bonnie++ crash with increased chunk size

Bug #923987 reported by Brian Candler on 2012-01-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bonnie++ (Ubuntu)
Undecided
Unassigned

Bug Description

Platform: Ubuntu 11.10 x86_64 server, i3 3.4GHz processor, 8GB RAM.

This works fine:

# time bonnie++ -d /data/sdb -s 16384k -n 98:800k:500k:1000 -u root

It uses transfers of 8192 bytes (as shown by strace). I wanted to test using a larger chunk size:

# time bonnie++ -d /data/sdb -s 16384k:32k -n 98:800k:500k:1000:32k -u root

However with these arguments bonnie++ crashes. It seems pretty repeatable here. Equally, it's unlikely to be a hardware fault because running bonnie++ without the 32k chunk size never crashes.

# time bonnie++ -d /data/sdb -s 16384k:32k -n 98:800k:500k:1000:32k -u root
Using uid:0, gid:0.
Writing a byte at a time...done
Writing intelligently...done
Rewriting...done
Reading a byte at a time...done
Reading intelligently...
done
start 'em...done...done...done...done...done...
*** glibc detected *** bonnie++: double free or corruption (out): 0x00000000024430a0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x78a96)[0x7f42a0317a96]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f42a031bd7c]
bonnie++[0x404dd7]
bonnie++[0x402e90]
bonnie++[0x403bb6]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f42a02c030d]
bonnie++[0x402219]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 08:01 3683058 /usr/sbin/bonnie++
0060b000-0060c000 r--p 0000b000 08:01 3683058 /usr/sbin/bonnie++
0060c000-0060d000 rw-p 0000c000 08:01 3683058 /usr/sbin/bonnie++
02438000-02484000 rw-p 00000000 00:00 0 [heap]
7f4298000000-7f4298021000 rw-p 00000000 00:00 0
7f4298021000-7f429c000000 ---p 00000000 00:00 0
7f429d25e000-7f429d25f000 ---p 00000000 00:00 0
7f429d25f000-7f429da5f000 rw-p 00000000 00:00 0
7f429da5f000-7f429da60000 ---p 00000000 00:00 0
7f429da60000-7f429e260000 rw-p 00000000 00:00 0
7f429e260000-7f429e261000 ---p 00000000 00:00 0
7f429e261000-7f429ea61000 rw-p 00000000 00:00 0
7f429ea61000-7f429ea62000 ---p 00000000 00:00 0
7f429ea62000-7f429f262000 rw-p 00000000 00:00 0
7f429f262000-7f429f263000 ---p 00000000 00:00 0
7f429f263000-7f429fa63000 rw-p 00000000 00:00 0
7f429fa63000-7f429fa6f000 r-xp 00000000 08:01 1179679 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f429fa6f000-7f429fc6e000 ---p 0000c000 08:01 1179679 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f429fc6e000-7f429fc6f000 r--p 0000b000 08:01 1179679 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f429fc6f000-7f429fc70000 rw-p 0000c000 08:01 1179679 /lib/x86_64-linux-gnu/libnss_files-2.13.so
7f429fc70000-7f429fc7a000 r-xp 00000000 08:01 1179685 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f429fc7a000-7f429fe7a000 ---p 0000a000 08:01 1179685 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f429fe7a000-7f429fe7b000 r--p 0000a000 08:01 1179685 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f429fe7b000-7f429fe7c000 rw-p 0000b000 08:01 1179685 /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7f429fe7c000-7f429fe93000 r-xp 00000000 08:01 1179674 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f429fe93000-7f42a0092000 ---p 00017000 08:01 1179674 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f42a0092000-7f42a0093000 r--p 00016000 08:01 1179674 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f42a0093000-7f42a0094000 rw-p 00017000 08:01 1179674 /lib/x86_64-linux-gnu/libnsl-2.13.so
7f42a0094000-7f42a0096000 rw-p 00000000 00:00 0
7f42a0096000-7f42a009e000 r-xp 00000000 08:01 1179667 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f42a009e000-7f42a029d000 ---p 00008000 08:01 1179667 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f42a029d000-7f42a029e000 r--p 00007000 08:01 1179667 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f42a029e000-7f42a029f000 rw-p 00008000 08:01 1179667 /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7f42a029f000-7f42a0434000 r-xp 00000000 08:01 1179676 /lib/x86_64-linux-gnu/libc-2.13.so
7f42a0434000-7f42a0633000 ---p 00195000 08:01 1179676 /lib/x86_64-linux-gnu/libc-2.13.so
7f42a0633000-7f42a0637000 r--p 00194000 08:01 1179676 /lib/x86_64-linux-gnu/libc-2.13.so
7f42a0637000-7f42a0638000 rw-p 00198000 08:01 1179676 /lib/x86_64-linux-gnu/libc-2.13.so
7f42a0638000-7f42a063e000 rw-p 00000000 00:00 0
7f42a063e000-7f42a0653000 r-xp 00000000 08:01 1179692 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f42a0653000-7f42a0852000 ---p 00015000 08:01 1179692 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f42a0852000-7f42a0853000 r--p 00014000 08:01 1179692 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f42a0853000-7f42a0854000 rw-p 00015000 08:01 1179692 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f42a0854000-7f42a08d7000 r-xp 00000000 08:01 1179686 /lib/x86_64-linux-gnu/libm-2.13.so
7f42a08d7000-7f42a0ad6000 ---p 00083000 08:01 1179686 /lib/x86_64-linux-gnu/libm-2.13.so
7f42a0ad6000-7f42a0ad7000 r--p 00082000 08:01 1179686 /lib/x86_64-linux-gnu/libm-2.13.so
7f42a0ad7000-7f42a0ad8000 rw-p 00083000 08:01 1179686 /lib/x86_64-linux-gnu/libm-2.13.so
7f42a0ad8000-7f42a0bc0000 r-xp 00000000 08:01 3674840 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f42a0bc0000-7f42a0dc0000 ---p 000e8000 08:01 3674840 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f42a0dc0000-7f42a0dc8000 r--p 000e8000 08:01 3674840 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f42a0dc8000-7f42a0dca000 rw-p 000f0000 08:01 3674840 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16
7f42a0dca000-7f42a0ddf000 rw-p 00000000 00:00 0
7f42a0ddf000-7f42a0df7000 r-xp 00000000 08:01 1179684 /lib/x86_64-linux-gnu/libpthread-2.13.so
7f42a0df7000-7f42a0ff6000 ---p 00018000 08:01 1179684 /lib/x86_64-linux-gnu/libpthread-2.13.so
7f42a0ff6000-7f42a0ff7000 r--p 00017000 08:01 1179684 /lib/x86_64-linux-gnu/libpthread-2.13.so
7f42a0ff7000-7f42a0ff8000 rw-p 00018000 08:01 1179684 /lib/x86_64-linux-gnu/libpthread-2.13.so
7f42a0ff8000-7f42a0ffc000 rw-p 00000000 00:00 0
7f42a0ffc000-7f42a101d000 r-xp 00000000 08:01 1179683 /lib/x86_64-linux-gnu/ld-2.13.so
7f42a1210000-7f42a1215000 rw-p 00000000 00:00 0
7f42a121a000-7f42a121c000 rw-p 00000000 00:00 0
7f42a121c000-7f42a121d000 r--p 00020000 08:01 1179683 /lib/x86_64-linux-gnu/ld-2.13.so
7f42a121d000-7f42a121f000 rw-p 00021000 08:01 1179683 /lib/x86_64-linux-gnu/ld-2.13.so
7ffff2c84000-7ffff2ca5000 rw-p 00000000 00:00 0 [stack]
7ffff2cc1000-7ffff2cc2000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

real 14m38.760s
user 0m0.832s
sys 0m32.670s

Brian Candler (b-candler) wrote :

The bug appears to be here (bonnie++.cpp)

  void set_io_chunk_size(int size)
    { delete m_buf; pa_new(size, m_buf, m_buf_pa); m_io_chunk_size = size; }
  void set_file_chunk_size(int size)
    { delete m_buf; m_buf = new char[__max(size, m_io_chunk_size)]; m_file_chunk_size = size; }

set_file_chunk_size() doesn't respect page alignment, but more importantly it reallocates m_buf whilst leaving m_buf_pa pointing to the old space.

You can work around it by providing the '-n' option before the '-s' option on the command line, and ensuring you use the same chunksize for both -n and -s. e.g.

# time bonnie++ -d /data/sdc -n 98:800k:500k:1000:32k -s 16384k:32k -u root

Or you can use -s0 when using -n with a non-default chunk size.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers