Date: Fri, 10 Sep 2004 08:54:33 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-current@freebsd.org Subject: Re: LOR (re0 and user map) + PANIC Message-ID: <Pine.NEB.3.96L.1040910085342.41157B-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.53.0409101040030.51837@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 10 Sep 2004, Bjoern A. Zeeb wrote: > On Fri, 10 Sep 2004, Marian Cerny wrote: > > > lock order reversal > > 1st 0xc177b6e8 re0 (network driver) @ /usr/src/sys/dev/re/if_re.c:1752 > > 2nd 0xc08adee4 user map (user map) @ /usr/src/sys/vm/vm_map.c:2997 > > KDB: stack backtrace: > > kdb_backtrace(0,ffffffff,c08bde68,c08beb88,c084ddac) at kdb_backtrace+0x29 > > withness_checkorder(c08adee4,9,c0808137,bb5) at witness_checkorder+0x544 > > _sx_xlock(c08adee4,c0808137,bb5) at _sx_xlock+0x50 > > _vm_map_lock_read(c08adea0,c0808137,bb5,20000004,c16bae6c) at _vm_map_lock_read+0x37 > > vm_map_lookup(ceef9bb8,0,2,ceef9bbc,ceef9bac) at vm_map_lookup+0x28 > > vm_fault(c08adea0,0,2,8,c16b5b00) at vm_fault+0x66 > > trap_pfault(ceef9c80,0,c) at trap_pgault+0xf2 > > trap(18,10,10,0,3b) at trap+0x335 > > calltrap() at calltrap+0x5 > > this first half looks pretty much the same as > http://sources.zabbadoz.net/freebsd/lor.html#031 This lock order reversal is a false positive resulting from a page fault in kernel; the real problem is the NULL pointer dereference below. I've been thinking of tweaking the page fault handler to not even try to process page faults against the first page in the address space in order to generate a more clean panic message... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research > > 1st 0xc08ec200 ifnet (ifnet) @ sys/net/if.c:1489 > 2nd 0xc46703c8 user map (user map) @ sys/vm/vm_map.c:2994 > > > --- trap 0xc, eip = 0xc0575b76, esp = 0xceef9cc0, ebp = 0xceef9cdc --- > > re_rxeof(c177b000) at re_rxeof+0x2ae > > re_intr(c177b000) at re_intr+0xb3 > > ithread_loop(c16bf400,ceef9d48,c16bf400,c05ed66c,0) at ithread_loop+0x124 > > fork_exit(c05ed66c,c16bf400,ceef9d48) at fork_exit+0xa4 > > fork_trampoline() at fork_trampoline+0x8 > > --- trap 0x1, eip = 0, esp = exceef9d7c, ebp = 0 --- > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040910085342.41157B-100000>