[Bug 258421] panic when smbiodX exits

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Sep 2021 08:03:48 UTC

            Bug ID: 258421
           Summary: panic when smbiodX exits
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: rtm@lcs.mit.edu

Some of the time, when an smbiod kernel thread exits due to
an unmount or an error on the server connection, the kernel

# uname -a
FreeBSD xxx 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n248636-d20e9e02db3: Thu
Aug 12 05:47:18 UTC 2021    
root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
# mount_smbfs -I -N -W XXX //guest@samba/test /mnt
# umount /mnt
panic: Assertion stp->st_flags == 0 failed at
cpuid = 1
time = 1631309875
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe009bb2a9d0
vpanic() at vpanic+0x187/frame 0xfffffe009bb2aa30
panic() at panic+0x43/frame 0xfffffe009bb2aa90
seltdfini() at seltdfini+0xa0/frame 0xfffffe009bb2aab0
exit1() at exit1+0x492/frame 0xfffffe009bb2ab20
kproc_exit() at kproc_exit+0xaa/frame 0xfffffe009bb2ab50
smb_iod_thread() at smb_iod_thread+0x383/frame 0xfffffe009bb2abb0
fork_exit() at fork_exit+0x80/frame 0xfffffe009bb2abf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe009bb2abf0

I suspect the problem is that selsocket() in kern/sys_generic.c
can return without calling seltdclear():

    for (;;) {
        selfdalloc(td, NULL);
        error = sopoll(so, events, NULL, td);
        if (error) {
            /**** need seltdclear(td) here? ****/
            return (0);
        error = seltdwait(td, asbt, precision);
        if (error)

Another way to provoke the panic is to have the server run samba
but not support an early enough protocol, i.e. to omit the
server min protocol    = LANMAN1
from smb4.conf. Then (when I try it) the panic occurs during
the execution of mount_smbfs.

You are receiving this mail because:
You are the assignee for the bug.