Project

General

Profile

Actions

Bug #13851

closed

panic in smb_llist_enter() with bad rwlock

Added by Gordon Ross about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

System panic while SMB handling normal work

> $C
ffffd002e3499150 vpanic()
ffffd002e3499170 rw_panic+0x54(fffffffffb95e5df, ffffd0a6a8c77cd0)
ffffd002e34991e0 rw_enter_sleep+0x366(ffffd0a6a8c77cd0, 1)
ffffd002e3499200 smb_llist_enter+0x15(ffffd0a6a8c77cd0, 1)
ffffd002e3499270 smb_node_notify_change+0x46(ffffd0a6a8c77c88, 1, ffffd09df3b335b8)
ffffd002e3499300 smb_fem_fcn_create+0x7c(ffffd002e3499430, ffffd09df3b335b8, ffffd002e34997a0, 0, 80, ffffd002e3499838, ffffd099e88f0878,
ffffd09400000000, 0, 0)
ffffd002e3499360 vnext_create+0x97(ffffd002e3499430, ffffd09df3b335b8, ffffd002e34997a0, 0, 80, ffffd002e3499838, ffffd099e88f0878, ffffd00200000000, 0,
0)
ffffd002e34993f0 smb_fem_fcn_create+0x5c(ffffd002e3499430, ffffd09df3b335b8, ffffd002e34997a0, 0, 80, ffffd002e3499838, ffffd099e88f0878,
ffffd09a00000000, 0, 0)
ffffd002e34994a0 vhead_create+0xfe(ffffd09a12d87a40, ffffd09df3b335b8, ffffd002e34997a0, 0, 80, ffffd002e3499838, ffffd099e88f0878, ffffffff00000000, 0,
0)
ffffd002e3499540 fop_create+0xc7(ffffd09a12d87a40, ffffd09df3b335b8, ffffd002e34997a0, 0, 80, ffffd002e3499838, ffffd099e88f0878, ffffd09a00000000, 0, 0
)
ffffd002e34998a0 rfs3_create+0x40b(ffffd002e3499ac0, ffffd002e3499980, ffffd09a25a59300, ffffd002e3499ca0, ffffd099e88f0878, 0)
ffffd002e3499c20 common_dispatch+0x600(ffffd002e3499ca0, ffffd09465853a00, 2, 4, fffffffff87e1aac, ffffffffc0313060)
ffffd002e3499c40 rfs_dispatch+0x2d(ffffd002e3499ca0, ffffd09465853a00)
ffffd002e3499d20 svc_getreq+0x1c1(ffffd09465853a00, ffffd096af2d6d40)
ffffd002e3499d90 svc_run+0x198(ffffd094412c43f8)
ffffd002e3499dd0 svc_do_run+0x8e(1)
ffffd002e3499ec0 nfssys+0x111(e, fdfc0fbc)
ffffd002e3499f10 _sys_sysenter_post_swapgs+0x149()

> smb_llist_enter::nm -f ctype
C Type
void (*)(smb_llist_t *, krw_t)

> ffffd0a6a8c77cd0::print smb_llist_t
{
    ll_lock = {
        _opaque = [ 0xc ]
    }
    ll_list = {
        list_size = 0x3a0
        list_offset = 0x10
        list_head = {
            list_next = 0
            list_prev = 0
        }
    }
    ll_count = 0
    ll_wrop = 0x606
    ll_mutex = {
        _opaque = [ 0xffffd002de017c46 ]
    }
    ll_deleteq = {
        list_size = 0x28
        list_offset = 0
        list_head = {
            list_next = 0
            list_prev = 0
        }
    }
    ll_deleteq_count = 0
    ll_flushing = 0 (0)
}
> ffffd0a6a8c77cd0::print -t smb_llist_t
smb_llist_t {
    krwlock_t ll_lock = {
        void *[1] _opaque = [ 0xc ]
    }
    list_t ll_list = {
        size_t list_size = 0x3a0
        size_t list_offset = 0x10
        struct list_node list_head = {
            struct list_node *list_next = 0
            struct list_node *list_prev = 0
        }
    }
    uint32_t ll_count = 0
    uint64_t ll_wrop = 0x606
    kmutex_t ll_mutex = {
        void *[1] _opaque = [ 0xffffd002de017c46 ]
    }
    list_t ll_deleteq = {
        size_t list_size = 0x28
        size_t list_offset = 0
        struct list_node list_head = {
            struct list_node *list_next = 0
            struct list_node *list_prev = 0
        }
    }
    uint32_t ll_deleteq_count = 0
    boolean_t ll_flushing = 0 (0)
}

It looks like the rw lock has been destroyed.
Actions

Also available in: Atom PDF