+++ This bug was initially created as a clone of Bug #1263084 +++
Description of problem:
Ganesha daemon crashes due to passage of invalid fd in glfs_close(), more specifically it crash on __GLFS_ENTRY_VALIDATE_FD Macro.
Version-Release number of selected component (if applicable):
glusterfs-3.8-devel
nfs-ganesha-2.3-rc-1
How reproducible:
50%
Steps to Reproduce:
It is just a one method to produce the issue.
1.Create a volume and set quota limit for that volume
2.Export volume via ganesha (with acls enabled, not sure about other case)
3.Mount the volume using nfsv4
4.Perform I/O's on the mount until quota limit exceeds
5.Remove all the files from the mount (rm -rf on the mount)
Actual results:
Ganesha daemon crashes
Expected results:
Ganesha daemon should not crash
Additional info:
Backtrace of coredump
#0 0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218
218 __GLFS_ENTRY_VALIDATE_FD (glfd, invalid_fs);
Missing separate debuginfos, use: dnf debuginfo-install pcre-8.37-3.fc22.x86_64
(gdb) bt
#0 0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218
#1 0x00007fd5942f60e0 in file_close (obj_hdl=0x7fd5341be488) at /root/nfs-ganesha/src/FSAL/FSAL_GLUSTER/handle.c:1329
#2 0x00000000004ea71e in cache_inode_close (entry=0x7fd53420d230, flags=128) at /root/nfs-ganesha/src/cache_inode/cache_inode_open_close.c:305
#3 0x00000000004d8731 in cache_inode_remove (entry=0x7fd5500c0d70, name=0x7fd544069d80 "file_661") at /root/nfs-ganesha/src/cache_inode/cache_inode_remove.c:135
#4 0x0000000000478465 in nfs4_op_remove (op=0x7fd55c00ae00, data=0x7fd56ef8ae40, resp=0x7fd54418e110) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_op_remove.c:103
#5 0x000000000045c31a in nfs4_Compound (arg=0x7fd55c00a790, req=0x7fd55c00a5d0, res=0x7fd54418b270) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_Compound.c:710
#6 0x0000000000442c69 in nfs_rpc_execute (reqdata=0x7fd55c00a5a0) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1289
#7 0x0000000000443598 in worker_run (ctx=0x1f8e400) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1548
#8 0x0000000000515115 in fridgethr_start_routine (arg=0x1f8e400) at /root/nfs-ganesha/src/support/fridgethr.c:561
#9 0x00007fd5955d2555 in start_thread (arg=0x7fd56ef8c700) at pthread_create.c:333
#10 0x00007fd595105b9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
contents of glfd at frame 0
(gdb) p *glfd
$1 = {openfds = {next = 0x7fd500000005, prev = 0x21}, fs = 0x7fd534099880, offset = 140553677477904, fd = 0x20, entries = {next = 0x44, prev = 0x7fd50001712c}, next = 0x7fd534223680,
readdirbuf = 0x7fd534223680}
Also one thing should be noted, crash happens when last written file( file which exceeds the quota size) is removed.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHSA-2015-1845.html