Project

General

Profile

Actions
Copy link

Bug #18422

closed

rbd bench-write will crash if "--io-size" is 4G

Added by Jason Dillaman over 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Gaurav Garg
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
kraken,jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo
*** Caught signal (Segmentation fault) **
 in thread 7f62db958480 thread_name:rbd
*** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 ***
Segmentation fault (core dumped)

Related issues 2 (0 open2 closed)

Copied to rbd - Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4GResolvedNathan CutlerActions
Copied to rbd - Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4GResolvedNathan CutlerActions
Actions
Copy link
 #1

Updated by Gaurav Garg over 7 years ago

  • Assignee set to Gaurav Garg
Actions
Copy link
 #2

Updated by Gaurav Garg over 7 years ago

  • Status changed from New to In Progress

root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.

Actions
Copy link
 #3

Updated by Gaurav Garg over 7 years ago

problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.

solution of this problem is that either we need to change it unsigned to unsigned long
or
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295

@Jason Borden Dillaman thoughts ?

Actions
Copy link
 #4

Updated by Jason Dillaman over 7 years ago

@Gaurav: just validate the io-size to ensure that it is <= 4G and exit w/ an error otherwise.

Actions
Copy link
 #5

Updated by Gaurav Garg over 7 years ago

@Jason Borden, thank you :)

I will do it.

Actions
Copy link
 #6

Updated by Gaurav Garg over 7 years ago

  • Status changed from In Progress to Fix Under Review
Actions
Copy link
 #7

Updated by Jason Dillaman over 7 years ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport set to kraken,jewel
Actions
Copy link
 #8

Updated by Nathan Cutler over 7 years ago

  • Copied to Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G added
Actions
Copy link
 #9

Updated by Nathan Cutler over 7 years ago

  • Copied to Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G added
Actions
Copy link
 #10

Updated by Nathan Cutler about 7 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF