-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Errors when killing nvmf_tgt #337
Comments
@pawelkax |
I found my logs after killing nvmf_tgt application. |
@pawelkax |
@WenqianZong |
@pawelkax do you have the commit #? |
@wanqunintel No, I don't have any commit. |
@wanqunintel @WenqianZong |
@wanqunintel @WenqianZong |
@pawelkax is there any patch for it |
@wanqunintel No there is no patch for it, This error occurs on master. |
@pawelkax |
@WenqianZong I will check again if this error exists |
I use ubuntu 17.10 and test this issue , it can be reproduced.But I test 10 times , only happened once. Following is log:
|
@WenqianZong Thank you very match for testing this issue. I can reproduce this problem on ubuntu 16.04 every time I try. |
@tomzawadzki @Seth5141 @WenqianZong |
@tomzawadzki @Seth5141 @WenqianZong |
New output when killing nvmf_tgt: ================================================================= 0x61700000c128 is located 40 bytes inside of 680-byte region [0x61700000c100,0x61700000c3a8) previously allocated by thread T0 (reactor_0) here: SUMMARY: AddressSanitizer: heap-use-after-free /root/spdk_nvmf/lib/nvmf/nvmf.c:697 _spdk_nvmf_qpair_destroy |
This patch series fixes the problem, it just isn't fully merged yet: |
@benlwalker I pull patch https://review.gerrithub.io/#/c/spdk/spdk/+/421167/ and verified issue, this issue also can be reproduced.Following is log:
|
I just took a look at what happened. The above bug is actually different than the one originally reported and the patch I linked originally did fix the first bug. An additional bug was introduced as part of another fix and when the patches I linked were rebased this new failure appeared. I've added an additional patch to my series that fixes this new bug. You can get to the code here: https://review.gerrithub.io/#/c/spdk/spdk/+/422134/ We really need to get an automated test into the pool that kills the nvmf target while I/O is outstanding so that we stop introducing new problems. |
@liang2yan @wanqunintel @WenqianZong can you all please write a patch that adds the following test to ensure these issues do not get reintroduced:
|
@WenqianZong will add these case in the autotest. thanks. |
@benlwalker I use latest spdk to test this issue and find new asan log:
test step : |
Hi @WenqianZong - should we file a different issue for the ASAN error? It seems unrelated to the original failure reported by @pawelkax. |
close this one and will raise a new issue |
Expected Behavior
Nvmf_tgt is killed without error
Current Behavior
I got following output:
^C=================================================================
==144090==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600000e620 at pc 0x00000058f40c bp 0x7ffc42648710 sp 0x7ffc42648700
WRITE of size 8 at 0x60600000e620 thread T0 (reactor_0)
#0 0x58f40b in spdk_nvmf_rdma_qpair_destroy /home/pawelkax/newest_spdk/spdk/lib/nvmf/rdma.c:356
#1 0x5a9117 in spdk_nvmf_rdma_close_qpair /home/pawelkax/newest_spdk/spdk/lib/nvmf/rdma.c:1924
#2 0x58e5d3 in spdk_nvmf_transport_qpair_fini /home/pawelkax/newest_spdk/spdk/lib/nvmf/transport.c:172
#3 0x5aee98 in spdk_nvmf_ctrlr_destruct /home/pawelkax/newest_spdk/spdk/lib/nvmf/ctrlr.c:224
#4 0x579515 in spdk_nvmf_subsystem_destroy /home/pawelkax/newest_spdk/spdk/lib/nvmf/subsystem.c:334
#5 0x58350b in spdk_nvmf_tgt_destroy_cb /home/pawelkax/newest_spdk/spdk/lib/nvmf/nvmf.c:224
#6 0x5e45fd in _finish_unregister /home/pawelkax/newest_spdk/spdk/lib/thread/thread.c:358
#7 0x5d0edc in _spdk_reactor_msg_passed /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:215
#8 0x5d0d53 in _spdk_event_queue_run_batch /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:202
#9 0x5d39f5 in _spdk_reactor_run /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:462
#10 0x5d5dcd in spdk_reactors_start /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:633
#11 0x5cdf9f in spdk_app_start /home/pawelkax/newest_spdk/spdk/lib/event/app.c:570
#12 0x4070cd in main /home/pawelkax/newest_spdk/spdk/app/nvmf_tgt/nvmf_main.c:79
#13 0x7ff9729d782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x406d48 in _start (/home/pawelkax/newest_spdk/spdk/app/nvmf_tgt/nvmf_tgt+0x406d48)
0x60600000e620 is located 32 bytes inside of 56-byte region [0x60600000e600,0x60600000e638)
freed by thread T0 (reactor_0) here:
#0 0x7ff974fcf2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x5a7a7d in spdk_nvmf_rdma_poll_group_destroy /home/pawelkax/newest_spdk/spdk/lib/nvmf/rdma.c:1798
#2 0x58dbb1 in spdk_nvmf_transport_poll_group_destroy /home/pawelkax/newest_spdk/spdk/lib/nvmf/transport.c:131
#3 0x581ced in spdk_nvmf_tgt_destroy_poll_group /home/pawelkax/newest_spdk/spdk/lib/nvmf/nvmf.c:138
#4 0x5e632f in _spdk_put_io_channel /home/pawelkax/newest_spdk/spdk/lib/thread/thread.c:494
#5 0x5d0edc in _spdk_reactor_msg_passed /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:215
#6 0x5d0d53 in _spdk_event_queue_run_batch /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:202
#7 0x5d39f5 in _spdk_reactor_run /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:462
#8 0x5d5dcd in spdk_reactors_start /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:633
#9 0x5cdf9f in spdk_app_start /home/pawelkax/newest_spdk/spdk/lib/event/app.c:570
#10 0x4070cd in main /home/pawelkax/newest_spdk/spdk/app/nvmf_tgt/nvmf_main.c:79
#11 0x7ff9729d782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 (reactor_0) here:
#0 0x7ff974fcf79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x5a6e64 in spdk_nvmf_rdma_poll_group_create /home/pawelkax/newest_spdk/spdk/lib/nvmf/rdma.c:1750
#2 0x58d9f4 in spdk_nvmf_transport_poll_group_create /home/pawelkax/newest_spdk/spdk/lib/nvmf/transport.c:122
#3 0x587aa5 in spdk_nvmf_poll_group_add_transport /home/pawelkax/newest_spdk/spdk/lib/nvmf/nvmf.c:696
#4 0x58501e in spdk_nvmf_tgt_listen_add_transport /home/pawelkax/newest_spdk/spdk/lib/nvmf/nvmf.c:416
#5 0x5e73d2 in _call_channel /home/pawelkax/newest_spdk/spdk/lib/thread/thread.c:605
#6 0x5d0edc in _spdk_reactor_msg_passed /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:215
#7 0x5d0d53 in _spdk_event_queue_run_batch /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:202
#8 0x5d39f5 in _spdk_reactor_run /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:462
#9 0x5d5dcd in spdk_reactors_start /home/pawelkax/newest_spdk/spdk/lib/event/reactor.c:633
#10 0x5cdf9f in spdk_app_start /home/pawelkax/newest_spdk/spdk/lib/event/app.c:570
#11 0x4070cd in main /home/pawelkax/newest_spdk/spdk/app/nvmf_tgt/nvmf_main.c:79
#12 0x7ff9729d782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free /home/pawelkax/newest_spdk/spdk/lib/nvmf/rdma.c:356 spdk_nvmf_rdma_qpair_destroy
Shadow bytes around the buggy address:
0x0c0c7fff9c70: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c7fff9c80: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c0c7fff9c90: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
0x0c0c7fff9ca0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c7fff9cb0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
=>0x0c0c7fff9cc0: fd fd fd fd[fd]fd fd fa fa fa fa fa fd fd fd fd
0x0c0c7fff9cd0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c7fff9ce0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0c7fff9cf0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c7fff9d00: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c7fff9d10: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==144090==ABORTING
Possible Solution
None
Steps to Reproduce
and during this command press Ctrl-C.
Context (Environment including OS version, SPDK version, etc.)
Ubuntu 16.04
The text was updated successfully, but these errors were encountered: