rbd bench-write will crash if "--io-size" is 4G
# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo *** Caught signal (Segmentation fault) ** in thread 7f62db958480 thread_name:rbd *** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 *** Segmentation fault (core dumped)
#2 Updated by Gaurav Garg 10 months ago
- Status changed from New to In Progress
root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.
#3 Updated by Gaurav Garg 10 months ago
problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.
solution of this problem is that either we need to change it unsigned to unsigned long
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295
@Jason Dillaman thoughts ?