Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Nov 2009 02:54:43 -0600
From:      "sahil.cooner@gmail.com" <sahil.cooner@gmail.com>
To:        freebsd-current@freebsd.org
Cc:        bzeeb+freebsd+lor@zabbadoz.net
Subject:   mount_smbfs lock order traversal kernel segfault
Message-ID:  <c1e1f07a0911230054n57b3c3ffoc5101731173a2a8e@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Fellow FreeBSDers,

I'd like to report a new lock order traversal bug that I have come across in
freebsd-current, from a checkout of the /usr/src tree a couple days ago.

I found the following site and search for the particular LOR dump that I was
receiving in dmesg.  I am currently receiving 2 different LOR errors.  One
that is a known and reported issue, the other I could not find on the
following list, http://sources.zabbadoz.net/freebsd/lor.html.

Following these instructions ...
http://sources.zabbadoz.net/freebsd/lor.html#howtoreportalor

1) The Backtrace...
smb_co_lock: recursive lock for object 1
lock order reversal:
 1st 0xffffff0020401c08 smb_vc (smb_vc) @
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:331
 2nd 0xffffffff812c84a8 smbsm (smbsm) @
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:354
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
_witness_debugger() at _witness_debugger+0x2e
witness_checkorder() at witness_checkorder+0x81e
__lockmgr_args() at __lockmgr_args+0xcf3
smb_co_lock() at smb_co_lock+0x61
smb_co_gone() at smb_co_gone+0x34
smb_sm_lookup() at smb_sm_lookup+0x105
smb_usr_lookup() at smb_usr_lookup+0xcd
nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1e7
giant_ioctl() at giant_ioctl+0x75
devfs_ioctl_f() at devfs_ioctl_f+0x76
kern_ioctl() at kern_ioctl+0xc5
ioctl() at ioctl+0xfd
syscall() at syscall+0x1ae
Xfast_syscall() at Xfast_syscall+0xe1
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x80094b92c, rsp =
0x7fffffffe128, rbp = 0x7fffffffe540 ---

2) The Samba server is a Debian box running Samba versions as follows...
smbd -V
Version 3.2.5
nmbd -V
Version 3.2.5

3) uname -arv
FreeBSD mybox.com 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sat Nov 21 07:47:20
CST 2009     root@mybox.com:/usr/obj/usr/src/sys/GENERIC  amd64


This bug is almost always reproducible when any sort of slightly higher than
normal disk I/O takes place to the samba mounted directory, ie. a copy from
the remote target to the local drive of a 1GB file.

I haven't really had a chance to follow up by looking through the relevant
/usr/src/sys/../../smbfs/../*.c files to try and debug/determine some more
information I will respond with relevant follow ups.

Cheers,
Sahil R Cooner

Pablo Picasso<http://www.brainyquote.com/quotes/authors/p/pablo_picasso.html>;
- "Computers are useless. They can only give you answers."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1e1f07a0911230054n57b3c3ffoc5101731173a2a8e>