LOR + panic in scope6.c

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Tue Aug 9 11:40:17 GMT 2005


Hi,

HEAD as of yesterday + rwatson mega-commit from today.

lock order reversal
 1st 0xffffff0000ad6bf0 if_afdata (if_afdata) @ sys/netinet6/scope6.c:415
 2nd 0xffffffff8081dd30 user map (user map) @ sys/vm/vm_map.c:2997
KDB: stack backtrace:
witness_checkorder() at witness_checkorder+0x4ba
_sx_xlock() at _sx_xlock+0x51
vm_map_lookup() at vm_map_lookup+0x44
vm_fault() at vm_fault+0xb9
trap_pfault() at trap_pfault+0x13c
trap() at trap+0x1c5
calltrap() at calltrap+0x5
--- trap 0xc, rip = 0xffffffff804990a0, rsp = 0xffffffff809dc3f0, rbp = 0xffffffff809dc430 ---
in6_setscope() at in6_setscope+0x50
in6_ifdetach() at in6_ifdetach+0x24a
if_detach() at if_detach+0x39
ether_ifdetach() at ether_ifdetach+0x35
sk_attach() at sk_attach+0x51a
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
skc_attach() at skc_attach+0x6df
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
acpi_pci_attach() at acpi_pci_attach+0xf1
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
acpi_pcib_attach() at acpi_pcib_attach+0xf0
acpi_pcib_pci_attach() at acpi_pcib_pci_attach+0x97
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
acpi_pci_attach() at acpi_pci_attach+0xf1
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
acpi_pcib_attach() at acpi_pcib_attach+0xf0
acpi_pcib_acpi_attach() at acpi_pcib_acpi_attach+0xdb
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
acpi_attach() at acpi_attach+0x7f1
device_attach() at device_attach+0x292
bus_generic_attach() at bus_generic_attach+0x18
nexus_attach() at nexus_attach+0x19
device_attach() at device_attach+0x292
root_bus_configure() at root_bus_configure+0x1e
configure() at configure+0xa
mi_startup() at mi_startup+0xd3
btext() at btext+0x2c


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x18
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xffffffff804990a0
stack pointer           = 0x10:0xffffffff809dc3f0
frame pointer           = 0x10:0xffffffff809dc430
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (swapper)
[thread pid 0 tid 0 ]
Stopped at      in6_setscope+0x50:      movq    0x18(%rax),%r13

(gdb) l *0xffffffff804990a0
0xffffffff804990a0 is in in6_setscope (sys/netinet6/scope6.c:417).
412             u_int32_t zoneid = 0;
413             struct scope6_id *sid;
414
415             IF_AFDATA_LOCK(ifp);
416
417             sid = SID(ifp);
418
419     #ifdef DIAGNOSTIC
420             if (sid == NULL) { /* should not happen */
421                     panic("in6_setscope: scope array is NULL");


-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT


More information about the freebsd-current mailing list