[Nfs-ganesha-devel] Ganesha abort due to double free

[Sachin Punadikar]

This list has been deprecated. Please subscribe to the new devel list at 
lists.nfs-ganesha.org.
Hello,
A customer reported Ganesha crash/abort due to double free.
The stack trace is as below :
(gdb) where
#0 0x00003fff889c39ac in raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
#1 0x0000000010070b38 in crash_handler (signo=6, info=0x3ffefc7fc728,
ctx=0x3ffefc7fb9b0)
at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/MainNFSD/nfs_init.c:225
#2 <signal handler called>
#3 0x00003fff8871e578 in __GI_raise (sig=<optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#4 0x00003fff887206fc in __GI_abort () at abort.c:90
#5 0x00003fff88764844 in __libc_message (do_abort=<optimized out>,
fmt=0x3fff888656d0 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
#6 0x00003fff8876f284 in malloc_printerr (ar_ptr=0x3ffa90000020,
ptr=<optimized out>, str=0x3fff88865798 "double free or corruption
(fasttop)",
action=3) at malloc.c:5013
#7 _int_free (av=0x3ffa90000020, p=<optimized out>, have_lock=<optimized
out>) at malloc.c:3835
#8 0x00000000100f6edc in gsh_free (p=0x3ffa90000a00) at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/include/abstract_mem.h:271
#9 0x000000001010460c in cancel_all_nlm_blocked () at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/SAL/state_lock.c:3799
#10 0x000000001012a154 in nfs_release_nlm_state (release_ip=0x10031a3c3d6
"10.200.10.107")
at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/SAL/nfs4_recovery.c:1213
#11 0x0000000010125588 in nfs4_start_grace (gsp=0x3ffefc7fd978) at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/SAL/nfs4_recovery.c:106
#12 0x000000001007bc18 in admin_dbus_grace (args=0x3ffefc7fdaa0,
reply=0x1002ea01350, error=0x3ffefc7fda80)
at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/MainNFSD/nfs_admin_thread.c:166
#13 0x00000000101ca3e4 in dbus_message_entrypoint (conn=0x1002ea00e10,
msg=0x1002ea011b0, user_data=0x102414c0 <admin_interfaces>)
at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/dbus/dbus_server.c:512
#14 0x00003fff88d5164c in _dbus_object_tree_dispatch_and_unlock () from
/lib64/libdbus-1.so.3
#15 0x00003fff88d3b950 in dbus_connection_dispatch () from
/lib64/libdbus-1.so.3
#16 0x00003fff88d3bda8 in _dbus_connection_read_write_dispatch () from
/lib64/libdbus-1.so.3
#17 0x00000000101cb360 in gsh_dbus_thread (arg=0x0) at
/usr/src/debug/nfs-ganesha-2.5.3-ibm015.04-0.1.1-Source/dbus/dbus_server.c:741
#18 0x00003fff889b8728 in start_thread (arg=0x3ffefc7fe810) at
pthread_create.c:310
#19 0x00003fff887f7ae0 in clone () at
../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:109

I have uploaded a patch, which can potentially avoid double free.
https://review.gerrithub.io/#/c/424260/

I have below patch which can potentially fix the double free.
https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/424260
-- 
with regards,
Sachin Punadikar

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel