+++ This bug was initially created as a clone of Bug #1263084 +++ Description of problem: Ganesha daemon crashes due to passage of invalid fd in glfs_close(), more specifically it crash on __GLFS_ENTRY_VALIDATE_FD Macro. Version-Release number of selected component (if applicable): glusterfs-3.8-devel nfs-ganesha-2.3-rc-1 How reproducible: 50% Steps to Reproduce: It is just a one method to produce the issue. 1.Create a volume and set quota limit for that volume 2.Export volume via ganesha (with acls enabled, not sure about other case) 3.Mount the volume using nfsv4 4.Perform I/O's on the mount until quota limit exceeds 5.Remove all the files from the mount (rm -rf on the mount) Actual results: Ganesha daemon crashes Expected results: Ganesha daemon should not crash Additional info: Backtrace of coredump #0 0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218 218 __GLFS_ENTRY_VALIDATE_FD (glfd, invalid_fs); Missing separate debuginfos, use: dnf debuginfo-install pcre-8.37-3.fc22.x86_64 (gdb) bt #0 0x00007fd593ecfa4e in pub_glfs_close (glfd=0x7fd534223650) at glfs-fops.c:218 #1 0x00007fd5942f60e0 in file_close (obj_hdl=0x7fd5341be488) at /root/nfs-ganesha/src/FSAL/FSAL_GLUSTER/handle.c:1329 #2 0x00000000004ea71e in cache_inode_close (entry=0x7fd53420d230, flags=128) at /root/nfs-ganesha/src/cache_inode/cache_inode_open_close.c:305 #3 0x00000000004d8731 in cache_inode_remove (entry=0x7fd5500c0d70, name=0x7fd544069d80 "file_661") at /root/nfs-ganesha/src/cache_inode/cache_inode_remove.c:135 #4 0x0000000000478465 in nfs4_op_remove (op=0x7fd55c00ae00, data=0x7fd56ef8ae40, resp=0x7fd54418e110) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_op_remove.c:103 #5 0x000000000045c31a in nfs4_Compound (arg=0x7fd55c00a790, req=0x7fd55c00a5d0, res=0x7fd54418b270) at /root/nfs-ganesha/src/Protocols/NFS/nfs4_Compound.c:710 #6 0x0000000000442c69 in nfs_rpc_execute (reqdata=0x7fd55c00a5a0) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1289 #7 0x0000000000443598 in worker_run (ctx=0x1f8e400) at /root/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1548 #8 0x0000000000515115 in fridgethr_start_routine (arg=0x1f8e400) at /root/nfs-ganesha/src/support/fridgethr.c:561 #9 0x00007fd5955d2555 in start_thread (arg=0x7fd56ef8c700) at pthread_create.c:333 #10 0x00007fd595105b9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 contents of glfd at frame 0 (gdb) p *glfd $1 = {openfds = {next = 0x7fd500000005, prev = 0x21}, fs = 0x7fd534099880, offset = 140553677477904, fd = 0x20, entries = {next = 0x44, prev = 0x7fd50001712c}, next = 0x7fd534223680, readdirbuf = 0x7fd534223680} Also one thing should be noted, crash happens when last written file( file which exceeds the quota size) is removed.
The patch has posted in https://review.gerrithub.io/#/c/246586/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1845.html