From owner-freebsd-fs@FreeBSD.ORG  Sun Nov  2 17:01:31 2008
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 199B81065670
	for <freebsd-fs@freebsd.org>; Sun,  2 Nov 2008 17:01:31 +0000 (UTC)
	(envelope-from yuri.pankov@gmail.com)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 8E8D98FC08
	for <freebsd-fs@freebsd.org>; Sun,  2 Nov 2008 17:01:30 +0000 (UTC)
	(envelope-from yuri.pankov@gmail.com)
Received: by ey-out-2122.google.com with SMTP id 6so669156eyi.7
	for <freebsd-fs@freebsd.org>; Sun, 02 Nov 2008 09:01:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:received:received
	:x-authentication-warning:date:from:to:cc:subject:message-id
	:references:mime-version:content-type:content-disposition
	:in-reply-to:user-agent;
	bh=mEWkKJ+xT6SaSwxwFmAFVQXYON1G240N6q3FCSrZxjQ=;
	b=vn1xBsnFqfLj9sWahXdJCdabqhfHfq/i/c1ssVlE26LYlEJNujzSOOeh+gHNDi6/8C
	SKSsf3N5scRyTrFXJEHuxRKnCGl8fDG/bex+NDGlPTd1TL2vl4NNxJE0Hct2na4O44mY
	gfcqQEdV0Fa7RM4y17OAQq6HFvUhh9d5Np2DQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=x-authentication-warning:date:from:to:cc:subject:message-id
	:references:mime-version:content-type:content-disposition
	:in-reply-to:user-agent;
	b=RXgCAvk0cVZkFPprwFcpC0fBBQ/6gk/OMAiokJ8TnHTgQ6XiFuPNMFrKNUhkWrQuPe
	B6u0wlMhB6pywdHdKHbV1W0cAHmiCVPJgu57udcwKPcp5gELxCxGkO/P7193wxC/sb0d
	sj/F15zuzewHCrvfqL5OCZF3/Flc+SqmgcXNQ=
Received: by 10.210.127.13 with SMTP id z13mr7413463ebc.11.1225643591692;
	Sun, 02 Nov 2008 08:33:11 -0800 (PST)
Received: from darklight.homeunix.org ([85.175.24.53])
	by mx.google.com with ESMTPS id g9sm11790271gvc.0.2008.11.02.08.33.09
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 02 Nov 2008 08:33:11 -0800 (PST)
Received: from darklight.homeunix.org (yuri@darklight.homeunix.org [127.0.0.1])
	by darklight.homeunix.org (8.14.3/8.14.3) with ESMTP id mA2GX7v2071530; 
	Sun, 2 Nov 2008 19:33:07 +0300 (MSK)
	(envelope-from yuri.pankov@gmail.com)
Received: (from yuri@localhost)
	by darklight.homeunix.org (8.14.3/8.14.3/Submit) id mA2GX7S1071529;
	Sun, 2 Nov 2008 19:33:07 +0300 (MSK)
	(envelope-from yuri.pankov@gmail.com)
X-Authentication-Warning: darklight.homeunix.org: yuri set sender to
	yuri.pankov@gmail.com using -f
Date: Sun, 2 Nov 2008 19:33:07 +0300
From: Yuri Pankov <yuri.pankov@gmail.com>
To: Attilio Rao <attilio@freebsd.org>
Message-ID: <20081102163307.GB1434@darklight.homeunix.org>
References: <20081102123100.GA1434@darklight.homeunix.org>
	<3bbf2fe10811020737g211dfb3fs54b48e4071db2393@mail.gmail.com>
	<3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3bbf2fe10811020817g1409a38ep26c1ee8edf075201@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-fs@freebsd.org, freebsd-current@freebsd.org, developers@freebsd.org
Subject: Re: reproducible panic with mount_smbfs
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Nov 2008 17:01:31 -0000

On Sun, Nov 02, 2008 at 05:17:18PM +0100, Attilio Rao wrote:
> 2008/11/2, Attilio Rao <attilio@freebsd.org>:
> > 2008/11/2, Yuri Pankov <yuri.pankov@gmail.com>:
> >
> > > Hi,
> >  >
> >  >  Trying to mount nonexistent smb share with mount_smbfs leads to
> >  >  following panic:
> >  >
> >  >  # mount_smbfs //yuri@lifebane/blahblah /mnt
> >  >
> >  >  Unread portion of the kernel message buffer:
> >  >  smb_co_lock: recursive lock for object 1
> >  >  panic: Lock (lockmgr) smb_vc not locked @
> >  >  /usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:329.
> >  >  cpuid = 0
> >  >  KDB: stack backtrace:
> >  >  db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
> >  >  panic() at panic+0x182
> >  >  witness_assert() at witness_assert+0x21a
> >  >  __lockmgr_args() at __lockmgr_args+0x17a
> >  >  smb_co_put() at smb_co_put+0x76
> >  >  smb_sm_lookup() at smb_sm_lookup+0xfe
> >  >  smb_usr_lookup() at smb_usr_lookup+0xcd
> >  >  nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6
> >  >  giant_ioctl() at giant_ioctl+0x75
> >  >  devfs_ioctl_f() at devfs_ioctl_f+0x76
> >  >  kern_ioctl() at kern_ioctl+0x92
> >  >  ioctl() at ioctl+0xfd
> >  >  syscall() at syscall+0x1bf
> >  >  Xfast_syscall() at Xfast_syscall+0xab
> >  >  --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp =
> >  >  0x7fffffffe038, rbp = 0x7fffffffe450 ---
> >  >  Uptime: 6m46s
> >  >  Physical memory: 2032 MB
> >
> >
> > So, what is happening here is that smb_co_lock() is AFU.
> >  Infact looking at the code:
> >  int
> >  smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td)
> >  {
> >  ...
> >         if (smb_co_lockstatus(cp, td) == LK_EXCLUSIVE &&
> >             (flags & LK_CANRECURSE) == 0) {
> >                 SMBERROR("recursive lock for object %d\n", cp->co_level);
> >                 return 0;
> >         }
> >  ...
> 
> Yuri,
> could you please test this fix:
> http://www.freebsd.org/~attilio/netsmb.diff
> 
> and report if it works?
> You could get a KASSERT running but this is expected as I want to
> identify on the callers who passes a malformed request and fix it.
> 
> Thanks,
> Attilio
> 
> 
> -- 
> Peace can only be achieved by understanding - A. Einstein

Thanks, Attilio.

With this patch system doesn't panic anymore with nonexistent share
names (though I had to comment out smb_co_lockstatus prototype and
function to get rid of -Werror complaints). Still getting a LOR:

netsmb_dev: loaded
lock order reversal:
 1st 0xffffff0021644008 smb_vc (smb_vc) @
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:332
 2nd 0xffffffff81037368 smbsm (smbsm) @
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:348
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
_witness_debugger() at _witness_debugger+0x2e
witness_checkorder() at witness_checkorder+0x81e
__lockmgr_args() at __lockmgr_args+0xc2a
smb_co_lock() at smb_co_lock+0x38
smb_co_gone() at smb_co_gone+0x38
smb_sm_lookup() at smb_sm_lookup+0xfe
smb_usr_lookup() at smb_usr_lookup+0xcd
nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6
giant_ioctl() at giant_ioctl+0x75
devfs_ioctl_f() at devfs_ioctl_f+0x76
kern_ioctl() at kern_ioctl+0x92
ioctl() at ioctl+0xfd
syscall() at syscall+0x1bf
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp =
0x7fffffffe048, rbp = 0x7fffffffe460 ---


Thanks,
Yuri