Bug 781424

Summary: [faf9099bb50d4d2c1a9fe8d3232d541b3f68bc58]: client crash because pointer to uuid got corrupted.
Product: [Community] GlusterFS Reporter: Rahul C S <rahulcs>
Component: quotaAssignee: Raghavendra G <rgowdapp>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 3.3-betaCC: gluster-bugs, vinaraya
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-26 09:46:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rahul C S 2012-01-13 11:52:25 UTC 
Description of problem:
Core was generated by `/usr/local/sbin/glusterfs --volfile-id=vol --volfile-server=dagobah mount/'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f6abf8033c8 in uuid_unpack (in=0x8 <Address 0x8 out of bounds>, uu=0x7fff90c419b0) at ../../../contrib/uuid/unpack.c:43
43		tmp = *ptr++;
(gdb) bt
#0  0x00007f6abf8033c8 in uuid_unpack (in=0x8 <Address 0x8 out of bounds>, uu=0x7fff90c419b0) at ../../../contrib/uuid/unpack.c:43
#1  0x00007f6abf802cfd in uuid_unparse_x (uu=0x8 <Address 0x8 out of bounds>, out=0x7f6ab401bf10 "8e8bcbda-3406-41aa-a0d6-2a969c8282b0", 
    fmt=0x7f6abf81f8e8 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x") at ../../../contrib/uuid/unparse.c:55
#2  0x00007f6abf802e32 in uuid_unparse (uu=0x8 <Address 0x8 out of bounds>, out=0x7f6ab401bf10 "8e8bcbda-3406-41aa-a0d6-2a969c8282b0")
    at ../../../contrib/uuid/unparse.c:75
#3  0x00007f6abf7d94ae in uuid_utoa (uuid=0x8 <Address 0x8 out of bounds>) at ../../../libglusterfs/src/common-utils.c:1645
#4  0x00007f6abb09eb6c in quota_validate_cbk (frame=0x7f6abddb1c84, cookie=0x7f6abddba640, this=0x125c920, op_ret=0, op_errno=0, dict=0x7f6aac023e90)
    at ../../../../../xlators/features/quota/src/quota.c:223
#5  0x00007f6abb2d6ce4 in dht_getxattr_cbk (frame=0x7f6abddba640, cookie=0x7f6abddb2bf8, this=0x125b630, op_ret=0, op_errno=0, xattr=0x7f6aac02d5f0)
    at ../../../../../xlators/cluster/dht/src/dht-common.c:1540
#6  0x00007f6abb5238fc in afr_getxattr_cbk (frame=0x7f6abddb2bf8, cookie=0x1, this=0x125aa20, op_ret=0, op_errno=0, dict=0x7f6aac02d5f0)
    at ../../../../../xlators/cluster/afr/src/afr-inode-read.c:619
#7  0x00007f6abb79cbf2 in client3_1_getxattr_cbk (req=0x7f6ab9be2990, iov=0x7f6ab9be29d0, count=1, myframe=0x7f6abddb564c)
    at ../../../../../xlators/protocol/client/src/client3_1-fops.c:901
#8  0x00007f6abf5a09c6 in rpc_clnt_handle_reply (clnt=0x126df00, pollin=0x7f6aac017990) at ../../../../rpc/rpc-lib/src/rpc-clnt.c:789
#9  0x00007f6abf5a0d28 in rpc_clnt_notify (trans=0x126e220, mydata=0x126df30, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x7f6aac017990)
    at ../../../../rpc/rpc-lib/src/rpc-clnt.c:908
#10 0x00007f6abf59ce3d in rpc_transport_notify (this=0x126e220, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x7f6aac017990)
    at ../../../../rpc/rpc-lib/src/rpc-transport.c:498
#11 0x00007f6abc401359 in socket_event_poll_in (this=0x126e220) at ../../../../../rpc/rpc-transport/socket/src/socket.c:1675
#12 0x00007f6abc4018cd in socket_event_handler (fd=13, idx=4, data=0x126e220, poll_in=1, poll_out=0, poll_err=0)
    at ../../../../../rpc/rpc-transport/socket/src/socket.c:1790
#13 0x00007f6abf7f354d in event_dispatch_epoll_handler (event_pool=0x124a2d0, events=0x124f9c0, i=0) at ../../../libglusterfs/src/event.c:794
#14 0x00007f6abf7f3767 in event_dispatch_epoll (event_pool=0x124a2d0) at ../../../libglusterfs/src/event.c:856
#15 0x00007f6abf7f3ad9 in event_dispatch (event_pool=0x124a2d0) at ../../../libglusterfs/src/event.c:956
#16 0x0000000000407d83 in main (argc=4, argv=0x7fff90c421a8) at ../../../glusterfsd/src/glusterfsd.c:1601
(gdb) f 4
#4  0x00007f6abb09eb6c in quota_validate_cbk (frame=0x7f6abddb1c84, cookie=0x7f6abddba640, this=0x125c920, op_ret=0, op_errno=0, dict=0x7f6aac023e90)
    at ../../../../../xlators/features/quota/src/quota.c:223
223	                gf_log (this->name, GF_LOG_WARNING,
(gdb) l
218	
219	        ret = inode_ctx_get (local->validate_loc.inode, this, &value);
220	
221	        ctx = (quota_inode_ctx_t *)(unsigned long)value;
222	        if ((ret == -1) || (ctx == NULL)) {
223	                gf_log (this->name, GF_LOG_WARNING,
224	                        "quota context is not present in inode (gfid:%s)",
225	                        uuid_utoa (local->validate_loc.inode->gfid));
226	                op_errno = EINVAL;
227	                goto unwind;
(gdb) p local->validate_loc.inode->gfid
$1 = '\000' <repeats 15 times>, "\001"
(gdb) p &local->validate_loc.inode->gfid
$2 = (uuid_t *) 0x7f6ab90b5054
(gdb) down
#3  0x00007f6abf7d94ae in uuid_utoa (uuid=0x8 <Address 0x8 out of bounds>) at ../../../libglusterfs/src/common-utils.c:1645
1645	        uuid_unparse (uuid, uuid_buffer);
(gdb) p &uuid
$3 = (unsigned char **) 0x7fff90c41a28
(gdb) p uuid
$4 = (unsigned char *) 0x8 <Address 0x8 out of bounds>
(gdb) up
#4  0x00007f6abb09eb6c in quota_validate_cbk (frame=0x7f6abddb1c84, cookie=0x7f6abddba640, this=0x125c920, op_ret=0, op_errno=0, dict=0x7f6aac023e90)
    at ../../../../../xlators/features/quota/src/quota.c:223
223	                gf_log (this->name, GF_LOG_WARNING,
(gdb) l
218	
219	        ret = inode_ctx_get (local->validate_loc.inode, this, &value);
220	
221	        ctx = (quota_inode_ctx_t *)(unsigned long)value;
222	        if ((ret == -1) || (ctx == NULL)) {
223	                gf_log (this->name, GF_LOG_WARNING,
224	                        "quota context is not present in inode (gfid:%s)",
225	                        uuid_utoa (local->validate_loc.inode->gfid));
226	                op_errno = EINVAL;
227	                goto unwind;
(gdb) p local
$5 = (quota_local_t *) 0x7f6ab401f290
(gdb) p *local
$6 = {lock = 1, validate_count = 2, link_count = 0, loc = {path = 0x0, name = 0x0, inode = 0x7f6ab90bce54, parent = 0x0, gfid = '\000' <repeats 15 times>, 
    pargfid = '\000' <repeats 15 times>}, oldloc = {path = 0x0, name = 0x0, inode = 0x0, parent = 0x0, gfid = '\000' <repeats 15 times>, 
    pargfid = '\000' <repeats 15 times>}, newloc = {path = 0x0, name = 0x0, inode = 0x0, parent = 0x0, gfid = '\000' <repeats 15 times>, 
    pargfid = '\000' <repeats 15 times>}, validate_loc = {path = 0x7f6ab4043960 "/", name = 0x7f6ab4043961 "", inode = 0x7f6ab90b504c, parent = 0x0, 
    gfid = '\000' <repeats 15 times>, pargfid = '\000' <repeats 15 times>}, delta = 84485, op_ret = 0, op_errno = 0, size = 0, limit = 0, 
  just_validated = 0 '\000', inode = 0x0, stub = 0x7f6abda83a7c}
(gdb) p *local->validate_loc 
Structure has no component named operator*.
(gdb) p *local->validate_loc.inode
$7 = {table = 0x1278e30, gfid = '\000' <repeats 15 times>, "\001", lock = 1, nlookup = 0, ref = 305704, ia_type = IA_IFDIR, fd_list = {
    next = 0x7f6ab90b507c, prev = 0x7f6ab90b507c}, dentry_list = {next = 0x7f6ab90b508c, prev = 0x7f6ab90b508c}, hash = {next = 0x7f6ab90b509c, 
    prev = 0x7f6ab90b509c}, list = {next = 0x1278e90, prev = 0x7f6ab90b52fc}, _ctx = 0x1279120}
(gdb) f 3
#3  0x00007f6abf7d94ae in uuid_utoa (uuid=0x8 <Address 0x8 out of bounds>) at ../../../libglusterfs/src/common-utils.c:1645
1645	        uuid_unparse (uuid, uuid_buffer);
(gdb) l
1640	/*Thread safe conversion function*/
1641	char *
1642	uuid_utoa (uuid_t uuid)
1643	{
1644	        char *uuid_buffer = glusterfs_uuid_buf_get();
1645	        uuid_unparse (uuid, uuid_buffer);
1646	        return uuid_buffer;
1647	}
1648	
1649	/*Re-entrant conversion function*/
(gdb) p uuid
$1 = (unsigned char *) 0x8 <Address 0x8 out of bounds>
(gdb) p uuid_buffer
$2 = 0x7f6ab401bf10 "8e8bcbda-3406-41aa-a0d6-2a969c8282b0"
(gdb) p uuid
$3 = (unsigned char *) 0x8 <Address 0x8 out of bounds>
(gdb) up
#4  0x00007f6abb09eb6c in quota_validate_cbk (frame=0x7f6abddb1c84, cookie=0x7f6abddba640, this=0x125c920, op_ret=0, op_errno=0, dict=0x7f6aac023e90)
    at ../../../../../xlators/features/quota/src/quota.c:223
223	                gf_log (this->name, GF_LOG_WARNING,
(gdb) p &local.validate_loc.inode->gfid
$4 = (uuid_t *) 0x7f6ab90b5054


Running the same tests with valgrind now & trying to reproduce it.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Amar Tumballi 2012-03-12 09:46:31 UTC 
please update these bugs w.r.to 3.3.0qa27, need to work on it as per target milestone set.
Comment 2 Raghavendra G 2012-03-14 07:09:53 UTC 

*** This bug has been marked as a duplicate of bug 801364 ***
Comment 3 Raghavendra G 2012-03-20 02:39:39 UTC 
What were the tests being run? Are there valgrind reports? If you are re-running tests, please make sure patch 6a8fcff3fb6955162dc4eeaeaa627bb31311627e is not present in the source you build from, since it masks this bug.

regards,
Raghavendra.
Comment 5 Raghavendra G 2012-04-26 09:46:43 UTC 

*** This bug has been marked as a duplicate of bug 801364 ***