| Summary: | Segmentation fault in stat-prefetch. | ||
|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | Raghavendra G <raghavendra> |
| Component: | stat-prefetch | Assignee: | Raghavendra G <raghavendra> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | mainline | CC: | anush, vijay |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Isn't this the same as 404? PATCH: http://patches.gluster.com/patch/2357 in master (performance/stat-prefetch: don't free the cache in readdir if the offset is not the expected one.) PATCH: http://patches.gluster.com/patch/2358 in master (performance/stat-prefetch: remove lock member in sp_fd_ctx_t.) PATCH: http://patches.gluster.com/patch/2359 in master (performance/stat-prefetch: Add refcounting to cache objects) PATCH: http://patches.gluster.com/patch/2364 in release-2.0 (performance/stat-prefetch: don't free the cache in readdir if the offset is not the expected one.) PATCH: http://patches.gluster.com/patch/2365 in release-2.0 (performance/stat-prefetch: remove lock member in sp_fd_ctx_t.) PATCH: http://patches.gluster.com/patch/2366 in release-2.0 (performance/stat-prefetch: Add refcounting to cache objects) |
Bactrace: ======== (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00002aaaaad001f9 in rbthash_key_bucket (tbl=0x2aaab4038270, key=0x71febf, keylen=12) at rbthash.c:272 #2 0x00002aaaaad00324 in rbthash_get (tbl=0x2aaab4038270, key=0x71febf, keylen=12) at rbthash.c:291 #3 0x00002aaaac5a3cae in sp_cache_get_entry (cache=0x2aaab430cd30, name=0x71febf "FASTENER.MDB", entry=0x41400fa0) at stat-prefetch.c:204 #4 0x00002aaaac5a4f17 in sp_lookup (frame=0x66de50, this=0x612070, loc=0x7f4578, xattr_req=0x6654a0) at stat-prefetch.c:789 #5 0x00002aaaac7bc17a in fuse_forget (req=0x2aaaac7bbdb7, ino=6741584, nlookup=6365296) at fuse-bridge.c:464 #6 0x00002aaaac7c5581 in fuse_thread_proc (data=0x612900) at fuse-bridge.c:2531 #7 0x00002aaaab144367 in start_thread () from /lib64/libpthread.so.0 #8 0x00002aaaab42cf7d in clone () from /lib64/libc.so.6 (gdb) info thr 3 process 12491 0x00002aaaab42d368 in epoll_wait () from /lib64/libc.so.6 2 process 12492 0x00002aaaab3f3761 in nanosleep () from /lib64/libc.so.6 * 1 process 12496 0x0000000000000000 in ?? () (gdb) f 3 #3 0x00002aaaac5a3cae in sp_cache_get_entry (cache=0x2aaab430cd30, name=0x71febf "FASTENER.MDB", entry=0x41400fa0) at stat-prefetch.c:204 204 tmp = rbthash_get (cache->table, name, strlen (name)); (gdb) p *cache $12 = {table = 0x2aaab4038270, expected_offset = 0, lock = 0, miss = 0, hits = 0} (gdb) p *cache->table $13 = {size = 0, numbuckets = 0, entrypool = 0x35, tablelock = 0, buckets = 0x2400000004000000, hashfunc = 0, dfunc = 0} The cache being used here is already freed. This might've got freed in sp_readdir - sp_readdir frees the cache if the directory is not read at continuous offsets. As a fix, sp_readdir should not free the cache. Instead, it can remove all the entries from cache and it will server the same purpose. A foolproof fix should keep reference counts on cache and it should be freed only reference count hits zero.