[Bugs] [Bug 1697971] Segfault in FUSE process, potential use after free

bugzilla at redhat.com bugzilla at redhat.com
Tue Apr 23 08:03:21 UTC 2019 

https://bugzilla.redhat.com/show_bug.cgi?id=1697971



--- Comment #4 from manschwetus at cs-software-gmbh.de ---
Problem persists with 6.1, bt has changed a bit:

Crashdump1:
#0  0x00007fc3dcaa27f0 in ?? () from /lib/x86_64-linux-gnu/libuuid.so.1
#1  0x00007fc3dcaa2874 in ?? () from /lib/x86_64-linux-gnu/libuuid.so.1
#2  0x00007fc3ddb5cdcc in gf_uuid_unparse (out=0x7fc3c8005580
"c27a90a6-e68b-4b0b-af56-002ea7bf1fb4", uuid=0x8 <error: Cannot access memory
at address 0x8>) at ./glusterfs/compat-uuid.h:55
#3  uuid_utoa (uuid=uuid at entry=0x8 <error: Cannot access memory at address
0x8>) at common-utils.c:2777
#4  0x00007fc3d688c529 in ioc_open_cbk (frame=0x7fc3a8b56208, cookie=<optimized
out>, this=0x7fc3d001eb80, op_ret=0, op_errno=117, fd=0x7fc3c7678418,
xdata=0x0) at io-cache.c:646
#5  0x00007fc3d6cb09b1 in ra_open_cbk (frame=0x7fc3a8b5b698, cookie=<optimized
out>, this=<optimized out>, op_ret=<optimized out>, op_errno=<optimized out>,
fd=0x7fc3c7678418, xdata=0x0) at read-ahead.c:99
#6  0x00007fc3d71b10b3 in afr_open_cbk (frame=0x7fc3a8b67d48, cookie=0x0,
this=<optimized out>, op_ret=0, op_errno=0, fd=0x7fc3c7678418, xdata=0x0) at
afr-open.c:97
#7  0x00007fc3d747c5f8 in client4_0_open_cbk (req=<optimized out>,
iov=<optimized out>, count=<optimized out>, myframe=0x7fc3a8b58d18) at
client-rpc-fops_v2.c:284
#8  0x00007fc3dd9013d1 in rpc_clnt_handle_reply
(clnt=clnt at entry=0x7fc3d0057dd0, pollin=pollin at entry=0x7fc386e7e2b0) at
rpc-clnt.c:755
#9  0x00007fc3dd901773 in rpc_clnt_notify (trans=0x7fc3d0058090,
mydata=0x7fc3d0057e00, event=<optimized out>, data=0x7fc386e7e2b0) at
rpc-clnt.c:922
#10 0x00007fc3dd8fe273 in rpc_transport_notify (this=this at entry=0x7fc3d0058090,
event=event at entry=RPC_TRANSPORT_MSG_RECEIVED, data=<optimized out>) at
rpc-transport.c:542
#11 0x00007fc3d8333474 in socket_event_poll_in (notify_handled=true,
this=0x7fc3d0058090) at socket.c:2522
#12 socket_event_handler (fd=fd at entry=11, idx=idx at entry=2, gen=gen at entry=4,
data=data at entry=0x7fc3d0058090, poll_in=<optimized out>, poll_out=<optimized
out>, poll_err=<optimized out>, event_thread_died=0 '\000') at socket.c:2924
#13 0x00007fc3ddbb2863 in event_dispatch_epoll_handler (event=0x7fc3cfffee54,
event_pool=0x5570195807b0) at event-epoll.c:648
#14 event_dispatch_epoll_worker (data=0x5570195c5a80) at event-epoll.c:761
#15 0x00007fc3dd2bc6db in start_thread (arg=0x7fc3cffff700) at
pthread_create.c:463
#16 0x00007fc3dcfe588f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Crashdump2:
#0  0x00007fdd13fd97f0 in ?? () from /lib/x86_64-linux-gnu/libuuid.so.1
#1  0x00007fdd13fd9874 in ?? () from /lib/x86_64-linux-gnu/libuuid.so.1
#2  0x00007fdd15093dcc in gf_uuid_unparse (out=0x7fdd0805a2d0
"1f739bdc-f7c0-4133-84cc-554eb594ae81", uuid=0x8 <error: Cannot access memory
at address 0x8>) at ./glusterfs/compat-uuid.h:55
#3  uuid_utoa (uuid=uuid at entry=0x8 <error: Cannot access memory at address
0x8>) at common-utils.c:2777
#4  0x00007fdd0d5c2529 in ioc_open_cbk (frame=0x7fdce44a9f88, cookie=<optimized
out>, this=0x7fdd0801eb80, op_ret=0, op_errno=117, fd=0x7fdcf1ad9b78,
xdata=0x0) at io-cache.c:646
#5  0x00007fdd0d9e69b1 in ra_open_cbk (frame=0x7fdce44d2a78, cookie=<optimized
out>, this=<optimized out>, op_ret=<optimized out>, op_errno=<optimized out>,
fd=0x7fdcf1ad9b78, xdata=0x0) at read-ahead.c:99
#6  0x00007fdd0dee70b3 in afr_open_cbk (frame=0x7fdce44a80a8, cookie=0x1,
this=<optimized out>, op_ret=0, op_errno=0, fd=0x7fdcf1ad9b78, xdata=0x0) at
afr-open.c:97
#7  0x00007fdd0e1b25f8 in client4_0_open_cbk (req=<optimized out>,
iov=<optimized out>, count=<optimized out>, myframe=0x7fdce4462528) at
client-rpc-fops_v2.c:284
#8  0x00007fdd14e383d1 in rpc_clnt_handle_reply
(clnt=clnt at entry=0x7fdd08054490, pollin=pollin at entry=0x7fdc942904d0) at
rpc-clnt.c:755
#9  0x00007fdd14e38773 in rpc_clnt_notify (trans=0x7fdd08054750,
mydata=0x7fdd080544c0, event=<optimized out>, data=0x7fdc942904d0) at
rpc-clnt.c:922
#10 0x00007fdd14e35273 in rpc_transport_notify (this=this at entry=0x7fdd08054750,
event=event at entry=RPC_TRANSPORT_MSG_RECEIVED, data=<optimized out>) at
rpc-transport.c:542
#11 0x00007fdd0f86a474 in socket_event_poll_in (notify_handled=true,
this=0x7fdd08054750) at socket.c:2522
#12 socket_event_handler (fd=fd at entry=10, idx=idx at entry=4, gen=gen at entry=4,
data=data at entry=0x7fdd08054750, poll_in=<optimized out>, poll_out=<optimized
out>, poll_err=<optimized out>, event_thread_died=0 '\000') at socket.c:2924
#13 0x00007fdd150e9863 in event_dispatch_epoll_handler (event=0x7fdd0f3e0e54,
event_pool=0x55cf9c9277b0) at event-epoll.c:648
#14 event_dispatch_epoll_worker (data=0x55cf9c96ca20) at event-epoll.c:761
#15 0x00007fdd147f36db in start_thread (arg=0x7fdd0f3e1700) at
pthread_create.c:463
#16 0x00007fdd1451c88f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95


Please tell me if you need further information.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list