Date: Tue, 9 Aug 2005 10:48:48 -0400 From: John Baldwin <jhb@FreeBSD.org> To: freebsd-current@freebsd.org Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, FreeBSD current mailing list <current@freebsd.org>, ume@freebsd.org Subject: Re: LOR + panic in scope6.c Message-ID: <200508091048.50086.jhb@FreeBSD.org> In-Reply-To: <Pine.BSF.4.53.0508091138160.90867@e0-0.zab2.int.zabbadoz.net> References: <Pine.BSF.4.53.0508091138160.90867@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 09 August 2005 07:40 am, Bjoern A. Zeeb wrote: > Hi, > > HEAD as of yesterday + rwatson mega-commit from today. > > lock order reversal > 1st 0xffffff0000ad6bf0 if_afdata (if_afdata) @ sys/netinet6/scope6.c:415 > 2nd 0xffffffff8081dd30 user map (user map) @ sys/vm/vm_map.c:2997 > KDB: stack backtrace: > > --- trap 0xc, rip = 0xffffffff804990a0, rsp = 0xffffffff809dc3f0, rbp = > 0xffffffff809dc430 --- in6_setscope() at in6_setscope+0x50 > in6_ifdetach() at in6_ifdetach+0x24a > if_detach() at if_detach+0x39 > ether_ifdetach() at ether_ifdetach+0x35 > sk_attach() at sk_attach+0x51a > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x18 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xffffffff804990a0 > stack pointer = 0x10:0xffffffff809dc3f0 > frame pointer = 0x10:0xffffffff809dc430 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 0 (swapper) > [thread pid 0 tid 0 ] > Stopped at in6_setscope+0x50: movq 0x18(%rax),%r13 > > (gdb) l *0xffffffff804990a0 > 0xffffffff804990a0 is in in6_setscope (sys/netinet6/scope6.c:417). > 412 u_int32_t zoneid = 0; > 413 struct scope6_id *sid; > 414 > 415 IF_AFDATA_LOCK(ifp); > 416 > 417 sid = SID(ifp); > 418 > 419 #ifdef DIAGNOSTIC > 420 if (sid == NULL) { /* should not happen */ > 421 panic("in6_setscope: scope array is NULL"); Well, SID is a macro that expands this to: sid = ifp->if_afdata[AF_INET6]->scope6_id If if_afdata[AF_INET6] has already been freed that could be the problem. It might have never been non-null either I guess. You can try having in6_setscope() bail if ifp->if_afdata[AF_INET6] is NULL. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508091048.50086.jhb>