Ceph

Build the attached program with something like:

$ gcc -o test_rados ./test_rados.c -lrados

...then run it against an object in an existing pool. Pass it any old object name (it doesn't matter if it exists). I see consistent segfaults:

(gdb) bt
#0  librados::IoCtxImpl::operate_read (this=this@entry=0x7fffffffd978, oid=..., o=o@entry=0x72f9b0, pbl=pbl@entry=0x0, flags=0)
    at /usr/src/debug/ceph-13.0.1-2356.gf2b88f364515.fc27.x86_64/src/librados/IoCtxImpl.cc:750
#1  0x00007ffff7adb48f in rados_read_op_operate (read_op=0x72f9b0, io=0x7fffffffd978, oid=0x7fffffffde33 "foo", flags=0) at /usr/src/debug/ceph-13.0.1-2356.gf2b88f364515.fc27.x86_64/src/librados/librados.cc:6247
#2  0x0000000000400b6d in main ()
(gdb) list
745      version_t ver;
746    
747      Context *onack = new C_SafeCond(&mylock, &cond, &done, &r);
748    
749      int op = o->ops[0].op.op;
750      ldout(client->cct, 10) << ceph_osd_op_name(op) << " oid=" << oid << " nspace=" << oloc.nspace << dendl;
751      Objecter::Op *objecter_op = objecter->prepare_read_op(oid, oloc,
752                                              *o, snap_seq, pbl, flags,
753                                              onack, &ver);
754      objecter->op_submit(objecter_op);
(gdb) p oloc
$1 = {pool = 140737354129712, key = "\004", nspace = <error: Cannot access memory at address 0x395de2c042aa3930>, hash = 0}

Looks like it's dying because oloc.nspace was bogus.

It's possible I'm doing something wrong here, but I'm seeing other, similar problems in ganesha. I first noticed this with my own hand-built librados packages (based on a relatively recent master branch), but I seem to get the same results with the packages in the Fedora 27 and CentOS7 repos as well.