[Bugs] [Bug 1479263] New: nfs process crashed in "nfs3_getattr"

bugzilla at redhat.com bugzilla at redhat.com
Tue Aug 8 08:34:30 UTC 2017


https://bugzilla.redhat.com/show_bug.cgi?id=1479263

            Bug ID: 1479263
           Summary: nfs process crashed in "nfs3_getattr"
           Product: GlusterFS
           Version: 3.12
         Component: nfs
          Keywords: Triaged
          Severity: medium
          Assignee: ndevos at redhat.com
          Reporter: ndevos at redhat.com
                CC: bugs at gluster.org, jthottan at redhat.com,
                    msaini at redhat.com, ndevos at redhat.com,
                    rallan at redhat.com, skoduri at redhat.com
            Blocks: 1479030



+++ This bug was initially created as a clone of Bug #1479030 +++

+++ This bug was initially created as a clone of Bug #1476871 +++

Description:
============

add missing NULL check in nfs3_call_state_wipe() 

(gdb) bt
#0  0x00007ff1cfea9205 in _gf_ref_put (ref=ref at entry=0x0) at refcount.c:36
#1  0x00007ff1c1997455 in nfs3_call_state_wipe (cs=cs at entry=0x0) at nfs3.c:559
#2  0x00007ff1c1998931 in nfs3_getattr (req=req at entry=0x7ff1bc0b26d0,
fh=fh at entry=0x7ff1c2f76ae0) at nfs3.c:962
#3  0x00007ff1c1998c8a in nfs3svc_getattr (req=0x7ff1bc0b26d0) at nfs3.c:987
#4  0x00007ff1cfbfd8c5 in rpcsvc_handle_rpc_call (svc=0x7ff1bc03e500,
trans=trans at entry=0x7ff1bc0c8020, msg=<optimized out>) at rpcsvc.c:695
#5  0x00007ff1cfbfdaab in rpcsvc_notify (trans=0x7ff1bc0c8020,
mydata=<optimized out>, event=<optimized out>, data=<optimized out>) at
rpcsvc.c:789
#6  0x00007ff1cfbff9e3 in rpc_transport_notify (this=this at entry=0x7ff1bc0c8020,
event=event at entry=RPC_TRANSPORT_MSG_RECEIVED, data=data at entry=0x7ff1bc0038d0)
    at rpc-transport.c:538
#7  0x00007ff1c4a2e3d6 in socket_event_poll_in (this=this at entry=0x7ff1bc0c8020,
notify_handled=<optimized out>) at socket.c:2306
#8  0x00007ff1c4a3097c in socket_event_handler (fd=21, idx=9, gen=19,
data=0x7ff1bc0c8020, poll_in=1, poll_out=0, poll_err=0) at socket.c:2458
#9  0x00007ff1cfe950f6 in event_dispatch_epoll_handler (event=0x7ff1c2f76e80,
event_pool=0x5618154d5ee0) at event-epoll.c:572
#10 event_dispatch_epoll_worker (data=0x56181551cbd0) at event-epoll.c:648
#11 0x00007ff1cec99e25 in start_thread () from /lib64/libpthread.so.0
#12 0x00007ff1ce56634d in clone () from /lib64/libc.so.6
(gdb) 


Version:
========
mainline


How to reproduce:
=================
[Unknown] Hit above crash multiple times

--- Additional comment from Worker Ant on 2017-08-07 20:48:38 CEST ---

REVIEW: https://review.gluster.org/17989 (nfs : add NULL check for call state
in nfs3_call_state_wipe) posted (#1) for review on master by jiffin tony
Thottan (jthottan at redhat.com)

--- Additional comment from Worker Ant on 2017-08-07 20:57:32 CEST ---

REVIEW: https://review.gluster.org/17989 (nfs : add NULL check for call state
in nfs3_call_state_wipe) posted (#2) for review on master by jiffin tony
Thottan (jthottan at redhat.com)

--- Additional comment from Worker Ant on 2017-08-08 10:31:02 CEST ---

COMMIT: https://review.gluster.org/17989 committed in master by Niels de Vos
(ndevos at redhat.com) 
------
commit 111d6bda9259126b0429113c9b8ba479958a4398
Author: Jiffin Tony Thottan <jthottan at redhat.com>
Date:   Mon Aug 7 23:47:00 2017 +0530

    nfs : add NULL check for call state in nfs3_call_state_wipe

    Refcounting added for nfs call state in https://review.gluster.org/17696.
    This is based on assumption that call state won't NULL when it is freed.
    But currently gluster nfs server is crashing in different scenarios at
    nfs3_getattr() with following bt

    #0  0x00007ff1cfea9205 in _gf_ref_put (ref=ref at entry=0x0) at refcount.c:36
    #1  0x00007ff1c1997455 in nfs3_call_state_wipe (cs=cs at entry=0x0) at
nfs3.c:559
    #2  0x00007ff1c1998931 in nfs3_getattr (req=req at entry=0x7ff1bc0b26d0,
fh=fh at entry=0x7ff1c2f76ae0) at nfs3.c:962
    #3  0x00007ff1c1998c8a in nfs3svc_getattr (req=0x7ff1bc0b26d0) at
nfs3.c:987
    #4  0x00007ff1cfbfd8c5 in rpcsvc_handle_rpc_call (svc=0x7ff1bc03e500,
trans=trans at entry=0x7ff1bc0c8020, msg=<optimized out>) at rpcsvc.c:695
    #5  0x00007ff1cfbfdaab in rpcsvc_notify (trans=0x7ff1bc0c8020,
mydata=<optimized out>, event=<optimized out>, data=<optimized out>) at
rpcsvc.c:789
    #6  0x00007ff1cfbff9e3 in rpc_transport_notify
(this=this at entry=0x7ff1bc0c8020, event=event at entry=RPC_TRANSPORT_MSG_RECEIVED,
data=data at entry=0x7ff1bc0038d0)
        at rpc-transport.c:538
    #7  0x00007ff1c4a2e3d6 in socket_event_poll_in
(this=this at entry=0x7ff1bc0c8020, notify_handled=<optimized out>) at
socket.c:2306
    #8  0x00007ff1c4a3097c in socket_event_handler (fd=21, idx=9, gen=19,
data=0x7ff1bc0c8020, poll_in=1, poll_out=0, poll_err=0) at socket.c:2458
    #9  0x00007ff1cfe950f6 in event_dispatch_epoll_handler
(event=0x7ff1c2f76e80, event_pool=0x5618154d5ee0) at event-epoll.c:572
    #10 event_dispatch_epoll_worker (data=0x56181551cbd0) at event-epoll.c:648
    #11 0x00007ff1cec99e25 in start_thread () from /lib64/libpthread.so.0
    #12 0x00007ff1ce56634d in clone () from /lib64/libc.so.6

    This patch add previous NULL check move from __nfs3_call_state_wipe() to
nfs3_call_state_wipe()

    Change-Id: I2d73632f4be23f14d8467be3d908b09b3a2d87ea
    BUG: 1479030
    Signed-off-by: Jiffin Tony Thottan <jthottan at redhat.com>
    Reviewed-on: https://review.gluster.org/17989
    Smoke: Gluster Build System <jenkins at build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins at build.gluster.org>
    Reviewed-by: Niels de Vos <ndevos at redhat.com>


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1479030
[Bug 1479030] nfs process crashed in "nfs3_getattr"
-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=K4rqZ95XK6&a=cc_unsubscribe


More information about the Bugs mailing list