sreadahead crashed with SIGSEGV in __pause_nocancel()

StacktraceTop:__pause_nocancel () from /lib/libpthread.so.0
main (argc=3, argv=<value optimized out>)

I did a debug run with ddd.
The segfault happens in get_ra_blocks() at the code snippet:

  for (i = 0; i <= statbuf.st_size; i += 4096) {
----> if (mincorebuf[i / 4096])
                        there++;
                else
                        notthere++;
                if (phase == 1 && !mincorebuf[i / 4096]) {
                        phase = 0;
                        if (i > statbuf.st_size)
                                i = statbuf.st_size + 1;
                        record[rcount].offset = start;
                        record[rcount].len = i - 1 - start;
                        rcount++;
                        if (rcount >= 4000) rcount = 4000;
                } else if (phase == 0 && mincorebuf[i / 4096]) {
                        phase = 1;
                        start = i;
                }
        }

Should this be marked fixed? I am nolonger seeing this in the latest images.

okay close the issue ... /p

On Wed, 2009-10-07 at 22:48 +0000, sheldonross wrote:
> Should this be marked fixed? I am nolonger seeing this in the latest
> images.
>

Fixed?
I still have this bug on the last image 2.6.31-12-generic #41-Ubuntu SMP Wed Oct 7 19:37:12 UTC 2009 x86_64 GNU/Linux

sreadahead crashed with SIGSEGV in __pause_nocancel()
dmesg:
[ 78.676125] sreadahead[456]: segfault at 7f428a236010 ip 0000000000401f3b sp 00007fff9be6a430 error 4 in sreadahead[400000+3000]

Same as Michele Mordenti here:

linux-image-2.6.31-12-generic 2.6.31-12.41
sreadahead 1.0-4

Reboot shortly after running pkgsync, so had the newest packages no.archive.ubuntu.com had to offer:

Oct 8 08:51:23 ov kernel: [ 73.555208] sreadahead[595]: segfault at 7fabdb5f3010 ip 0000000000401f3b sp 00007ffff378e070 error 4 in sreadahead[400000+3000]

Encrypted root filesystem and ext4 converted from ext3, if any of that is at all relevant :)

Same as Øystein Viggen here.

My root filesystem has also been converted from ext3

Don't think it has to do with conversion to ext4. I'm still running ext3 and I'm affected too.

The bug is pretty straightforward to reproduce. It looks like an integer overflow which will be triggered by files longer than 2GB:

Reading symbols from /sbin/sreadahead...Reading symbols from /usr/lib/debug/sbin/sreadahead...done.
(no debugging symbols found)...done.
(gdb) r -t1 -d --no-fork
Starting program: /sbin/sreadahead -t1 -d --no-fork
[Thread debugging using libthread_db enabled]
Trace contained 33438 records
/etc/ld.so.cache: 1 fragment(s), 120kb, 100.0%
[...]
/etc/libvirt/storage/default.xml: 1 fragment(s), 1kb, 100.0%

Program received signal SIGSEGV, Segmentation fault.
0x0000000000401f3b in get_blocks (signal=<value optimized out>)
    at sreadahead.c:315
warning: Source file is more recent than executable.
315 if (mincorebuf[i / 4096])
(gdb) print mincorebuf
$1 = <value optimized out>
(gdb) print i
$2 = -2147483648
[...]
(gdb) print statbuf.st_size
$6 = 4294967296
(gdb) print r->filename
$7 = "/var/lib/libvirt/images/uec-cc.img", '\000' <repeats 93 times>

This bug was fixed in the package sreadahead - 1.0-5

---------------
sreadahead (1.0-5) karmic; urgency=low

  * Use off_t instead of int for the index used relative to statbuf.st_size
    (which is off_t), to prevent an overflow on files >2GB (LP: #414597)

 -- Matt Zimmerman <email address hidden> Sat, 10 Oct 2009 12:19:26 +0100

FYI: 1.0-5 still crashes every reboot in karmic

@Thomas, it's quite possible that there is more than one bug here. If I marked your bug as a duplicate in error, please unmark it and we will deal with it separately. If you haven't filed a bug at all yet, please file it separately.