Project

General

Profile

Actions
Copy link

Bug #68189

closed

ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is empty

Added by Anoop C S over 1 year ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Anoop C S
Category:
Correctness/Safety
Target version:
Ceph - v20.0.0
% Done:

100%

Source:
Development
Backport:
quincy,reef,squid
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v20.0.0
ceph-qa-suite:
Component(FS):
Client
Labels (FS):
Pull request ID:
59936
Tags (freeform):
backport_processed
Merge Commit:
2060e186cb0c17e1e9b26f1e84b6cee3d873a886
Fixed In:
v19.3.0-6512-g2060e186cb
Released In:
v20.2.0~1477
Upkeep Timestamp:
2025-11-01T01:32:22+00:00

Description

Empty pathnames are valid special cases as explained in man fchownat(2) and man statx(2). But corresponding APIs, ceph_chownat() and ceph_statxat(), crashes with the following backtrace:

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007fea2757f6d3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x00007fea27526c4e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fea2750e902 in __GI_abort () at abort.c:79
#4  0x00007fea266dabf0 in std::__glibcxx_assert_fail (file=file@entry=0x7fea27849680 "/usr/include/c++/14/string_view", line=line@entry=256, 
    function=function@entry=0x7fea27849580 "constexpr const std::basic_string_view<_CharT, _Traits>::value_type& std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with _CharT = char; _Traits = std::char_traits<char>; const_r"..., condition=condition@entry=0x7fea27854568 "__pos < this->_M_len") at ../../../../../libstdc++-v3/src/c++11/assert_fail.cc:41
#5  0x00007fea2774f6df in std::basic_string_view<char, std::char_traits<char> >::operator[] (this=<optimized out>, __pos=<optimized out>) at /usr/include/c++/14/string_view:254
#6  std::basic_string_view<char, std::char_traits<char> >::operator[] (this=<synthetic pointer>, __pos=0) at /usr/include/c++/14/string_view:254
#7  filepath::set_path (this=0x7fff29cd1e30, s=...) at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/include/filepath.h:101
#8  filepath::filepath (this=<optimized out>, s=<optimized out>, this=<optimized out>, s=<optimized out>) at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/include/filepath.h:94
#9  0x00007fea277a4764 in Client::chownat (this=0x32794a40, dirfd=10, relpath=0x4020d0 "", new_uid=65534, new_gid=65534, flags=0, perms=...)
    at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/client/Client.cc:8835
#10 0x00007fea2772a0c3 in ceph_chownat (cmount=<optimized out>, dirfd=<optimized out>, relpath=<optimized out>, uid=<optimized out>, gid=<optimized out>, flags=<optimized out>)
    at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/libcephfs.cc:1181
#11 0x00000000004013e1 in main ()

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f6528fc26d3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x00007f6528f69c4e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f6528f51902 in __GI_abort () at abort.c:79
#4  0x00007f65280dabf0 in std::__glibcxx_assert_fail (file=file@entry=0x7f652928c680 "/usr/include/c++/14/string_view", line=line@entry=256, 
    function=function@entry=0x7f652928c580 "constexpr const std::basic_string_view<_CharT, _Traits>::value_type& std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with _CharT = char; _Traits = std::char_traits<char>; const_r"..., condition=condition@entry=0x7f6529297568 "__pos < this->_M_len") at ../../../../../libstdc++-v3/src/c++11/assert_fail.cc:41
#5  0x00007f65291926df in std::basic_string_view<char, std::char_traits<char> >::operator[] (this=<optimized out>, __pos=<optimized out>) at /usr/include/c++/14/string_view:254
#6  std::basic_string_view<char, std::char_traits<char> >::operator[] (this=<synthetic pointer>, __pos=0) at /usr/include/c++/14/string_view:254
#7  filepath::set_path (this=0x7ffe98822e10, s=...) at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/include/filepath.h:101
#8  filepath::filepath (this=<optimized out>, s=<optimized out>, this=<optimized out>, s=<optimized out>) at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/include/filepath.h:94
#9  0x00007f65291fad9e in Client::statxat (this=0x3bd71310, dirfd=10, relpath=0x4020d0 "", stx=0x7ffe98822ee0, perms=..., want=4095, flags=0)
    at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/client/Client.cc:11507
#10 0x00007f652916bd10 in ceph_statxat (cmount=<optimized out>, dirfd=<optimized out>, relpath=<optimized out>, stx=<optimized out>, want=<optimized out>, flags=<optimized out>)
    at /usr/src/debug/ceph-18.2.4-1.fc40.x86_64/src/libcephfs.cc:986
#11 0x0000000000401428 in main ()

See attachment for sample client programs to reproduce the crash.

references:

Files

Download all files
libcephfs-statxat.c (1.49 KB) libcephfs-statxat.c Anoop C S, 09/23/2024 03:45 PM
libcephfs-chownat.c (1.43 KB) libcephfs-chownat.c Anoop C S, 09/23/2024 03:45 PM

Related issues 3 (0 open3 closed)

Copied to CephFS - Backport #69304: quincy: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is emptyRejectedActions
Copied to CephFS - Backport #69305: reef: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is emptyResolvedMilind ChangireActions
Copied to CephFS - Backport #69306: squid: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is emptyResolvedJos CollinActions
Actions
Copy link
 #1

Updated by Anoop C S over 1 year ago

  • Pull request ID set to 59936
Actions
Copy link
 #2

Updated by Anoop C S over 1 year ago

  • Description updated (diff)
  • Target version set to v20.0.0
Actions
Copy link
 #3

Updated by Venky Shankar over 1 year ago

  • Status changed from New to Fix Under Review
  • Assignee set to Anoop C S
  • Backport set to quincy,reef,squid
Actions
Copy link
 #4

Updated by Anoop C S over 1 year ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Anoop C S over 1 year ago

  • Description updated (diff)
Actions
Copy link
 #6

Updated by Milind Changire about 1 year ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #7

Updated by Upkeep Bot about 1 year ago

  • Copied to Backport #69304: quincy: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is empty added
Actions
Copy link
 #8

Updated by Upkeep Bot about 1 year ago

  • Copied to Backport #69305: reef: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is empty added
Actions
Copy link
 #9

Updated by Upkeep Bot about 1 year ago

  • Copied to Backport #69306: squid: ceph_chownat() and ceph_statxat() crashes with SIGABRT when pathname is empty added
Actions
Copy link
 #10

Updated by Upkeep Bot about 1 year ago

  • Tags (freeform) set to backport_processed
Actions
Copy link
 #11

Updated by Upkeep Bot 8 months ago

  • Merge Commit set to 2060e186cb0c17e1e9b26f1e84b6cee3d873a886
  • Fixed In set to v19.3.0-6512-g2060e186cb0
  • Upkeep Timestamp set to 2025-07-08T18:35:12+00:00
Actions
Copy link
 #12

Updated by Upkeep Bot 7 months ago

  • Fixed In changed from v19.3.0-6512-g2060e186cb0 to v19.3.0-6512-g2060e186cb0c
  • Upkeep Timestamp changed from 2025-07-08T18:35:12+00:00 to 2025-07-14T15:45:14+00:00
Actions
Copy link
 #13

Updated by Upkeep Bot 7 months ago

  • Fixed In changed from v19.3.0-6512-g2060e186cb0c to v19.3.0-6512-g2060e186cb
  • Upkeep Timestamp changed from 2025-07-14T15:45:14+00:00 to 2025-07-14T21:09:44+00:00
Actions
Copy link
 #14

Updated by Konstantin Shalygin 5 months ago

  • Status changed from Pending Backport to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #15

Updated by Upkeep Bot 4 months ago

  • Released In set to v20.2.0~1477
  • Upkeep Timestamp changed from 2025-07-14T21:09:44+00:00 to 2025-11-01T01:32:22+00:00
Actions
Copy link

Also available in: Atom PDF