From owner-freebsd-current@FreeBSD.ORG Sun Nov 2 16:17:21 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2FE5106568D; Sun, 2 Nov 2008 16:17:21 +0000 (UTC) (envelope-from asmrookie@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id E2DBF8FC26; Sun, 2 Nov 2008 16:17:20 +0000 (UTC) (envelope-from asmrookie@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so1729054fgb.35 for ; Sun, 02 Nov 2008 08:17:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=tRR41TuxcmwWr1fcdySQEGfSm/5CQFtJbjUdzVtpAPg=; b=dXULrz6xkB50Z9hJU94kOB63yA18mTCuKRHVHZ7QXPqfxFQNKzr1gAxDCQsKDvaNdZ ng4bVlkBUs4ifXgmPu1+CXxYYQK9Ca/zmLlXXreC4l3nghI6fhU2/zSvhzoBXeaB0mEv k23MHGpnALbifNuzF8KBK6SOt9Bu1u6WTjuuQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=plix37eFrJOyuKwTjC+ajo1VL2acsGo57sVFNiijDgxf0e+uygqQEaM0qodm62nISR irlcH291as9iVUEmdLCRjlM5oi6GKf12QCRTwIkSsHgSoINoMgoucUQNhAS6+N7jxHW2 c78qxoL1+RWH++xwZX1cBA3f53ye3QS6hVikQ= Received: by 10.86.66.19 with SMTP id o19mr10091634fga.64.1225642638896; Sun, 02 Nov 2008 08:17:18 -0800 (PST) Received: by 10.86.78.14 with HTTP; Sun, 2 Nov 2008 08:17:18 -0800 (PST) Message-ID: <3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com> Date: Sun, 2 Nov 2008 17:17:18 +0100 From: "Attilio Rao" Sender: asmrookie@gmail.com To: "Yuri Pankov" In-Reply-To: <3bbf2fe10811020737g211dfb3fs54b48e4071db2393@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081102123100.GA1434@darklight.homeunix.org> <3bbf2fe10811020737g211dfb3fs54b48e4071db2393@mail.gmail.com> X-Google-Sender-Auth: b35bc9f364f79055 Cc: freebsd-fs@freebsd.org, freebsd-current@freebsd.org, developers@freebsd.org Subject: Re: reproducible panic with mount_smbfs X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2008 16:17:21 -0000 2008/11/2, Attilio Rao : > 2008/11/2, Yuri Pankov : > > > Hi, > > > > Trying to mount nonexistent smb share with mount_smbfs leads to > > following panic: > > > > # mount_smbfs //yuri@lifebane/blahblah /mnt > > > > Unread portion of the kernel message buffer: > > smb_co_lock: recursive lock for object 1 > > panic: Lock (lockmgr) smb_vc not locked @ > > /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:329. > > cpuid = 0 > > KDB: stack backtrace: > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > > panic() at panic+0x182 > > witness_assert() at witness_assert+0x21a > > __lockmgr_args() at __lockmgr_args+0x17a > > smb_co_put() at smb_co_put+0x76 > > smb_sm_lookup() at smb_sm_lookup+0xfe > > smb_usr_lookup() at smb_usr_lookup+0xcd > > nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6 > > giant_ioctl() at giant_ioctl+0x75 > > devfs_ioctl_f() at devfs_ioctl_f+0x76 > > kern_ioctl() at kern_ioctl+0x92 > > ioctl() at ioctl+0xfd > > syscall() at syscall+0x1bf > > Xfast_syscall() at Xfast_syscall+0xab > > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp = > > 0x7fffffffe038, rbp = 0x7fffffffe450 --- > > Uptime: 6m46s > > Physical memory: 2032 MB > > > So, what is happening here is that smb_co_lock() is AFU. > Infact looking at the code: > int > smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td) > { > ... > if (smb_co_lockstatus(cp, td) == LK_EXCLUSIVE && > (flags & LK_CANRECURSE) == 0) { > SMBERROR("recursive lock for object %d\n", cp->co_level); > return 0; > } > ... Yuri, could you please test this fix: http://www.freebsd.org/~attilio/netsmb.diff and report if it works? You could get a KASSERT running but this is expected as I want to identify on the callers who passes a malformed request and fix it. Thanks, Attilio -- Peace can only be achieved by understanding - A. Einstein