LOR (re0 and user map) + PANIC

Robert Watson rwatson at freebsd.org
Fri Sep 10 05:54:40 PDT 2004 

On Fri, 10 Sep 2004, Bjoern A. Zeeb wrote:

> On Fri, 10 Sep 2004, Marian Cerny wrote:
> 
> > lock order reversal
> >  1st 0xc177b6e8 re0 (network driver) @ /usr/src/sys/dev/re/if_re.c:1752
> >  2nd 0xc08adee4 user map (user map) @ /usr/src/sys/vm/vm_map.c:2997
> > KDB: stack backtrace:
> > kdb_backtrace(0,ffffffff,c08bde68,c08beb88,c084ddac) at kdb_backtrace+0x29
> > withness_checkorder(c08adee4,9,c0808137,bb5) at witness_checkorder+0x544
> > _sx_xlock(c08adee4,c0808137,bb5) at _sx_xlock+0x50
> > _vm_map_lock_read(c08adea0,c0808137,bb5,20000004,c16bae6c) at _vm_map_lock_read+0x37
> > vm_map_lookup(ceef9bb8,0,2,ceef9bbc,ceef9bac) at vm_map_lookup+0x28
> > vm_fault(c08adea0,0,2,8,c16b5b00) at vm_fault+0x66
> > trap_pfault(ceef9c80,0,c) at trap_pgault+0xf2
> > trap(18,10,10,0,3b) at trap+0x335
> > calltrap() at calltrap+0x5
> 
> this first half looks pretty much the same as
> http://sources.zabbadoz.net/freebsd/lor.html#031

This lock order reversal is a false positive resulting from a page fault
in kernel; the real problem is the NULL pointer dereference below.

I've been thinking of tweaking the page fault handler to not even try to
process page faults against the first page in the address space in order
to generate a more clean panic message...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Principal Research Scientist, McAfee Research


> 
>  1st 0xc08ec200 ifnet (ifnet) @ sys/net/if.c:1489
>  2nd 0xc46703c8 user map (user map) @ sys/vm/vm_map.c:2994
> 
> > --- trap 0xc, eip = 0xc0575b76, esp = 0xceef9cc0, ebp = 0xceef9cdc ---
> > re_rxeof(c177b000) at re_rxeof+0x2ae
> > re_intr(c177b000) at re_intr+0xb3
> > ithread_loop(c16bf400,ceef9d48,c16bf400,c05ed66c,0) at ithread_loop+0x124
> > fork_exit(c05ed66c,c16bf400,ceef9d48) at fork_exit+0xa4
> > fork_trampoline() at fork_trampoline+0x8
> > --- trap 0x1, eip = 0, esp = exceef9d7c, ebp = 0 ---
> 
> -- 
> Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>

More information about the freebsd-current mailing list