[Bugs] [Bug 1697971] Segfault in FUSE process, potential use after free

bugzilla at redhat.com bugzilla at redhat.com
Wed Apr 24 10:27:43 UTC 2019 

https://bugzilla.redhat.com/show_bug.cgi?id=1697971



--- Comment #5 from manschwetus at cs-software-gmbh.de ---
got another set of cores, one for each system in my gluster setup over night:

Core was generated by `/usr/sbin/glusterfs --process-name fuse
--volfile-server=localhost --volfile-id'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
65      ../nptl/pthread_mutex_lock.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7faee404c700 (LWP 28792))]
(gdb) bt
#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
#1  0x00007faee544e4b5 in ob_fd_free (ob_fd=0x7faebc054df0) at
open-behind.c:198
#2  0x00007faee544edd6 in ob_inode_wake (this=this at entry=0x7faed8020d20,
ob_fds=ob_fds at entry=0x7faee404bc90) at open-behind.c:355
#3  0x00007faee544f062 in open_all_pending_fds_and_resume
(this=this at entry=0x7faed8020d20, inode=0x7faed037cf08, stub=0x7faebc008858) at
open-behind.c:442
#4  0x00007faee544f4ff in ob_rename (frame=frame at entry=0x7faebc1ceae8,
this=this at entry=0x7faed8020d20, src=src at entry=0x7faed03d9a70,
dst=dst at entry=0x7faed03d9ab0, xdata=xdata at entry=0x0) at open-behind.c:1035
#5  0x00007faeed1b0ad0 in default_rename (frame=frame at entry=0x7faebc1ceae8,
this=<optimized out>, oldloc=oldloc at entry=0x7faed03d9a70,
newloc=newloc at entry=0x7faed03d9ab0, xdata=xdata at entry=0x0) at defaults.c:2631
#6  0x00007faee501f798 in mdc_rename (frame=frame at entry=0x7faebc210468,
this=0x7faed80247d0, oldloc=oldloc at entry=0x7faed03d9a70,
newloc=newloc at entry=0x7faed03d9ab0, xdata=xdata at entry=0x0) at md-cache.c:1852
#7  0x00007faeed1c6936 in default_rename_resume (frame=0x7faed02d2318,
this=0x7faed8026430, oldloc=0x7faed03d9a70, newloc=0x7faed03d9ab0, xdata=0x0)
at defaults.c:1897
#8  0x00007faeed14cc45 in call_resume (stub=0x7faed03d9a28) at call-stub.c:2555
#9  0x00007faee4e10cd8 in iot_worker (data=0x7faed8034780) at io-threads.c:232
#10 0x00007faeec88f6db in start_thread (arg=0x7faee404c700) at
pthread_create.c:463
#11 0x00007faeec5b888f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95



bCore was generated by `/usr/sbin/glusterfs --process-name fuse
--volfile-server=localhost --volfile-id'.
Program terminated with signal SIGSEGV, Segmentation fault.
t#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
65      ../nptl/pthread_mutex_lock.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7f7944069700 (LWP 24067))]
(gdb) bt
#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
#1  0x00007f794682c4b5 in ob_fd_free (ob_fd=0x7f79283e94e0) at
open-behind.c:198
#2  0x00007f794682cdd6 in ob_inode_wake (this=this at entry=0x7f793801eee0,
ob_fds=ob_fds at entry=0x7f7944068c90) at open-behind.c:355
#3  0x00007f794682d062 in open_all_pending_fds_and_resume
(this=this at entry=0x7f793801eee0, inode=0x7f79301de788, stub=0x7f7928004578) at
open-behind.c:442
#4  0x00007f794682d4ff in ob_rename (frame=frame at entry=0x7f79280ab2b8,
this=this at entry=0x7f793801eee0, src=src at entry=0x7f7930558ea0,
dst=dst at entry=0x7f7930558ee0, xdata=xdata at entry=0x0) at open-behind.c:1035
#5  0x00007f794e729ad0 in default_rename (frame=frame at entry=0x7f79280ab2b8,
this=<optimized out>, oldloc=oldloc at entry=0x7f7930558ea0,
newloc=newloc at entry=0x7f7930558ee0, xdata=xdata at entry=0x0) at defaults.c:2631
#6  0x00007f79463fd798 in mdc_rename (frame=frame at entry=0x7f7928363ae8,
this=0x7f7938022990, oldloc=oldloc at entry=0x7f7930558ea0,
newloc=newloc at entry=0x7f7930558ee0, xdata=xdata at entry=0x0) at md-cache.c:1852
#7  0x00007f794e73f936 in default_rename_resume (frame=0x7f7930298c28,
this=0x7f79380245f0, oldloc=0x7f7930558ea0, newloc=0x7f7930558ee0, xdata=0x0)
at defaults.c:1897
#8  0x00007f794e6c5c45 in call_resume (stub=0x7f7930558e58) at call-stub.c:2555
#9  0x00007f79461eecd8 in iot_worker (data=0x7f7938032940) at io-threads.c:232
#10 0x00007f794de086db in start_thread (arg=0x7f7944069700) at
pthread_create.c:463
#11 0x00007f794db3188f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95



Core was generated by `/usr/sbin/glusterfs --process-name fuse
--volfile-server=localhost --volfile-id'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
65      ../nptl/pthread_mutex_lock.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7f736ce78700 (LWP 42526))]
(gdb) bt
#0  __GI___pthread_mutex_lock (mutex=0x18) at ../nptl/pthread_mutex_lock.c:65
#1  0x00007f73733499f7 in fd_unref (fd=0x7f73544165a8) at fd.c:515
#2  0x00007f736c3fb618 in client_local_wipe (local=local at entry=0x7f73441ff8c8)
at client-helpers.c:124
#3  0x00007f736c44a60a in client4_0_open_cbk (req=<optimized out>,
iov=<optimized out>, count=<optimized out>, myframe=0x7f7344038b48) at
client-rpc-fops_v2.c:284
#4  0x00007f73730d03d1 in rpc_clnt_handle_reply
(clnt=clnt at entry=0x7f7368054490, pollin=pollin at entry=0x7f73601b2730) at
rpc-clnt.c:755
#5  0x00007f73730d0773 in rpc_clnt_notify (trans=0x7f7368054750,
mydata=0x7f73680544c0, event=<optimized out>, data=0x7f73601b2730) at
rpc-clnt.c:922
#6  0x00007f73730cd273 in rpc_transport_notify (this=this at entry=0x7f7368054750,
event=event at entry=RPC_TRANSPORT_MSG_RECEIVED, data=<optimized out>) at
rpc-transport.c:542
#7  0x00007f736db02474 in socket_event_poll_in (notify_handled=true,
this=0x7f7368054750) at socket.c:2522
#8  socket_event_handler (fd=fd at entry=10, idx=idx at entry=4, gen=gen at entry=1,
data=data at entry=0x7f7368054750, poll_in=<optimized out>, poll_out=<optimized
out>, poll_err=<optimized out>, event_thread_died=0 '\000') at socket.c:2924
#9  0x00007f7373381863 in event_dispatch_epoll_handler (event=0x7f736ce77e54,
event_pool=0x55621c2917b0) at event-epoll.c:648
#10 event_dispatch_epoll_worker (data=0x55621c2d6a80) at event-epoll.c:761
#11 0x00007f7372a8b6db in start_thread (arg=0x7f736ce78700) at
pthread_create.c:463
#12 0x00007f73727b488f in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list