I can't find any place where uio_release is set, so it should always be
NULL. This means that the if() check above that line should have
failed, and this shouldn't be called.
I assume that uio_release is not NULL, since we tried to call it. This
could be memory corruption, or use-after-free.
Daniel
On 2/18/19 6:34 AM, Sachin Punadikar wrote:
Hi All,
Customer reported a crash in Ganesha 2.3.
Jan 22 20:40:52 xxxxx kernel: ganesha.nfsd[xxxxx]: unhandled signal 11
at 00003ffcf8005200 nip 00003ffcf8005200 lr 00003fff7a265e1c code 30002
Program terminated with signal 11, Segmentation fault.
(gdb) where
#0 0x00003ffcf8005200 in ?? ()
#1 0x00003fff7a265e1c in xdr_ioq_uv_release (uv=0x3ffd389df700) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:206
#2 0x00003fff7a267340 in xdr_ioq_release (ioqh=0x3ffd385f8fc8) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:720
#3 0x00003fff7a2673dc in xdr_ioq_destroy (xioq=0x3ffd385f8f00,
qsize=424) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:729
#4 0x00003fff7a267470 in xdr_ioq_destroy_internal (xdrs=0x3ffd385f8f00)
at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:742
#5 0x00003fff7a268480 in svc_ioq_callback (wpe=0x3ff9880025e0) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/svc_ioq.c:222
#6 0x00003fff7a269400 in work_pool_thread (arg=0x3ffa180008c0) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/work_pool.c:196
#7 0x00003fff7a2dc2bc in .start_thread () from /lib64/libpthread.so.0
#8 0x00003fff7a0fb304 in .__clone () from /lib64/libc.so.6
(gdb) frame 1
#1 0x00003fff7a265e1c in xdr_ioq_uv_release (uv=0x3ffd389df700) at
/usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:206
206 uv->u.uio_release(&uv->u, UIO_FLAG_NONE);
When I checked Ganesha 2.3/2.5 code (also the latest community code), I
am unable to find code for function uio_release.
Am I missing anything here ? Or the code is really missing this function ?
--
with regards,
Sachin Punadikar
_______________________________________________
Devel mailing list -- devel(a)lists.nfs-ganesha.org
To unsubscribe send an email to devel-leave(a)lists.nfs-ganesha.org