this bug happens when the kernel runs out of mount rpc
buffers when allocating a flush rpc. in this case, mntflushalloc()
will errorjump out of mountio() leaving the currently in
flight rpc in the mount. the caller of mountrpc()/mountio()
frees the rpc thats still queued in the mount leaving
to interesting results.
for the fix, we add a waserror() arround mntflushalloc() and
handle the error case like a mount rpc failure which will
properly dequeue the rpc's in flight.
while(waserror()) {
if(m->rip == up)
mntgate(m);
- if(strcmp(up->errstr, Eintr) != 0){
+ if(strcmp(up->errstr, Eintr) != 0 || waserror()){
r = mntflushfree(m, r);
switch(r->request.type){
case Tremove:
nexterror();
}
r = mntflushalloc(r, m->msize);
+ poperror();
}
lock(m);