> In any case, I think this explains where the "no readable file" warning
> is coming from, but I'm not sure yet about the mem corruption...
Forgive my shorthand, but I think this is what we're seeing:
open2 close
create 1 (idr)
init 2 (hashed)
close preprocess_seqid 3 (local ref in nfsd4_close)
close_open_stateid 2 -> unhashed (unhashed)
release_open_stateid 1 -> list_del corruption (because unhashed already
-> should still be refcount 2?)
nfs4_put_stid 0 -> destroyed
nfs4_put_stid 0 -> use after free
This also explains the '6a' as the first byte, as the final
nfs4_put_stid will decrement sc_count first. There are other permutations.
Also, the return-with-status from nfs_get_vfs_file() appears to be break_lease()
(much further down) returning -EWOULDBLOCK (in both cases, memory
corruption and the simple warning case)
Thanks,
Andy
--
Andrew W. Elble
aweits@xxxxxxxxxxxxxxxxxx
Infrastructure Engineer, Communications Technical Lead
Rochester Institute of Technology
PGP: BFAD 8461 4CCF DC95 DA2C B0EB 965B 082E 863E C912
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
