[Bugs] [Bug 1630803] New: libgfapi coredump when glfs_fini() is called on uninitialised fs object
bugzilla at redhat.com
bugzilla at redhat.com
Wed Sep 19 10:16:50 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1630803
Bug ID: 1630803
Summary: libgfapi coredump when glfs_fini() is called on
uninitialised fs object
Product: GlusterFS
Version: 5
Component: libgfapi
Assignee: bugs at gluster.org
Reporter: ppai at redhat.com
QA Contact: bugs at gluster.org
CC: bugs at gluster.org
Created attachment 1484642
--> https://bugzilla.redhat.com/attachment.cgi?id=1484642&action=edit
coredump and program
glusterfs version:
$ glusterfs --version
glusterfs 5.0rc0
Commit on top of release 5 branch: f4594a3c88cb0a76e260010d57632dc1c718fd5f
Libgfapi program coredumps when glfs_fini() is called on an uninitialised fs
object. The libgfapi-python tests uncovered this regression:
Reproducer C program:
$ cat example.c
#include <stdio.h>
#include <unistd.h>
#include <glusterfs/api/glfs.h>
int main (int argc, char** argv) {
glfs_t *fs = NULL;
int ret;
// provide a nonexistent volume name
fs = glfs_new ("volume_name");
if (!fs) {
return -1;
}
ret = glfs_set_volfile_server (fs, "tcp", "localhost", 24007);
if (ret != 0) {
return ret;
}
ret = glfs_init (fs); // this will fail, obviously
ret = glfs_fini(fs); // this coredumps which is a regression
if (ret != 0) {
return ret;
}
return 0;
}
$ ./reproducer
Segmentation fault (core dumped)
[root at gd2-1 coredump]# gdb -c
core.reproducer.1000.ee68dfad9759484eb3be6813dc5d901e.8221.1537351962000000
/home/ppai/src/glusterfs/reproducer
GNU gdb (GDB) Fedora 8.0.1-36.fc26
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/ppai/src/glusterfs/reproducer...(no debugging
symbols found)...done.
[New LWP 8229]
[New LWP 8222]
[New LWP 8223]
[New LWP 8224]
[New LWP 8228]
[New LWP 8227]
[New LWP 8221]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./reproducer'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fcbf9df381f in mgmt_rpc_notify (rpc=0x1b89080, mydata=0x1b815c0,
event=RPC_CLNT_DISCONNECT,
data=0x0) at glfs-mgmt.c:855
855 if (rpc_trans->connect_failed)
[Current thread is 1 (Thread 0x7fcbebdca700 (LWP 8229))]
Missing separate debuginfos, use: dnf debuginfo-install
libacl-2.2.52-15.fc26.x86_64 libattr-2.4.47-18.fc26.x86_64
libuuid-2.30.2-1.fc26.x86_64 openssl-libs-1.1.0h-3.fc26.x86_64
zlib-1.2.11-2.fc26.x86_64
(gdb) t a a bt
Thread 7 (Thread 0x7fcbfa228180 (LWP 8221)):
#0 0x00007fcbf8335f26 in futex_abstimed_wait_cancelable (private=<optimized
out>, abstime=0x7fffa37f2560, expected=0, futex_word=0x1b79758) at
../sysdeps/unix/sysv/linux/futex-internal.h:205
#1 __pthread_cond_wait_common (abstime=0x7fffa37f2560, mutex=0x1b79708,
cond=0x1b79730) at pthread_cond_wait.c:539
#2 __pthread_cond_timedwait (cond=0x1b79730, mutex=0x1b79708,
abstime=0x7fffa37f2560) at pthread_cond_wait.c:667
#3 0x00007fcbf90e6f8c in event_dispatch_destroy (event_pool=0x1b766e0) at
event.c:272
#4 0x00007fcbf9df0bbe in pub_glfs_fini (fs=0x1afd140) at glfs.c:1348
#5 0x000000000040072e in main ()
Thread 6 (Thread 0x7fcbed1f2700 (LWP 8227)):
#0 0x00007fcbf9ae5c0d in nanosleep () at ../sysdeps/unix/syscall-template.S:84
#1 0x00007fcbf90c1d1f in gf_timer_proc (data=0x1b81000) at timer.c:195
#2 0x00007fcbf832f36d in start_thread (arg=0x7fcbed1f2700) at
pthread_create.c:456
#3 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Thread 5 (Thread 0x7fcbec7ee700 (LWP 8228)):
#0 0x00007fcbf833089d in pthread_join (threadid=140513812195072,
thread_return=0x0) at pthread_join.c:90
#1 0x00007fcbf9129060 in event_dispatch_epoll (event_pool=0x1b766e0) at
event-epoll.c:758
#2 0x00007fcbf90e6b02 in event_dispatch (event_pool=0x1b766e0) at event.c:116
#3 0x00007fcbf9def750 in glfs_poller (data=0x1afd140) at glfs.c:717
#4 0x00007fcbf832f36d in start_thread (arg=0x7fcbec7ee700) at
pthread_create.c:456
#5 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Thread 4 (Thread 0x7fcbf6194700 (LWP 8224)):
#0 0x00007fcbf8335f26 in futex_abstimed_wait_cancelable (private=<optimized
out>, abstime=0x7fcbf6193e50, expected=0, futex_word=0x1b3f4b0) at
../sysdeps/unix/sysv/linux/futex-internal.h:205
#1 __pthread_cond_wait_common (abstime=0x7fcbf6193e50, mutex=0x1b3f460,
cond=0x1b3f488) at pthread_cond_wait.c:539
#2 __pthread_cond_timedwait (cond=0x1b3f488, mutex=0x1b3f460,
abstime=0x7fcbf6193e50) at pthread_cond_wait.c:667
#3 0x00007fcbf90ff4bd in syncenv_task (proc=0x1b3bbe0) at syncop.c:591
#4 0x00007fcbf90ff758 in syncenv_processor (thdata=0x1b3bbe0) at syncop.c:681
#5 0x00007fcbf832f36d in start_thread (arg=0x7fcbf6194700) at
pthread_create.c:456
#6 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Thread 3 (Thread 0x7fcbf6995700 (LWP 8223)):
#0 0x00007fcbf8335f26 in futex_abstimed_wait_cancelable (private=<optimized
out>, abstime=0x7fcbf6994e50, expected=0, futex_word=0x1b3f4b0) at
../sysdeps/unix/sysv/linux/futex-internal.h:205
#1 __pthread_cond_wait_common (abstime=0x7fcbf6994e50, mutex=0x1b3f460,
cond=0x1b3f488) at pthread_cond_wait.c:539
#2 __pthread_cond_timedwait (cond=0x1b3f488, mutex=0x1b3f460,
abstime=0x7fcbf6994e50) at pthread_cond_wait.c:667
#3 0x00007fcbf90ff4bd in syncenv_task (proc=0x1b3b820) at syncop.c:591
#4 0x00007fcbf90ff758 in syncenv_processor (thdata=0x1b3b820) at syncop.c:681
#5 0x00007fcbf832f36d in start_thread (arg=0x7fcbf6995700) at
pthread_create.c:456
#6 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Thread 2 (Thread 0x7fcbf7c96700 (LWP 8222)):
#0 0x00007fcbf9ae5c0d in nanosleep () at ../sysdeps/unix/syscall-template.S:84
#1 0x00007fcbf9ae5b4a in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#2 0x00007fcbf90e832e in pool_sweeper (arg=0x0) at mem-pool.c:463
#3 0x00007fcbf832f36d in start_thread (arg=0x7fcbf7c96700) at
pthread_create.c:456
#4 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Thread 1 (Thread 0x7fcbebdca700 (LWP 8229)):
#0 0x00007fcbf9df381f in mgmt_rpc_notify (rpc=0x1b89080, mydata=0x1b815c0,
event=RPC_CLNT_DISCONNECT, data=0x0) at glfs-mgmt.c:855
#1 0x00007fcbf95f8295 in rpc_clnt_handle_disconnect (clnt=0x1b89080,
conn=0x1b890b0) at rpc-clnt.c:818
#2 0x00007fcbf95f8558 in rpc_clnt_notify (trans=0x1b89230, mydata=0x1b890b0,
event=RPC_TRANSPORT_DISCONNECT, data=0x1b89230) at rpc-clnt.c:879
#3 0x00007fcbf95f4889 in rpc_transport_notify (this=0x1b89230,
event=RPC_TRANSPORT_DISCONNECT, data=0x1b89230) at rpc-transport.c:525
#4 0x00007fcbebdd228b in socket_event_poll_err (this=0x1b89230, gen=1, idx=0)
at socket.c:1301
---Type <return> to continue, or q <return> to quit---
#5 0x00007fcbebdd829f in socket_event_handler (fd=7, idx=0, gen=1,
data=0x1b89230, poll_in=1, poll_out=0, poll_err=16) at socket.c:2929
#6 0x00007fcbf9128ad2 in event_dispatch_epoll_handler (event_pool=0x1b766e0,
event=0x7fcbebdc9e94) at event-epoll.c:591
#7 0x00007fcbf9128dac in event_dispatch_epoll_worker (data=0x7fcbe4000930) at
event-epoll.c:668
#8 0x00007fcbf832f36d in start_thread (arg=0x7fcbebdca700) at
pthread_create.c:456
#9 0x00007fcbf9b21b4f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Expected result:
There should not be coredump
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list