[OpenAFS-devel] Frantic activity in viced/callback.c around MultiBreakCallBack_r

[Rainer Toebbicke]

We just suffered from a crash in viced/callback.c in the routine 
MultiBreakCallBack_r.

Base was Openafs 1.2.11, but in the rush of protecting the fileserver 
against the pre-1.3.73 Windows clients I built with a version of 
callback.c that included rx_PutConnection(hp->callback_rxcon) in 
MultiBreakCallBack_r. The fileserver crashed because the callback_rxcon 
had obviously already been rx-destroyed, free()ed and the memory reused 
for something else before, but the pointer had not been zeroed out. 
Looks like there is a lock on the host missing somewhere.

May I suggest that the callback_rxconn pointer gets zeroed whenever the 
connection is destroyed, and that subsequent calls on that supposed 
connection check whether it is non-zero?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke    http://cern.ch/rtb     -or-    rtb@mail.cern.ch
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland
Phone: +41 22 767 8985       Fax: +41 22 767 7155