Hello,
being a long-term Bacula user, I recently upgraded to version 15.0.2
(from version 12.something before). The configuration is the exact
same as it used to be previously.
Now, I experience bacula-fd crashing consistently at the end of a long
bpipe backup run. Basically, I have these bpipe runs in order to
backup a large system disk image of a virtual machine. (Details: the
virtual machine uses FreeBSD's Bhyve as virtualization environment,
and the volume in question is a raw ZFS volume that provides the main
storage to the VM.)
The backup run itself seems to complete without errors, but the FD
crashes at the end of the run.
The respective config entry for the fileset is:
FileSet {
Name = "Bhyve-W10"
Include {
Options {
signature = SHA1
}
Plugin = "bpipe:/var/bacula/w10.fifo:/usr/local/sbin/send-zfs-snapshot
zjail/bhyve/w10/disk0:/usr/local/sbin/bacula-restore-zvol zjail/bhyve/w10/disk0
%r '%w'"
}
}
"send-zfs-snapshot" does what its name suggests: it creates a ZFS
snapshot on the named volume, and then runs "zfs send" on it, which
eventually pipes out the snapshot to stdout.
The crash appears to be caused by a double free:
root@uriah:/ # lldb /usr/local/sbin/bacula-fd
(lldb) target create "/usr/local/sbin/bacula-fd"
Current executable set to '/usr/local/sbin/bacula-fd' (x86_64).
(lldb) run -f -s
Process 57439 launched: '/usr/local/sbin/bacula-fd' (x86_64)
uriah.heep.sax.de-fd: ABORTING via segfault due to ERROR in smartall.c:201
in-use bit not set: double free from bsys.c:405
22-Jan 06:49 uriah.heep.sax.de-fd: ABORTING via segfault due to ERROR in
smartall.c:201
in-use bit not set: double free from bsys.c:405
Process 57439 stopped
* thread #5, name = 'bacula-fd', stop reason = signal SIGSEGV: address not
mapped to object (fault address: 0x8)
frame #0: 0x00000008245c753e libbac-15.0.2.so`sm_free(char const*, int,
void*) + 286
libbac-15.0.2.so`sm_free:
-> 0x8245c753e <+286>: cmpq %r12, 0x8(%rax)
0x8245c7542 <+290>: je 0x8245c7586 ; <+358>
0x8245c7544 <+292>: leaq 0x3252d(%rip), %rdi ; mutex
0x8245c754b <+299>: callq 0x8245f37d0 ; symbol stub for:
lmgr_v(pthread_mutex**)
(lldb) bt
* thread #5, name = 'bacula-fd', stop reason = signal SIGSEGV: address not
mapped to object (fault address: 0x8)
* frame #0: 0x00000008245c753e libbac-15.0.2.so`sm_free(char const*, int,
void*) + 286
frame #1: 0x0000000831410fdd bpipe-fd.so`freePlugin(bpContext*) + 45
frame #2: 0x00000000002254ca bacula-fd`free_plugins(JCR*) + 138
frame #3: 0x0000000000230217 bacula-fd`filed_free_jcr(JCR*) + 215
frame #4: 0x00000008245a0f2f libbac-15.0.2.so`b_free_jcr(char const*, int,
JCR*) + 1039
frame #5: 0x0000000000230d90 bacula-fd`handle_connection_request(void*) +
2720
frame #6: 0x00000008245d23cc libbac-15.0.2.so`workq_server + 556
frame #7: 0x00000008245db5f8 libbac-15.0.2.so`lmgr_thread_launcher + 88
frame #8: 0x0000000824e039c5
libthr.so.3`thread_start(curthread=0x000000082da44500) at thr_create.c:289:16
For reference, I reported it in the FreeBSD bug tracker as
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284250
--
cheers, Joerg .-.-. --... ...-- -.. . DL8DTL
http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
