Bug 761767 (GLUSTER-35) - Server Segfault
Summary: Server Segfault
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: GLUSTER-35
Product: GlusterFS
Classification: Community
Component: protocol
Version: 2.0.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Basavanagowda Kanur
QA Contact:
URL:
Whiteboard:
: GLUSTER-32 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-23 12:15 UTC by Gururaj K
Modified: 2009-07-08 19:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Gururaj K 2009-06-23 12:15:09 UTC 
# gdb GlusterFSD core.15541
..
..
#0  server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770
3770                    inode = inode_search (bound_xl->itable, ino, NULL);
(gdb) bt
#0  server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770
#1  0x00007f7b1ee2db3a in protocol_server_pollin (this=0xae7470, trans=0xbbca40) at server-protocol.c:8211
#2  0x00007f7b1ee2dbcb in notify (this=0xae7470, event=<value optimized out>, data=0x5b32303000000000) at server-protocol.c:8267
#3  0x00007f7b1e41fc10 in socket_event_handler (fd=<value optimized out>, idx=48, data=0xbbca40, poll_in=1, poll_out=0, poll_err=0) at socket.c:812
#4  0x00007f7b203fe28f in event_dispatch_epoll (event_pool=0xae1690) at event.c:804
#5  0x0000000000403b71 in main (argc=1, argv=0x7fff28828fc8) at glusterfsd.c:1154
(gdb) fr 0
#0  server_forget (frame=0x3a9ef10, bound_xl=0x0, hdr=<value optimized out>, hdrlen=<value optimized out>, iobuf=<value optimized out>) at server-protocol.c:3770
3770                    inode = inode_search (bound_xl->itable, ino, NULL);
(gdb) l
3765                    ino = ntoh64 (req->ino_array[index]);
3766
3767                    if (!ino)
3768                            continue;
3769
3770                    inode = inode_search (bound_xl->itable, ino, NULL);
3771
3772                    if (inode) {
3773                            inode_forget (inode, 0);
3774                            inode_unref (inode);
(gdb) p bound_xl 
$1 = (xlator_t *) 0x0
Comment 1 Amar Tumballi 2009-06-23 21:30:11 UTC 
patch submitted

http://patches.gluster.com/patch/614/

The behavior is seen because a new glusterfs (2.0.0git - master branch), tried to connect to 2.0.0 glusterfs server.
Comment 2 Basavanagowda Kanur 2009-07-08 16:24:48 UTC 
*** Bug 32 has been marked as a duplicate of this bug. ***
Comment 3 Basavanagowda Kanur 2009-07-08 16:34:35 UTC 
events that caused the segfault:
1. client failed to connect to server, because of auth failure. 

2. client wanted to log the same, central logging mechanism in client (git mainline - newer version than server) sent a GF_MOP_LOG operation to server.

3. gf_mops[GF_MOP_LOG] is out of the bounds of the array gf_mops. but immediately after gf_mops array, there is gf_cbks array. first element of gf_cbks array is server_forget (gf_mops[GF_MOP_LOG] == gf_cbks[0]).

4. the expectations of an fop, mop & cbk are different and hence the crash.

moral: input validation is important. :)
--
Gowda
Note You need to log in before you can comment on or make changes to this bug.