Bug 746771 - openstack-nova components fail with segfault with error 4 and 6 in libc-2.14.90.so
Summary: openstack-nova components fail with segfault with error 4 and 6 in libc-2.14....
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-greenlet
Version: 16
Hardware: i686
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Lev Shamardin
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 746330 746767 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-17 18:19 UTC by Sergey
Modified: 2011-11-25 02:04 UTC (History)
10 users (show)

Fixed In Version: python-greenlet-0.3.1-6.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-12 03:24:33 UTC
Type: ---


Attachments (Terms of Use)
I hope right debug info for starting nova-api (64.85 KB, text/plain)
2011-10-18 19:25 UTC, Sergey
no flags Details
Patch to add %check section to python-greenlet.spec (1.05 KB, patch)
2011-10-19 15:21 UTC, Dave Malcolm
no flags Details | Diff
Proposed changes to package (5.71 KB, patch)
2011-10-19 18:30 UTC, Dave Malcolm
no flags Details | Diff
upstream i686 assembly fix (2.13 KB, patch)
2011-10-24 15:59 UTC, Pádraig Brady
no flags Details | Diff
upstream i686 assembly fix 2 (9.28 KB, patch)
2011-10-24 17:39 UTC, Pádraig Brady
no flags Details | Diff

Description Sergey 2011-10-17 18:19:48 UTC
Description of problem:
openstack-nova-* services fail to start except openstack-nova-volume

server1 kernel: [ 1139.822573] nova-network[1634]: segfault at bf995000 ip 00c7c6b7 sp bf9936a8 error 6 in libc-2.14.90.so[b36000+1a7000]
server1 systemd[1]: openstack-nova-network.service: main process exited, code=killed, status=11
server1 systemd[1]: Unit openstack-nova-network.service entered failed state.
server1 kernel: [ 1140.217545] nova-api[1601]: segfault at bfd9a000 ip 0040b6a9 sp bfd964d8 error 6 in libc-2.14.90.so[2c5000+1a7000]
server1 systemd[1]: openstack-nova-api.service: main process exited, code=killed, status=11
server1 systemd[1]: Unit openstack-nova-api.service entered failed state.
server1 kernel: [ 1141.045279] nova-scheduler[1656]: segfault at 6e692f61 ip 00255950 sp bfb22778 error 4 in libc-2.14.90.so[110000+1a7000]
server1 systemd[1]: openstack-nova-scheduler.service: main process exited, code=killed, status=11
server1 systemd[1]: Unit openstack-nova-scheduler.service entered failed state.

Version-Release number of selected component (if applicable):
1) glibc-2.14.90-12.i686
   glibc-common-2.14.90-12.i686
2) Linux server1.example.com 3.1.0-0.rc9.git0.0.fc16.i686.PAE #1 SMP Wed Oct 5 15:51:55 UTC 2011 i686 i686 i386 GNU/Linux
3) openstack-swift-doc-1.4.0-2.fc16.noarch
   openstack-swift-proxy-1.4.0-2.fc16.noarch
   openstack-swift-container-1.4.0-2.fc16.noarch
   openstack-swift-1.4.0-2.fc16.noarch
   openstack-glance-2011.3-1.fc16.noarch
   openstack-keystone-1.0-0.3.d4.1213.fc16.noarch
   openstack-swift-auth-1.4.0-2.fc16.noarch
   openstack-swift-account-1.4.0-2.fc16.noarch
   openstack-nova-2011.3-3.fc16.noarch
   openstack-swift-object-1.4.0-2.fc16.noarch


How reproducible:
every time

Steps to Reproduce:
1. for svc in api objectstore compute network volume scheduler; do sudo service openstack-nova-$svc start; done
  
Actual results:
Segfault

Comment 1 Sergey 2011-10-17 18:28:31 UTC
Service openstack-nova-volume is in running state
Service openstack-nova-network is in running state after "Create user, project and network" step from https://fedoraproject.org/wiki/QA:Testcase_create_OpenStack_user_project_and_network
$> sudo nova-manage user admin markmc
$> sudo nova-manage project create markmc markmc
$> sudo nova-manage network create markmc 10.0.0.0/24 1 256 --bridge=br0

Comment 2 Mark McLoughlin 2011-10-18 16:30:21 UTC
Thanks for the report Sergey

I wonder is this because you're on i686? I do my testing on x86_64

Could you try update to https://admin.fedoraproject.org/updates/FEDORA-2011-14504

If you still see the segfault, try installing glibc-debuginfo and see if you can get a stack trace

http://fedoraproject.org/wiki/StackTraces

Comment 3 Mark McLoughlin 2011-10-18 16:31:37 UTC
*** Bug 746767 has been marked as a duplicate of this bug. ***

Comment 4 Sergey 2011-10-18 19:14:39 UTC
Thanks for the replay,
The latest update didn't help, so I try to do some debugging.

glibc-common-2.14.90-12.999.i686
glibc-debuginfo-2.14.90-12.999.i686
glibc-2.14.90-12.999.i686
glibc-debuginfo-common-2.14.90-12.999.i686

I'm not strong with gdb... Especially we have python code here, So here are my steps, please help me if I'm doing wrong:

[serg@server1 glance]$ gdb --args python
GNU gdb (GDB) Fedora (7.3.50.20110722-9.fc16)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...Reading symbols from /usr/lib/debug/usr/bin/python.debug...done.
done.
(gdb) run /usr/bin/glance

Starting program: /usr/bin/python /usr/bin/glance index
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Detaching after fork from child process 2350.
Detaching after fork from child process 2352.

Program received signal SIGSEGV, Segmentation fault.
__memcpy_ssse3_rep () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3-rep.S:158
158             movdqu  (%eax), %xmm0

this is with nova:
[serg@server1 glance]$ sudo gdb --args python
GNU gdb (GDB) Fedora (7.3.50.20110722-9.fc16)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...Reading symbols from /usr/lib/debug/usr/bin/python.debug...done.
done.
(gdb) run /usr/bin/nova-api
Starting program: /usr/bin/python /usr/bin/nova-api
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Detaching after fork from child process 2605.
Detaching after fork from child process 2607.
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/eventlet/hubs/hub.py", line 336, in fire_timers
    timer()
  File "/usr/lib/python2.7/site-packages/eventlet/hubs/timer.py", line 56, in __call__
    cb(*args, **kw)
SystemError: error return without exception set

Program received signal SIGSEGV, Segmentation fault.
__memcpy_ssse3_rep () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3-rep.S:1169
1169            movzbl  -1(%eax), %ecx


I found a lot of information about printing stack etc., please let me know what information you want and the best way to get it 

Thank you

Comment 5 Sergey 2011-10-18 19:25:13 UTC
Created attachment 528877 [details]
I hope right debug info for starting nova-api

I hope I've made the right dump for nova-api starting service

Comment 6 Pádraig Brady 2011-10-19 00:29:30 UTC
Hmm, memcpy. That reminds me of the infamous bug 638477
I wonder is something in python land doing a memcpy on overlapping regions?
I saw this crash in python (not related to nova) in the x86_64 F16 TC1 build.
Note that was using an earlier version of glibc (2.14.90-10).
I also noticed bug 737765 which may be related?
I've not noticed any issues with a fully updated system (glibc-2.14.90-12).
The last package update to libpython on my functioning system was Jul 8th,
so that is an unlikely source of the issue (given its ubiquity also).
Hmm I wonder is there some lib used by openstack using memcpy incorrectly.

This is a long shot, but this gives a hit:
readelf -Ws /usr/lib64/python2.7/site-packages/greenlet.so | grep memcpy
I had a quick look at the greenlet code and it seemed OK but I'm not sure.

BTW Sergey it would help if you could in gdb: thread apply all bt full
:) Scratch that, you've already attached that in comment 5.
Well would you look at that. greenlet.c
So it goes from there to python and back and then through some assembly
and finally to the memcpy in slp_restore_state().
I'd put a breakpoint on that function and step through,
to see if there were overlapping regions passed to memcpy.
If so I'd change both instances of memcpy in that file to memmove.
It could also be greenlet messing up the stack or heap or something.

For kicks here is the crashing line. That's one crazy complicated memcpy:
http://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/i386/i686/multiarch/memcpy-ssse3-rep.S;hb=HEAD#l1169

Comment 7 Mark McLoughlin 2011-10-19 12:26:24 UTC
Wow, this is an interesting bug alright

It definitely looks like a greenlet bug to me. See this thread:

http://groups.google.com/group/gevent/browse_thread/thread/fee2097e2f3bae5e

Moving to greenlet. I'll see if I can isolate what the upstream fix was, or whether we can just update to a newer version with the fix

Comment 8 Mark McLoughlin 2011-10-19 14:05:41 UTC
Okay, I asked the Ubuntu maintainer (Dave Walker) and he pointed me to this:

  https://bugs.launchpad.net/ubuntu/+source/nova/+bug/840641

and they used this patch to fix their issue:

  https://bitbucket.org/ambroff/greenlet/changeset/2d5b17472757/raw/

certainly seems like the right area of code

Comment 9 Mark McLoughlin 2011-10-19 14:10:39 UTC
Also, as an aside - it looks like 0.3.1 is over 18 months old and there's a bunch of unreleased stuff in hg upstream. Some anonymous coward :) just asked about this yesterday:

  https://bitbucket.org/ambroff/greenlet/issue/32/greenlet-release-cycle

Comment 10 Pádraig Brady 2011-10-19 14:22:09 UTC
Oh patch in comment 8 looks promising. I was reviewing the latest greenlet code last night rather than 0.3.1 :(

Comment 11 Mark McLoughlin 2011-10-19 15:20:45 UTC
btw - dmalcolm is looking into this now and can reproduce the issue on i686

Comment 12 Dave Malcolm 2011-10-19 15:21:56 UTC
Created attachment 529032 [details]
Patch to add %check section to python-greenlet.spec

Frame #2 of attachment 528877 [details] is within slp_restore_state (), which is heavily dependent on CPU architecture and compiler version (calling conventions too, I believe).

I noticed that python-greenlet.spec doesn't have a %check section.

Attached is a patch to that file to add one, using upstream's test and benchmarking suite, so that we get some automatic test coverage on different architectures.

$ koji build --scratch f16 /home/david/coding/dist-git-new/python-greenlet/python-greenlet-0.3.1-5.fc17.src.rpm
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=3444123

Upon running that, I see a segfault in the i686 build within the %check section:
http://koji.fedoraproject.org/koji/getfile?taskID=3444125&name=build.log

test_generator (tests.test_generator.GeneratorTests) ... /var/tmp/rpm-tmp.ZnHd7D: line 32: 24482 Segmentation fault      /usr/bin/python setup.py test

Am bringing up an i686 test box to investigate further

Comment 13 Pádraig Brady 2011-10-19 15:53:31 UTC
So i686 is the common factor.
There have been recent changes there
https://bitbucket.org/ambroff/greenlet/history/platform/switch_x86_unix.h
Though x86_64 has fixes too
https://bitbucket.org/ambroff/greenlet/history/platform/switch_amd64_unix.h

Comment 14 Dave Malcolm 2011-10-19 18:30:12 UTC
Created attachment 529078 [details]
Proposed changes to package

FWIW, I tried applying
  https://bitbucket.org/ambroff/greenlet/changeset/2d5b17472757
to our build, and the test suite then ran to completion on both architectures:
  http://koji.fedoraproject.org/koji/taskinfo?taskID=3444511

I'm attaching a patch to git python-greenlet, which adds that patch (slightly fixed up to apply cleanly) and modifies the specfile to apply it, and run the upstream test suite.

Comment 15 Pádraig Brady 2011-10-19 20:48:54 UTC
*** Bug 746330 has been marked as a duplicate of this bug. ***

Comment 16 Pádraig Brady 2011-10-24 15:59:13 UTC
Created attachment 529915 [details]
upstream i686 assembly fix

As I suspected, the i686 assembly patch from upstream also fixes the issue (independently of the other patch).  I've included the previous upstream patch too, as that has been tested extensively on other systems.

Note ppc64 is crashing with both of the above.
I applied the upstream ppc_linux.asm file too to no avail.

So for the moment I've done ExcludeArch ppc64 in the spec file.
This will bork dependencies for ppc64 though right?

Builds of theh attached patch available here:
http://koji.fedoraproject.org/koji/taskinfo?taskID=3456678

Comment 17 Pádraig Brady 2011-10-24 17:39:32 UTC
Created attachment 529934 [details]
upstream i686 assembly fix 2

I've updated the patch to build on ppc64 and just exclude the checks.
http://koji.fedoraproject.org/koji/taskinfo?taskID=3456815
You can apply this patch with `git am`

Note I've not got commit access so can't apply this.
Note F16 submission closes today :(

Comment 18 TR Bentley 2011-10-30 16:55:01 UTC
Any news on when this will be pushed to F16 testing?

Thanks

Comment 19 Pádraig Brady 2011-10-30 18:16:38 UTC
Well I've not received commit access yet, but I expect the resultant build to be the same as that in comment 17 which you can install/test directly.  I'll escalate getting commit access next week

Comment 20 Kevin Fenzi 2011-10-30 18:32:43 UTC
Sorry, I missed the commit request. I've approved it in pkgdb...

Comment 21 Fedora Update System 2011-11-01 02:56:55 UTC
python-greenlet-0.3.1-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/python-greenlet-0.3.1-6.fc15

Comment 22 Fedora Update System 2011-11-01 02:57:04 UTC
python-greenlet-0.3.1-6.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/python-greenlet-0.3.1-6.el6

Comment 23 Fedora Update System 2011-11-01 02:57:12 UTC
python-greenlet-0.3.1-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/python-greenlet-0.3.1-6.fc16

Comment 24 Fedora Update System 2011-11-02 00:04:53 UTC
Package python-greenlet-0.3.1-6.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing python-greenlet-0.3.1-6.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4822
then log in and leave karma (feedback).

Comment 25 Fedora Update System 2011-11-12 03:24:33 UTC
python-greenlet-0.3.1-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2011-11-25 02:03:53 UTC
python-greenlet-0.3.1-6.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2011-11-25 02:04:00 UTC
python-greenlet-0.3.1-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.