authorJiffin Tony Thottan <>2017-08-07 23:47:00 +0530
committerShyamsundar Ranganathan <>2017-08-08 13:30:26 +0000
commitaa369475acdb0a9f4192b7a5bddddc18c4d6c514 (patch)
parent25ebb4d36fddb75f19c78e015aa8e9374964a5bb (diff)
nfs: add NULL check for call state in nfs3_call_state_wipe
Refcounting added for nfs call state in This is based on assumption that call state won't NULL when it is freed. But currently gluster nfs server is crashing in different scenarios at nfs3_getattr() with following bt #0 0x00007ff1cfea9205 in _gf_ref_put (ref=ref@entry=0x0) at refcount.c:36 #1 0x00007ff1c1997455 in nfs3_call_state_wipe (cs=cs@entry=0x0) at nfs3.c:559 #2 0x00007ff1c1998931 in nfs3_getattr (req=req@entry=0x7ff1bc0b26d0, fh=fh@entry=0x7ff1c2f76ae0) at nfs3.c:962 #3 0x00007ff1c1998c8a in nfs3svc_getattr (req=0x7ff1bc0b26d0) at nfs3.c:987 #4 0x00007ff1cfbfd8c5 in rpcsvc_handle_rpc_call (svc=0x7ff1bc03e500, trans=trans@entry=0x7ff1bc0c8020, msg=<optimized out>) at rpcsvc.c:695 #5 0x00007ff1cfbfdaab in rpcsvc_notify (trans=0x7ff1bc0c8020, mydata=<optimized out>, event=<optimized out>, data=<optimized out>) at rpcsvc.c:789 #6 0x00007ff1cfbff9e3 in rpc_transport_notify (this=this@entry=0x7ff1bc0c8020, event=event@entry=RPC_TRANSPORT_MSG_RECEIVED, data=data@entry=0x7ff1bc0038d0) at rpc-transport.c:538 #7 0x00007ff1c4a2e3d6 in socket_event_poll_in (this=this@entry=0x7ff1bc0c8020, notify_handled=<optimized out>) at socket.c:2306 #8 0x00007ff1c4a3097c in socket_event_handler (fd=21, idx=9, gen=19, data=0x7ff1bc0c8020, poll_in=1, poll_out=0, poll_err=0) at socket.c:2458 #9 0x00007ff1cfe950f6 in event_dispatch_epoll_handler (event=0x7ff1c2f76e80, event_pool=0x5618154d5ee0) at event-epoll.c:572 #10 event_dispatch_epoll_worker (data=0x56181551cbd0) at event-epoll.c:648 #11 0x00007ff1cec99e25 in start_thread () from /lib64/ #12 0x00007ff1ce56634d in clone () from /lib64/ This patch add previous NULL check move from __nfs3_call_state_wipe() to nfs3_call_state_wipe() Cherry picked from commit 111d6bda9259126b0429113c9b8ba479958a4398: > Change-Id: I2d73632f4be23f14d8467be3d908b09b3a2d87ea > BUG: 1479030 > Signed-off-by: Jiffin Tony Thottan <> > Reviewed-on: > Smoke: Gluster Build System <> > CentOS-regression: Gluster Build System <> > Reviewed-by: Niels de Vos <> Change-Id: I2d73632f4be23f14d8467be3d908b09b3a2d87ea BUG: 1479263 Signed-off-by: Niels de Vos <> Reviewed-on: Reviewed-by: jiffin tony Thottan <> Smoke: Gluster Build System <> CentOS-regression: Gluster Build System <>
1 files changed, 4 insertions, 3 deletions
diff --git a/xlators/nfs/server/src/nfs3.c b/xlators/nfs/server/src/nfs3.c
index 5f2c442..040d316 100644
--- a/xlators/nfs/server/src/nfs3.c
+++ b/xlators/nfs/server/src/nfs3.c
@@ -538,9 +538,6 @@ typedef ssize_t (*nfs3_serializer) (struct iovec outmsg, void *args);
static void
__nfs3_call_state_wipe (nfs3_call_state_t *cs)
- if (!cs)
- return;
if (cs->fd) {
gf_msg_trace (GF_NFS3, 0, "fd 0x%lx ref: %d",
(long)cs->fd, cs->fd->refcount);
@@ -599,6 +596,10 @@ err:
nfs3_call_state_wipe (nfs3_call_state_t *cs)
+ if (!cs) {
+ gf_log_callingfn ("nfs", GF_LOG_WARNING, "nfs calling state NULL");
+ return;
+ }
GF_REF_PUT (cs);