Project

General

Profile

Actions
Copy link

Bug #38023

closed

segv on FileJournal::prepare_entry in bufferlist

Added by Sage Weil over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Radoslaw Zarzynski
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

  -314> 2019-01-23 03:56:31.338 7f4159f6e700  5 filestore(/var/lib/ceph/osd/ceph-2) queue_transactions(2291): osr 0x55d66cbbda40 osr(5.11s1_head)
  -313> 2019-01-23 03:56:31.338 7f4159f6e700 10 journal prepare_entry [Transaction(0x55d66fc6be40)]


(gdb) bt
#0  0x00007f418376559b in raise () from /lib64/libpthread.so.0
#1  0x000055d65ff12855 in reraise_fatal (signum=11) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/global/signal_handler.cc:81
#2  handle_fatal_signal (signum=11) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/global/signal_handler.cc:298
#3  <signal handler called>
#4  0x000055d6605cec7b in crc32_iscsi_00 ()
#5  0x0000000000000ffb in ?? ()
#6  0x6d68636e65623ad5 in ?? ()
#7  0x000055d6605cec1b in ceph_crc32c_intel_fast (crc=<optimized out>, buffer=0x6d68636e65623ad5 <Address 0x6d68636e65623ad5 out of bounds>, len=<optimized out>)
    at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/common/crc32c_intel_fast.c:28
#8  0x000055d66010fdb4 in ceph_crc32c (length=<optimized out>, data=<optimized out>, crc=2301157715) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/include/crc32c.h:50
#9  ceph::buffer::list::crc32c (this=this@entry=0x7f4159f6afe0, crc=2301157715, crc@entry=0) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/common/buffer.cc:1944
#10 0x000055d65fe8cc90 in FileJournal::prepare_entry (this=0x55d66b2f4c00, tls=std::vector of length 1, capacity 1 = {...}, tbl=0x7f4159f6b170)
    at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/os/filestore/FileJournal.cc:1563
#11 0x000055d65fcf0f66 in FileStore::queue_transactions (this=0x55d66b230000, ch=..., tls=std::vector of length 0, capacity 0, osd_op=..., handle=0x0)
    at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/os/filestore/FileStore.cc:2304
#12 0x000055d65f9cbe02 in ObjectStore::queue_transaction(boost::intrusive_ptr<ObjectStore::CollectionImpl>&, ObjectStore::Transaction&&, boost::intrusive_ptr<TrackedOp>, ThreadPool::TPHandle*) (this=0x55d66b230000, 
    ch=..., t=<optimized out>, op=..., handle=0x0) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/os/ObjectStore.h:1448
#13 0x000055d65fb4d48f in non-virtual thunk to PrimaryLogPG::queue_transaction(ObjectStore::Transaction&&, boost::intrusive_ptr<OpRequest>) ()
#14 0x000055d65fc6ceb1 in ECBackend::dispatch_recovery_messages (this=this@entry=0x55d672b3ac00, m=..., priority=priority@entry=127) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/ECBackend.cc:547
#15 0x000055d65fc7f254 in ECBackend::_handle_message (this=0x55d672b3ac00, _op=...) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/ECBackend.cc:828
#16 0x000055d65fb5d1e7 in PGBackend::handle_message (this=<optimized out>, op=...) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/PGBackend.cc:114
#17 0x000055d65fb09c25 in PrimaryLogPG::do_request (this=0x55d67658e000, op=..., handle=...) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/PrimaryLogPG.cc:1848
#18 0x000055d65f950009 in OSD::dequeue_op (this=this@entry=0x55d66b3d2000, pg=..., op=..., handle=...) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/OSD.cc:9629
#19 0x000055d65fbdfe12 in PGOpItem::run (this=<optimized out>, osd=0x55d66b3d2000, sdata=<optimized out>, pg=..., handle=...) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/OpQueueItem.cc:24
#20 0x000055d65f96cabc in run (handle=..., pg=..., sdata=<optimized out>, osd=<optimized out>, this=0x7f4159f6b8b0) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/OpQueueItem.h:134
#21 OSD::ShardedOpWQ::_process (this=0x55d66b3d3000, thread_index=<optimized out>, hb=<optimized out>) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/osd/OSD.cc:10804
#22 0x000055d65ff67ce3 in ShardedThreadPool::shardedthreadpool_worker (this=0x55d66b3d29f8, thread_index=<optimized out>) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/common/WorkQueue.cc:311
#23 0x000055d65ff6ad80 in ShardedThreadPool::WorkThreadSharded::entry (this=<optimized out>) at /usr/src/debug/ceph-14.0.1-2862-gd4c4082/src/common/WorkQueue.h:699
#24 0x00007f418375de25 in start_thread () from /lib64/libpthread.so.0
#25 0x00007f4182626bad in clone () from /lib64/libc.so.6

/a/nojha-2019-01-23_02:37:14-rados:thrash-erasure-code-master-distro-basic-smithi/3494088

Related issues 2 (0 open2 closed)

Related to RADOS - Bug #37910: segv during crc of incoming message frontResolvedRadoslaw Zarzynski01/14/2019

Actions
Related to RADOS - Bug #38024: segv, heap corruption in ec encode_and_writeResolvedRadoslaw Zarzynski01/23/2019

Actions
Actions
Copy link

Also available in: Atom PDF