z_blksz);

Andriy Gapon Mon, 18 Jul 2016 15:23:35 -0700

Looking at this piece of code in zfs_get_data()
                        error = dmu_sync(zio, lr->lr_common.lrc_txg,
                            zfs_get_done, zgd);
                        ASSERT(error || lr->lr_length <= zp->z_blksz);
I noticed that zp->z_blksz gets checked after zfs_get_done() could be
executed and thus
VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));


So, it could be possible that zp becomes invalid or wrong by the time it
is checked.

-- 
Andriy Gapon


-------------------------------------------
openzfs-developer
Archives: https://www.listbox.com/member/archive/274414/=now
RSS Feed: https://www.listbox.com/member/archive/rss/274414/28015062-cce53afa
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=28015062&id_secret=28015062-f966d51c
Powered by Listbox: http://www.listbox.com

[developer] zfs_get_data: ASSERT(error || lr->lr_length <= zp->z_blksz);

Reply via email to