From owner-freebsd-current@FreeBSD.ORG Sun Nov 2 20:45:49 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71AE1106567B for ; Sun, 2 Nov 2008 20:45:49 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by mx1.freebsd.org (Postfix) with ESMTP id EEF768FC1B for ; Sun, 2 Nov 2008 20:45:46 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: by ey-out-2122.google.com with SMTP id 6so689715eyi.7 for ; Sun, 02 Nov 2008 12:45:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=Fga0IzX4kjY+1XdCszPCJSpPVQwmaqWDh9rRpUh6Zg0=; b=kDCDcVNQvanMcDePQB0yUW2fwUScgwLvmzcjrHB9kER+iwMPzJnILMT5YcrZBRq6y0 YH5ggDqpx/WPAwy8E8YVdZNdfmo2a4wfGcpH2siHcCe4OUA2txrMupa/7a8efYwbOhoH 6yhQaHvq7aGcyzmkZbEGVGjn2zQI/MDjLLOdg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; b=g5upUqeFJ7/B2I4HWhG9Qd1Nb386CAiYb878hvLSkeOoqNl53PvZwRVflFUTncw0cq ZpZJEI1IL7/Qnq8r/x/3p0hLkQ5xat1lf1IaGIfKHkTJMsTBb21P5FN19R+krO4X5IWY oNe+eMCVrf7TP7rIAgxdMQjX+5o10vQDGD9AA= Received: by 10.210.22.16 with SMTP id 16mr3599199ebv.132.1225657340829; Sun, 02 Nov 2008 12:22:20 -0800 (PST) Received: from darklight.homeunix.org ([85.175.24.53]) by mx.google.com with ESMTPS id u14sm12348777gvf.6.2008.11.02.12.22.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 02 Nov 2008 12:22:20 -0800 (PST) Received: from darklight.homeunix.org (yuri@darklight.homeunix.org [127.0.0.1]) by darklight.homeunix.org (8.14.3/8.14.3) with ESMTP id mA2KMChr006700; Sun, 2 Nov 2008 23:22:17 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) Received: (from yuri@localhost) by darklight.homeunix.org (8.14.3/8.14.3/Submit) id mA2KMB3n006698; Sun, 2 Nov 2008 23:22:11 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) X-Authentication-Warning: darklight.homeunix.org: yuri set sender to yuri.pankov@gmail.com using -f Date: Sun, 2 Nov 2008 23:22:11 +0300 From: Yuri Pankov To: Attilio Rao Message-ID: <20081102202211.GA1549@darklight.homeunix.org> References: <20081102123100.GA1434@darklight.homeunix.org> <3bbf2fe10811020737g211dfb3fs54b48e4071db2393@mail.gmail.com> <3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com> <20081102163307.GB1434@darklight.homeunix.org> <3bbf2fe10811020953l29f1a7eesa4f4eeb49f0a2eba@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3bbf2fe10811020953l29f1a7eesa4f4eeb49f0a2eba@mail.gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-fs@freebsd.org, freebsd-current@freebsd.org Subject: Re: reproducible panic with mount_smbfs X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2008 20:45:49 -0000 On Sun, Nov 02, 2008 at 06:53:25PM +0100, Attilio Rao wrote: > 2008/11/2, Yuri Pankov : > > On Sun, Nov 02, 2008 at 05:17:18PM +0100, Attilio Rao wrote: > > > 2008/11/2, Attilio Rao : > > > > 2008/11/2, Yuri Pankov : > > > > > > > > > Hi, > > > > > > > > > > Trying to mount nonexistent smb share with mount_smbfs leads to > > > > > following panic: > > > > > > > > > > # mount_smbfs //yuri@lifebane/blahblah /mnt > > > > > > > > > > Unread portion of the kernel message buffer: > > > > > smb_co_lock: recursive lock for object 1 > > > > > panic: Lock (lockmgr) smb_vc not locked @ > > > > > /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:329. > > > > > cpuid = 0 > > > > > KDB: stack backtrace: > > > > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > > > > > panic() at panic+0x182 > > > > > witness_assert() at witness_assert+0x21a > > > > > __lockmgr_args() at __lockmgr_args+0x17a > > > > > smb_co_put() at smb_co_put+0x76 > > > > > smb_sm_lookup() at smb_sm_lookup+0xfe > > > > > smb_usr_lookup() at smb_usr_lookup+0xcd > > > > > nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6 > > > > > giant_ioctl() at giant_ioctl+0x75 > > > > > devfs_ioctl_f() at devfs_ioctl_f+0x76 > > > > > kern_ioctl() at kern_ioctl+0x92 > > > > > ioctl() at ioctl+0xfd > > > > > syscall() at syscall+0x1bf > > > > > Xfast_syscall() at Xfast_syscall+0xab > > > > > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp = > > > > > 0x7fffffffe038, rbp = 0x7fffffffe450 --- > > > > > Uptime: 6m46s > > > > > Physical memory: 2032 MB > > > > > > > > > > > > So, what is happening here is that smb_co_lock() is AFU. > > > > Infact looking at the code: > > > > int > > > > smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td) > > > > { > > > > ... > > > > if (smb_co_lockstatus(cp, td) == LK_EXCLUSIVE && > > > > (flags & LK_CANRECURSE) == 0) { > > > > SMBERROR("recursive lock for object %d\n", cp->co_level); > > > > return 0; > > > > } > > > > ... > > > > > > Yuri, > > > could you please test this fix: > > > http://www.freebsd.org/~attilio/netsmb.diff > > > > > > and report if it works? > > > You could get a KASSERT running but this is expected as I want to > > > identify on the callers who passes a malformed request and fix it. > > > > > > Thanks, > > > Attilio > > > > > > > > > -- > > > Peace can only be achieved by understanding - A. Einstein > > > > > > Thanks, Attilio. > > > > With this patch system doesn't panic anymore with nonexistent share > > names (though I had to comment out smb_co_lockstatus prototype and > > function to get rid of -Werror complaints). Still getting a LOR: > > > > netsmb_dev: loaded > > lock order reversal: > > 1st 0xffffff0021644008 smb_vc (smb_vc) @ > > /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:332 > > 2nd 0xffffffff81037368 smbsm (smbsm) @ > > /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:348 > > > > KDB: stack backtrace: > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > > > > _witness_debugger() at _witness_debugger+0x2e > > witness_checkorder() at witness_checkorder+0x81e > > __lockmgr_args() at __lockmgr_args+0xc2a > > smb_co_lock() at smb_co_lock+0x38 > > smb_co_gone() at smb_co_gone+0x38 > > > > smb_sm_lookup() at smb_sm_lookup+0xfe > > smb_usr_lookup() at smb_usr_lookup+0xcd > > nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6 > > giant_ioctl() at giant_ioctl+0x75 > > devfs_ioctl_f() at devfs_ioctl_f+0x76 > > kern_ioctl() at kern_ioctl+0x92 > > ioctl() at ioctl+0xfd > > syscall() at syscall+0x1bf > > Xfast_syscall() at Xfast_syscall+0xab > > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp = > > > > 0x7fffffffe048, rbp = 0x7fffffffe460 --- > > I've updated the patch in order to fix smb_co_lockstatus problem. > Could you please stress test it while I investigate the LOR problem? Not sure what do you mean by "stress test". I've tried mounting several different shares and copied ~100Gb from them, hope this should suffice. > Are you running with INVARIANTS? Yes. > > Thanks, > Attilio > > > -- > Peace can only be achieved by understanding - A. Einstein Thanks, Yuri