Bug #17636
MDS crash on creating: interval_set<inodeno_t> segfaults with new encoding
Status:
Resolved
Priority:
Immediate
Assignee:
-
Category:
Correctness/Safety
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
The map bound_encode method does this:
bound_encode(const std::map<A,B>& v, size_t& p) { denc((uint32_t)v.size(), p); size_t elem_size = 0; denc(*(A*)nullptr, elem_size); denc(*(B*)nullptr, elem_size); p += v.size() * elem_size; }
But the inodeno_t traits class does this:
static void bound_encode(const inodeno_t o, size_t& p) { denc(o.val, p); }
So dereferencing the val member of o causes the segfault.
History
#1 Updated by John Spray over 7 years ago
Should also note that the backtraces are like:
Starting program: /home/jspray/git/ceph/build/bin/ceph-dencoder type InoTable select_test 1 encode Missing separate debuginfos, use: dnf debuginfo-install glibc-2.21-13.fc22.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x0000555556c92074 in denc<inodeno_t, denc_traits<inodeno_t, void> > (o=..., p=@0x7fffffffbff0: 0, f=0) at /home/jspray/git/ceph/src/include/denc.h:458 458 traits::bound_encode(o, p); Missing separate debuginfos, use: dnf debuginfo-install boost-date-time-1.57.0-6.fc22.x86_64 boost-iostreams-1.57.0-6.fc22.x86_64 boost-program-options-1.57.0-6.fc22.x86_64 boost-random-1.57.0-6.fc22.x86_64 boost-regex-1.57.0-6.fc22.x86_64 boost-system-1.57.0-6.fc22.x86_64 boost-thread-1.57.0-6.fc22.x86_64 bzip2-libs-1.0.6-14.fc22.x86_64 cyrus-sasl-lib-2.1.26-23.fc22.x86_64 elfutils-libelf-0.166-1.fc22.x86_64 elfutils-libs-0.166-1.fc22.x86_64 expat-2.1.1-2.fc22.x86_64 fuse-libs-2.9.4-3.fc22.x86_64 gperftools-libs-2.4-1.fc22.x86_64 keyutils-libs-1.5.9-4.fc22.x86_64 krb5-libs-1.13.2-15.fc22.x86_64 leveldb-1.12.0-6.fc21.x86_64 libaio-0.3.110-4.fc22.x86_64 libatomic_ops-7.4.2-9.fc22.x86_64 libattr-2.4.47-10.fc22.x86_64 libblkid-2.26.2-4.fc22.x86_64 libcap-2.24-7.fc22.x86_64 libcom_err-1.42.12-4.fc22.x86_64 libcurl-7.40.0-8.fc22.x86_64 libgcc-5.3.1-6.fc22.x86_64 libicu-54.1-4.fc22.x86_64 libidn-1.32-1.fc22.x86_64 libselinux-2.3-10.fc22.x86_64 libssh2-1.5.0-2.fc22.x86_64 libstdc++-5.3.1-6.fc22.x86_64 libunwind-1.1-10.fc22.x86_64 libuuid-2.26.2-4.fc22.x86_64 nspr-4.12.0-1.fc22.x86_64 nss-3.23.0-1.0.fc22.x86_64 nss-softokn-freebl-3.23.0-1.0.fc22.x86_64 nss-util-3.23.0-1.0.fc22.x86_64 openldap-2.4.40-12.fc22.x86_64 openssl-libs-1.0.1k-15.fc22.x86_64 pcre-8.39-2.fc22.x86_64 snappy-1.1.1-3.fc22.x86_64 systemd-libs-219-27.fc22.x86_64 xz-libs-5.2.0-2.fc22.x86_64 zlib-1.2.8-7.fc22.x86_64 (gdb) bt #0 0x0000555556c92074 in denc<inodeno_t, denc_traits<inodeno_t, void> > (o=..., p=@0x7fffffffbff0: 0, f=0) at /home/jspray/git/ceph/src/include/denc.h:458 #1 0x0000555556f2425c in denc_traits<std::map<inodeno_t, inodeno_t, std::less<inodeno_t>, std::allocator<std::pair<inodeno_t const, inodeno_t> > >, void>::bound_encode<inodeno_t> (v=std::map with 0 elements, p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/denc.h:984 #2 0x0000555556f1779b in interval_set<inodeno_t>::bound_encode (this=0x555560c08348, p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/interval_set.h:242 #3 0x0000555556f0abc7 in denc_traits<interval_set<inodeno_t>, void>::bound_encode (v=..., p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/interval_set.h:560 #4 0x0000555556f0063d in encode<interval_set<inodeno_t>, denc_traits<interval_set<inodeno_t>, void> > (o=..., bl=..., features_unused=0) at /home/jspray/git/ceph/src/include/denc.h:1124 #5 0x00005555571bb363 in InoTable::encode_state (this=0x555560c082d0, bl=...) at /home/jspray/git/ceph/src/mds/InoTable.h:50 #6 0x0000555556bb0698 in InoTable::encode (this=0x555560c082d0, bl=...) at /home/jspray/git/ceph/src/mds/InoTable.h:63 #7 0x0000555556bb06f4 in encode (c=..., bl=..., features=0) at /home/jspray/git/ceph/src/mds/InoTable.h:110 #8 0x0000555556daa320 in DencoderImplNoFeatureNoCopy<InoTable>::encode (this=0x555560c35170, out=..., features=5764607522763702271) at /home/jspray/git/ceph/src/test/encoding/ceph_dencoder.cc:163 #9 0x0000555556b82ff1 in main (argc=6, argv=0x7fffffffdde8) at /home/jspray/git/ceph/src/test/encoding/ceph_dencoder.cc:380
#2 Updated by John Spray over 7 years ago
- Status changed from New to Fix Under Review
#3 Updated by Kefu Chai over 7 years ago
- Status changed from Fix Under Review to Resolved