Hello,

 

Noticed a crash in clnt_vc_destroy() which happened when CLNT creation failed and CLNT_DESTROY() was called after it.

Have made a potential fix for it and created a pull request for the same: https://github.com/nfs-ganesha/ntirpc/pull/177

Please review the same. Thank you.

 

For reference following is the backtrace:

(gdb) bt
#0  0x00007f775820cffb in raise () from /lib64/libpthread.so.0
#1  0x000000000044309e in crash_handler (signo=11, info=0x7fff7959d7f0, ctx=0x7fff7959d6c0) at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/MainNFSD/nfs_init.c:243
#2  <signal handler called>
#3  0x00007f7759c38e2c in atomic_postset_uint16_t_bits (var=0x1ac, bits=32)
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/ntirpc/misc/abstract_atomic.h:1837
#4  0x00007f7759c3908a in svc_destroy_it (xprt=0x0, tag=0x7f7759c607e0 <__func__.8326> "clnt_vc_destroy", line=466)
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/ntirpc/rpc/svc.h:447
#5  0x00007f7759c39e54 in clnt_vc_destroy (clnt=0xf0b5c0) at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/src/clnt_vc.c:466
#6  0x00007f7759c35b24 in clnt_release_it (clnt=0xf0b5c0, flags=0, tag=0x7f7759c5fd50 <__func__.8321> "clnt_ncreate_timed", line=219)
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/ntirpc/rpc/clnt.h:319
#7  0x00007f7759c35bc5 in clnt_destroy_it (clnt=0xf0b5c0, tag=0x7f7759c5fd50 <__func__.8321> "clnt_ncreate_timed", line=219)
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/ntirpc/rpc/clnt.h:341
#8  0x00007f7759c362a4 in clnt_ncreate_timed (hostname=0x594ce9 "localhost", prog=100024, vers=1, netclass=0x594ce5 "tcp", tp=0x0)
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/src/clnt_generic.c:219
#9  0x00000000004a333f in clnt_ncreate (hostname=0x594ce9 "localhost", prog=100024, vers=1, nettype=0x594ce5 "tcp")
    at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/ntirpc/rpc/clnt.h:396
#10 0x00000000004a35f5 in nsm_connect () at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/Protocols/NLM/nsm.c:58
#11 0x00000000004a52b1 in nsm_unmonitor_all () at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/Protocols/NLM/nsm.c:291
#12 0x0000000000444f66 in nfs_start (p_start_info=0x7eeb28 <my_nfs_start_info>) at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/MainNFSD/nfs_init.c:936
#13 0x000000000041da5c in main (argc=8, argv=0x7fff7959e598) at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/MainNFSD/nfs_main.c:518
(gdb) f 5
#5  0x00007f7759c39e54 in clnt_vc_destroy (clnt=0xf0b5c0) at /usr/src/debug/nfs-ganesha-2.7.3-ibm050.07/libntirpc/src/clnt_vc.c:466
466                     SVC_DESTROY(&cx->cx_rec->xprt);
(gdb) p cx->cx_rec
$1 = (struct rpc_dplx_rec *) 0x0
 

Thanks,
Madhu Thorat