RE: debugging librbd async - valgrind memtest hit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I finally got a valgrind memtest hit... output attached below email. I recompiled all of tapdisk and ceph without any -O options (thought I had already...) and it seems to have done the trick

Basically it looks like an instance of AioRead is being accessed after being free'd. I need some hints on what api behaviour by the tapdisk driver could be causing this to happen in librbd...

thanks

James

==25078== Memcheck, a memory error detector
==25078== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==25078== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==25078== Command: /usr/bin/tapdisk.clean
==25078== Parent PID: 25077
==25078==
==25078==
==25078== HEAP SUMMARY:
==25078==     in use at exit: 6,808 bytes in 7 blocks
==25078==   total heap usage: 7 allocs, 0 frees, 6,808 bytes allocated
==25078==
==25078== For a detailed leak analysis, rerun with: --leak-check=full
==25078==
==25078== For counts of detected and suppressed errors, rerun with: -v
==25078== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
==25081== Warning: noted but unhandled ioctl 0xd0 with no size/direction hints
==25081==    This could cause spurious value errors to appear.
==25081==    See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==25081== Syscall param ioctl(FIBMAP) points to unaddressable byte(s)
==25081==    at 0x75F1AC7: ioctl (syscall-template.S:82)
==25081==    by 0x4088DF: tapdisk_blktap_complete_request (tapdisk-blktap.c:150)
==25081==    by 0x40802C: tapdisk_vbd_kick (tapdisk-vbd.c:1441)
==25081==    by 0x40E684: tapdisk_server_iterate (tapdisk-server.c:211)
==25081==    by 0x40E864: tapdisk_server_run (tapdisk-server.c:334)
==25081==    by 0x4039BF: main (tapdisk2.c:150)
==25081==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==25081==
==25081== Invalid read of size 8
==25081==    at 0x7044DB6: librbd::AioRead::send() (AioRequest.cc:106)
==25081==    by 0x7076EDE: librbd::aio_read(librbd::ImageCtx*, std::vector<std::pair<unsigned long, unsigned long>, std::allocator<std::pair<unsigned long, unsigned long> > > const&, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3096)
==25081==    by 0x7076330: librbd::aio_read(librbd::ImageCtx*, unsigned long, unsigned long, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3032)
==25081==    by 0x703EF75: rbd_aio_read (librbd.cc:1117)
==25081==    by 0x41FDA4: tdrbd_submit_request (block-rbd.c:540)
==25081==    by 0x42004A: tdrbd_queue_request (block-rbd.c:659)
==25081==    by 0x40602A: tapdisk_vbd_issue_request (tapdisk-vbd.c:1244)
==25081==    by 0x4062FA: tapdisk_vbd_issue_new_requests (tapdisk-vbd.c:1340)
==25081==    by 0x407C27: tapdisk_vbd_issue_requests (tapdisk-vbd.c:1403)
==25081==    by 0x407DBA: tapdisk_vbd_check_state (tapdisk-vbd.c:891)
==25081==    by 0x40E62C: tapdisk_server_iterate (tapdisk-server.c:220)
==25081==    by 0x40E864: tapdisk_server_run (tapdisk-server.c:334)
==25081==  Address 0xfe79b38 is 8 bytes inside a block of size 248 free'd
==25081==    at 0x4C279DC: operator delete(void*) (vg_replace_malloc.c:457)
==25081==    by 0x7046859: librbd::AioRead::~AioRead() (AioRequest.h:74)
==25081==    by 0x70426E6: librbd::AioRequest::complete(int) (AioRequest.h:41)
==25081==    by 0x7074323: librbd::rados_req_cb(void*, void*) (internal.cc:2751)
==25081==    by 0x5FD191A: librados::C_AioComplete::finish(int) (AioCompletionImpl.h:181)
==25081==    by 0x5F907E0: Context::complete(int) (Context.h:42)
==25081==    by 0x6066CEF: Finisher::finisher_thread_entry() (Finisher.cc:56)
==25081==    by 0x5FB81D3: Finisher::FinisherThread::entry() (Finisher.h:46)
==25081==    by 0x62C89E0: Thread::_entry_func(void*) (Thread.cc:41)
==25081==    by 0x7308B4F: start_thread (pthread_create.c:304)
==25081==    by 0x75F8A7C: clone (clone.S:112)
==25081==
==25081== Invalid read of size 8
==25081==    at 0x7044DBA: librbd::AioRead::send() (AioRequest.cc:106)
==25081==    by 0x7076EDE: librbd::aio_read(librbd::ImageCtx*, std::vector<std::pair<unsigned long, unsigned long>, std::allocator<std::pair<unsigned long, unsigned long> > > const&, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3096)
==25081==    by 0x7076330: librbd::aio_read(librbd::ImageCtx*, unsigned long, unsigned long, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3032)
==25081==    by 0x703EF75: rbd_aio_read (librbd.cc:1117)
==25081==    by 0x41FDA4: tdrbd_submit_request (block-rbd.c:540)
==25081==    by 0x42004A: tdrbd_queue_request (block-rbd.c:659)
==25081==    by 0x40602A: tapdisk_vbd_issue_request (tapdisk-vbd.c:1244)
==25081==    by 0x4062FA: tapdisk_vbd_issue_new_requests (tapdisk-vbd.c:1340)
==25081==    by 0x407C27: tapdisk_vbd_issue_requests (tapdisk-vbd.c:1403)
==25081==    by 0x407DBA: tapdisk_vbd_check_state (tapdisk-vbd.c:891)
==25081==    by 0x40E62C: tapdisk_server_iterate (tapdisk-server.c:220)
==25081==    by 0x40E864: tapdisk_server_run (tapdisk-server.c:334)
==25081==  Address 0x5555555555555555 is not stack'd, malloc'd or (recently) free'd
==25081==
==25081==
==25081== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==25081==  General Protection Fault
==25081==    at 0x7044DBA: librbd::AioRead::send() (AioRequest.cc:106)
==25081==    by 0x7076EDE: librbd::aio_read(librbd::ImageCtx*, std::vector<std::pair<unsigned long, unsigned long>, std::allocator<std::pair<unsigned long, unsigned long> > > const&, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3096)
==25081==    by 0x7076330: librbd::aio_read(librbd::ImageCtx*, unsigned long, unsigned long, char*, ceph::buffer::list*, librbd::AioCompletion*) (internal.cc:3032)
==25081==    by 0x703EF75: rbd_aio_read (librbd.cc:1117)
==25081==    by 0x41FDA4: tdrbd_submit_request (block-rbd.c:540)
==25081==    by 0x42004A: tdrbd_queue_request (block-rbd.c:659)
==25081==    by 0x40602A: tapdisk_vbd_issue_request (tapdisk-vbd.c:1244)
==25081==    by 0x4062FA: tapdisk_vbd_issue_new_requests (tapdisk-vbd.c:1340)
==25081==    by 0x407C27: tapdisk_vbd_issue_requests (tapdisk-vbd.c:1403)
==25081==    by 0x407DBA: tapdisk_vbd_check_state (tapdisk-vbd.c:891)
==25081==    by 0x40E62C: tapdisk_server_iterate (tapdisk-server.c:220)
==25081==    by 0x40E864: tapdisk_server_run (tapdisk-server.c:334)
==25081==
==25081== HEAP SUMMARY:
==25081==     in use at exit: 1,356,131 bytes in 2,964 blocks
==25081==   total heap usage: 182,178 allocs, 179,214 frees, 37,367,183 bytes allocated
==25081==
==25081== For a detailed leak analysis, rerun with: --leak-check=full
==25081==
==25081== For counts of detected and suppressed errors, rerun with: -v
==25081== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 13 from 7)
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [CEPH Users]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux