LOR with 6.0

Goran Gajic ggajic at tesla.rcub.bg.ac.yu
Tue Jul 12 23:07:12 GMT 2005


SMP Xeon 2.4 with HTT :

lock order reversal
  1st 0xc5d9c84c inp (udpinp) @ netinet/udp_usrreq.c:762
  2nd 0xc5d324f4 user map (user map) @ vm/vm_map.c:2997
KDB: stack backtrace:
kdb_backtrace(0,ffffffff,c094aa10,c094a600,c08d334c) at kdb_backtrace+0x29
witness_checkorder(c5d324f4,9,c0887a12,bb5) at witness_checkorder+0x564
_sx_xlock(c5d324f4,c0887a09,bb5) at _sx_xlock+0x50
_vm_map_lock_read(c5d324b0,c0887a09,bb5,1072860,c5c89898) at 
_vm_map_lock_read+0x37
vm_map_lookup(ec0728ec,33203000,1,ec0728f0,ec0728e0) at vm_map_lookup+0x28
vm_fault(c5d324b0,33203000,1,0,c5c8aa80) at vm_fault+0x66
trap_pfault(ec0729b4,0,33203037) at trap_pfault+0xee
trap(ec070008,28,c0870028,c104a9a0,c8a5d900) at trap+0x33d
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc068103c, esp = 0xec0729f4, ebp = 0xec0729f4 ---
m_tag_delete(c8a5d900,33203037) at m_tag_delete+0x40
m_tag_delete_chain(c8a5d900,0) at m_tag_delete_chain+0x3b
mb_dtor_mbuf(c8a5d900,100,0) at mb_dtor_mbuf+0x15
uma_zfree_arg(c104a9a0,c8a5d900,0) at uma_zfree_arg+0x24
m_freem(c8a5d900) at m_freem+0x36
arpresolve(c5912000,c5e3fce4,c9839100,c5e529b0,ec072aa4) at 
arpresolve+0x1f4
ether_output(c5912000,c9839100,c5e529b0,c5e3fce4,c5c55900) at 
ether_output+0x66
ip_output(c9839100,0,ec072afc,0,0) at ip_output+0x6fc
udp_output(c5d9c7bc,c9839100,c741d620,0,c5c8aa80) at udp_output+0x4a7
udp_send(c5eff2c8,0,c9839100,c741d620,0) at udp_send+0x1a
sosend(c5eff2c8,c741d620,ec072c38,c9839100,0) at sosend+0x5e3
kern_sendit(c5c8aa80,1c,ec072cb4,0,0) at kern_sendit+0x104
sendit(c5c8aa80,1c,ec072cb4,0,c5c1e590) at sendit+0x163
sendmsg(c5c8aa80,ec072d04,3,4628,286) at sendmsg+0x5a
syscall(bfbf003b,bfbf003b,bfbf003b,1,8a40a2c) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (28, FreeBSD ELF32, sendmsg), eip = 0x882f949b, esp = 0xbfbfe41c, ebp = 0xbfbfe598 ---


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 07
fault virtual address   = 0x33203037
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc068103c
stack pointer           = 0x28:0xec0729f4
frame pointer           = 0x28:0xec0729f4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 409 (named)
[thread pid 409 tid 100102 ]
Stopped at      m_tag_delete+0x40:      movl    0(%eax),%eax
db>
correct^M



More information about the freebsd-current mailing list