Crash in ostream <<operator

Dimitry Andric dimitry at andric.com
Tue Mar 15 18:52:36 UTC 2016 

On 15 Mar 2016, at 12:41, Willem Jan Withagen <wjw at digiware.nl> wrote:
> 
> While running Ceph tools I get a crash in
> fr 10
> #10 0x00000000016d82ca in FileStore::omap_get_values(coll_t const&, ghobject_t const&, std::__1::set<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, ceph::buffer::list, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, ceph::buffer::list> > >*) ()
> (gdb) l
> 95      int preload_erasure_code()
> 96      {
> 97        string plugins = g_conf->osd_erasure_code_plugins;
> 98        stringstream ss;
> 99        int r = ErasureCodePluginRegistry::instance().preload(
> 100         plugins,
> 101         g_conf->erasure_code_dir,
> 102         &ss);
> 103       if (r)
> 104         derr << ss.str() << dendl;
> (gdb)
> 105       else
> 106         dout(10) << ss.str() << dendl;
> 107       return r;
> 108     }
> 109
> 
> All of this seems to be inlined since I'm not able to get at ss or r
> 
> 
> #8  0x0000000000e16145 in std::__1::char_traits<char>::length (__s=0x0) at /usr/include/c++/v1/string:640
> 640         static inline size_t length(const char_type* __s) {return strlen(__s);}

What happened here is that something attempted to initialize a
std::string with a NULL pointer, and that isn't allowed.  As you saw in
the debugger, the constructor just runs strlen() on the incoming string,
and that will segfault.


> Looking at the strlen implementation in
>    /usr/srcs/head/src/lib/libc/string/strlen.c
> 
> shows that strlen does not take 0x0 as pointer, so when we get here with __s = 0x0 all is lost.
> So I tried running it through 3.7, but since this is in the libraries with the bintools/os, I'd expect
> both versions to crash on this.
> 
> Now the question I have to solve:
> 	is it the compiler/toolset/libraries
> 	is it a bug in the ceph code.

Most likely a bug in the Ceph code.  Try figuring out where the NULL
pointer originally came from.

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-toolchain/attachments/20160315/e25868e1/attachment.sig>

More information about the freebsd-toolchain mailing list