Rajesh Prasad has uploaded this change for review.

View Change

Crash in mdcache_lru_get while destroying st_lock.

Crash occurred when the LRU reached its high‑water mark and attempted to
evict a temporary reference entry. Although it found an LRU entry that
seemed valid, Ganesha crashed while destroying the associated
mdcache entry’s state handle lock. Based on the state_hdl data, it looks
like the cleanup process invoked the destroy operation on a lock that had
already been destroyed.

Flow :
mdcache_lru_get()
  → lru_try_reap_entry(LRU_TEMP_REF)
    → lru_reap_impl()
      → cih_remove_latched() [when entry is reclaimable]
        → mdcache_lru_unref()
          → mdcache_lru_clean() → state_hdl_cleanup() →
	                                  PTHREAD_MUTEX_destroy(&st_lock)
  → [lru != NULL] mdcache_lru_clean(nentry) [AGAIN!] →
                            state_hdl_cleanup() →
			     PTHREAD_MUTEX_destroy(&st_lock) [DOUBLE-FREE!]

The entry has already been cleaned by mdcache_lru_unref() in the
cih_remove_latched() path, so we should NOT call mdcache_lru_clean()
again to avoid double cleanup of st_lock.

Change-Id: I27585641400d0d03db451f35abc85de095c65040
Signed-off-by: Rajesh Prasad <raprasad@redhat.com>
---
M src/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.c
1 file changed, 5 insertions(+), 1 deletion(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/76/1227776/1

To view, visit change 1227776. To unsubscribe, or for help writing mail filters, visit settings.