[Bugs] [Bug 1792855] New: Memory corruption when sending events to an IPv6 host

bugzilla at redhat.com bugzilla at redhat.com
Mon Jan 20 09:01:28 UTC 2020


https://bugzilla.redhat.com/show_bug.cgi?id=1792855

            Bug ID: 1792855
           Summary: Memory corruption when sending events to an IPv6 host
           Product: GlusterFS
           Version: 7
            Status: NEW
         Component: eventsapi
          Assignee: bugs at gluster.org
          Reporter: jahernan at redhat.com
        Depends On: 1790870
  Target Milestone: ---
    Classification: Community



+++ This bug was initially created as a clone of Bug #1790870 +++

Description of problem:

There's memory corruption when an event is sent to an IPv6 host.

Version-Release number of selected component (if applicable):


How reproducible:

always on a volume where volfile server resolves to an IPv6 address.

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Backtrace of the crash:

Thread 1 (Thread 0xb2a57700 (LWP 1984)):
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1  0xb6cb8b32 in __libc_signal_restore_set (set=0xb2a567d4) at
../sysdeps/unix/sysv/linux/nptl-signals.h:80
#2  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3  0xb6cb982e in __GI_abort () at abort.c:79
#4  0xb6ce1460 in __libc_message (action=do_abort, fmt=<optimized out>) at
../sysdeps/posix/libc_fatal.c:181
#5  0xb6d386e8 in __GI___fortify_fail_abort
(need_backtrace=need_backtrace at entry=false, 
    msg=0xb6d6e7ec "stack smashing detected") at fortify_fail.c:33
#6  0xb6d386c4 in __stack_chk_fail () at stack_chk_fail.c:29
#7  0xb6ea4c52 in _gf_event (event=event at entry=EVENT_AFR_SUBVOL_UP,
fmt=0xb1870bcc "client-pid=%d; subvol=%s")
    at events.c:151
#8  0xb1857ddc in __afr_handle_child_up_event (this=this at entry=0xb21219f0, 
    child_xlator=child_xlator at entry=0xb2111ef0, idx=idx at entry=2,
child_latency_msec=-1, 
    event=event at entry=0xb2a56c4c, call_psh=call_psh at entry=0xb2a56c54,
up_child=up_child at entry=0xb2a56c58)
    at afr-common.c:6035
#9  0xb186916e in afr_notify (this=0xb21219f0, event=<optimized out>,
data=data at entry=0x0, data2=<optimized out>)
    at afr-common.c:6341
#10 0xb1869674 in notify (this=<optimized out>, event=<optimized out>,
data=0xb2111ef0) at afr.c:42
#11 0xb6e3ba72 in xlator_notify (xl=0xb21219f0, event=event at entry=5,
data=0xb2111ef0) at xlator.c:699
#12 0xb6ed21f0 in default_notify (this=this at entry=0xb2111ef0,
event=event at entry=5, data=0x0) at defaults.c:3388
#13 0xb189c7d0 in client_notify_dispatch (this=this at entry=0xb2111ef0,
event=event at entry=5, data=0x0)
    at client.c:148
#14 0xb189c88a in client_notify_dispatch_uniq (this=0xb2111ef0,
event=event at entry=5, data=0x0) at client.c:120
#15 0xb18b6d02 in client_notify_parents_child_up (this=this at entry=0xb2111ef0)
at client-handshake.c:48
#16 0xb18b8c74 in client_post_handshake (frame=0xb170c614, this=0xb2111ef0) at
client-handshake.c:699
#17 client_setvolume_cbk (req=<optimized out>, iov=<optimized out>,
count=<optimized out>, myframe=0xb170c614)
    at client-handshake.c:889
#18 0xb6de9f6a in rpc_clnt_handle_reply (clnt=clnt at entry=0xb217d530,
pollin=pollin at entry=0x4) at rpc-clnt.c:768
#19 0xb6dea1c6 in rpc_clnt_notify (trans=0xb217d870, mydata=0xb217d550,
event=RPC_TRANSPORT_MSG_RECEIVED, 
    data=0xb2186fd8) at rpc-clnt.c:935
#20 0xb6de77a8 in rpc_transport_notify (this=this at entry=0xb217d870,
event=event at entry=RPC_TRANSPORT_MSG_RECEIVED, 
    data=0xb2186fd8) at rpc-transport.c:545
#21 0xb2ae5124 in socket_event_poll_in_async (xl=<optimized out>,
async=async at entry=0xb2187064) at socket.c:2601
#22 0xb2ae9fc2 in gf_async (cbk=0xb2ae510d <socket_event_poll_in_async>,
xl=<optimized out>, async=0xb2187064)
    at ../../../../libglusterfs/src/glusterfs/async.h:189
---Type <return> to continue, or q <return> to quit---
#23 socket_event_poll_in (notify_handled=true, this=0xb217d870) at
socket.c:2642
#24 socket_event_handler (fd=<optimized out>, idx=2, gen=4, data=0xb217d870,
poll_in=1, poll_out=0, poll_err=0, 
    event_thread_died=0 '\000') at socket.c:3040
#25 0xb6e8a66a in event_dispatch_epoll_handler (event=0xb2a570d0,
event_pool=0x4b42a0) at event-epoll.c:650
#26 event_dispatch_epoll_worker (data=0x4d58d8) at event-epoll.c:763
#27 0xb6d91614 in start_thread (arg=0x7da5495d) at pthread_create.c:463


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1790870
[Bug 1790870] Memory corruption when sending events to an IPv6 host
-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Bugs mailing list