Bug 765467 (GLUSTER-3735)

Summary: nfs: invalid reads found via valgrind
Product: [Community] GlusterFS Reporter: Saurabh <saurabh>
Component: nfsAssignee: Krishna Srinivas <krishna>
Severity: medium Docs Contact:
Priority: medium    
Version: pre-releaseCC: gluster-bugs, vijay
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: nfs
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Saurabh 2011-10-18 05:35:24 EDT
[root@RHEL6 ~]# /opt/glusterfs/3.2.4/sbin/gluster volume info

Volume Name: quota_dist_rep
Type: Distributed-Replicate
Status: Started
Number of Bricks: 3 x 2 = 6
Transport-type: tcp
Options Reconfigured:
features.quota: on
[root@RHEL6 ~]# on /export/nfs-test type nfs (rw,vers=3,nolock,addr=

log messages from valgrind

==8770== Memcheck, a memory error detector
==8770== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==8770== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==8770== Command: /opt/glusterfs/3.2.4/sbin/glusterfs -f /etc/glusterd/nfs/nfs-server.vol -p /etc/glusterd/nfs/run/nfs.pid -l /var/log/glusterfs/nfs.log -N
==8770== Parent PID: 8758
==8770== Invalid read of size 4
==8770==    at 0x800EAD8: nfs3_fill_entryp3 (nfs3-helpers.c:779)
==8770==    by 0x800ED9B: nfs3_fill_readdirp3res (nfs3-helpers.c:893)
==8770==    by 0x7FFAD32: nfs3_readdirp_reply (nfs3.c:3962)
==8770==    by 0x7FFC5BA: nfs3svc_readdir_fstat_cbk (nfs3.c:4026)
==8770==    by 0x7FF2495: nfs_fop_fstat_cbk (nfs-fops.c:457)
==8770==    by 0x7DCC6F4: io_stats_fstat_cbk (io-stats.c:1600)
==8770==    by 0x7BB0FB3: qr_fstat_cbk (quick-read.c:1537)
==8770==    by 0x4C3D46B: default_fstat_cbk (defaults.c:240)
==8770==    by 0x779130B: ra_attr_cbk (read-ahead.c:750)
==8770==    by 0x758A848: wb_fstat_cbk (write-behind.c:802)
==8770==    by 0x7372FAF: quota_fstat_cbk (quota.c:2177)
==8770==    by 0x7150584: dht_attr_cbk (dht-common.c:1392)
==8770==  Address 0x9ee8f18 is 152 bytes inside a block of size 154 alloc'd
==8770==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==8770==    by 0x4C55B40: __gf_calloc (mem-pool.h:83)
==8770==    by 0x4C56133: gf_dirent_for_name (gf-dirent.c:59)
==8770==    by 0x7161C45: dht_readdirp_cbk (dht-common.c:3054)
==8770==    by 0x6EEB3B1: afr_readdirp_cbk (afr-dir-read.c:636)
==8770==    by 0x6CC255C: client3_1_readdirp_cbk (client3_1-fops.c:1939)
==8770==    by 0x4E88364: rpc_clnt_handle_reply (rpc-clnt.c:741)
==8770==    by 0x4E885B8: rpc_clnt_notify (rpc-clnt.c:854)
Comment 1 Saurabh 2011-10-18 08:33:29 EDT

Comment 2 Krishna Srinivas 2011-10-30 23:55:01 EDT
Line 779 is:         if (!ent->name) {

Which looks fine. Investigating.

        ent = GF_CALLOC (1, sizeof (*ent), gf_nfs_mt_entryp3);
        if (!ent)
                return NULL;

        ent->fileid = entry->d_ino;
        ent->cookie = entry->d_off;
        ent->name = GF_CALLOC ((strlen (entry->d_name) + 1), sizeof (char),
        if (!ent->name) {
                GF_FREE (ent);
                ent = NULL;
                goto err;
Comment 3 Krishna Srinivas 2011-11-01 06:56:25 EDT

*** This bug has been marked as a duplicate of bug 3730 ***