Actions
Bug #23324
closeddelete type mismatch in CephContext teardown
% Done:
0%
Source:
Development
Tags:
Backport:
jewel, luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
I've been hunting some memory corruption in ganesha and ran across this. Seems unlikely to be the cause of the crashes I've been seeing, but is something that should be fixed.
12/03/2018 12:47:49 : epoch 5aa6af2c : tleilax.poochiereds.net : ganesha.nfsd-25903[Admin] pseudo_unmount_export :EXPORT :DEBUG :Unmount /cephfs
12/03/2018 12:47:49 : epoch 5aa6af2c : tleilax.poochiereds.net : ganesha.nfsd-25903[Admin] mdcache_exp_release :FSAL :INFO :Releasing Ceph export 100 for /
=================================================================
==25903==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x611000015580 in thread T311:
object passed to delete has wrong type:
size of the allocated type: 219 bytes;
size of the deallocated type: 128 bytes.
#0 0x7f3a1e15b6d8 in operator delete(void*, unsigned long) (/lib64/libasan.so.4+0xe16d8)
#1 0x7f3a1222e945 in ceph::logging::Log::~Log() (/usr/lib64/ceph/libceph-common.so.0+0x294945)
#2 0x7f3a1222ea28 in ceph::logging::Log::~Log() (/usr/lib64/ceph/libceph-common.so.0+0x294a28)
#3 0x7f3a124027b1 in CephContext::~CephContext() (/usr/lib64/ceph/libceph-common.so.0+0x4687b1)
#4 0x7f3a12402a30 in CephContext::put() (/usr/lib64/ceph/libceph-common.so.0+0x468a30)
#5 0x7f3a02fb9c9a in ceph_shutdown (/lib64/libcephfs.so.2+0x14c9a)
#6 0x7f3a032bdb05 in release /home/jlayton/git/ganesha/src/FSAL/FSAL_CEPH/export.c:75
#7 0x6b5495 in mdcache_exp_release /home/jlayton/git/ganesha/src/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_export.c:187
#8 0x663d8e in free_export_resources /home/jlayton/git/ganesha/src/support/exports.c:2077
#9 0x687ac3 in free_export /home/jlayton/git/ganesha/src/support/export_mgr.c:281
#10 0x68a492 in _put_gsh_export /home/jlayton/git/ganesha/src/support/export_mgr.c:700
#11 0x68b45d in remove_all_exports /home/jlayton/git/ganesha/src/support/export_mgr.c:833
#12 0x48b95b in do_shutdown /home/jlayton/git/ganesha/src/MainNFSD/nfs_admin_thread.c:493
#13 0x48bfa8 in admin_thread /home/jlayton/git/ganesha/src/MainNFSD/nfs_admin_thread.c:533
#14 0x7f3a1c88b61a in start_thread (/lib64/libpthread.so.0+0x761a)
#15 0x7f3a1be02c2e in __GI___clone (/lib64/libc.so.6+0x117c2e)
0x611000015580 is located 0 bytes inside of 219-byte region [0x611000015580,0x61100001565b)
allocated by thread T0 here:
#0 0x7f3a1e15a158 in operator new(unsigned long) (/lib64/libasan.so.4+0xe0158)
#1 0x7f3a1222f3be in ceph::logging::Log::create_entry(int, int, unsigned long*) (/usr/lib64/ceph/libceph-common.so.0+0x2953be)
Thread T311 created by T0 here:
#0 0x7f3a1e0b1a2f in pthread_create (/lib64/libasan.so.4+0x37a2f)
#1 0x47ab89 in nfs_Start_threads /home/jlayton/git/ganesha/src/MainNFSD/nfs_init.c:581
#2 0x47cee9 in nfs_start /home/jlayton/git/ganesha/src/MainNFSD/nfs_init.c:931
#3 0x41fd9c in main /home/jlayton/git/ganesha/src/MainNFSD/nfs_main.c:500
#4 0x7f3a1bd0c009 in __libc_start_main (/lib64/libc.so.6+0x21009)
SUMMARY: AddressSanitizer: new-delete-type-mismatch (/lib64/libasan.so.4+0xe16d8) in operator delete(void*, unsigned long)
==25903==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==25903==ABORTING
Actions