Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 816163 - [glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_calloc'ed memory
Summary: [glusterfs-3.3.0qa38] - nfs server crashed because free is called on 'gf_call...
Alias: None
Product: GlusterFS
Classification: Community
Component: unclassified
Version: pre-release
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Kaushal
QA Contact:
Depends On:
Blocks: 817967
TreeView+ depends on / blocked
Reported: 2012-04-25 11:47 UTC by M S Vishwanath Bhat
Modified: 2016-06-01 01:56 UTC (History)
3 users (show)

Fixed In Version: glusterfs-3.4.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-07-24 17:53:37 UTC
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:

Attachments (Terms of Use)

Description M S Vishwanath Bhat 2012-04-25 11:47:05 UTC
Description of problem:
gluster nfs server crashed because of free'ing of a gf_calloc'ed memory.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create and start a 2 node distribute volume.
2. Run remove brick start on one of the bricks.
3. Run remove brick status in a while loop continuously. 
Actual results:
gluster nfs server crashed with following bt.

(gdb) bt
#0  0x00000032a6232885 in raise () from /lib64/
#1  0x00000032a6234065 in abort () from /lib64/
#2  0x00000032a626f977 in __libc_message () from /lib64/
#3  0x00000032a6275296 in malloc_printerr () from /lib64/
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
#5  0x0000000000411bcb in glusterfs_handle_rpc_msg (req=0x1e2ed6c) at glusterfsd-mgmt.c:1264
#6  0x00007f16fac0f7a0 in rpcsvc_handle_rpc_call (svc=0x1e2eb70, trans=0x1ebcba0, msg=0x1e43b80) at rpcsvc.c:520
#7  0x00007f16fac0fd66 in rpcsvc_notify (trans=0x1ebcba0, mydata=0x1e2eb70, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpcsvc.c:616
#8  0x00007f16fac197c2 in rpc_transport_notify (this=0x1ebcba0, event=RPC_TRANSPORT_MSG_RECEIVED, data=0x1e43b80) at rpc-transport.c:498
#9  0x00007f16f76a805b in socket_event_poll_in (this=0x1ebcba0) at socket.c:1686
#10 0x00007f16f76a8ab1 in socket_event_handler (fd=14, idx=7, data=0x1ebcba0, poll_in=1, poll_out=0, poll_err=0) at socket.c:1801
#11 0x00007f16faea5f75 in event_dispatch_epoll_handler (event_pool=0x1e29c50, events=0x1e42d40, i=0) at event.c:794
#12 0x00007f16faea632d in event_dispatch_epoll (event_pool=0x1e29c50) at event.c:856
#13 0x00007f16faea698c in event_dispatch (event_pool=0x1e29c50) at event.c:956
#14 0x000000000040b19f in main (argc=11, argv=0x7fffac896a28) at glusterfsd.c:1651
(gdb) fr 4
#4  0x000000000041187c in glusterfs_handle_nfs_profile (req=0x1e2ed6c) at glusterfsd-mgmt.c:1228
1228                    free (rsp.output.output_val);
(gdb) x /12 ((char*)rsp.output.output_val - 12)
0x1ebea44:      -889275714      0       0       268435456
0x1ebea54:      251658240       201326592       926035248       2019650861
0x1ebea64:      1702125932      7955310 875573554       808464430
(gdb) x /12x ((char*)rsp.output.output_val - 12)
0x1ebea44:      0xcafebabe      0x00000000      0x00000000      0x10000000
0x1ebea54:      0x0f000000      0x0c000000      0x37322d30      0x78616d2d
0x1ebea64:      0x6574616c      0x0079636e      0x34303132      0x3030302e

Expected results:
glusterfs server should not crash.

Additional info:

I have archived all the logs and core file.

Comment 1 Anand Avati 2012-04-27 03:24:30 UTC
CHANGE: (glusterfsd: Change a free() to GF_FREE()) merged in master by Vijay Bellur (

Comment 2 M S Vishwanath Bhat 2012-05-11 08:14:30 UTC
with glusterfs-3.3.0qa40, I'm not seeing this crash anymore. Moving it to verified.

Note You need to log in before you can comment on or make changes to this bug.