4:20 a.m.
Rajesh Prasad has uploaded this change for review. (
https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1227776?usp=email )
Change subject: Crash in mdcache_lru_get while destroying st_lock.
......................................................................
Crash in mdcache_lru_get while destroying st_lock.
Crash occurred when the LRU reached its high‑water mark and attempted to
evict a temporary reference entry. Although it found an LRU entry that
seemed valid, Ganesha crashed while destroying the associated
mdcache entry’s state handle lock. Based on the state_hdl data, it looks
like the cleanup process invoked the destroy operation on a lock that had
already been destroyed.
Flow :
mdcache_lru_get()
→ lru_try_reap_entry(LRU_TEMP_REF)
→ lru_reap_impl()
→ cih_remove_latched() [when entry is reclaimable]
→ mdcache_lru_unref()
→ mdcache_lru_clean() → state_hdl_cleanup() →
PTHREAD_MUTEX_destroy(&st_lock)
→ [lru != NULL] mdcache_lru_clean(nentry) [AGAIN!] →
state_hdl_cleanup() →
PTHREAD_MUTEX_destroy(&st_lock) [DOUBLE-FREE!]
The entry has already been cleaned by mdcache_lru_unref() in the
cih_remove_latched() path, so we should NOT call mdcache_lru_clean()
again to avoid double cleanup of st_lock.
Change-Id: I27585641400d0d03db451f35abc85de095c65040
Signed-off-by: Rajesh Prasad <raprasad(a)redhat.com>
---
M src/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.c
1 file changed, 5 insertions(+), 1 deletion(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/76/1227776/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1227776?usp=email
To unsubscribe, or for help writing mail filters, visit
https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I27585641400d0d03db451f35abc85de095c65040
Gerrit-Change-Number: 1227776
Gerrit-PatchSet: 1
Gerrit-Owner: Rajesh Prasad <raprasad(a)redhat.com>