NULL fd in io_stats_writev()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Another NULL fd related crash, this time in io_stats_writev()

Program terminated with signal 11, Segmentation fault.
#0  0xb95c4edd in io_stats_writev (frame=0xbb3a97b0, this=0xb9ff2000, fd=0x0, 
    vector=0x9b506e44, count=1, offset=0, flags=1, iobref=0x9bc89150, 
    xdata=0x0) at io-stats.c:2084
2084            if (fd->inode)
(gdb) bt
#0  0xb95c4edd in io_stats_writev (frame=0xbb3a97b0, this=0xb9ff2000, fd=0x0, 
    vector=0x9b506e44, count=1, offset=0, flags=1, iobref=0x9bc89150, 
    xdata=0x0) at io-stats.c:2084
#1  0xbb41b2a1 in fuse_write_resume (state=0x9b506800) at fuse-bridge.c:2163
#2  0xbb40c768 in fuse_resolve_done (state=0x9b506800) at fuse-resolve.c:647
#3  0xbb40c825 in fuse_resolve_all (state=0x9b506800) at fuse-resolve.c:676
#4  0xbb40c739 in fuse_resolve (state=0x9b506800) at fuse-resolve.c:633
#5  0xbb40c802 in fuse_resolve_all (state=0x9b506800) at fuse-resolve.c:672
#6  0xbb40c739 in fuse_resolve (state=0x9b506800) at fuse-resolve.c:633
#7  0xbb40c7bb in fuse_resolve_all (state=0x9b506800) at fuse-resolve.c:665
#8  0xbb40c8c6 in fuse_resolve_and_resume (state=0x9b506800, 
    fn=0xbb41abd9 <fuse_write_resume>) at fuse-resolve.c:705
#9  0xbb41b488 in fuse_write (this=0xb9fb1000, finh=0xa87a1190, msg=0xafa20000)
    at fuse-bridge.c:2210
#10 0xbb427e1e in fuse_thread_proc (data=0xb9fb1000) at fuse-bridge.c:4562
(gdb) print fd
$1 = (fd_t *) 0x0

Where is it coming?

(gdb) frame 9
#9  0xbb41b488 in fuse_write (this=0xb9fb1000, finh=0xa87a1190, msg=0xafa20000)
    at fuse-bridge.c:2210
(gdb) print fd
$3 = (fd_t *) 0x0

Which means fwi->fh was NULL. It is used as this:
        fd          = FH_TO_FD (fwi->fh);
(...)
        fuse_resolve_fd_init (state, &state->resolve, fd);

And  fuse_resolve_fd_init calls fd_ref(), which should complain about a NULL fd.
It does, hence we are sure fwi->fh was NULL.
[2013-06-06 10:54:49.570200] E [fd.c:443:fd_ref]  0-fd: null fd

This may be a FUSE kernel bug, or it may be because glusterfs gave a NULL fd at
open() time. I added a debug output in fuse_fd_cbk() to be sure. 

Anyway, perhaps we could want to safety check fh returned by kernel, and fail
moregracefuly if NULL?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@xxxxxxxxxx
[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux