From owner-freebsd-current@FreeBSD.ORG Fri Sep 10 12:54:40 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66BA416A4CE for ; Fri, 10 Sep 2004 12:54:40 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1E5343D48 for ; Fri, 10 Sep 2004 12:54:39 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i8ACsXFZ041253; Fri, 10 Sep 2004 08:54:33 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i8ACsXGe041250; Fri, 10 Sep 2004 08:54:33 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 10 Sep 2004 08:54:33 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Bjoern A. Zeeb" In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Marian Cerny cc: freebsd-current@freebsd.org Subject: Re: LOR (re0 and user map) + PANIC X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2004 12:54:40 -0000 On Fri, 10 Sep 2004, Bjoern A. Zeeb wrote: > On Fri, 10 Sep 2004, Marian Cerny wrote: > > > lock order reversal > > 1st 0xc177b6e8 re0 (network driver) @ /usr/src/sys/dev/re/if_re.c:1752 > > 2nd 0xc08adee4 user map (user map) @ /usr/src/sys/vm/vm_map.c:2997 > > KDB: stack backtrace: > > kdb_backtrace(0,ffffffff,c08bde68,c08beb88,c084ddac) at kdb_backtrace+0x29 > > withness_checkorder(c08adee4,9,c0808137,bb5) at witness_checkorder+0x544 > > _sx_xlock(c08adee4,c0808137,bb5) at _sx_xlock+0x50 > > _vm_map_lock_read(c08adea0,c0808137,bb5,20000004,c16bae6c) at _vm_map_lock_read+0x37 > > vm_map_lookup(ceef9bb8,0,2,ceef9bbc,ceef9bac) at vm_map_lookup+0x28 > > vm_fault(c08adea0,0,2,8,c16b5b00) at vm_fault+0x66 > > trap_pfault(ceef9c80,0,c) at trap_pgault+0xf2 > > trap(18,10,10,0,3b) at trap+0x335 > > calltrap() at calltrap+0x5 > > this first half looks pretty much the same as > http://sources.zabbadoz.net/freebsd/lor.html#031 This lock order reversal is a false positive resulting from a page fault in kernel; the real problem is the NULL pointer dereference below. I've been thinking of tweaking the page fault handler to not even try to process page faults against the first page in the address space in order to generate a more clean panic message... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research > > 1st 0xc08ec200 ifnet (ifnet) @ sys/net/if.c:1489 > 2nd 0xc46703c8 user map (user map) @ sys/vm/vm_map.c:2994 > > > --- trap 0xc, eip = 0xc0575b76, esp = 0xceef9cc0, ebp = 0xceef9cdc --- > > re_rxeof(c177b000) at re_rxeof+0x2ae > > re_intr(c177b000) at re_intr+0xb3 > > ithread_loop(c16bf400,ceef9d48,c16bf400,c05ed66c,0) at ithread_loop+0x124 > > fork_exit(c05ed66c,c16bf400,ceef9d48) at fork_exit+0xa4 > > fork_trampoline() at fork_trampoline+0x8 > > --- trap 0x1, eip = 0, esp = exceef9d7c, ebp = 0 --- > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >