614
#6  0x0000000000402ff4 in restartVirtualServer (config=0x7fff874d82b0, oldVserver=0x18928008, vserver=0x18929558, 
    flags=1744830464, clients=0x18929610, numClientsPtr=0x7fff874d848c) at lvsd.c:833
#7  0x000000000040377b in rereadConfigFiles (oldConfig=0x7fff874d8650, clientsPtr=0x7fff874d8470, 
    numClientsPtr=0x7fff874d848c, numClientsAllocedPtr=<value optimized out>, configFile=<value optimized out>, 
    flags=1744830464) at lvsd.c:1036
#8  0x0000000000403bd1 in startServices (config=0x7fff874d8650, flags=1744830464, 
    configFile=0x18927410 "/etc/sysconfig/ha/lvs.cf") at lvsd.c:1297
#9  0x0000000000403ef8 in main (argc=<value optimized out>, argv=<value optimized out>) at lvsd.c:1434

static void
doSyslog (char *format, va_list args)
{
  int bufLen = 80;
  char *buf = malloc (bufLen);
  int ret;

  while (1)
    {
      va_list try_args;
      va_copy(try_args, args);
      ret = vsnprintf (buf, bufLen, format, try_args);
      va_end(try_args);
      if ((ret > -1) && (ret < bufLen))
        {
          break;
        }
      else
        {
          bufLen += 80;
          buf = realloc (buf, bufLen);
        }
    }

  syslog (LOG_INFO, buf);

  free (buf);
}

It segfaulting here:

   ret = vsnprintf (buf, bufLen, format, try_args);

try_args looks to be an invalid addr

Will attach core.
Comment 1 Debbie Johnson 2011-02-03 10:55:15 EST
Created attachment 476810 [details]
core file
Comment 2 Debbie Johnson 2011-02-03 11:01:58 EST
Created attachment 476813 [details]
lvs files
Comment 9 errata-xmlrpc 2011-07-21 07:23:38 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1059.html

Note You need to log in before you can comment on or make changes to this bug.