[Bugs] [Bug 1519315] New: glusterfs 3.13.3 crashes with segmentation fault in xdr_gf_dump_req

[bugzilla at redhat.com]

https://bugzilla.redhat.com/show_bug.cgi?id=1519315

            Bug ID: 1519315
           Summary: glusterfs 3.13.3 crashes with segmentation fault in
                    xdr_gf_dump_req
           Product: GlusterFS
           Version: 3.13
         Component: rpc
          Severity: medium
          Assignee: bugs at gluster.org
          Reporter: erik.zscheile.ytrizja at gmail.com
                CC: bugs at gluster.org



Description of problem:
GlusterFS version 3.13.3 crashes with segmentation fault in xdr_gf_dump_req
in Gentoo Linux (latest version on Gentoo).
But I think the bug is not in xdr_gf_dump_req, it is called with wrong
arguments.
A problem is that glusterfs version 3.13.3 is the only version of glusterfs
currently available in gentoo, as the old ones (3.6.5) are removed from the
repository due to being vulnerable.
This bug isn't in GlusterFS version 3.6.5, which works.

Version-Release number of selected component (if applicable):
3.13.3 on gentoo linux

How reproducible:
install glusterfs version 3.13.3 on gentoo linux

Steps to Reproduce:
1. emerge =sys-cluster/glusterfs-3.13.3
2. /etc/init.d/glusterd restart

Actual results:
glusterd is killed with SIGSEGV

Expected results:
glusterd starts

Additional info:

gentoo package info page:
https://packages.gentoo.org/packages/sys-cluster/glusterfs

initital post:
https://twitter.com/EZscheile/status/934595665283428354

Archive of coredump, strace and gdb backtrace:
http://ezscheile.bplaced.net/glusterd-segv-pack.tar.gz

Backtrace:
#0  __GI_xdr_uint64_t (xdrs=0x7fda46ac5b20, uip=0x7fda46ac5c60) at
xdr_intXX_t.c:71
#1  0x00007fda504e6a29 in xdr_gf_dump_req (xdrs=<optimized out>,
objp=<optimized out>) at rpc-common-xdr.c:167
#2  0x00007fda5070fa83 in xdr_sizeof () from /lib64/libtirpc.so.3
#3  0x00007fda4a9057aa in glusterd_submit_request (rpc=0x1495450,
req=req at entry=0x7fda46ac5c60, frame=frame at entry=0x7fda38001ec0,
prog=prog at entry=0x7fda4ac4e2c0 <glusterd_dump_prog>, procnum=procnum at entry=1,
iobref=iobref at entry=0x0, this=0x142a680,
    cbkfn=0x7fda4a942040 <glusterd_peer_dump_version_cbk>,
xdrproc=0x7fda504e6a20 <xdr_gf_dump_req>) at glusterd-utils.c:428
#4  0x00007fda4a9473ca in glusterd_peer_dump_version
(this=this at entry=0x142a680, rpc=rpc at entry=0x1495450,
peerctx=peerctx at entry=0x1494400) at glusterd-handshake.c:2319
#5  0x00007fda4a8ed516 in __glusterd_peer_rpc_notify (rpc=rpc at entry=0x1495450,
mydata=mydata at entry=0x1494400, event=event at entry=RPC_CLNT_CONNECT,
data=data at entry=0x0) at glusterd-handler.c:6295
#6  0x00007fda4a8e404d in glusterd_big_locked_notify (rpc=0x1495450,
mydata=0x1494400, event=RPC_CLNT_CONNECT, data=0x0, notify_fn=0x7fda4a8ed200
<__glusterd_peer_rpc_notify>) at glusterd-handler.c:70
#7  0x00007fda50933f7c in rpc_clnt_notify (trans=<optimized out>,
mydata=0x1495480, event=<optimized out>, data=0x1495680) at rpc-clnt.c:1004
#8  0x00007fda50930143 in rpc_transport_notify (this=this at entry=0x1495680,
event=event at entry=RPC_TRANSPORT_CONNECT, data=data at entry=0x1495680) at
rpc-transport.c:538
#9  0x00007fda47954f8f in socket_connect_finish (this=this at entry=0x1495680) at
socket.c:2404
#10 0x00007fda47959511 in socket_event_handler (fd=fd at entry=13,
idx=idx at entry=4, gen=gen at entry=1, data=data at entry=0x1495680, poll_in=0,
poll_out=4, poll_err=0) at socket.c:2456
#11 0x00007fda50bc23da in event_dispatch_epoll_handler (event=0x7fda46ac5e7c,
event_pool=0x1417770) at event-epoll.c:583
#12 event_dispatch_epoll_worker (data=0x1496e60) at event-epoll.c:659
#13 0x00007fda500b7839 in start_thread (arg=0x7fda46ac6700) at
pthread_create.c:456
#14 0x00007fda4fdf5adf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97

XDRS x_ops:
*(xdrs->x_ops) = {x_getlong = 0x7fda5070f900, x_putlong = 0x7fda5070f880,
x_getbytes = 0x7fda5070f900, x_putbytes = 0x7fda5070f8a0, x_getpostn =
0x7fda5070f8c0, x_setpostn = 0x7fda5070f8e0, x_inline = 0x7fda5070f960,
x_destroy = 0x7fda5070f920, x_getint32 = 0x0,
  x_putint32 = 0x165296f147c52f00}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.