Bug 1263094 - nfs-ganesha crashes due to usage of invalid fd in glfs_close
nfs-ganesha crashes due to usage of invalid fd in glfs_close
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: nfs-ganesha (Show other bugs)
3.1
All All
high Severity high
: ---
: RHGS 3.1.1
Assigned To: Jiffin
Saurabh
: ZStream
Depends On: 1263084
Blocks: 1251815 1255471 1262798 1263581
  Show dependency treegraph
 
Reported: 2015-09-15 02:42 EDT by Jiffin
Modified: 2016-01-19 01:15 EST (History)
11 users (show)

See Also:
Fixed In Version: nfs-ganesha-2.2.0-9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1263084
Environment:
Last Closed: 2015-10-05 03:26:18 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jiffin 2015-09-15 02:42:42 EDT
+++ This bug was initially created as a clone of Bug #1263084 +++

Description of problem:
Ganesha daemon crashes due to passage of invalid fd in glfs_close(), more specifically it crash on __GLFS_ENTRY_VALIDATE_FD Macro.

Version-Release number of selected component (if applicable):
glusterfs-3.8-devel
nfs-ganesha-2.3-rc-1

How reproducible:
50%

Steps to Reproduce:
It is just a one method to produce the issue.
1.Create a volume and set quota limit for that volume 
2.Export volume via ganesha (with acls enabled, not sure about other case)
3.Mount the volume using nfsv4
4.Perform I/O's on the mount until quota limit exceeds
5.Remove all the files from the mount (rm -rf on the mount)

Actual results:
Ganesha daemon crashes

Expected results:
Ganesha daemon should not crash

Additional info:
Backtrace of coredump

#0  0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218
218		__GLFS_ENTRY_VALIDATE_FD (glfd, invalid_fs);
Missing separate debuginfos, use: dnf debuginfo-install pcre-8.37-3.fc22.x86_64
(gdb) bt
#0  0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218
#1  0x00007fd5942f60e0 in file_close (obj_hdl=0x7fd5341be488) at /root/nfs-ganesha/src/FSAL/FSAL_GLUSTER/handle.c:1329
#2  0x00000000004ea71e in cache_inode_close (entry=0x7fd53420d230, flags=128) at /root/nfs-ganesha/src/cache_inode/cache_inode_open_close.c:305
#3  0x00000000004d8731 in cache_inode_remove (entry=0x7fd5500c0d70, name=0x7fd544069d80 "file_661") at /root/nfs-ganesha/src/cache_inode/cache_inode_remove.c:135
#4  0x0000000000478465 in nfs4_op_remove (op=0x7fd55c00ae00, data=0x7fd56ef8ae40, resp=0x7fd54418e110) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_op_remove.c:103
#5  0x000000000045c31a in nfs4_Compound (arg=0x7fd55c00a790, req=0x7fd55c00a5d0, res=0x7fd54418b270) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_Compound.c:710
#6  0x0000000000442c69 in nfs_rpc_execute (reqdata=0x7fd55c00a5a0) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1289
#7  0x0000000000443598 in worker_run (ctx=0x1f8e400) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1548
#8  0x0000000000515115 in fridgethr_start_routine (arg=0x1f8e400) at /root/nfs-ganesha/src/support/fridgethr.c:561
#9  0x00007fd5955d2555 in start_thread (arg=0x7fd56ef8c700) at pthread_create.c:333
#10 0x00007fd595105b9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

contents of glfd at frame 0
(gdb) p *glfd
$1 = {openfds = {next = 0x7fd500000005, prev = 0x21}, fs = 0x7fd534099880, offset = 140553677477904, fd = 0x20, entries = {next = 0x44, prev = 0x7fd50001712c}, next = 0x7fd534223680, 
  readdirbuf = 0x7fd534223680}

Also one thing should be noted, crash happens when last written file( file which exceeds the quota size) is removed.
Comment 2 Jiffin 2015-09-15 07:44:37 EDT
The patch has posted in https://review.gerrithub.io/#/c/246586/
Comment 6 errata-xmlrpc 2015-10-05 03:26:18 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1845.html

Note You need to log in before you can comment on or make changes to this bug.