Subject: Re: smbfs panic
To: Patrick Welche <prlw1@newn.cam.ac.uk>
From: Antti Kantee <pooka@cs.hut.fi>
List: current-users
Date: 12/04/2007 15:57:34
On Tue Dec 04 2007 at 13:11:59 +0000, Patrick Welche wrote:
> I didn't think I would have an opportunity to try this so soon - sadly
> before I read your message, but I seem to have extracted something:
> (4.99.39/i386 of Dec 3 15:51 GMT, happened during /etc/daily)
Well, I don't really know smbfs at all. But if I were to hazard a very
quick guess, it looks like the connection is dying while there is an
outstanding request. The cleaner is then going through all outstanding
requests to clean them up and finds one request in an unexpected state
(without a callout) and therefore panics.
Try this. But I'll only commit it if you can make the panic repeatable
and find no other ill effects. Try e.g. ifconfiging your interface down
while making smbfs requests. If it doesn't fix it, file a PR with this
analysis and hope someone who understands the smb code takes interest.
.. Or use the FUSE smbfs. I promise to fix all kernel crashes due to
using it ;)
Index: netsmb/smb_iod.c
===================================================================
RCS file: /cvsroot/src/sys/netsmb/smb_iod.c,v
retrieving revision 1.27
diff -p -u -r1.27 smb_iod.c
--- netsmb/smb_iod.c 9 Jul 2007 21:11:15 -0000 1.27
+++ netsmb/smb_iod.c 4 Dec 2007 13:55:12 -0000
@@ -78,7 +78,10 @@ smb_iod_rqprocessed(struct smb_rq *rqp,
rqp->sr_rpgen++;
rqp->sr_state = SMBRQ_NOTIFIED;
wakeup(&rqp->sr_state);
- callout_stop(&rqp->sr_timo_ch);
+ if (rqp->sr_timo > 0) {
+ callout_stop(&rqp->sr_timo_ch);
+ callout_destroy(&rqp->sr_timo_ch);
+ }
if (rqp->sr_recvcallback)
(*rqp->sr_recvcallback)(rqp->sr_recvarg);
SMBRQ_SUNLOCK(rqp);
> db{0}> mach cpu 0
> using CPU 0
> db{0}> bt
> breakpoint(c053011a,cd4c2b58,cd4c2b3c,c0337823,c0624a78) at netbsd:breakpoint+0x
> 1
> panic(c05da364,c052d0ac,c052d18a,c052d08c,1a1) at netbsd:panic+0xd1
> __kernassert(c052d0ac,c052d08c,1a1,c052d18a,1ae67a0) at netbsd:__kernassert+0x37
>
> callout_stop(cdd7cee8,1,cd4c2bcc,c01c3cc5,cdd7cea0) at netbsd:callout_stop+0x45
> smb_iod_rqprocessed(cdd7cea0,39,cd4c2bfc,c0337697,c2a4a300) at netbsd:smb_iod_rq
> processed+0x50
> smb_iod_invrq(c2a50c80,1,cd4c2bfc,c01c4e77,c2a50c80) at netbsd:smb_iod_invrq+0x6
> 6
> smb_iod_dead(c2a50c80,cdd7cea0,cd4c2bfc,c01c3c0c,cdd7cea0) at netbsd:smb_iod_dea
> d+0x26
> smb_iod_sendall(c2a50c80,0,c050b993,c05e7834,c0000000) at netbsd:smb_iod_sendall
> +0x109
> smb_iod_main(c2a50c80,18,c050b993,0,0) at netbsd:smb_iod_main+0x3e
> smb_iod_thread(c2a50c80,0,c0100297,0,c0100297) at netbsd:smb_iod_thread+0x7d
> db{0}> mach cpu 1
> using CPU 1
> db{0}> bt
> _kernel_lock(1,cdcfc380,cde658bc,c03374c4,cdcfc380) at netbsd:_kernel_lock+0x21d
>
> sleepq_block(0,0,c050b977,c05e7834,1624554) at netbsd:sleepq_block+0x1bb
> ltsleep(cdd7cea0,20,c050b977,0,cdd7cf2c) at netbsd:ltsleep+0x14e
> smb_iod_waitrq(cdd7cea0,c0624554,cde6596c,c01c4935,c2a50c84) at netbsd:smb_iod_w
> aitrq+0xe4
> smb_rq_reply(cdd7cea0,3,cde6596c,c2a4a300,c2a50c80) at netbsd:smb_rq_reply+0x1a
> smb_t2_reply(cdd7df68,c2992d00,cde659e8,3,cde65905) at netbsd:smb_t2_reply+0x1b
> smb_t2_request_int(cdd7df68,cde65a6a,0,0,16) at netbsd:smb_t2_request_int+0x593
> smb_t2_request(cdd7df68,1,cde65af4,cde65aac,0) at netbsd:smb_t2_request+0x32
> smbfs_smb_statvfs(c3453780,d2253000,cde65af4,c039bc23,cc089e80) at netbsd:smbfs_
> smb_statvfs+0x94
> smbfs_statvfs(c2aff000,d2253000,8b4,c0352d67,c062fc40) at netbsd:smbfs_statvfs+0
> x74
> dostatvfs(c2aff000,d2253000,cdcfc380,1,1) at netbsd:dostatvfs+0x8d
> do_sys_pstatvfs(cdcfc380,bb90fa0c,1,d2253000,0) at netbsd:do_sys_pstatvfs+0xb6
> sys_statvfs1(cdcfc380,cde65c34,cde65c2c,2,13e0e79) at netbsd:sys_statvfs1+0x48
> syscall(cde65c78,b3,bfbf00ab,1f,bfbf001f) at netbsd:syscall+0x1d6
> db{0}> show reg
> ds 0x10
> es 0x10
> fs 0x30
> gs 0x10
> edi 0xcd9d3000
> esi 0xc01c4e79 smb_iod_thread
> ebp 0xcd4c2b1c
> ebx 0xcdc49a80
> edx 0xc0000010
> ecx 0x5
> eax 0x1
> eip 0xc03ecf49 breakpoint+0x1
> cs 0x8
> eflags 0x286
> esp 0xcd4c2b10
> ss 0x10
> netbsd:breakpoint+0x1: ret
> db{0}> examine/s c052d0ac
> netbsd:_link_ptimers_pool+0xcc: diagnostic
> db{0}> examine/s c05da364
> netbsd:sentinel_node+0x2224: kernel %sassertion "%s" failed: file "%s", line %d
> db{0}> examine/s c052d18a
> netbsd:_link_ptimers_pool+0x1aa: c->c_magic == CALLOUT_MAGIC
> db{0}> examine/s c052d08c
> netbsd:_link_ptimers_pool+0xac: ../../../../kern/kern_timeout.c
>
--
Antti Kantee <pooka@iki.fi> Of course he runs NetBSD
http://www.iki.fi/pooka/ http://www.NetBSD.org/
"la qualité la plus indispensable du cuisinier est l'exactitude"