[Bugs] [Bug 1402661] Samba crash when mounting a distributed dispersed volume over CIFS

bugzilla at redhat.com bugzilla at redhat.com
Fri Jan 13 15:13:45 UTC 2017 

https://bugzilla.redhat.com/show_bug.cgi?id=1402661



--- Comment #16 from Anoop C S <anoopcs at redhat.com> ---
Hi Xavi,

Thanks for the quick analysis and resulting patch. Same is the reason for the
crash from self-heal daemon. See below for core analysis from locally
reproduced crash with self-heal daemon. Even though I noticed a -1 for
(ec_code_space_t *) space pointer I never thought beyond.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Core was generated by `/usr/sbin/glusterfs -s localhost --volfile-id
gluster/glustershd -p /var/lib/gl'.
Program terminated with signal 11, Segmentation fault.
#0  list_add_tail (head=<optimized out>, new=<optimized out>) at
../../../../libglusterfs/src/list.h:40
40        new->next = head;
(gdb) f 1
#1  ec_code_space_alloc (size=400, code=0x7fc99402a7f0) at ec-code.c:428
428        list_add_tail(&space->list, &code->spaces);
(gdb) l 420
415            map_size = size;
416        }
417        space = mmap(NULL, map_size, PROT_EXEC | PROT_READ | PROT_WRITE,
418                     MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
419        if (space == NULL) {
420            return NULL;
421        }
422        /* It's not important to check the return value of mlock(). If it
fails
423         * everything will continue to work normally. */
424        mlock(space, map_size);
(gdb) l 430
425    
426        space->code = code;
427        space->size = map_size;
428        list_add_tail(&space->list, &code->spaces);
429        INIT_LIST_HEAD(&space->chunks);
430    
431        chunk = ec_code_chunk_from_space(space);
432        chunk->size = EC_CODE_SIZE - ec_code_space_size() -
ec_code_chunk_size();
433        list_add(&chunk->list, &space->chunks);
434    
(gdb) p space
$1 = (ec_code_space_t *) 0xffffffffffffffff
(gdb) p (int)space
$2 = -1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The above confirms your findings.

@Xavi,
Which tool was used to analyze the core? I hope its dbx judging from the
backtrace you have provided in previous comment.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=B1iyhpiFvX&a=cc_unsubscribe

More information about the Bugs mailing list