Re: LOR with 6.0

From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Thu, 14 Jul 2005 15:24:52 +0400
On Wed, Jul 13, 2005 at 01:07:05AM +0200, Goran Gajic wrote:
G> 
G> SMP Xeon 2.4 with HTT :
G> 
G> lock order reversal
G>  1st 0xc5d9c84c inp (udpinp) _at_ netinet/udp_usrreq.c:762
G>  2nd 0xc5d324f4 user map (user map) _at_ vm/vm_map.c:2997
G> KDB: stack backtrace:
G> kdb_backtrace(0,ffffffff,c094aa10,c094a600,c08d334c) at kdb_backtrace+0x29
G> witness_checkorder(c5d324f4,9,c0887a12,bb5) at witness_checkorder+0x564
G> _sx_xlock(c5d324f4,c0887a09,bb5) at _sx_xlock+0x50
G> _vm_map_lock_read(c5d324b0,c0887a09,bb5,1072860,c5c89898) at 
G> _vm_map_lock_read+0x37
G> vm_map_lookup(ec0728ec,33203000,1,ec0728f0,ec0728e0) at vm_map_lookup+0x28
G> vm_fault(c5d324b0,33203000,1,0,c5c8aa80) at vm_fault+0x66
G> trap_pfault(ec0729b4,0,33203037) at trap_pfault+0xee
G> trap(ec070008,28,c0870028,c104a9a0,c8a5d900) at trap+0x33d
G> calltrap() at calltrap+0x5

The LOR above is not related to panic below, AFAIK.

G> --- trap 0xc, eip = 0xc068103c, esp = 0xec0729f4, ebp = 0xec0729f4 ---
G> m_tag_delete(c8a5d900,33203037) at m_tag_delete+0x40
G> m_tag_delete_chain(c8a5d900,0) at m_tag_delete_chain+0x3b
G> mb_dtor_mbuf(c8a5d900,100,0) at mb_dtor_mbuf+0x15
G> uma_zfree_arg(c104a9a0,c8a5d900,0) at uma_zfree_arg+0x24
G> m_freem(c8a5d900) at m_freem+0x36
G> arpresolve(c5912000,c5e3fce4,c9839100,c5e529b0,ec072aa4) at 
G> arpresolve+0x1f4
G> ether_output(c5912000,c9839100,c5e529b0,c5e3fce4,c5c55900) at 
G> ether_output+0x66
G> ip_output(c9839100,0,ec072afc,0,0) at ip_output+0x6fc
G> udp_output(c5d9c7bc,c9839100,c741d620,0,c5c8aa80) at udp_output+0x4a7
G> udp_send(c5eff2c8,0,c9839100,c741d620,0) at udp_send+0x1a
G> sosend(c5eff2c8,c741d620,ec072c38,c9839100,0) at sosend+0x5e3
G> kern_sendit(c5c8aa80,1c,ec072cb4,0,0) at kern_sendit+0x104
G> sendit(c5c8aa80,1c,ec072cb4,0,c5c1e590) at sendit+0x163
G> sendmsg(c5c8aa80,ec072d04,3,4628,286) at sendmsg+0x5a
G> syscall(bfbf003b,bfbf003b,bfbf003b,1,8a40a2c) at syscall+0x22f
G> Xint0x80_syscall() at Xint0x80_syscall+0x1f
G> --- syscall (28, FreeBSD ELF32, sendmsg), eip = 0x882f949b, esp = 
G> 0xbfbfe41c, ebp = 0xbfbfe598 ---
G> 
G> 
G> Fatal trap 12: page fault while in kernel mode
G> cpuid = 3; apic id = 07
G> fault virtual address   = 0x33203037
G> fault code              = supervisor read, page not present
G> instruction pointer     = 0x20:0xc068103c
G> stack pointer           = 0x28:0xec0729f4
G> frame pointer           = 0x28:0xec0729f4
G> code segment            = base 0x0, limit 0xfffff, type 0x1b
G>                         = DPL 0, pres 1, def32 1, gran 1
G> processor eflags        = interrupt enabled, resume, IOPL = 0
G> current process         = 409 (named)
G> [thread pid 409 tid 100102 ]
G> Stopped at      m_tag_delete+0x40:      movl    0(%eax),%eax
G> db>
G> correct^M

Have you saved core from this panic? What network facilities do you use:
pf, ipf, ipfw, dummynet, altq, netgraph?

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
Received on Thu Jul 14 2005 - 09:24:56 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:38 UTC