[Bug 295529] lock order reversal vm_map and proctree

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 May 2026 21:26:22 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295529

            Bug ID: 295529
           Summary: lock order reversal vm_map and proctree
           Product: Base System
           Version: 16.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jfc@mit.edu

While running poudriere in a 16-CURRENT (464a351267dc) system running in bhyve
on a 14.4-STABLE amd64 host I saw the following on the console.

[00:01:30] [02] [00:00:00] Building textproc/py-toml@py312 |
py312-toml-0.10.2_1
lock order reversal:
 1st 0xfffff801ad799980 vm map (user) (vm map (user), sx) @
/usr/src/sys/vm/vm_map.c:5067
 2nd 0xffffffff81a019c0 proctree (proctree, sx) @
/usr/src/sys/kern/subr_prf.c:185
All lock orders from proctree -> vm map (user):
"proctree" -> "allproc" -> "allprison" -> "osd_module" -> "sysvshmsx" -> "vm
map (user)"

hardcoded lock order "proctree"(sx) -> "allproc"(sx) first seen at:
(No stack trace)

hardcoded lock order "allproc"(sx) -> "allprison"(sx) first seen at:
(No stack trace)

lock order "allprison"(sx) -> "osd_module"(sx) first seen at:
#0 0xffffffff80c2f16b at witness_checkorder+0x35b
#1 0xffffffff80bc1634 at _sx_slock_int+0x64
#2 0xffffffff80b92944 at osd_call+0x54
#3 0xffffffff80b6c80c at kern_jail_set+0x20dc
#4 0xffffffff80b6dc9f at sys_jail_set+0x3f
#5 0xffffffff8110ba08 at amd64_syscall+0x168
#6 0xffffffff810db0ab at fast_syscall_common+0xf8

lock order "osd_module"(sx) -> "sysvshmsx"(sx) first seen at:
#0 0xffffffff80c2f16b at witness_checkorder+0x35b
#1 0xffffffff80bc0530 at _sx_xlock+0x60
#2 0xffffffff80c4dec7 at shm_prison_remove+0x27
#3 0xffffffff80b929a2 at osd_call+0xb2
#4 0xffffffff80b6fd4c at prison_deref+0x5dc
#5 0xffffffff80b71837 at sys_jail_remove+0x1a7
#6 0xffffffff8110ba08 at amd64_syscall+0x168
#7 0xffffffff810db0ab at fast_syscall_common+0xf8

lock order "sysvshmsx"(sx) -> "vm map (user)"(sx) first seen at:
#0 0xffffffff80c2f16b at witness_checkorder+0x35b
#1 0xffffffff80bc1634 at _sx_slock_int+0x64
#2 0xffffffff80f97a40 at vm_map_lookup+0x80
#3 0xffffffff80f87ddf at vm_fault+0x12f
#4 0xffffffff80f87b55 at vm_fault_trap+0x65
#5 0xffffffff8110b1a4 at trap_pfault+0x274
#6 0xffffffff810da7b8 at calltrap+0x8
#7 0xffffffff80bc6f56 at sysctl_old_user+0xa6
#8 0xffffffff80c4d290 at sysctl_shmsegs+0x2c0
#9 0xffffffff80bc783c at sysctl_root_handler_locked+0x9c
#10 0xffffffff80bc6ba3 at sysctl_root+0x233
#11 0xffffffff80bc72a6 at userland_sysctl+0x1b6
#12 0xffffffff80bc7637 at kern___sysctlbyname+0x227
#13 0xffffffff80bc767d at sys___sysctlbyname+0x2d
#14 0xffffffff8110ba08 at amd64_syscall+0x168
#15 0xffffffff810db0ab at fast_syscall_common+0xf8

lock order vm map (user) -> proctree attempted at:
#0 0xffffffff80c2faa7 at witness_checkorder+0xc97
#1 0xffffffff80bc1634 at _sx_slock_int+0x64
#2 0xffffffff80c10a54 at uprintf+0x64
#3 0xffffffff80f98234 at vm_map_lookup+0x874
#4 0xffffffff80f87ddf at vm_fault+0x12f
#5 0xffffffff80f87b55 at vm_fault_trap+0x65
#6 0xffffffff8110b1a4 at trap_pfault+0x274
#7 0xffffffff8110a7f0 at trap+0x3d0
#8 0xffffffff810da7b8 at calltrap+0x8
[00:01:39] [02] [00:00:09] Finished textproc/py-toml@py312 |
py312-toml-0.10.2_1: Success

-- 
You are receiving this mail because:
You are the assignee for the bug.