[Bugs] [Bug 1640489] New: Invalid memory read after freed in dht_rmdir_readdirp_cbk

bugzilla at redhat.com bugzilla at redhat.com
Thu Oct 18 08:32:58 UTC 2018 

https://bugzilla.redhat.com/show_bug.cgi?id=1640489

            Bug ID: 1640489
           Summary: Invalid memory read after freed in
                    dht_rmdir_readdirp_cbk
           Product: GlusterFS
           Version: mainline
         Component: distribute
          Assignee: bugs at gluster.org
          Reporter: kinglongmee at gmail.com
                CC: bugs at gluster.org



Description of problem:
valgrind shows,

==7734== Thread 13:
==7734== Invalid read of size 8
==7734==    at 0x15EE4B68: dht_rmdir_readdirp_cbk (dht-common.c:8697)
==7734==    by 0x15C332E2: client3_3_readdirp_cbk (client-rpc-fops.c:2660)
==7734==    by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786)
==7734==    by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977)
==7734==    by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543)
==7734==    by 0x15508220: socket_event_poll_in (socket.c:2541)
==7734==    by 0x15508868: socket_event_handler (socket.c:2690)
==7734==    by 0xA90987E: event_dispatch_epoll_handler (event-epoll.c:587)
==7734==    by 0xA909B8B: event_dispatch_epoll_worker (event-epoll.c:665)
==7734==    by 0x688EDC4: start_thread (in /usr/lib64/libpthread-2.17.so)
==7734==    by 0x71FA73C: clone (in /usr/lib64/libc-2.17.so)
==7734==  Address 0x29aa73a8 is 8 bytes inside a block of size 3,536 free'd
==7734==    at 0x4C28CDD: free (vg_replace_malloc.c:530)
==7734==    by 0xA8CA4B6: __gf_free (mem-pool.c:329)
==7734==    by 0xA8CA9F3: mem_put (mem-pool.c:579)
==7734==    by 0x15E798F4: dht_local_wipe (dht-helper.c:639)
==7734==    by 0x15EE4A4A: dht_rmdir_readdirp_done (dht-common.c:8663)
==7734==    by 0x15EE4C40: dht_rmdir_readdirp_do (dht-common.c:8733)
==7734==    by 0x15EE3A8B: dht_rmdir_cached_lookup_cbk (dht-common.c:8459)
==7734==    by 0x15C350E9: client3_3_lookup_cbk (client-rpc-fops.c:2955)
==7734==    by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786)
==7734==    by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977)
==7734==    by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543)
==7734==    by 0x15508220: socket_event_poll_in (socket.c:2541)
==7734==  Block was alloc'd at
==7734==    at 0x4C27BE3: malloc (vg_replace_malloc.c:299)
==7734==    by 0xA8C95B4: __gf_default_malloc (mem-pool.h:110)
==7734==    by 0xA8C9D5D: __gf_malloc (mem-pool.c:137)
==7734==    by 0xA8CA9D9: mem_get (mem-pool.c:475)
==7734==    by 0xA8CA984: mem_get0 (mem-pool.c:463)
==7734==    by 0x15E7993B: dht_local_init (dht-helper.c:650)
==7734==    by 0x15EE52D9: dht_rmdir_opendir_cbk (dht-common.c:8825)
==7734==    by 0x15C3484F: client3_3_opendir_cbk (client-rpc-fops.c:2859)
==7734==    by 0xAB96524: rpc_clnt_handle_reply (rpc-clnt.c:786)
==7734==    by 0xAB96ABD: rpc_clnt_notify (rpc-clnt.c:977)
==7734==    by 0xAB9275B: rpc_transport_notify (rpc-transport.c:543)
==7734==    by 0x15508220: socket_event_poll_in (socket.c:2541)
==7734==

and some massages at ganesha-gfapi.log
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p25/d5XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/l6XX
found on cached subvol openfs1-client-0
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p18/d0XXXXXXXXXXXXX/ddXXXXXXXXXXXXXXXXXX/d1aX/c1b found on cached
subvol openfs1-client-0
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p10/d32XXXXXXXXX/c33 found on cached subvol openfs1-client-0
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p10/d32XXXXXXXXX/c33 found on cached subvol openfs1-client-0
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p1b/d1X/d14XXXXXXXXXXXXXXXXXXXX/f1dXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
found on cached subvol openfs1-client-1
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p2c/d0XX/d10XXXXXXXXXXXXX/d15XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/d16XXXXX/c19XXXX
found on cached subvol openfs1-client-0
[dht-common.c:8412:dht_rmdir_cached_lookup_cbk] 0-openfs1-dht:
/nfs/tfile/p2c/d0XX/d10XXXXXXXXXXXXX/d15XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/d16XXXXX/c19XXXX
found on cached subvol openfs1-client-0


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list