Actions
Tasks #72237
closedTasks #63293: Implement fscrypt in libcephfs and cephfs-fuse
SegFault during C_Read_Sync_NonBlocking
% Done:
0%
Reviewed:
Affected Versions:
Component(FS):
Labels (FS):
Pull request ID:
Tags (freeform):
Merge Commit:
Fixed In:
Released In:
Upkeep Timestamp:
Description
During a rmw when client_oc=false and case 2 read (C_Read_Sync_NonBlocking) is hit a seg fault is reached.
Thread 6 "msgr-worker-2" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffecbef6c0 (LWP 2678611)]
0x000055555576a2c8 in FSCryptFDataDenc::decrypt_bl (this=0x7fffbc02bed0, off=15257600, len=len@entry=4096, pos=15257600, holes=std::vector of length 0, capacity 0, bl=bl@entry=0x7fffecbec380) at /sdb/choffman/code/fork/rebase/ceph/src/client/FSCrypt.cc:936
936 if (!has_hole && *(uint64_t *)data_pos == 0) {
Missing separate debuginfos, use: dnf debuginfo-install cyrus-sasl-lib-2.1.28-8.fc37.x86_64 fuse3-libs-3.10.5-5.fc37.x86_64 glibc-2.36-18.fc37.x86_64 keyutils-libs-1.6.1-5.fc37.x86_64 krb5-libs-1.19.2-13.fc37.x86_64 libblkid-2.38.1-1.fc37.x86_64 libbrotli-1.0.9-9.fc37.x86_64 libcap-2.48-5.fc37.x86_64 libcom_err-1.46.5-3.fc37.x86_64 libcurl-7.85.0-12.fc37.x86_64 libevent-2.1.12-7.fc37.x86_64 libgcc-12.3.1-1.fc37.x86_64 libibverbs-41.0-1.fc37.x86_64 libicu-71.1-2.fc37.x86_64 libidn2-2.3.4-1.fc37.x86_64 libnghttp2-1.51.0-2.fc37.x86_64 libnl3-3.7.0-2.fc37.x86_64 libpsl-0.21.1-6.fc37.x86_64 librdmacm-41.0-1.fc37.x86_64 libselinux-3.5-1.fc37.x86_64 libssh-0.10.5-1.fc37.x86_64 libstdc++-12.3.1-1.fc37.x86_64 libunistring-1.0-2.fc37.x86_64 libxcrypt-4.4.36-1.fc37.x86_64 openldap-2.6.6-1.fc37.x86_64 openssl-libs-3.0.9-1.fc37.x86_64 pcre2-10.40-1.fc37.1.x86_64 systemd-libs-251.19-1.fc37.x86_64 thrift-0.14.0-11.fc37.x86_64 zlib-1.2.12-5.fc37.x86_64
(gdb) bt
#0 0x000055555576a2c8 in FSCryptFDataDenc::decrypt_bl (this=0x7fffbc02bed0, off=15257600, len=len@entry=4096, pos=15257600, holes=std::vector of length 0, capacity 0, bl=bl@entry=0x7fffecbec380) at /sdb/choffman/code/fork/rebase/ceph/src/client/FSCrypt.cc:936
#1 0x00005555556c7ca5 in Client::C_Read_Sync_NonBlocking::finish (this=0x7fffbc02be10, r=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/client/Client.cc:11311
#2 0x000055555570d27b in Client::C_Read_Sync_NonBlocking::complete (this=0x7fffbc02be10, r=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/client/Client.h:1484
#3 0x00007ffff7a72638 in Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}::operator()<Context*>(Context*&&) const (arg=@0x7fffecbec650: 0x7fffbc02be10, __closure=0x7fffecbec460) at /sdb/choffman/code/fork/rebase/ceph/src/osdc/Objecter.h:2051
#4 std::__invoke_impl<void, Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}, Context*>(std::__invoke_other, Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, Context*&&) (__f=...) at /usr/include/c++/12/bits/invoke.h:61
#5 std::__invoke<Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}, Context*>(Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, Context*&&) (__fn=...) at /usr/include/c++/12/bits/invoke.h:96
#6 std::__detail::__variant::__gen_vtable_impl<std::__detail::__variant::_Multi_array<std::__detail::__variant::__deduce_visit_result<void> (*)(Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&)>, std::integer_sequence<unsigned long, 2ul> >::__visit_invoke(Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&) (__vars#0=..., __visitor=...)
at /usr/include/c++/12/variant:1031
#7 std::__do_visit<std::__detail::__variant::__deduce_visit_result<void>, Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*> >(Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&) (__visitor=...) at /usr/include/c++/12/variant:1792
#8 0x00007ffff7a7265a in std::visit<Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*> >(Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>)::{lambda(auto:1&&)#1}&&, std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&) (__visitor=...) at /usr/include/c++/12/variant:1853
#9 0x00007ffff7a726ad in Objecter::Op::complete(std::variant<boost::asio::any_completion_handler<void (boost::system::error_code)>, fu2::abi_310::detail::function<fu2::abi_310::detail::config<true, false, 16ul>, fu2::abi_310::detail::property<true, false, void (boost::system::error_code)> >, Context*>&&, boost::system::error_code, int, boost::asio::io_context::basic_executor_type<std::allocator<void>, 0ul>) (f=..., ec=..., r=r@entry=-2, e=...) at /sdb/choffman/code/fork/rebase/ceph/src/osdc/Objecter.h:2048
#10 0x00007ffff7a5052a in Objecter::handle_osd_op_reply (this=this@entry=0x555555abcf80, m=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/osdc/Objecter.cc:3715
#11 0x00007ffff7a50e7d in Objecter::ms_dispatch2 (this=0x555555abcf80, m=...) at /sdb/choffman/code/fork/rebase/ceph/build/boost/include/boost/smart_ptr/intrusive_ptr.hpp:140
#12 0x00007ffff7a5308a in Objecter::ms_fast_dispatch2 (this=<optimized out>, m=...) at /sdb/choffman/code/fork/rebase/ceph/src/osdc/Objecter.h:2734
#13 0x00007ffff77b6b38 in Messenger::ms_fast_dispatch (this=<optimized out>, m=...) at /sdb/choffman/code/fork/rebase/ceph/src/msg/Messenger.h:718
#14 0x00007ffff77b5d4a in DispatchQueue::fast_dispatch (this=0x555555abbb38, m=...) at /sdb/choffman/code/fork/rebase/ceph/src/msg/DispatchQueue.cc:74
#15 0x00007ffff78581dd in DispatchQueue::fast_dispatch (this=<optimized out>, m=m@entry=0x7fffd80087f0) at /sdb/choffman/code/fork/rebase/ceph/src/msg/DispatchQueue.h:203
#16 0x00007ffff7889e5d in ProtocolV2::handle_message (this=this@entry=0x7fffb4025d00) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:1547
#17 0x00007ffff7895b20 in ProtocolV2::handle_read_frame_dispatch (this=this@entry=0x7fffb4025d00) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:1204
#18 0x00007ffff7895c88 in ProtocolV2::_handle_read_frame_epilogue_main (this=this@entry=0x7fffb4025d00) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:1394
#19 0x00007ffff7897316 in ProtocolV2::handle_read_frame_epilogue_main (this=0x7fffb4025d00, buffer=..., r=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:1371
#20 0x00007ffff78973e8 in CtRxNode<ProtocolV2>::call (this=<optimized out>, foo=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/Protocol.h:67
#21 0x00007ffff78861e5 in ProtocolV2::run_continuation (this=0x7fffb4025d00, continuation=...) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:49
#22 0x00007ffff78866a6 in operator() (__closure=0x7fffb40010a0, buffer=<optimized out>, r=0) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/ProtocolV2.cc:816
#23 0x00007ffff78866fe in std::__invoke_impl<void, ProtocolV2::read(CONTINUATION_RXBPTR_TYPE<ProtocolV2>&, rx_buffer_t&&)::<lambda(char*, int)>&, char*, long int> (__f=...) at /usr/include/c++/12/bits/invoke.h:61
#24 std::__invoke_r<void, ProtocolV2::read(CONTINUATION_RXBPTR_TYPE<ProtocolV2>&, rx_buffer_t&&)::<lambda(char*, int)>&, char*, long int> (__fn=...) at /usr/include/c++/12/bits/invoke.h:111
#25 std::_Function_handler<void(char*, long int), ProtocolV2::read(CONTINUATION_RXBPTR_TYPE<ProtocolV2>&, rx_buffer_t&&)::<lambda(char*, int)> >::_M_invoke(const std::_Any_data &, char *&&, long &&) (__functor=..., __args#0=<optimized out>, __args#1=<optimized out>) at /usr/include/c++/12/bits/std_function.h:290
#26 0x00007ffff78586cf in std::function<void (char*, long)>::operator()(char*, long) const (this=this@entry=0x7fffb40010a0, __args#0=<optimized out>, __args#1=<optimized out>, __args#1@entry=0) at /usr/include/c++/12/bits/std_function.h:591
#27 0x00007ffff785677a in AsyncConnection::process (this=0x7fffb4000cd0) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/AsyncConnection.cc:484
#28 0x00007ffff785993d in C_handle_read::do_request (this=<optimized out>, fd_or_id=<optimized out>) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/AsyncConnection.cc:77
#29 0x00007ffff78a2562 in EventCenter::process_events (this=0x555555a06808, timeout_microseconds=<optimized out>, timeout_microseconds@entry=30000000, working_dur=working_dur@entry=0x7fffecbecf38) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/Event.cc:436
#30 0x00007ffff78a78c1 in operator() (__closure=0x555555a945b8) at /sdb/choffman/code/fork/rebase/ceph/src/msg/async/Stack.cc:49
#31 0x00007ffff78a79f6 in std::__invoke_impl<void, NetworkStack::add_thread(Worker*)::<lambda()>&> (__f=...) at /usr/include/c++/12/bits/invoke.h:60
#32 std::__invoke_r<void, NetworkStack::add_thread(Worker*)::<lambda()>&> (__fn=...) at /usr/include/c++/12/bits/invoke.h:111
#33 std::_Function_handler<void(), NetworkStack::add_thread(Worker*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/12/bits/std_function.h:290
#34 0x00007ffff78a7294 in std::function<void ()>::operator()() const (this=<optimized out>) at /usr/include/c++/12/bits/std_function.h:591
#35 0x00007ffff78a72ab in std::__invoke_impl<void, std::function<void ()>>(std::__invoke_other, std::function<void ()>&&) (__f=...) at /usr/include/c++/12/bits/invoke.h:60
#36 std::__invoke<std::function<void ()>>(std::function<void ()>&&) (__fn=...) at /usr/include/c++/12/bits/invoke.h:96
#37 std::thread::_Invoker<std::tuple<std::function<void ()> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) (this=<optimized out>) at /usr/include/c++/12/bits/std_thread.h:279
#38 std::thread::_Invoker<std::tuple<std::function<void ()> > >::operator()() (this=<optimized out>) at /usr/include/c++/12/bits/std_thread.h:286
#39 std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::function<void ()> > > >::_M_run() (this=<optimized out>) at /usr/include/c++/12/bits/std_thread.h:231
#40 0x00007ffff5edbc43 in execute_native_thread_routine () from /lib64/libstdc++.so.6
#41 0x00007ffff5cae19d in start_thread () from /lib64/libc.so.6
#42 0x00007ffff5d2fc60 in clone3 () from /lib64/libc.so.6
Updated by Christopher Hoffman 8 months ago
Author: Christopher Hoffman <choffman@redhat.com>
Date: Wed Jul 23 19:11:31 2025 +0000
client: skip fscrypt decrypt_bl if data bl is empty.
Fixes: https://tracker.ceph.com/issues/72237
Fixes: https://tracker.ceph.com/issues/72192
Signed-off-by: Christopher Hoffman <choffman@redhat.com>
diff --git a/src/client/FSCrypt.cc b/src/client/FSCrypt.cc
index edb38898aff..1e10085d8ee 100644
--- a/src/client/FSCrypt.cc
+++ b/src/client/FSCrypt.cc
@@ -882,6 +882,8 @@ int FSCryptFNameDenc::get_decrypted_symlink(const std::string& b64enc, std::stri
int FSCryptFDataDenc::decrypt_bl(uint64_t off, uint64_t len, uint64_t pos, const std::vector<Segment>& holes, bufferlist *bl)
{
auto data_len = bl->length();
+ if (data_len == 0)
+ return 0;
auto target_end = off + len;
Updated by Christopher Hoffman 8 months ago
- Status changed from In Progress to Resolved
Actions