From owner-freebsd-current@FreeBSD.ORG Thu Aug 12 05:50:02 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 727CB16A4CE for ; Thu, 12 Aug 2004 05:50:02 +0000 (GMT) Received: from cs.rice.edu (cs.rice.edu [128.42.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5724643D48 for ; Thu, 12 Aug 2004 05:50:01 +0000 (GMT) (envelope-from alc@cs.rice.edu) Received: from localhost (calypso.cs.rice.edu [128.42.1.127]) by cs.rice.edu (Postfix) with ESMTP id 7F4364AB66; Thu, 12 Aug 2004 00:50:00 -0500 (CDT) Received: from cs.rice.edu ([128.42.1.30]) by localhost (calypso.cs.rice.edu [128.42.1.127]) (amavisd-new, port 10024) with LMTP id 07557-01-22; Thu, 12 Aug 2004 00:50:00 -0500 (CDT) Received: by cs.rice.edu (Postfix, from userid 19572) id 2D1DA4AB4F; Thu, 12 Aug 2004 00:50:00 -0500 (CDT) Date: Thu, 12 Aug 2004 00:49:59 -0500 From: Alan Cox To: Nate Lawson Message-ID: <20040812054959.GF3527@cs.rice.edu> References: <411B0226.3030806@root.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <411B0226.3030806@root.org> User-Agent: Mutt/1.4.2i X-Virus-Scanned: by amavis-20030616-p7 at cs.rice.edu cc: current@freebsd.org Subject: Re: LoR aironet/VM subsystem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2004 05:50:02 -0000 On Wed, Aug 11, 2004 at 10:37:42PM -0700, Nate Lawson wrote: > an0: at port > 0x2000-0x203f irq 11 function 0 config 5 on pccard1 > an0: got RSSI <-> dBM map > an0: supported rates: 1Mbps 2Mbps 5.5Mbps 11Mbps > an0: Ethernet address: 00:40:96:42:91:c5 > an0: [GIANT-LOCKED] > lock order reversal > 1st 0xc163339c an0 (network driver) @ dev/an/if_an.c:1931 > 2nd 0xc134b164 user map (user map) @ vm/vm_map.c:2902 > KDB: stack backtrace: > kdb_backtrace(0,ffffffff,c0696d88,c0697a08,c066630c) at kdb_backtrace+0x29 > witness_checkorder(c134b164,9,c06469a0,b56) at witness_checkorder+0x544 > _sx_xlock(c134b164,c0646997,b56) at _sx_xlock+0x50 > _vm_map_lock_read(c134b128,c0646997,b56,1b69978,c1402e4c) at > _vm_map_lock_read+0x33 > vm_map_lookup(d0b69a10,bfbfd000,1,d0b69a14,d0b69a04) at vm_map_lookup+0x28 > vm_fault(c134b128,bfbfd000,1,0,c1371840) at vm_fault+0x66 > trap_pfault(d0b69ad8,0,bfbfd000) at trap_pfault+0xd2 > trap(c04f0018,c06b0010,c1630010,c1633df4,bfbfd000) at trap+0x311 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc060661e, esp = 0xd0b69b18, ebp = 0xd0b69ba4 --- > generic_copyin(c1632000,c020693a,d0b69c60,c04d4b78,c06bb8e0) at > generic_copyin+0x32 > ifhwioctl(c020693a,c1632000,d0b69c60,c1371840,c0698048) at ifhwioctl+0x854 > ifioctl(c16219e0,c020693a,d0b69c60,c1371840,0) at ifioctl+0xbd > soo_ioctl(c158f440,c020693a,d0b69c60,c133c480,c1371840) at soo_ioctl+0x2b1 > ioctl(c1371840,d0b69d14,3,2,292) at ioctl+0x3e0 > syscall(2f,2f,2f,3,bfbfef64) at syscall+0x217 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280d0083, esp = > 0xbfbfad7c, ebp = 0xbfbfadb8 --- > This looks like a programming error in the driver. Specifically, the driver is calling copyin() while holding a mutex. That's not allowed because of the potential for a page fault that sleeps. Alan