Date: Wed, 7 Oct 2009 16:03:15 GMT From: Bob McClure <h8msft@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/139407: smb mount causes system crash if remote share no longer accessible Message-ID: <200910071603.n97G3FBE055161@www.freebsd.org> Resent-Message-ID: <200910071610.n97GA29G018479@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 139407 >Category: kern >Synopsis: smb mount causes system crash if remote share no longer accessible >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 07 16:10:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Bob McClure >Release: 7.1 release / 8.0-RC1 >Organization: >Environment: FreeBSD THEMIS-LRAR-01.foo.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Tue Jan 6 11:36:08 CST 2009 bobm@Themis-lrar-02.foo.local:/usr/src/sys/amd64/compile/CLUSTER amd64 BSDTest-lrar-03v# uname -a FreeBSD BSDTest-lrar-03v.foo.local 8.0-RC1 FreeBSD 8.0-RC1 #0: Mon Oct 5 12:35:15 CDT 2009 root@BSDTest-lrar-03v.foo.local:/usr/src/sys/amd64/compile/CLUSTER amd64 FreeBSD foo.foodomain 8.0-RC1 FreeBSD 8.0-RC1 #0: Thu Sep 17 20:45:19 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: If connectivity is lost to a smb mount, issuing the df command can crash the system. I have replicated this with 7.1 Release on an HP server and with 8.0 RC-1 in a VMWare ESX (amd64) and 8.0 RC-1 in VMWARE ESXi (i386). The connectivity loss can be either network related, remote server problems, or the share deleted. The crash will not occur until the df command is called. dump of the crash file references smbiod, So I'm not sure where the problem actually is. 00004640 73 6d 62 5f 64 65 76 3a 20 6c 6f 61 64 65 64 0a |smb_dev: loaded.| 00004650 6b 65 72 6e 65 6c 20 74 72 61 70 20 31 32 20 77 |kernel trap 12 w| 00004660 69 74 68 20 69 6e 74 65 72 72 75 70 74 73 20 64 |ith interrupts d| 00004670 69 73 61 62 6c 65 64 0a 0a 0a 46 61 74 61 6c 20 |isabled...Fatal | 00004680 74 72 61 70 20 31 32 3a 20 70 61 67 65 20 66 61 |trap 12: page fa| 00004690 75 6c 74 20 77 68 69 6c 65 20 69 6e 20 6b 65 72 |ult while in ker| 000046a0 6e 65 6c 20 6d 6f 64 65 0a 63 70 75 69 64 20 3d |nel mode.cpuid =| 000046b0 20 32 3b 20 61 70 69 63 20 69 64 20 3d 20 30 32 | 2; apic id = 02| 000046c0 0a 66 61 75 6c 74 20 76 69 72 74 75 61 6c 20 61 |.fault virtual a| 000046d0 64 64 72 65 73 73 09 3d 20 30 78 33 30 0a 66 61 |ddress.= 0x30.fa| 000046e0 75 6c 74 20 63 6f 64 65 09 09 3d 20 73 75 70 65 |ult code..= supe| 000046f0 72 76 69 73 6f 72 20 72 65 61 64 20 64 61 74 61 |rvisor read data| 00004700 2c 20 70 61 67 65 20 6e 6f 74 20 70 72 65 73 65 |, page not prese| 00004710 6e 74 0a 69 6e 73 74 72 75 63 74 69 6f 6e 20 70 |nt.instruction p| 00004720 6f 69 6e 74 65 72 09 3d 20 30 78 38 3a 30 78 66 |ointer.= 0x8:0xf| 00004730 66 66 66 66 66 66 66 38 30 35 34 38 31 37 66 0a |fffffff8054817f.| 00004740 73 74 61 63 6b 20 70 6f 69 6e 74 65 72 09 20 20 |stack pointer. | 00004750 20 20 20 20 20 20 3d 20 30 78 31 30 3a 30 78 66 | = 0x10:0xf| 00004760 66 66 66 66 66 66 66 37 64 36 36 65 39 34 30 0a |fffffff7d66e940.| 00004770 66 72 61 6d 65 20 70 6f 69 6e 74 65 72 09 20 20 |frame pointer. | 00004780 20 20 20 20 20 20 3d 20 30 78 31 30 3a 30 78 66 | = 0x10:0xf| 00004790 66 66 66 66 66 30 30 30 63 37 34 62 36 65 30 0a |fffff000c74b6e0.| 000047a0 63 6f 64 65 20 73 65 67 6d 65 6e 74 09 09 3d 20 |code segment..= | 000047b0 62 61 73 65 20 30 78 30 2c 20 6c 69 6d 69 74 20 |base 0x0, limit | 000047c0 30 78 66 66 66 66 66 2c 20 74 79 70 65 20 30 78 |0xfffff, type 0x| 000047d0 31 62 0a 09 09 09 3d 20 44 50 4c 20 30 2c 20 70 |1b....= DPL 0, p| 000047e0 72 65 73 20 31 2c 20 6c 6f 6e 67 20 31 2c 20 64 |res 1, long 1, d| 000047f0 65 66 33 32 20 30 2c 20 67 72 61 6e 20 31 0a 70 |ef32 0, gran 1.p| 00004800 72 6f 63 65 73 73 6f 72 20 65 66 6c 61 67 73 09 |rocessor eflags.| 00004810 3d 20 72 65 73 75 6d 65 2c 20 49 4f 50 4c 20 3d |= resume, IOPL =| 00004820 20 30 0a 63 75 72 72 65 6e 74 20 70 72 6f 63 65 | 0.current proce| 00004830 73 73 09 09 3d 20 31 30 32 34 20 28 73 6d 62 69 |ss..= 1024 (smbi| 00004840 6f 64 30 29 0a 74 72 61 70 20 6e 75 6d 62 65 72 |od0).trap number| 00004850 09 09 3d 20 31 32 0a 70 61 6e 69 63 3a 20 70 61 |..= 12.panic: pa| 00004860 67 65 20 66 61 75 6c 74 0a 63 70 75 69 64 20 3d |ge fault.cpuid =| 00004870 20 32 0a 55 70 74 69 6d 65 3a 20 36 6d 33 37 73 | 2.Uptime: 6m37s| 00004880 0a 50 68 79 73 69 63 61 6c 20 6d 65 6d 6f 72 79 |.Physical memory| 00004890 3a 20 31 32 32 37 33 20 4d 42 0a 44 75 6d 70 69 |: 12273 MB.Dumpi| 000048a0 6e 67 20 36 34 35 20 4d 42 3a 00 00 00 00 00 00 |ng 645 MB:......| 000048b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| >How-To-Repeat: This can be repliated in a VMWare ESXi instance to avoid crashing a physical sever. install a local instance of samba with security = local create a share on the local machine #[foo] # path = /home/foo # valid users = bob # public=no # writeable = yes # browsable = yes # create mask = 0777 # Mount the share mount_smbfs -I foo //bob@foo/foo mount # rename the share to a new name #[fooxx] # path = /home/foo # valid users = bob # public=no # writeable = yes # browsable = yes # create mask = 0777 samba restart df <- no error samba stop df <- system crash >Fix: Unknown >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910071603.n97G3FBE055161>