Bug 816163 - [glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_calloc'ed memory
Summary: [glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_call...
Alias: None
Product: GlusterFS
Classification: Community
Component: unclassified
Version: pre-release
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Kaushal
QA Contact:
Depends On:
Blocks: 817967
TreeView+ depends on / blocked
Reported: 2012-04-25 11:47 UTC by M S Vishwanath Bhat
Modified: 2016-06-01 01:56 UTC (History)
3 users (show)

Fixed In Version: glusterfs-3.4.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-07-24 17:53:37 UTC
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:

Attachments (Terms of Use)

Description M S Vishwanath Bhat 2012-04-25 11:47:05 UTC
Description of problem:
gluster nfs server crashed because of free'ing of a gf_calloc'ed memory.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create and start a 2 node distribute volume.
2. Run remove brick start on one of the bricks.
3. Run remove brick status in a while loop continuously. 
Actual results:
gluster nfs server crashed with following bt.

(gdb) bt
#0  0x00000032a6232885 in raise () from /lib64/libc.so.6
#1  0x00000032a6234065 in abort () from /lib64/libc.so.6
#2  0x00000032a626f977 in __libc_message () from /lib64/libc.so.6
#3  0x00000032a6275296 in malloc_printerr () from /lib64/libc.so.6
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
#5  0x0000000000411bcb in glusterfs_handle_rpc_msg (req=0x1e2ed6c) at glusterfsd-mgmt.c:1264
#6  0x00007f16fac0f7a0 in rpcsvc_handle_rpc_call (svc=0x1e2eb70, trans=0x1ebcba0, msg=0x1e43b80) at rpcsvc.c:520
#7  0x00007f16fac0fd66 in rpcsvc_notify (trans=0x1ebcba0, mydata=0x1e2eb70, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpcsvc.c:616
#8  0x00007f16fac197c2 in rpc_transport_notify (this=0x1ebcba0, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpc-transport.c:498
#9  0x00007f16f76a805b in socket_event_poll_in (this=0x1ebcba0) at socket.c:1686
#10 0x00007f16f76a8ab1 in socket_event_handler (fd=14, idx=7, data=0x1ebcba0, poll_in=1, poll_out=0, poll_err=0) at socket.c:1801
#11 0x00007f16faea5f75 in event_dispatch_epoll_handler (event_pool=0x1e29c50, events=0x1e42d40, i=0) at event.c:794
#12 0x00007f16faea632d in event_dispatch_epoll (event_pool=0x1e29c50) at event.c:856
#13 0x00007f16faea698c in event_dispatch (event_pool=0x1e29c50) at event.c:956
#14 0x000000000040b19f in main (argc=11, argv=0x7fffac896a28) at glusterfsd.c:1651
(gdb) fr 4
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
1228                    free (rsp.output.output_val);
(gdb) x /12 ((char*)rsp.output.output_val - 12)
0x1ebea44:      -889275714      0       0       268435456
0x1ebea54:      251658240       201326592       926035248       2019650861
0x1ebea64:      1702125932      7955310 875573554       808464430
(gdb) x /12x ((char*)rsp.output.output_val - 12)
0x1ebea44:      0xcafebabe      0x00000000      0x00000000      0x10000000
0x1ebea54:      0x0f000000      0x0c000000      0x37322d30      0x78616d2d
0x1ebea64:      0x6574616c      0x0079636e      0x34303132      0x3030302e

Expected results:
glusterfs server should not crash.

Additional info:

I have archived all the logs and core file.

Comment 1 Anand Avati 2012-04-27 03:24:30 UTC
CHANGE: http://review.gluster.com/3231 (glusterfsd: Change a free() to GF_FREE()) merged in master by Vijay Bellur (vijay@gluster.com)

Comment 2 M S Vishwanath Bhat 2012-05-11 08:14:30 UTC
with glusterfs-3.3.0qa40, I'm not seeing this crash anymore. Moving it to verified.

Note You need to log in before you can comment on or make changes to this bug.