reproducible panic with mount_smbfs

From: Yuri Pankov <yuri.pankov_at_gmail.com>
Date: Sun, 2 Nov 2008 15:31:00 +0300
Hi,

Trying to mount nonexistent smb share with mount_smbfs leads to
following panic:

# mount_smbfs //yuri_at_lifebane/blahblah /mnt

Unread portion of the kernel message buffer:
smb_co_lock: recursive lock for object 1
panic: Lock (lockmgr) smb_vc not locked _at_
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:329.
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
panic() at panic+0x182
witness_assert() at witness_assert+0x21a
__lockmgr_args() at __lockmgr_args+0x17a
smb_co_put() at smb_co_put+0x76
smb_sm_lookup() at smb_sm_lookup+0xfe
smb_usr_lookup() at smb_usr_lookup+0xcd
nsmb_dev_ioctl() at nsmb_dev_ioctl+0x1f6
giant_ioctl() at giant_ioctl+0x75
devfs_ioctl_f() at devfs_ioctl_f+0x76
kern_ioctl() at kern_ioctl+0x92
ioctl() at ioctl+0xfd
syscall() at syscall+0x1bf
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800939aec, rsp =
0x7fffffffe038, rbp = 0x7fffffffe450 ---
Uptime: 6m46s
Physical memory: 2032 MB
Dumping 148 MB: 133 117 101 85 69 53 37 21 5

#0  doadump () at pcpu.h:196
#1  0xffffffff804ea413 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:420
#2  0xffffffff804ea89c in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:576
#3  0xffffffff8052afea in witness_assert (lock=Variable "lock" is not
available.
) at /usr/src/sys/kern/subr_witness.c:2199
#4  0xffffffff804d6b4a in __lockmgr_args (lk=0xffffff004a5bf408,
flags=1048832, ilk=0xffffff004a5bf430, wmesg=Variable "wmesg" is not
available.
)
    at /usr/src/sys/kern/kern_lock.c:659
#5  0xffffffff81023536 in smb_co_put (cp=0xffffff004a5bf400,
scred=0xfffffffe7fd879b0) at lockmgr.h:93
#6  0xffffffff81023fce in smb_sm_lookup (vcspec=0xfffffffe7fd87890,
shspec=0xfffffffe7fd87900, scred=0xfffffffe7fd879b0, 
    vcpp=0xfffffffe7fd87928) at
/usr/src/sys/modules/smbfs/../../netsmb/smb_conn.c:222
#7  0xffffffff8102995d in smb_usr_lookup (dp=0xffffff0003738000,
scred=0xfffffffe7fd879b0, vcpp=0xfffffffe7fd879c8, 
    sspp=0xfffffffe7fd879c0) at
/usr/src/sys/modules/smbfs/../../netsmb/smb_usr.c:154
#8  0xffffffff81024386 in nsmb_dev_ioctl (dev=Variable "dev" is not
available.
) at /usr/src/sys/modules/smbfs/../../netsmb/smb_dev.c:285
#9  0xffffffff804b6375 in giant_ioctl (dev=0xffffff004a5bf800,
cmd=2198367850, data=0xffffff0003738000 "\002", fflag=3, 
    td=0xffffff004a5c7370) at /usr/src/sys/kern/kern_conf.c:407
#10 0xffffffff8047a636 in devfs_ioctl_f (fp=0xffffff0003e14870,
com=2198367850, data=Variable "data" is not available.
)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:588
#11 0xffffffff8052e9c2 in kern_ioctl (td=0xffffff004a5c7370, fd=Variable
"fd" is not available.
) at file.h:262
#12 0xffffffff8052ec2d in ioctl (td=0xffffff004a5c7370,
uap=0xfffffffe7fd87c00) at /usr/src/sys/kern/sys_generic.c:676
#13 0xffffffff807c081f in syscall (frame=0xfffffffe7fd87c90) at
/usr/src/sys/amd64/amd64/trap.c:898
#14 0xffffffff807a32db in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:338
#15 0x0000000800939aec in ?? ()
Previous frame inner to this frame (corrupt stack?)

FreeBSD 8.0-CURRENT amd64
World and kernel are built from sources synced on Nov, 1.


Yuri
Received on Sun Nov 02 2008 - 11:59:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:36 UTC