On Mon, Oct 21, 2024 at 8:25 AM Cedric Blancher <cedric.blancher@xxxxxxxxx> wrote: > > Good morning! > > msnfs41client on Windows 10/32bit crashes if I have a NFS referral > from a Linux 6.1 or 6.6 kernel. Windows 10/64bit msnfs41client does > not crash. > > But if I change to a Linux 5.10.0-22 (Debian 11) NFS server the > problem goes away, so this might be a NFS server bug. > > nfsd_debug.exe output: > 0fac: DEBUG: wintirpc_socket: > C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\libtirpc\src\wintirpc.c/246: > sock fd=4 > wintirpc_setnfsclientsockopts(sock=4): SO_RCVBUF=65536 > wintirpc_setnfsclientsockopts(sock=4): SO_SNDBUF=65536 > wintirpc_setnfsclientsockopts(sock=4): set SO_RCVBUF to 8388608 > wintirpc_setnfsclientsockopts(sock=4): set SO_SNDBUF to 8388608 > 0fac: started the callback thread 1828 > 1828: cb: Callback thread running > #### FATAL: exception in > thr=0fac'C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\libtirpc\src\clnt_vc.c'/764 > #### > > * Versions: > - NFS server: > Debian Linux trixie, stock 6.1 trixie kernel, tested with 6.6LTS kernel > - NFS client: > msnfs41client 20240923_11h26m_gitf3955ec release > Win10/32bit > Cygwin 3.3/32bit I can reproduce this with Linux 6.6.53-rt44 and ms-nfs41-client HEAD on Win 10/32bit, it crashes because of a |free((void*)0x00000001)|. Stack trace: ---- snip ---- 0:027> kp # ChildEBP RetAddr 00 02d73cb4 55984492 ucrtbased!check_bytes(unsigned char * first = 0xfffffffc "--- memory read error at address 0xfffffffc ---", unsigned char value = 0xed '', unsigned int size = 4)+0x2d [d:\th\minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 194] 01 02d73ccc 55983a81 ucrtbased!is_block_an_aligned_allocation(void * block = 0x00000001)+0x22 [d:\th\minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 251] 02 02d73ce4 559866ec ucrtbased!free_dbg_nolock(void * block = 0x00000001, int block_use = 0n1)+0x31 [d:\th\minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 870] 03 02d73d24 6381e969 ucrtbased!_free_dbg(void * block = 0x00000001, int block_use = 0n1)+0x7c [d:\th\minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp @ 1011] 04 02d73d94 63816f1f libtirpc!xdr_bytes(struct __rpc_xdr * xdrs = 0x0de01a60, char ** cpp = 0x0de01a88, unsigned int * sizep = 0x0de01a8c, unsigned int maxsize = 0x190)+0x129 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\libtirpc\src\xdr.c @ 606] 05 02d73df8 6380ce19 libtirpc!xdr_opaque_auth(struct __rpc_xdr * xdrs = 0x0de01a60, struct opaque_auth * ap = 0x0de01a84)+0x6f [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\libtirpc\src\rpc_prot.c @ 91] 06 02d73ea8 00336cf3 libtirpc!clnt_vc_call(struct __rpc_client * cl = 0x008ee420, unsigned int proc = 1, <function> * xdr_args = 0x0030ab9f, void * args_ptr = 0x02d740e0, <function> * xdr_results = 0x0030a212, void * results_ptr = 0x02d744f0, struct timeval timeout = struct timeval)+0x859 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\libtirpc\src\clnt_vc.c @ 752] 07 02d73f40 0033230c nfsd!nfs41_send_compound(struct __nfs41_rpc_clnt * rpc = 0x0081d138, char * inbuf = 0x02d740e0 "???", char * outbuf = 0x02d744f0 "")+0x73 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_rpc.c @ 351] 08 02d74904 00323d8f nfsd!nfs41_exchange_id(struct __nfs41_rpc_clnt * rpc = 0x0081d138, struct __client_owner4 * owner = 0x0083e520, unsigned int flags_in = 0x30001, struct __nfs41_exchange_id_res * res_out = 0x02d74a88)+0x12c [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_ops.c @ 91] 09 02d752c0 00324291 nfsd!nfs41_root_mount_addrs(struct __nfs41_root * root = 0x0083e520, struct __multi_addr4 * addrs = 0x02d75338, int is_data = 0n0, unsigned int lease_time = 0, struct __nfs41_client ** client_out = 0x02d756c4)+0x12f [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\namespace.c @ 372] 0a 02d75434 0032410e nfsd!referral_mount_location(struct __nfs41_root * root = 0x0083e520, struct __fs_location4 * loc = 0x00827288, struct __nfs41_client ** client_out = 0x02d756c4)+0xc1 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\namespace.c @ 460] 0b 02d7549c 00321fcd nfsd!nfs41_root_mount_referral(struct __nfs41_root * root = 0x0083e520, struct __fs_locations4 * locations = 0x02d756cc, struct __fs_location4 ** loc_out = 0x02d756c8, struct __nfs41_client ** client_out = 0x02d756c4)+0x4e [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\namespace.c @ 481] 0c 02d776dc 00321cd5 nfsd!referral_resolve(struct __nfs41_root * root = 0x0083e520, struct __nfs41_session * session_in = 0x0083a928, struct lookup_referral * referral = 0x02d77918, struct __nfs41_abs_path * path_out = 0x02d78d6c, struct __nfs41_session ** session_out = 0x02d77908)+0xad [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\lookup.c @ 431] 0d 02d78b30 0034eb7d nfsd!nfs41_lookup(struct __nfs41_root * root = 0x0083e520, struct __nfs41_session * session = 0x0083a928, struct __nfs41_abs_path * path_inout = 0x02d78d6c, struct __nfs41_path_fh * parent_out = 0x02d77a7c, struct __nfs41_path_fh * target_out = 0x02d779d4, struct __nfs41_file_info * info_out = 0x09434392, struct __nfs41_session ** session_out = 0x00000000)+0x205 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\lookup.c @ 520] 0e 02d79d74 0034f5fc nfsd!lookup_entry(struct __nfs41_root * root = 0x0083e520, struct __nfs41_session * session = 0x0083a928, struct __nfs41_path_fh * parent = 0x0da06608, struct __nfs41_readdir_entry * entry = 0x09434382)+0x7d [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\readdir.c @ 468] 0f 02d7a6f8 0034e2c1 nfsd!readdir_copy_entry(struct __readdir_upcall_args * args = 0x02d7aa98, struct __nfs41_readdir_entry * entry = 0x09434382, unsigned char ** dst_pos = 0x02d7a78c, unsigned int * dst_len = 0x02d7a788)+0x11c [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\readdir.c @ 534] 10 02d7a7f0 00357a95 nfsd!handle_readdir(void * deamon_context = 0x00375008, struct __nfs41_upcall * upcall = 0x02d7aa80)+0x621 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\readdir.c @ 800] 11 02d7a854 0032f744 nfsd!upcall_handle(void * daemon_context = 0x00375008, struct __nfs41_upcall * upcall = 0x02d7aa80)+0x65 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\upcall.c @ 220] 12 02d7fb4c 0032f4dd nfsd!nfsd_worker_thread_main(void * args = 0x00375008)+0x204 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_daemon.c @ 201] 13 02d7fbc0 559a8968 nfsd!nfsd_thread_main(void * args = 0x00375008)+0x3d [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_daemon.c @ 239] 14 02d7fbd4 559a867b ucrtbased!invoke_thread_procedure(<function> * procedure = 0x0032f4a0, void * context = 0x00375008)+0x28 [d:\th\minkernel\crts\ucrt\src\appcrt\startup\thread.cpp @ 92] 15 02d7fc1c 7774d839 ucrtbased!thread_start<unsigned int (void * parameter = 0x0081bde0)+0xab [d:\th\minkernel\crts\ucrt\src\appcrt\startup\thread.cpp @ 115] 16 02d7fc2c 77d2254d KERNEL32!BaseThreadInitThunk+0x19 17 02d7fc88 77d22521 ntdll!__RtlUserThreadStart+0x2b 18 02d7fc98 00000000 ntdll!_RtlUserThreadStart+0x1b ---- snip ---- I'm scratching my head a bit... why does it not crash with a Debian Bullseye (Linux 5.10.x) nfsd - did anything related to NFSv4 referrals and/or exchange_id change between Linux 5.10.x and Linux 6.6 LTS ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz@xxxxxxxxxxx \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)
