+++ This bug was initially created as a clone of Bug #1129708 +++ +++ This bug was initially created as a clone of Bug #1124981 +++ Description of problem: glusterfsd NULL ptr deref in proto/server: get_frame_from_request() on transport rdma volume Version-Release number of selected component (if applicable): 3.6.0.25 and earlier How reproducible: Create a volume with "... transport rdma ...", then start it Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: --- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:18:13 EDT --- (gdb) where #0 get_frame_from_request (req=0x7f3157e9e04c) at server-helpers.c:435 #1 0x00007f315c5245ce in server3_3_statfs (req=0x7f3157e9e04c) at server-rpc-fops.c:6106 #2 0x00000035b3809995 in rpcsvc_handle_rpc_call (svc=<value optimized out>, trans=<value optimized out>, msg=0x7f3130000a00) at rpcsvc.c:680 #3 0x00000035b3809bd3 in rpcsvc_notify (trans=0x7f3151636070, mydata=<value optimized out>, event=<value optimized out>, data=0x7f3130000a00) at rpcsvc.c:774 #4 0x00000035b380b678 in rpc_transport_notify (this=<value optimized out>, event=<value optimized out>, data=<value optimized out>) at rpc-transport.c:512 #5 0x00007f3157c948e0 in gf_rdma_pollin_notify (peer=0x7f3151632c60, post=<value optimized out>) at rdma.c:3517 #6 0x00007f3157c94e14 in gf_rdma_recv_request (peer=0x7f3151632c60, wc=<value optimized out>) at rdma.c:3633 #7 gf_rdma_process_recv (peer=0x7f3151632c60, wc=<value optimized out>) at rdma.c:3734 #8 0x00007f3157c951c7 in gf_rdma_recv_completion_proc (data=0x7f3150019bc0) at rdma.c:3867 #9 0x00000035b20079d1 in start_thread () from /lib64/libpthread.so.0 #10 0x00000035b18e8b5d in clone () from /lib64/libc.so.6 (gdb) Same crash and backtrace regardless of 3.6.0.22 or 3.6.0.25. (gdb) print req->trans->xl $6 = (void *) 0x0 related to this fragment of code near line 435 of server-helpers.c: ... this = req->trans->xl; priv = this->private; ... --- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:25:29 EDT --- with this fix the RHS-glusterfs-3.6.0.25 glusterfsd no longer SEGVs, but a) this may not be the right place to do this, and b) I confess I'm puzzled as to why upstream 3.5.1 works without it. The .../rpc/.... source tree is, delta the addition of the ssl logic in upstream, the same, and it works. --- rpc/rpc-transport/rdma/src/rdma.c.orig 2014-07-30 15:19:17.931001471 -0400 +++ rpc/rpc-transport/rdma/src/rdma.c 2014-07-30 15:19:42.684999382 -0400 @@ -716,6 +716,7 @@ this->name = gf_strdup (listener->name); this->notify = listener->notify; this->mydata = listener->mydata; + this->xl = listener->xl; this->myinfo.sockaddr_len = sizeof (cm_id->route.addr.src_addr); memcpy (&this->myinfo.sockaddr, &cm_id->route.addr.src_addr, On a separate note --- Additional comment from RHEL Product and Program Management on 2014-07-30 15:43:26 EDT --- Since this issue was entered in bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. --- Additional comment from Kaleb KEITHLEY on 2014-07-30 16:08:39 EDT --- https://code.engineering.redhat.com/gerrit/30050 --- Additional comment from Kaleb KEITHLEY on 2014-08-13 10:06:16 EDT --- --- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:25:29 EDT --- with this fix the glusterfs-3.7dev glusterfsd no longer SEGVs, --- rpc/rpc-transport/rdma/src/rdma.c.orig 2014-07-30 15:19:17.931001471 -0400 +++ rpc/rpc-transport/rdma/src/rdma.c 2014-07-30 15:19:42.684999382 -0400 @@ -716,6 +716,7 @@ this->name = gf_strdup (listener->name); this->notify = listener->notify; this->mydata = listener->mydata; + this->xl = listener->xl; this->myinfo.sockaddr_len = sizeof (cm_id->route.addr.src_addr); memcpy (&this->myinfo.sockaddr, &cm_id->route.addr.src_addr,
REVIEW: http://review.gluster.org/8480 (rdma: glusterfsd SEGV at volume start) posted (#1) for review on release-3.6 by Kaleb KEITHLEY (kkeithle)
COMMIT: http://review.gluster.org/8480 committed in release-3.6 by Vijay Bellur (vbellur) ------ commit 2f9db25fe5a2a488fb6e7033fae3bf2ef6093dfe Author: Kaleb S. KEITHLEY <kkeithle> Date: Wed Aug 13 10:35:16 2014 -0400 rdma: glusterfsd SEGV at volume start glusterfsd NULL ptr deref in proto/server: get_frame_from_request() with 'transport rdma' volume no test case, our regression test framework doesn't have Infiniband. If it did, the test case would be to create a 'transport rdma' volume, start it, and create/write/read/delete files on the volume. Change-Id: I8dd4bea08bdecbbdf0115d3badccb1594fa69a27 BUG: 1129710 Signed-off-by: Kaleb S. KEITHLEY <kkeithle> Reviewed-on: http://review.gluster.org/8480 Reviewed-by: Humble Devassy Chirammal <humble.devassy> Tested-by: Gluster Build System <jenkins.com> Reviewed-by: Vijay Bellur <vbellur>
A beta release for GlusterFS 3.6.0 has been released. Please verify if the release solves this bug report for you. In case the glusterfs-3.6.0beta1 release does not have a resolution for this issue, leave a comment in this bug and move the status to ASSIGNED. If this release fixes the problem for you, leave a note and change the status to VERIFIED. Packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update (possibly an "updates-testing" repository) infrastructure for your distribution. [1] http://supercolony.gluster.org/pipermail/gluster-users/2014-September/018836.html [2] http://supercolony.gluster.org/pipermail/gluster-users/
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.6.1, please reopen this bug report. glusterfs-3.6.1 has been announced [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://supercolony.gluster.org/pipermail/gluster-users/2014-November/019410.html [2] http://supercolony.gluster.org/mailman/listinfo/gluster-users