[Gluster-devel] glusterfsd crash, fd_ref() after fd_destroy().

Emmanuel Dreyfus manu at netbsd.org
Sun Aug 21 09:37:02 UTC 2011

[2011-08-21 11:15:44.998011] W
[client3_1-fops.c:2213:client3_1_lookup_cbk] 0-gf
s-client-1: gfid changed for
pending frames:

patchset: git://git.gluster.com/glusterfs.git
signal received: 11
time of crash: 2011-08-21 11:15:45
configuration details:
dlfcn 1
fdatasync 1
libpthread 1
llistxattr 1
spinlock 1
extattr.h 1
xattr.h 1
st_atimespec.tv_nsec 1

Program terminated with signal 11, Segmentation fault.
#0  0xbbb65afc in pthread_spin_lock () from /usr/lib/libpthread.so.0
(gdb) bt
#0  0xbbb65afc in pthread_spin_lock () from /usr/lib/libpthread.so.0
#1  0xbbbbf6ff in fd_ref (fd=0xb8c0107c) at fd.c:378
#2  0xbba47e51 in fuse_readdir (this=0xbb95a000, finh=0xbb95d480, 
    msg=0xbb95d4a8) at fuse-bridge.c:2159
#3  0xbba4d166 in fuse_thread_proc (data=0xbb95a000) at
#4  0xbbb6b22b in pthread_setcancelstate () from
#5  0xbbab3d80 in swapcontext () from /usr/lib/libc.so.12
(gdb) frame 1
#1  0xbbbbf6ff in fd_ref (fd=0xb8c0107c) at fd.c:378
378             LOCK (&fd->inode->lock);
(gdb) print fd       
$1 = (fd_t *) 0xb8c0107c
(gdb) print fd->inode
$2 = (struct _inode *) 0xaaaaaaaa

As I understand this is caused by an fd being used after fd_destroy().
It may be related to that change I submited in git, since I run with it:
Change-Id: I74c87bd9a53c0deeef79b93b4a0066e751b17dca
BUG: 2923

Emmanuel Dreyfus
manu at netbsd.org

More information about the Gluster-devel mailing list