rbd bench-write will crash if "--io-size" is 4G
# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo *** Caught signal (Segmentation fault) ** in thread 7f62db958480 thread_name:rbd *** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 *** Segmentation fault (core dumped)
#2 Updated by Gaurav Garg about 2 years ago
- Status changed from New to In Progress
root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.
#3 Updated by Gaurav Garg about 2 years ago
problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.
solution of this problem is that either we need to change it unsigned to unsigned long
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295
@Jason Dillaman thoughts ?