763360 – (GLUSTER-1628) glusterfs crash

Bug 763360 (GLUSTER-1628) - glusterfs crash

Summary: glusterfs crash

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	GLUSTER-1628
Product:	GlusterFS
Classification:	Community
Component:	distribute
Sub Component:
Version:	3.1-alpha
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Amar Tumballi
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-09-17 06:59 UTC by Lakshmipathi G
Modified:	2015-12-01 16:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Regression:	RTP
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lakshmipathi G 2010-09-17 06:59:19 UTC

with 3.1.0qa25,added new brick 3 to existing 2 dht cluster and did  a rebalance.
new bricks glusterfs process crashed. 

core file
----------------
(gdb) bt full
#0  0x00002aaaadc06f7d in resolve_deep_cbk (frame=0x2aaaac5501d8, cookie=0x0, this=0x63b798, op_ret=0, op_errno=22, inode=0x2aaaae0b803c, buf=0x41501e10, xattr=0x0, 
    postparent=0x41501da0) at server-resolve.c:218
	_new = (call_frame_t *) 0x2aaaac33fa8c
	old_THIS = (xlator_t *) 0x0
	tmp_cbk = (fop_lookup_cbk_t) 0x2aaaadc06c72 <resolve_deep_cbk>
	state = (server_state_t *) 0x2aaab4003e68
	resolve = (server_resolve_t *) 0x2aaab4003ed8
	components = (struct resolve_comp *) 0x2aaab40019d8
	i = 1
	link_inode = (inode_t *) 0x0
	__FUNCTION__ = "resolve_deep_cbk"
#1  0x00002aaaad9eb03e in iot_lookup_cbk (frame=0x2aaaac33f3d8, cookie=0x2aaaac33f66c, this=0x63a4f8, op_ret=0, op_errno=22, inode=0x2aaaae0b803c, buf=0x41501e10, 
    xattr=0x0, postparent=0x41501da0) at io-threads.c:168
	fn = (fop_lookup_cbk_t) 0x2aaaadc06c72 <resolve_deep_cbk>
	_parent = (call_frame_t *) 0x2aaaac5501d8
	old_THIS = (xlator_t *) 0x63a4f8
	__FUNCTION__ = "iot_lookup_cbk"
#2  0x00002aaaad7c3e30 in default_lookup_cbk (frame=0x2aaaac33f66c, cookie=0x2aaaac33fb10, this=0x6392e8, op_ret=0, op_errno=22, inode=0x2aaaae0b803c, 
    buf=0x41501e10, dict=0x0, postparent=0x41501da0) at ../../../../libglusterfs/src/defaults.c:47
	fn = (ret_fn_t) 0x2aaaad9eaeda <iot_lookup_cbk>
	_parent = (call_frame_t *) 0x2aaaac33f3d8
	old_THIS = (xlator_t *) 0x6392e8
	__FUNCTION__ = "default_lookup_cbk"
#3  0x00002aaaad334056 in pl_lookup_cbk (frame=0x2aaaac33fb10, cookie=0x2aaaac33f354, this=0x636d98, op_ret=0, op_errno=22, inode=0x2aaaae0b803c, buf=0x41501e10, 
    dict=0x0, postparent=0x41501da0) at posix.c:1129
	fn = (fop_lookup_cbk_t) 0x2aaaad7c3cc2 <default_lookup_cbk>
	_parent = (call_frame_t *) 0x2aaaac33f66c
	old_THIS = (xlator_t *) 0x636d98
	local = (pl_local_t *) 0x645ef8
	__FUNCTION__ = "pl_lookup_cbk"
#4  0x00002aaaaace3fe6 in default_lookup_cbk (frame=0x2aaaac33f354, cookie=0x2aaaac33f144, this=0x635b88, op_ret=0, op_errno=22, inode=0x2aaaae0b803c, 
    buf=0x41501e10, dict=0x0, postparent=0x41501da0) at defaults.c:47
	fn = (ret_fn_t) 0x2aaaad333e58 <pl_lookup_cbk>
	_parent = (call_frame_t *) 0x2aaaac33fb10
	old_THIS = (xlator_t *) 0x635b88
	__FUNCTION__ = "default_lookup_cbk"
Missing separate debuginfos, use: debuginfo-install gcc.x86_64 glibc.x86_64
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) l 
213	        resolve->deep_loc.path   = gf_strdup (resolve->resolved);
214	        resolve->deep_loc.parent = inode_ref (components[i-1].inode);
215	        resolve->deep_loc.inode  = inode_new (state->itable);
216	        resolve->deep_loc.name   = components[i].basename;
217	
218	        STACK_WIND_COOKIE (frame, resolve_deep_cbk, (void *) (long) i,
219	                           BOUND_XL (frame), BOUND_XL (frame)->fops->lookup,
220	                           &resolve->deep_loc, NULL);
221	        return 0;
222	
(gdb) p frame
$1 = (call_frame_t *) 0x2aaaac5501d8
(gdb) p *frame
$2 = {root = 0x2aaaac550150, parent = 0x0, next = 0x2aaaac33fa8c, prev = 0x0, local = 0x2aaaae02d478, this = 0x63b798, ret = 0, ref_count = 1, lock = 1, 
  cookie = 0x0, complete = _gf_false, op = GF_FOP_NULL, begin = {tv_sec = 0, tv_usec = 0}, end = {tv_sec = 0, tv_usec = 0}}
(gdb) p *BOUND_XL (frame)
No symbol "BOUND_XL" in current context.
(gdb) p * frame->this
$3 = {name = 0x63c0f8 "dhtaws-server", type = 0x63c198 "protocol/server", next = 0x63a4f8, prev = 0x0, parents = 0x0, children = 0x63cbf8, options = 0x63c138, 
  dlhandle = 0x63c280, fops = 0x2aaaade28f80, cbks = 0x2aaaade29210, dumpops = 0x2aaaade26e20, volume_options = {next = 0x63c8b8, prev = 0x63d7c8}, 
  fini = 0x2aaaadc06633 <fini>, init = 0x2aaaadc05f00 <init>, mem_acct_init = 0x2aaaadc05e67 <mem_acct_init>, notify = 0x2aaaadc06691 <notify>, 
  loglevel = GF_LOG_NONE, latencies = {{min = 0, max = 0, total = 0, std = 0, mean = 0, count = 0} <repeats 45 times>}, ctx = 0x62a010, graph = 0x630518, 
  itable = 0x0, init_succeeded = 1 '\001', private = 0x630698, mem_acct = {num_types = 85, rec = 0x63cc20}}
(gdb) p *resolve->deep_loc
Structure has no component named operator*.
(gdb) p resolve->deep_loc
$4 = {path = 0x645ef8 "/run14148", name = 0x2aaab4001939 "run14148", ino = 0, inode = 0x2aaaae0bb2d0, parent = 0x2aaaae0b803c}

Comment 1 Lakshmipathi G 2010-09-17 09:07:48 UTC

(gdb) p *((server_state_t *)frame->root->state)->conn
$1 = {list = {next = 0x0, prev = 0x0}, id = 0x0, ref = 0, active_transports = 0, lock = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, 
      __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\0' <repeats 39 times>, __align = 0}, disconnected = 0 '\0', fdtable = 0x0, ltable = 0x0, 
  bound_xl = 0x0, this = 0x0}
(gdb)

Comment 2 Vijay Bellur 2010-09-18 03:35:03 UTC

PATCH: http://patches.gluster.com/patch/4846 in master (server-resolve: check for variables before dereferencing)

Note You need to log in before you can comment on or make changes to this bug.