Project

General

Profile

Bug #6379

zfs_ioc_hold panics on a bad cleanup fd

Added by Andriy Gapon about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
zfs - Zettabyte File System
Start date:
2015-10-23
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

> ::panicinfo   
             cpu                0
          thread ffffff016b9c4080
         message assertion failed: (ss != NULL) && (item >= 0), file: ../../common/os/sunddi.c, line: 6111
...
> $C
ffffff000489da40 vpanic()
ffffff000489da70 0xfffffffffbdf3f18()
ffffff000489daa0 ddi_get_soft_state+0x58(ffffff014af82600, ffffffff)
ffffff000489dad0 zfsdev_get_soft_state+0x24(ffffffffffffffff, 1)
ffffff000489db00 zfs_onexit_minor_to_state+0x21(ffffffffffffffff, ffffff000489db18)
ffffff000489db40 zfs_onexit_fd_hold+0x34(3, ffffff000489db78)
ffffff000489dbc0 zfs_ioc_hold+0xfb(ffffff028cfb7000, ffffff0165a3e5e0, ffffff0165a35000)
ffffff000489dc70 zfsdev_ioctl+0x21d(10a00000000, 5a30, 8043ee8, 100003, ffffff016d6cf1c0, ffffff000489de58)
ffffff000489dcb0 cdev_ioctl+0x39(10a00000000, 5a30, 8043ee8, 100003, ffffff016d6cf1c0, ffffff000489de58)
ffffff000489dd00 spec_ioctl+0x60(ffffff015de9e600, 5a30, 8043ee8, 100003, ffffff016d6cf1c0, ffffff000489de58, 0)
ffffff000489dd90 fop_ioctl+0x55(ffffff015de9e600, 5a30, 8043ee8, 100003, ffffff016d6cf1c0, ffffff000489de58, 0)
ffffff000489deb0 ioctl+0x9b(4, 5a30, 8043ee8)
ffffff000489df00 sys_syscall32+0x1f7()

Probably zfs_ioc_hold needs to check that the file descriptor corresponds to an open file before passing the descriptor down the call chain.

Also available in: Atom PDF