From owner-freebsd-stable@freebsd.org Wed Oct 7 06:52:37 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 783ED9D0E50 for ; Wed, 7 Oct 2015 06:52:37 +0000 (UTC) (envelope-from ck-lists@cksoft.de) Received: from mx1.cksoft.de (mx1.cksoft.de [IPv6:2001:67c:24f8:1::25:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.cksoft.de", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3699FE60; Wed, 7 Oct 2015 06:52:37 +0000 (UTC) (envelope-from ck-lists@cksoft.de) Received: from m.cksoft.de (unknown [IPv6:2a01:170:1110:8001::25:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.cksoft.de (Postfix) with ESMTPSA id 3CE391E9E6E; Wed, 7 Oct 2015 08:52:33 +0200 (CEST) Received: from amavis.cksoft.de (unknown [IPv6:2a01:170:1110:8001::25:a1]) by m.cksoft.de (Postfix) with ESMTP id 1496962FA4; Wed, 7 Oct 2015 08:51:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from m.cksoft.de ([IPv6:2a01:170:1110:8001::25:1]) by amavis.cksoft.de (amavis.cksoft.de [IPv6:2a01:170:1110:8001::25:a1]) (amavisd-new, port 10041) with ESMTP id eLvvzjJzvzmV; Wed, 7 Oct 2015 08:51:02 +0200 (CEST) Received: from noc1.cksoft.de (noc1.cksoft.de [IPv6:2a01:170:1110:8001::53:1]) by m.cksoft.de (Postfix) with ESMTP id 1EA7F62F88; Wed, 7 Oct 2015 08:51:02 +0200 (CEST) Received: by noc1.cksoft.de (Postfix, from userid 1000) id C0FB113BCA; Wed, 7 Oct 2015 08:52:30 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by noc1.cksoft.de (Postfix) with ESMTP id B9ACC13BC0; Wed, 7 Oct 2015 08:52:30 +0200 (CEST) Date: Wed, 7 Oct 2015 08:52:30 +0200 (CEST) From: Christian Kratzer X-X-Sender: ck@noc1.cksoft.de Reply-To: Christian Kratzer To: John Baldwin cc: Rick Macklem , freebsd-stable@freebsd.org Subject: Re: smbfs crashes since approx. 10.1-RELEASE In-Reply-To: <2148690.gx9M0ZzrG1@ralph.baldwin.cx> Message-ID: References: <1721669289.24365403.1444083414400.JavaMail.zimbra@uoguelph.ca> <2148690.gx9M0ZzrG1@ralph.baldwin.cx> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) X-Spammer-Kill-Ratio: 75% MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 06:52:37 -0000 Hi, On Tue, 6 Oct 2015, John Baldwin wrote: >> This crash is occurring when doing an mtx_unlock(&Giant). Unfortunately, I'm not >> conversant w.r.t. this code. I've cc'd jhb@ in case he has some insight. >> If you don't get any responses, I'd suggest reposting to freebsd-current@ with >> "crashes in mtx_unlock(&Giant)" in the subject line. >> >> Btw John, the code does tsleep() in a loop before the mtx_unlock(&Giant). I do >> remember that was once allowed, but am not sure if it still is (ie a tsleep() call >> while holding Giant)? >> >> Hopefully someone who knows what is special about Giant that might cause this will >> respond. >> >> Good luck with it, rick > > tsleep() with Giant is still allowed. However, this sort of panic usually means > you unlocked a mutex you didn't hold (but without INVARIANTS enabled or you'd get > an assertion failure earlier). > > I don't see anything obviously wrong in smb_iod_thread() however. > > If you have the crashdump, can you please run this in kgdb: > > frame 9 > p (struct mtx *)c > p *(struct mtx *)c yes I have. Here we go: --snipp-- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x20 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80996c7c stack pointer = 0x28:0xfffffe004e79bac0 frame pointer = 0x28:0xfffffe004e79baf0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 12235 (smbiod172) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xffffffff80984e30 at kdb_backtrace+0x60 #1 0xffffffff809489e6 at vpanic+0x126 #2 0xffffffff809488b3 at panic+0x43 #3 0xffffffff80d4aadb at trap_fatal+0x36b #4 0xffffffff80d4addd at trap_pfault+0x2ed #5 0xffffffff80d4a47a at trap+0x47a #6 0xffffffff80d307f2 at calltrap+0x8 #7 0xffffffff8092ebe0 at __mtx_unlock_sleep+0x60 #8 0xffffffff8092eb69 at __mtx_unlock_flags+0x69 #9 0xffffffff81a1b724 at smb_iod_thread+0xb4 #10 0xffffffff8091244a at fork_exit+0x9a #11 0xffffffff80d30d2e at fork_trampoline+0xe Uptime: 1d18h34m4s Dumping 161 out of 999 MB:..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% Reading symbols from /boot/kernel/smbfs.ko.symbols...done. Loaded symbols for /boot/kernel/smbfs.ko.symbols Reading symbols from /boot/kernel/libiconv.ko.symbols...done. Loaded symbols for /boot/kernel/libiconv.ko.symbols Reading symbols from /boot/kernel/libmchain.ko.symbols...done. Loaded symbols for /boot/kernel/libmchain.ko.symbols #0 doadump (textdump=) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h (kgdb) frame 9 #9 0xffffffff8092ebe0 in __mtx_unlock_sleep (c=0xfffff8002f531790, opts=, file=0xffffffff81a25801 "%s: Can't handle disordered parameters %d:%d\n", line=1) at /usr/src/sys/kern/kern_mutex.c:791 791 /usr/src/sys/kern/kern_mutex.c: No such file or directory. in /usr/src/sys/kern/kern_mutex.c Current language: auto; currently minimal (kgdb) p (struct mtx *)c $1 = (struct mtx *) 0xfffff8002f531790 (kgdb) p *(struct mtx *)c $2 = {lock_object = {lo_name = 0x6
, lo_flags = 0, lo_data = 0, lo_witness = 0xfffff8002f531798}, mtx_lock = 1444181401} (kgdb) --snipp-- I can build a GENERIC kernel with INVARIANTS enabled on the box to see if we get a better assertions next time this happens. That is in case it happens at all with a debug build. Greetings Christian -- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/