| Summary: | Server Segfault | ||
|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | Gururaj K <guru> |
| Component: | protocol | Assignee: | Basavanagowda Kanur <gowda> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 2.0.0 | CC: | amarts, gluster-bugs, vikas |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
patch submitted http://patches.gluster.com/patch/614/ The behavior is seen because a new glusterfs (2.0.0git - master branch), tried to connect to 2.0.0 glusterfs server. *** Bug 32 has been marked as a duplicate of this bug. *** events that caused the segfault: 1. client failed to connect to server, because of auth failure. 2. client wanted to log the same, central logging mechanism in client (git mainline - newer version than server) sent a GF_MOP_LOG operation to server. 3. gf_mops[GF_MOP_LOG] is out of the bounds of the array gf_mops. but immediately after gf_mops array, there is gf_cbks array. first element of gf_cbks array is server_forget (gf_mops[GF_MOP_LOG] == gf_cbks[0]). 4. the expectations of an fop, mop & cbk are different and hence the crash. moral: input validation is important. :) -- Gowda |
# gdb GlusterFSD core.15541 .. .. #0 server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770 3770 inode = inode_search (bound_xl->itable, ino, NULL); (gdb) bt #0 server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770 #1 0x00007f7b1ee2db3a in protocol_server_pollin (this=0xae7470, trans=0xbbca40) at server-protocol.c:8211 #2 0x00007f7b1ee2dbcb in notify (this=0xae7470, event=<value optimized out>, data=0x5b32303000000000) at server-protocol.c:8267 #3 0x00007f7b1e41fc10 in socket_event_handler (fd=<value optimized out>, idx=48, data=0xbbca40, poll_in=1, poll_out=0, poll_err=0) at socket.c:812 #4 0x00007f7b203fe28f in event_dispatch_epoll (event_pool=0xae1690) at event.c:804 #5 0x0000000000403b71 in main (argc=1, argv=0x7fff28828fc8) at glusterfsd.c:1154 (gdb) fr 0 #0 server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770 3770 inode = inode_search (bound_xl->itable, ino, NULL); (gdb) l 3765 ino = ntoh64 (req->ino_array[index]); 3766 3767 if (!ino) 3768 continue; 3769 3770 inode = inode_search (bound_xl->itable, ino, NULL); 3771 3772 if (inode) { 3773 inode_forget (inode, 0); 3774 inode_unref (inode); (gdb) p bound_xl $1 = (xlator_t *) 0x0