Project

General

Profile

Bug #17636

MDS crash on creating: interval_set<inodeno_t> segfaults with new encoding

Added by John Spray about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
-
Category:
Correctness/Safety
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

The map bound_encode method does this:

  bound_encode(const std::map<A,B>& v, size_t& p) {
    denc((uint32_t)v.size(), p);
    size_t elem_size = 0;
    denc(*(A*)nullptr, elem_size);
    denc(*(B*)nullptr, elem_size);
    p += v.size() * elem_size;
  }

But the inodeno_t traits class does this:

  static void bound_encode(const inodeno_t o, size_t& p) {
    denc(o.val, p);
  }

So dereferencing the val member of o causes the segfault.

History

#1 Updated by John Spray about 6 years ago

Should also note that the backtraces are like:

Starting program: /home/jspray/git/ceph/build/bin/ceph-dencoder type InoTable select_test 1 encode
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.21-13.fc22.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x0000555556c92074 in denc<inodeno_t, denc_traits<inodeno_t, void> > (o=..., p=@0x7fffffffbff0: 0, f=0) at /home/jspray/git/ceph/src/include/denc.h:458
458      traits::bound_encode(o, p);
Missing separate debuginfos, use: dnf debuginfo-install boost-date-time-1.57.0-6.fc22.x86_64 boost-iostreams-1.57.0-6.fc22.x86_64 boost-program-options-1.57.0-6.fc22.x86_64 boost-random-1.57.0-6.fc22.x86_64 boost-regex-1.57.0-6.fc22.x86_64 boost-system-1.57.0-6.fc22.x86_64 boost-thread-1.57.0-6.fc22.x86_64 bzip2-libs-1.0.6-14.fc22.x86_64 cyrus-sasl-lib-2.1.26-23.fc22.x86_64 elfutils-libelf-0.166-1.fc22.x86_64 elfutils-libs-0.166-1.fc22.x86_64 expat-2.1.1-2.fc22.x86_64 fuse-libs-2.9.4-3.fc22.x86_64 gperftools-libs-2.4-1.fc22.x86_64 keyutils-libs-1.5.9-4.fc22.x86_64 krb5-libs-1.13.2-15.fc22.x86_64 leveldb-1.12.0-6.fc21.x86_64 libaio-0.3.110-4.fc22.x86_64 libatomic_ops-7.4.2-9.fc22.x86_64 libattr-2.4.47-10.fc22.x86_64 libblkid-2.26.2-4.fc22.x86_64 libcap-2.24-7.fc22.x86_64 libcom_err-1.42.12-4.fc22.x86_64 libcurl-7.40.0-8.fc22.x86_64 libgcc-5.3.1-6.fc22.x86_64 libicu-54.1-4.fc22.x86_64 libidn-1.32-1.fc22.x86_64 libselinux-2.3-10.fc22.x86_64 libssh2-1.5.0-2.fc22.x86_64 libstdc++-5.3.1-6.fc22.x86_64 libunwind-1.1-10.fc22.x86_64 libuuid-2.26.2-4.fc22.x86_64 nspr-4.12.0-1.fc22.x86_64 nss-3.23.0-1.0.fc22.x86_64 nss-softokn-freebl-3.23.0-1.0.fc22.x86_64 nss-util-3.23.0-1.0.fc22.x86_64 openldap-2.4.40-12.fc22.x86_64 openssl-libs-1.0.1k-15.fc22.x86_64 pcre-8.39-2.fc22.x86_64 snappy-1.1.1-3.fc22.x86_64 systemd-libs-219-27.fc22.x86_64 xz-libs-5.2.0-2.fc22.x86_64 zlib-1.2.8-7.fc22.x86_64
(gdb) bt
#0  0x0000555556c92074 in denc<inodeno_t, denc_traits<inodeno_t, void> > (o=..., p=@0x7fffffffbff0: 0, f=0) at /home/jspray/git/ceph/src/include/denc.h:458
#1  0x0000555556f2425c in denc_traits<std::map<inodeno_t, inodeno_t, std::less<inodeno_t>, std::allocator<std::pair<inodeno_t const, inodeno_t> > >, void>::bound_encode<inodeno_t> (v=std::map with 0 elements, 
    p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/denc.h:984
#2  0x0000555556f1779b in interval_set<inodeno_t>::bound_encode (this=0x555560c08348, p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/interval_set.h:242
#3  0x0000555556f0abc7 in denc_traits<interval_set<inodeno_t>, void>::bound_encode (v=..., p=@0x7fffffffc078: 4) at /home/jspray/git/ceph/src/include/interval_set.h:560
#4  0x0000555556f0063d in encode<interval_set<inodeno_t>, denc_traits<interval_set<inodeno_t>, void> > (o=..., bl=..., features_unused=0) at /home/jspray/git/ceph/src/include/denc.h:1124
#5  0x00005555571bb363 in InoTable::encode_state (this=0x555560c082d0, bl=...) at /home/jspray/git/ceph/src/mds/InoTable.h:50
#6  0x0000555556bb0698 in InoTable::encode (this=0x555560c082d0, bl=...) at /home/jspray/git/ceph/src/mds/InoTable.h:63
#7  0x0000555556bb06f4 in encode (c=..., bl=..., features=0) at /home/jspray/git/ceph/src/mds/InoTable.h:110
#8  0x0000555556daa320 in DencoderImplNoFeatureNoCopy<InoTable>::encode (this=0x555560c35170, out=..., features=5764607522763702271) at /home/jspray/git/ceph/src/test/encoding/ceph_dencoder.cc:163
#9  0x0000555556b82ff1 in main (argc=6, argv=0x7fffffffdde8) at /home/jspray/git/ceph/src/test/encoding/ceph_dencoder.cc:380

#2 Updated by John Spray about 6 years ago

  • Status changed from New to Fix Under Review

#3 Updated by Kefu Chai about 6 years ago

  • Status changed from Fix Under Review to Resolved

Also available in: Atom PDF