+++ This bug was initially created as a clone of Bug #1640489 +++ Description of problem: valgrind shows, ==7734== Thread 13: ==7734== Invalid read of size 8 ==7734== at 0x15EE4B68: dht_rmdir_readdirp_cbk (dht-common.c:8697) ==7734== by 0x15C332E2: client3_3_readdirp_cbk (client-rpc-fops.c:2660) ==7734== by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786) ==7734== by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977) ==7734== by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543) ==7734== by 0x15508220: socket_event_poll_in (socket.c:2541) ==7734== by 0x15508868: socket_event_handler (socket.c:2690) ==7734== by 0xA90987E: event_dispatch_epoll_handler (event-epoll.c:587) ==7734== by 0xA909B8B: event_dispatch_epoll_worker (event-epoll.c:665) ==7734== by 0x688EDC4: start_thread (in /usr/lib64/libpthread-2.17.so) ==7734== by 0x71FA73C: clone (in /usr/lib64/libc-2.17.so) ==7734== Address 0x29aa73a8 is 8 bytes inside a block of size 3,536 free'd ==7734== at 0x4C28CDD: free (vg_replace_malloc.c:530) ==7734== by 0xA8CA4B6: __gf_free (mem-pool.c:329) ==7734== by 0xA8CA9F3: mem_put (mem-pool.c:579) ==7734== by 0x15E798F4: dht_local_wipe (dht-helper.c:639) ==7734== by 0x15EE4A4A: dht_rmdir_readdirp_done (dht-common.c:8663) ==7734== by 0x15EE4C40: dht_rmdir_readdirp_do (dht-common.c:8733) ==7734== by 0x15EE3A8B: dht_rmdir_cached_lookup_cbk (dht-common.c:8459) ==7734== by 0x15C350E9: client3_3_lookup_cbk (client-rpc-fops.c:2955) ==7734== by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786) ==7734== by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977) ==7734== by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543) ==7734== by 0x15508220: socket_event_poll_in (socket.c:2541) ==7734== Block was alloc'd at ==7734== at 0x4C27BE3: malloc (vg_replace_malloc.c:299) ==7734== by 0xA8C95B4: __gf_default_malloc (mem-pool.h:110) ==7734== by 0xA8C9D5D: __gf_malloc (mem-pool.c:137) ==7734== by 0xA8CA9D9: mem_get (mem-pool.c:475) ==7734== by 0xA8CA984: mem_get0 (mem-pool.c:463) ==7734== by 0x15E7993B: dht_local_init (dht-helper.c:650) ==7734== by 0x15EE52D9: dht_rmdir_opendir_cbk (dht-common.c:8825) ==7734== by 0x15C3484F: client3_3_opendir_cbk (client-rpc-fops.c:2859) ==7734== by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786) ==7734== by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977) ==7734== by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543) ==7734== by 0x15508220: socket_event_poll_in (socket.c:2541) ==7734== and some massages at ganesha-gfapi.log [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p25/d5XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/l6XX found on cached subvol openfs1-client-0 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p18/d0XXXXXXXXXXXXX/ddXXXXXXXXXXXXXXXXXX/d1aX/c1b found on cached subvol openfs1-client-0 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p10/d32XXXXXXXXX/c33 found on cached subvol openfs1-client-0 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p10/d32XXXXXXXXX/c33 found on cached subvol openfs1-client-0 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p1b/d1X/d14XXXXXXXXXXXXXXXXXXXX/f1dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX found on cached subvol openfs1-client-1 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p2c/d0XX/d10XXXXXXXXXXXXX/d15XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/d16XXXXX/c19XXXX found on cached subvol openfs1-client-0 [dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht: /nfs/tfile/p2c/d0XX/d10XXXXXXXXXXXXX/d15XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/d16XXXXX/c19XXXX found on cached subvol openfs1-client-0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: --- Additional comment from Worker Ant on 2018-10-18 06:25:37 EDT --- REVIEW: https://review.gluster.org/21446 (dht: fix use after free in dht_rmdir_readdirp_cbk) posted (#1) for review on master by Kinglong Mee --- Additional comment from Worker Ant on 2018-11-04 23:24:52 EST --- REVIEW: https://review.gluster.org/21446 (dht: fix use after free in dht_rmdir_readdirp_cbk) posted (#6) for review on master by N Balachandran
Ran the planned test cases in the test plan shared in Comment8 and didn't see any issues on glusterfs version 3.12.2-34 Moving this BZ to Verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0263