692895 – rgmanager segfaults after cman_tool version -r if resource script provides badly formatted meta-data.

Bug 692895 - rgmanager segfaults after cman_tool version -r if resource script provides badly formatted meta-data.

Summary: rgmanager segfaults after cman_tool version -r if resource script provides ba...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	rgmanager
Sub Component:
Version:	6.0
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Lon Hohberger
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	706251 (view as bug list)
Depends On:
Blocks:	721004
TreeView+	depends on / blocked

Reported:	2011-04-01 14:31 UTC by Yevheniy Demchenko
Modified:	2018-11-14 13:58 UTC (History)
CC List:	8 users (show)
Fixed In Version:	rgmanager-3.0.12.1-2.el6
Doc Type:	Bug Fix
Doc Text:	Prior to this update, any resource agent returning corrupted or invalid metadata would cause the rgmanager utility to terminate unexpectedly and the node to be fenced. With this update, rgmanager is able to skip the broken agent and continue operating as expected, thus fixing this bug.
Clone Of:
Environment:
Last Closed:	2011-12-06 11:57:25 UTC
Target Upstream Version:

Attachments	(Terms of Use)
patch to resolve the issue. (1.72 KB, patch) 2011-04-01 14:31 UTC, Yevheniy Demchenko	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Legacy)	48151	0	None	None	None	Never
Red Hat Product Errata	RHBA-2011:1595	0	normal	SHIPPED_LIVE	rgmanager bug fix and enhancement update	2011-12-06 00:38:45 UTC

Description Yevheniy Demchenko 2011-04-01 14:31:05 UTC

Created attachment 489417 [details]
patch to resolve the issue.

Description of problem:
This issue was initially triggered by rpm package which wrongly set executable flag on resource-script.metadata file in /usr/share/cluster/. After running "cman_tool version -r" cluster crashed, last log entry was
rgmanager[47960]: Loading Service Data
Further investigation has shown, that this behaviour is triggered always if any runnable file in /usr/share/cluster provides not-well-xml-formatted meta-data output.

Version-Release number of selected component (if applicable):
rgmanager-3.0.12-10.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. configure 2-node cluster, service cman start; service rgmanager start on 1 node.
2. chmod a+x /usr/share/lvm.metadata (for example)
3. increase version number in cluster.conf
4. cman_tool version -r -S
  
Actual results:
Rgmanager gets segfault, node restarts (or all nodes with incorrect resource script restart)

Expected results:
Cluster survives, maybe some error is logged.

Additional info:
rgmanager survives if debugging is enabled via -d flag or RGMANAGER_DEBUG=1. rgmanager also survives initial initialization.

gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f4eb07df700 (LWP 21797)]
0x00000031392f8e01 in __vfprintf_chk () from /lib64/libc.so.6
(gdb) backtrace
#0  0x00000031392f8e01 in __vfprintf_chk () from /lib64/libc.so.6
#1  0x000000313c232da8 in vfprintf (ctx=<value optimized out>, msg=0x313c308acd "Entity: line %d: ") at /usr/include/bits/stdio2.h:128
#2  xmlGenericErrorDefaultFunc (ctx=<value optimized out>, msg=0x313c308acd "Entity: line %d: ") at error.c:78
#3  0x000000313c2317e9 in xmlReportError (err=0x7f4e9c044d48, ctxt=0x7f4e9c044af0, str=0x7f4e9c03dfa0 "Start tag expected, '<' not found\n", 
    channel=0x313c232d00 <xmlGenericErrorDefaultFunc>, data=0x0) at error.c:290
#4  0x000000313c232a55 in __xmlRaiseError (schannel=0, channel=0x313c232120 <xmlParserError__internal_alias>, data=0x7f4e9c044af0, ctx=0x7f4e9c044af0, nod=0x0, domain=1, code=4, 
    level=XML_ERR_FATAL, file=0x0, line=1, str1=0x0, str2=0x0, str3=0x0, int1=0, col=1, msg=0x313c312ce7 "%s") at error.c:624
#5  0x000000313c236f41 in xmlFatalErrMsg (ctxt=0x7f4e9c044af0, error=<value optimized out>, msg=<value optimized out>) at parser.c:496
#6  0x000000313c24d050 in xmlParseDocument__internal_alias (ctxt=0x7f4e9c044af0) at parser.c:10200
#7  0x000000313c24de45 in xmlSAXParseMemoryWithData__internal_alias (sax=0x0, buffer=<value optimized out>, size=<value optimized out>, recovery=0, data=0x0) at parser.c:13709
#8  0x000000000040c2b0 in read_resource_agent_metadata (rpath=0x4213a7 "/usr/share/cluster", rules=0x7f4eb07ded68)
    at /usr/src/debug/rgmanager-3.0.12/rgmanager/src/daemons/resrules.c:991
#9  load_resource_rulefile (rpath=0x4213a7 "/usr/share/cluster", rules=0x7f4eb07ded68) at /usr/src/debug/rgmanager-3.0.12/rgmanager/src/daemons/resrules.c:1015
#10 load_resource_rules (rpath=0x4213a7 "/usr/share/cluster", rules=0x7f4eb07ded68) at /usr/src/debug/rgmanager-3.0.12/rgmanager/src/daemons/resrules.c:1163
#11 0x00000000004070da in init_resource_groups (reconfigure=1, do_init=0) at /usr/src/debug/rgmanager-3.0.12/rgmanager/src/daemons/groups.c:1647
#12 0x00000000004107ac in _event_thread_f (arg=<value optimized out>) at /usr/src/debug/rgmanager-3.0.12/rgmanager/src/daemons/rg_event.c:405
#13 0x00000031396077e1 in start_thread () from /lib64/libpthread.so.0
#14 0x00000031392e151d in clone () from /lib64/libc.so.6

This behaviour is probably caused by the wrong usage of xmlInitParser()/XmlCleanUp() parser in threaded application.
Attached patch resolves the issue, please revue it, it might need verifying.

Comment 2 RHEL Program Management 2011-04-04 02:10:03 UTC

Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Lon Hohberger 2011-06-20 15:58:03 UTC

Reproduced.

Comment 5 Lon Hohberger 2011-06-20 16:07:38 UTC

I suspect it's actually related to the DBus integration work, which may or may not be calling xmlInitParser().

Your patch makes the init/cleanup of XML work consistently with other libxml2 programs.

Comment 6 Lon Hohberger 2011-07-08 16:19:31 UTC

I have merged your patch upstream:

http://git.fedorahosted.org/git?p=cluster.git;a=commit;h=eed4792bfd833ae85e7388c9cbd2221daae3d9fa

Comment 7 Lon Hohberger 2011-07-08 16:54:20 UTC

*** Bug 706251 has been marked as a duplicate of this bug. ***

Comment 10 Tomas Capek 2011-07-15 10:25:46 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, any resource agent returning corrupted or invalid metadata would cause the rgmanager utility to terminate unexpectedly and the node to be fenced. With this update, rgmanager is able to skip the broken agent and continue operating as expected, thus fixing this bug.

Comment 12 Martin Juricek 2011-09-30 07:29:18 UTC

Verified in version rgmanager-3.0.12.1-4.el6, kernel 2.6.32-201.el6

Rgmanager doesn't segfault and cluster node is not fenced.

Comment 13 errata-xmlrpc 2011-12-06 11:57:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1595.html

Note You need to log in before you can comment on or make changes to this bug.