Bug 816163 - [glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_calloc'ed memory
[glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_call...
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: unclassified (Show other bugs)
pre-release
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Kaushal
:
Depends On:
Blocks: 817967
  Show dependency treegraph
 
Reported: 2012-04-25 07:47 EDT by M S Vishwanath Bhat
Modified: 2013-07-24 13:53 EDT (History)
2 users (show)

See Also:
Fixed In Version: glusterfs-3.4.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-24 13:53:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description M S Vishwanath Bhat 2012-04-25 07:47:05 EDT
Description of problem:
gluster nfs server crashed because of free'ing of a gf_calloc'ed memory.

Version-Release number of selected component (if applicable):
glusterfs-3.3.0qa38

How reproducible:
1/1

Steps to Reproduce:
1. Create and start a 2 node distribute volume.
2. Run remove brick start on one of the bricks.
3. Run remove brick status in a while loop continuously. 
  
Actual results:
gluster nfs server crashed with following bt.

(gdb) bt
#0  0x00000032a6232885 in raise () from /lib64/libc.so.6
#1  0x00000032a6234065 in abort () from /lib64/libc.so.6
#2  0x00000032a626f977 in __libc_message () from /lib64/libc.so.6
#3  0x00000032a6275296 in malloc_printerr () from /lib64/libc.so.6
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
#5  0x0000000000411bcb in glusterfs_handle_rpc_msg (req=0x1e2ed6c) at glusterfsd-mgmt.c:1264
#6  0x00007f16fac0f7a0 in rpcsvc_handle_rpc_call (svc=0x1e2eb70, trans=0x1ebcba0, msg=0x1e43b80) at rpcsvc.c:520
#7  0x00007f16fac0fd66 in rpcsvc_notify (trans=0x1ebcba0, mydata=0x1e2eb70, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpcsvc.c:616
#8  0x00007f16fac197c2 in rpc_transport_notify (this=0x1ebcba0, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpc-transport.c:498
#9  0x00007f16f76a805b in socket_event_poll_in (this=0x1ebcba0) at socket.c:1686
#10 0x00007f16f76a8ab1 in socket_event_handler (fd=14, idx=7, data=0x1ebcba0, poll_in=1, poll_out=0, poll_err=0) at socket.c:1801
#11 0x00007f16faea5f75 in event_dispatch_epoll_handler (event_pool=0x1e29c50, events=0x1e42d40, i=0) at event.c:794
#12 0x00007f16faea632d in event_dispatch_epoll (event_pool=0x1e29c50) at event.c:856
#13 0x00007f16faea698c in event_dispatch (event_pool=0x1e29c50) at event.c:956
#14 0x000000000040b19f in main (argc=11, argv=0x7fffac896a28) at glusterfsd.c:1651
(gdb) fr 4
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
1228                    free (rsp.output.output_val);
(gdb) x /12 ((char*)rsp.output.output_val - 12)
0x1ebea44:      -889275714      0       0       268435456
0x1ebea54:      251658240       201326592       926035248       2019650861
0x1ebea64:      1702125932      7955310 875573554       808464430
(gdb) x /12x ((char*)rsp.output.output_val - 12)
0x1ebea44:      0xcafebabe      0x00000000      0x00000000      0x10000000
0x1ebea54:      0x0f000000      0x0c000000      0x37322d30      0x78616d2d
0x1ebea64:      0x6574616c      0x0079636e      0x34303132      0x3030302e


Expected results:
glusterfs server should not crash.

Additional info:

I have archived all the logs and core file.
Comment 1 Anand Avati 2012-04-26 23:24:30 EDT
CHANGE: http://review.gluster.com/3231 (glusterfsd: Change a free() to GF_FREE()) merged in master by Vijay Bellur (vijay@gluster.com)
Comment 2 M S Vishwanath Bhat 2012-05-11 04:14:30 EDT
with glusterfs-3.3.0qa40, I'm not seeing this crash anymore. Moving it to verified.

Note You need to log in before you can comment on or make changes to this bug.