Are we not guarding all the places by mutex where we do ref/unref?


(gdb) bt
#0  0x00007f58a18dc4fb in raise () from /lib64/libpthread.so.0
#1  0x00007f58a31e8a36 in crash_handler (signo=6, info=0x7f588e3f8470, ctx=0x7f588e3f8340) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_init.c:261
#2  <signal handler called>
#3  0x00007f58a1113387 in raise () from /lib64/libc.so.6
#4  0x00007f58a1114a78 in abort () from /lib64/libc.so.6
#5  0x00007f58a110c1a6 in __assert_fail_base () from /lib64/libc.so.6
#6  0x00007f58a110c252 in __assert_fail () from /lib64/libc.so.6
#7  0x00007f58a3234338 in dec_state_owner_ref (owner=0x7f57ed99bc00) at /usr/src/debug/nfs-ganesha-4.0.2/SAL/state_misc.c:933
#8  0x00007f58a3241065 in nfs_client_id_expire (clientid=0x7f57e3929c00, make_stale=false) at /usr/src/debug/nfs-ganesha-4.0.2/SAL/nfs4_clientid.c:1093
#9  0x00007f58a32a4441 in nfs4_op_create_session (op=0x7f57f30f5aa0, data=0x7f5840d16e80, resp=0x7f57f30f5960) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_op_create_session.c:444
#10 0x00007f58a329dfc6 in process_one_op (data=0x7f5840d16e80, status=0x7f588e3fc87c) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_Compound.c:924
#11 0x00007f58a329f04e in nfs4_Compound (arg=0x7f57f30e9680, req=0x7f57f30e8e00, res=0x7f588408ac00) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_Compound.c:1339
#12 0x00007f58a31e3664 in nfs_rpc_process_request (reqdata=0x7f57f30e8e00, retry=false) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_worker_thread.c:2079
#13 0x00007f58a31e3cdd in nfs_rpc_valid_NFS (req=0x7f57f30e8e00) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_worker_thread.c:2317
#14 0x00007f58a35bdba1 in svc_vc_decode (req=0x7f57f30e8e00) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_vc.c:1125
#15 0x00007f58a35b8cd3 in svc_request (xprt=0x7f57eab7f600, xdrs=0x7f588d7cc340) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1229
#16 0x00007f58a35bdaa6 in svc_vc_recv (xprt=0x7f57eab7f600) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_vc.c:1098
#17 0x00007f58a35b8c37 in svc_rqst_xprt_task_recv (wpe=0x7f57eab7f8f0) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1209
#18 0x00007f58a35b98ba in svc_rqst_epoll_loop (wpe=0x7f589e2e5030) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1608
#19 0x00007f58a35c6dc5 in work_pool_thread (arg=0x7f588ea001e0) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/work_pool.c:190
#20 0x00007f58a18d4ea5 in start_thread () from /lib64/libpthread.so.0
#21 0x00007f58a11dbb0d in clone () from /lib64/libc.so.6


#0  0x00007f58a18dc4fb in raise () from /lib64/libpthread.so.0
#1  0x00007f58a31e8a36 in crash_handler (signo=6, info=0x7f588e3f8470, ctx=0x7f588e3f8340) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_init.c:261
#2  <signal handler called>
#3  0x00007f58a1113387 in raise () from /lib64/libc.so.6
#4  0x00007f58a1114a78 in abort () from /lib64/libc.so.6
#5  0x00007f58a110c1a6 in __assert_fail_base () from /lib64/libc.so.6
#6  0x00007f58a110c252 in __assert_fail () from /lib64/libc.so.6
#7  0x00007f58a3234338 in dec_state_owner_ref (owner=0x7f57ed99bc00) at /usr/src/debug/nfs-ganesha-4.0.2/SAL/state_misc.c:933
#8  0x00007f58a3241065 in nfs_client_id_expire (clientid=0x7f57e3929c00, make_stale=false) at /usr/src/debug/nfs-ganesha-4.0.2/SAL/nfs4_clientid.c:1093
#9  0x00007f58a32a4441 in nfs4_op_create_session (op=0x7f57f30f5aa0, data=0x7f5840d16e80, resp=0x7f57f30f5960) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_op_create_session.c:444
#10 0x00007f58a329dfc6 in process_one_op (data=0x7f5840d16e80, status=0x7f588e3fc87c) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_Compound.c:924
#11 0x00007f58a329f04e in nfs4_Compound (arg=0x7f57f30e9680, req=0x7f57f30e8e00, res=0x7f588408ac00) at /usr/src/debug/nfs-ganesha-4.0.2/Protocols/NFS/nfs4_Compound.c:1339
#12 0x00007f58a31e3664 in nfs_rpc_process_request (reqdata=0x7f57f30e8e00, retry=false) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_worker_thread.c:2079
#13 0x00007f58a31e3cdd in nfs_rpc_valid_NFS (req=0x7f57f30e8e00) at /usr/src/debug/nfs-ganesha-4.0.2/MainNFSD/nfs_worker_thread.c:2317
#14 0x00007f58a35bdba1 in svc_vc_decode (req=0x7f57f30e8e00) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_vc.c:1125
#15 0x00007f58a35b8cd3 in svc_request (xprt=0x7f57eab7f600, xdrs=0x7f588d7cc340) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1229
#16 0x00007f58a35bdaa6 in svc_vc_recv (xprt=0x7f57eab7f600) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_vc.c:1098
#17 0x00007f58a35b8c37 in svc_rqst_xprt_task_recv (wpe=0x7f57eab7f8f0) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1209
#18 0x00007f58a35b98ba in svc_rqst_epoll_loop (wpe=0x7f589e2e5030) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/svc_rqst.c:1608
#19 0x00007f58a35c6dc5 in work_pool_thread (arg=0x7f588ea001e0) at /usr/src/debug/nfs-ganesha-4.0.2/libntirpc/src/work_pool.c:190
#20 0x00007f58a18d4ea5 in start_thread () from /lib64/libpthread.so.0
#21 0x00007f58a11dbb0d in clone () from /lib64/libc.so.6


(gdb) f 7
#7  0x00007f58a3234338 in dec_state_owner_ref (owner=0x7f57ed99bc00) at /usr/src/debug/nfs-ganesha-4.0.2/SAL/state_misc.c:933
933         assert(refcount > 0);
(gdb) l
928         if (str_valid)
929             LogFullDebug(COMPONENT_STATE,
930                      "Decrement refcount now=%" PRId32 " {%s}",
931                      refcount, str);
932
933         assert(refcount > 0);
934
935         return;
936     }
937
(gdb) l -
918     hash_table_t *ht_owner;
919
920     if (isDebug(COMPONENT_STATE)) {
921         display_owner(&dspbuf, owner);
922         str_valid = true;
923     }
924
925     refcount = atomic_dec_int32_t(&owner->so_refcount);
926
927     if (refcount != 0) {
(gdb) p owner->so_refcount
$1 = -1