Bug 762137 (GLUSTER-405) - Segmentation fault in stat-prefetch.
Summary: Segmentation fault in stat-prefetch.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: GLUSTER-405
Product: GlusterFS
Classification: Community
Component: stat-prefetch
Version: mainline
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Raghavendra G
QA Contact:
URL:
Whiteboard:
: GLUSTER-404 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-25 00:10 UTC by Raghavendra G
Modified: 2009-12-03 13:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Raghavendra G 2009-11-25 00:10:38 UTC
Bactrace:
========

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00002aaaaad001f9 in rbthash_key_bucket (tbl=0x2aaab4038270, key=0x71febf, keylen=12) at rbthash.c:272
#2  0x00002aaaaad00324 in rbthash_get (tbl=0x2aaab4038270, key=0x71febf, keylen=12) at rbthash.c:291
#3  0x00002aaaac5a3cae in sp_cache_get_entry (cache=0x2aaab430cd30, name=0x71febf "FASTENER.MDB", 
    entry=0x41400fa0) at stat-prefetch.c:204
#4  0x00002aaaac5a4f17 in sp_lookup (frame=0x66de50, this=0x612070, loc=0x7f4578, xattr_req=0x6654a0)
    at stat-prefetch.c:789
#5  0x00002aaaac7bc17a in fuse_forget (req=0x2aaaac7bbdb7, ino=6741584, nlookup=6365296) at fuse-bridge.c:464
#6  0x00002aaaac7c5581 in fuse_thread_proc (data=0x612900) at fuse-bridge.c:2531
#7  0x00002aaaab144367 in start_thread () from /lib64/libpthread.so.0
#8  0x00002aaaab42cf7d in clone () from /lib64/libc.so.6
(gdb) info thr
  3 process 12491  0x00002aaaab42d368 in epoll_wait () from /lib64/libc.so.6
  2 process 12492  0x00002aaaab3f3761 in nanosleep () from /lib64/libc.so.6
* 1 process 12496  0x0000000000000000 in ?? ()
(gdb) f 3
#3  0x00002aaaac5a3cae in sp_cache_get_entry (cache=0x2aaab430cd30, name=0x71febf "FASTENER.MDB", 
    entry=0x41400fa0) at stat-prefetch.c:204
204                     tmp = rbthash_get (cache->table, name, strlen (name));
(gdb) p *cache
$12 = {table = 0x2aaab4038270, expected_offset = 0, lock = 0, miss = 0, hits = 0}
(gdb) p *cache->table
$13 = {size = 0, numbuckets = 0, entrypool = 0x35, tablelock = 0, buckets = 0x2400000004000000, hashfunc = 0, 
  dfunc = 0}

The cache being used here is already freed. This might've got freed in sp_readdir - sp_readdir frees the cache if the directory is not read at continuous offsets. 

As a fix, sp_readdir should not free the cache. Instead, it can remove all the entries from cache and it will server the same purpose.

A foolproof fix should keep reference counts on cache and it should be freed only reference count hits zero.

Comment 1 Vijay Bellur 2009-11-25 02:31:27 UTC
Isn't this the same as 404?

Comment 2 Anand Avati 2009-11-25 04:06:11 UTC
PATCH: http://patches.gluster.com/patch/2357 in master (performance/stat-prefetch: don't free the cache in readdir if the offset is not the expected one.)

Comment 3 Anand Avati 2009-11-25 04:06:15 UTC
PATCH: http://patches.gluster.com/patch/2358 in master (performance/stat-prefetch: remove lock member in sp_fd_ctx_t.)

Comment 4 Anand Avati 2009-11-25 04:06:19 UTC
PATCH: http://patches.gluster.com/patch/2359 in master (performance/stat-prefetch: Add refcounting to cache objects)

Comment 5 Anand Avati 2009-11-26 14:26:56 UTC
PATCH: http://patches.gluster.com/patch/2364 in release-2.0 (performance/stat-prefetch: don't free the cache in readdir if the offset is not the expected one.)

Comment 6 Anand Avati 2009-11-26 14:26:59 UTC
PATCH: http://patches.gluster.com/patch/2365 in release-2.0 (performance/stat-prefetch: remove lock member in sp_fd_ctx_t.)

Comment 7 Anand Avati 2009-11-26 14:27:02 UTC
PATCH: http://patches.gluster.com/patch/2366 in release-2.0 (performance/stat-prefetch: Add refcounting to cache objects)

Comment 8 Raghavendra G 2009-12-03 10:57:29 UTC
*** Bug 404 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.