Menu

#970 logtrace: messages longer than 1024 bytes causes processes to crash.

4.5.0
fixed
None
defect
base
-
critical
2014-09-15
2014-07-25
No

gcc 4.9
setup : 1 controller
changeset : 5454 and included patches for longDns
Test:
1) Create a object A with longDN value
2) Create a object B(not longDn) with parent A ie [B,A]
3) Delete the object created in step 2 ie [B,A]

Logs attached.full bt attached with the logs tar.
IMMND log time stamp
Jul 25 18:53:59.392355 osafimmnd [2285:ImmModel.cc:5069]

GDB output:

(gdb) bt

0 std::_Rb_tree_increment(std::_Rb_tree_node_base*) ()

at ../../../../../gcc-4.9.0/libstdc++-v3/src/c++98/tree.cc:84

1 0x000000000046a58f in std::_Rb_tree_iterator<std::pair<std::string const,="" ObjectMutation*=""> >::operator++()

() at /usr/include/c++/4.9.0/bits/stl_tree.h:203

2 0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int,="" std::allocator<unsigned="" int=""> >&) () at ImmModel.cc:5154

3 0x000000000042d95e in immModel_ccbCommit () at ImmModel.cc:1254

4 0x0000000000418da9 in immnd_evt_proc_ccb_apply ()

5 0x0000000000419974 in immnd_evt_proc_fevs_dispatch ()

6 0x000000000041c2a8 in immnd_evt_proc_fevs_rcv ()

7 0x00000000004065f9 in immnd_process_evt ()

8 0x000000000041fbba in main ()

(gdb) fr 2

2 0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int,="" std::allocator<unsigned="" int=""> >&) () at ImmModel.cc:5154

warning: Source file is more recent than executable.
5154 for(omit=ccb->mMutations.begin(); omit!=ccb->mMutations.end(); ++omit){
(gdb) l
5149 }
5150 ccb->mWaitStartTime = 0;
5151
5152 //Do the actual commit!
5153 ObjectMutationMap::iterator omit;
5154 for(omit=ccb->mMutations.begin(); omit!=ccb->mMutations.end(); ++omit){
5155 ccbNotEmpty=true;
5156 ObjectMutation* omut = omit->second;
5157 osafassert(!omut->mWaitForImplAck);
5158 switch(omut->mOpType){

1 Attachments

Related

Tickets: #970
Wiki: ChangeLog-4.3.3
Wiki: ChangeLog-4.4.1

Discussion

1 2 > >> (Page 1 of 2)
  • surender khetavath

    • summary: IMM: immnd crashed whild committing ccbDelete operation --> IMM: immnd crashed while committing ccbDelete operation
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -12,6 +12,18 @@
    
     GDB output:
    
    +(gdb) bt
    +#0  std::_Rb_tree_increment(std::_Rb_tree_node_base*) ()
    +    at ../../../../../gcc-4.9.0/libstdc++-v3/src/c++98/tree.cc:84
    +#1  0x000000000046a58f in std::_Rb_tree_iterator<std::pair<std::string const, ObjectMutation*> >::operator++()
    +    () at /usr/include/c++/4.9.0/bits/stl_tree.h:203
    +#2  0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int, std::allocator<unsigned int> >&) () at ImmModel.cc:5154
    +#3  0x000000000042d95e in immModel_ccbCommit () at ImmModel.cc:1254
    +#4  0x0000000000418da9 in immnd_evt_proc_ccb_apply ()
    +#5  0x0000000000419974 in immnd_evt_proc_fevs_dispatch ()
    +#6  0x000000000041c2a8 in immnd_evt_proc_fevs_rcv ()
    +#7  0x00000000004065f9 in immnd_process_evt ()
    +#8  0x000000000041fbba in main ()
     (gdb) fr 2
     #2  0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int, std::allocator<unsigned int> >&) () at ImmModel.cc:5154
     warning: Source file is more recent than executable.
    
     
  • Anders Bjornerstedt

    The test was done with changeset 5454 and "included patches for longDns".
    But this defect ticket was created after enhancement ticket #886 was
    closed as fixed, with updated versions of the patches pushed.

    Please repeat the test using changeset 5486:9a46e323a13f.

    I had a look at the traces and it seems to be a case of heap corruption.
    The backtrace may then not point to the root cause, since the heap corruption
    probably happened earlier.

    Jul 25 18:53:59.392368 osafimmnd [2285:ImmModel.cc:5087] T5 Childcount for (grand)parent LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLDaYGEEPn of deleted root
    FOREXISTINGPARENTRDN,LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
    LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL^@ps\210^K.......
    ....corrupted data ...

     
  • surender khetavath

    Re-ran on changeset 5491.still immnd crahes

    gdb:
    (gdb) bt

    0 std::_Rb_tree_increment(std::_Rb_tree_node_base*) ()

    at ../../../../../gcc-4.9.0/libstdc++-v3/src/c++98/tree.cc:84
    

    1 0x000000000046b209 in std::_Rb_tree_iterator<std::pair<std::string const,="" ObjectMutation*=""> >::operator++()

    () at /usr/include/c++/4.9.0/bits/stl_tree.h:203
    

    2 0x000000000043c35d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int,="" std::allocator<unsigned="" int=""> >&) () at ImmModel.cc:5195

    3 0x000000000042da16 in immModel_ccbCommit () at ImmModel.cc:1259

    4 0x0000000000418ea2 in immnd_evt_proc_ccb_apply ()

    5 0x0000000000419a73 in immnd_evt_proc_fevs_dispatch ()

    6 0x000000000041c3a7 in immnd_evt_proc_fevs_rcv ()

    7 0x0000000000406611 in immnd_process_evt ()

    8 0x000000000041fce6 in main ()

     
  • Neelakanta Reddy

    unable to reproduce the problem from the above given steps:

    Attaching the logs.

    when the creation of long dn object is rejected the immnd traces is showing junk for the below line:

    Aug 1 17:47:55.174829 osafimmnd [6981:ImmModel.cc:5546] T2 Childcount for (grand)parenttEstAttr=0 of aborted create obj3,LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL^@^@<9d>E^B^@^@^@^@^@<80>Ý^@^@<80>©-+^C^@^@^@^@^@^@Ð^FP^B^@^@^@^@<80>OèÔÿ^?^@^@@JA^B^@^@^@^@ <88>Ý1T^?^@^@8<88>Ý1T^?^@^@^@<9d>E^B^@^@^@^@+7^B2T^?^@^@^@<9d>E^B^@^@^@^@0^@^@^@0^@^@^@¨NèÔÿ^?^@^@àMèÔÿ^?^@^@^@^@^@^@^@^@^@^@<98><89>E^B^@^@^@^@ uE^B^@^@^@^@è^FP^B^@^@^@^@^H^PS^B^@^@^@^@h^SS^B^@^@^@^@^H^PS^B^@^@^@^@X÷·1T^?^@^@^POèÔÿ^?^@^@^R^C^@^@^@^@^@^@Ð^FP^B^@^@^@^@^POèÔÿ^?^@^@@JA^B^@^@^@^@^R7B^@^@^@^@^@ÐHH^B^@^@^@^@<98>ûO^B^@^@^@^@@JA^B^@^@^@^@+JE^@^@^@^@^@<98><89>E^B^@^@^@^@ÐHH^B^@^@^@^@<80>OèÔÿ^?^@^@Ð^FP^B^@^@^@^@<80>OèÔÿ^?^@^@<9b>$C^@^@^@^@^@^B^@^@^@^@^@^@^@/$C^@^@^@^@^@ OèÔÿ^?^@^@^OOèÔÿ^?^@^@ÈHH^B^@^@^@^@<80>öO^B^@^@^@^@<80>ûO^B^@^@^@^@^XOèÔÿ^?^@^@^@^@^@^@^M^@^@^@0öO^B^@^@^@^@^POèÔÿ^?^@^@À>F^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^H^PS^B^@^@^@^@PõO^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@(OèÔÿ^?^@^@(OèÔÿ^?^@^@^@^@^@^@^@^@^@^@ill pend^@SèÔÿ^?^@^@^O^A^B^@[^A^@^@^A^@^@^@^@^@^@^@^O^A^B^@[^A^@^@^M È6^O^A^B^@À}i^@^@^@^@^@ÌEA^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@à9^Uæ^@^@^@<80F(2T^?^@^@P^^@^@^@^@^@^@^@^@^@^@^A^@^@^@^O^A^B^@[^A^@^@`^^@^@^@^@^@^@^@<80>Ý^@^@<80>©-À}i^@^@^@^@^@ðRèÔÿ^?^@^@^@^@^@^@^@^@

    I modified IMMND and tried to print the dn in the below line the trace is showing output correctly:

    Added the following trace in IMMmodel.cc :

    TRACE_2("Childcount for (grand)parent %s of aborted create %s "
    "decremented to %u", gpDn.c_str(), dn.c_str(),
    grandParent->mChildCount);
    TRACE_2("Aborting Create for object %s ", dn.c_str());

    Aug 1 17:47:55.174840 osafimmnd [6981:ImmModel.cc:5547] T2 Aborting Create for object objtEstAttr=0

    There is some problem with handling of trace.

     
  • Neelakanta Reddy

    In the output function the length of the variable "log_string" is only 1024 bytes, this has to be increased for proper logging.
    output(const char file, unsigned int line, int priority, int category, const char format, va_list ap)
    {
    int i;
    struct timeval tv;
    char preamble[512];
    char log_string[1024];

     
  • Neelakanta Reddy

    Unable to reproduce with changeset 5535.
    Attaching the logs.
    The only problem to be fixed in this ticket is increasing the log_string[1024] array to a longdn suitable value, which is used in LOG_WA, TRACE, LOG_ERR. Moving this ticket to minor.

     
  • Neelakanta Reddy

    • Priority: critical --> minor
     
  • Anders Widell

    Anders Widell - 2014-08-15
    • Milestone: 4.5.FC --> 4.5.0
     
  • Anders Bjornerstedt

    • status: unassigned --> not-reproducible
     
  • Anders Bjornerstedt

    Closing this one as not reproducible.
    Reopen if it is reproduced.

     
  • Neelakanta Reddy

    • status: not-reproducible --> unassigned
     
  • Neelakanta Reddy

    Tried to create a object :

    immcfg -c TestClass1 -a attr1=ABCD testClass

    IMMND went for reboot.

    when The below trace is commented IMMND does not go for reboot and object got successfully created.
    case IMM_CREATE:
    if(ccbId != 1) {
    //TRACE_5("COMMITING CREATE of %s", omit->first.c_str());
    }

    Class definition:

    <class name="TestClass1">
        <category>SA_CONFIG</category>
        <rdn>
            <name>testClass1</name>
            <type>SA_NAME_T</type>
            <category>SA_CONFIG</category>
            <flag>SA_INITIALIZED</flag>
        </rdn>
                <attr>
                        <name>attr1</name>
                        <type>SA_NAME_T</type>
                        <category>SA_CONFIG</category>
                        <flag>SA_INITIALIZED</flag>
                        <flag>SA_WRITABLE</flag>
            <flag>SA_MULTI_VALUE</flag>
                </attr>
    </class>
    
     
  • Anders Bjornerstedt

    • summary: IMM: immnd crashed while committing ccbDelete operation --> logtrace: immnd crashed while committing ccbDelete operation
    • Component: imm --> base
     
  • Anders Bjornerstedt

    The latest information reported by Neel indicates that the problem
    is in logtrace.

     
  • Mathi Naickan

    Mathi Naickan - 2014-09-03
    • status: unassigned --> accepted
     
  • Mathi Naickan

    Mathi Naickan - 2014-09-03
    • Priority: minor --> major
     
  • Anders Bjornerstedt

    • status: accepted --> unassigned
     
  • Anders Bjornerstedt

    Ticket can not be in state 'accepted' with no owner.

     
  • Anders Bjornerstedt

    • status: unassigned --> accepted
    • assigned_to: Mathi Naickan
     
  • Mathi Naickan

    Mathi Naickan - 2014-09-05

    We should support printing of messages of length > 1024 to support longDNs.
    It also needs to be explored if we can, at startup, determine the machine's limit for syslog message length.

    If this 'limit' is < length of the message, we could truncate it at 'limit -' bytes and end it with a 'T' character!

     
  • Mathi Naickan

    Mathi Naickan - 2014-09-05
    • summary: logtrace: immnd crashed while committing ccbDelete operation --> logtrace: increase max message length of 1024 bytes for trace, syslog (and make it configurable) for printing longDN
     
    • Anders Bjornerstedt

      That sounds like an enhancement.

      This is a defect ticket where the problem pointed to is that IMMND crashes.
      The logtrace function is implemented so that it should truncate any
      message that is too long.
      The question is why this truncation is not working correctly - apparently.

      /AndersBj

      Mathi Naickan wrote:

      • summary: logtrace: immnd crashed while committing ccbDelete operation --> logtrace: increase max message length of 1024 bytes for trace, syslog (and make it configurable) for printing longDN
      • Comment:

      We should support printing of messages of length > 1024 to support longDNs.
      It also needs to be explored if we can, at startup, determine the machine's limit for syslog message length.

      If this 'limit' is < length of the message, we could truncate it at 'limit -' bytes and end it with a 'T' character!

       
      • Mathi Naickan

        Mathi Naickan - 2014-09-05

        Hmm, then we need to re-understand and gather more evidence whether the problem is with logtrace or somewhere else!

         
        • Anders Bjornerstedt

          Yes,

          I think your suggestion of supporting the logging/tracing of long DNs makes sense and we probably have to
          treat that as a defect also, to get it in to 4.5 since 4.5 FC has already been set.
          But it is then a different defect.

          We also need to figure out (in principle at least) why this crash occurs.
          At least if it is easy to reproduce.

          There are other defect tickets related to strange crashes of the IMMND like #1043
          indicating that we probably have some heap or stack overwrite somewhere.
          The problem seems introduced in 4.5 and these crashes occured when not testing any long DN as I understand it.

          /AndersBj


          From: Mathi Naickan [mailto:mathi-naickan@users.sf.net]
          Sent: den 5 september 2014 10:41
          To: [opensaf:tickets]
          Subject: [opensaf:tickets] Re: #970 logtrace: increase max message length of 1024 bytes for trace, syslog (and make it configurable) for printing longDN

          Hmm, then we need to re-understand and gather more evidence whether the problem is with logtrace or somewhere else!


          [tickets:#970]http://sourceforge.net/p/opensaf/tickets/970 logtrace: increase max message length of 1024 bytes for trace, syslog (and make it configurable) for printing longDN

          Status: accepted
          Milestone: 4.5.0
          Created: Fri Jul 25, 2014 01:38 PM UTC by surender khetavath
          Last Updated: Fri Sep 05, 2014 08:13 AM UTC
          Owner: Mathi Naickan

          gcc 4.9
          setup : 1 controller
          changeset : 5454 and included patches for longDns
          Test:
          1) Create a object A with longDN value
          2) Create a object B(not longDn) with parent A ie [B,A]
          3) Delete the object created in step 2 ie [B,A]

          Logs attached.full bt attached with the logs tar.
          IMMND log time stamp
          Jul 25 18:53:59.392355 osafimmnd [2285:ImmModel.cc:5069]

          GDB output:

          (gdb) bt

          0 std::_Rb_tree_increment(std::_Rb_tree_node_base*) ()

          at ../../../../../gcc-4.9.0/libstdc++-v3/src/c++98/tree.cc:84

          1 0x000000000046a58f in std::_Rb_tree_iterator<std::pair<std::string const,="" ObjectMutation*=""> >::operator++()

          () at /usr/include/c++/4.9.0/bits/stl_tree.h:203

          2 0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int,="" std::allocator<unsigned="" int=""> >&) () at ImmModel.cc:5154
          3 0x000000000042d95e in immModel_ccbCommit () at ImmModel.cc:1254
          4 0x0000000000418da9 in immnd_evt_proc_ccb_apply ()
          5 0x0000000000419974 in immnd_evt_proc_fevs_dispatch ()
          6 0x000000000041c2a8 in immnd_evt_proc_fevs_rcv ()
          7 0x00000000004065f9 in immnd_process_evt ()
          8 0x000000000041fbba in main ()

          (gdb) fr 2

          2 0x000000000043c10d in ImmModel::ccbCommit(unsigned int, std::vector<unsigned int,="" std::allocator<unsigned="" int=""> >&) () at ImmModel.cc:5154

          warning: Source file is more recent than executable.
          5154 for(omit=ccb->mMutations.begin(); omit!=ccb->mMutations.end(); ++omit){
          (gdb) l
          5149 }
          5150 ccb->mWaitStartTime = 0;
          5151
          5152 //Do the actual commit!
          5153 ObjectMutationMap::iterator omit;
          5154 for(omit=ccb->mMutations.begin(); omit!=ccb->mMutations.end(); ++omit){
          5155 ccbNotEmpty=true;
          5156 ObjectMutation* omut = omit->second;
          5157 osafassert(!omut->mWaitForImplAck);
          5158 switch(omut->mOpType){


          Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/opensaf/tickets/970/https://sourceforge.net/p/opensaf/tickets/970

          To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/https://sourceforge.net/auth/subscriptions

           

          Related

          Tickets: #970

  • Neelakanta Reddy

    I tried to reproduce, this time IMMND is not restarted, but the IMMND trace is
    printing garbage.

    immcfg -c TestClass1 -a attr1=ABCD attr

    immnd trace contains:

    Sep 5 17:07:54.169860 osafimmnd [5334:ImmModel.cc:5312] T5 COMMITING CREATE of attrïM;ÿ^?^@^@^@:Å^@^@`ïf<90>ïM;ÿ^?^@^@0 «^@^@^@^@^@<80>^^­^@^@^@^@^@^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@Ð^^­^@^@^@^@^@ ¤­^@^@^@^@^@[<9d>³<87>Õ^?^@^@ÀíM;ÿ^?^@^@(^@^@^@0^@^@^@ðìM;ÿ^?^@^@0ìM;ÿ^?^@^@^@íM;ÿ^?^@^@@ìM;ÿ^?^@^@PìM;ÿ^?^@^@<80>^^­^@

     
1 2 > >> (Page 1 of 2)

Log in to post a comment.