From owner-freebsd-current@FreeBSD.ORG Thu Jan 26 18:04:30 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AECC16A420; Thu, 26 Jan 2006 18:04:30 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (gate.funkthat.com [69.17.45.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BFE443D7D; Thu, 26 Jan 2006 18:04:17 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (93ld9qfyiyrnhw4m@localhost.funkthat.com [127.0.0.1]) by hydrogen.funkthat.com (8.13.3/8.13.3) with ESMTP id k0QI36d1074767; Thu, 26 Jan 2006 10:03:06 -0800 (PST) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.13.3/8.13.3/Submit) id k0QI36Le074766; Thu, 26 Jan 2006 10:03:06 -0800 (PST) (envelope-from jmg) Date: Thu, 26 Jan 2006 10:03:06 -0800 From: John-Mark Gurney To: Robert Watson Message-ID: <20060126180306.GO69162@funkthat.com> Mail-Followup-To: Robert Watson , freebsd-current@FreeBSD.org References: <20060126033740.GL69162@funkthat.com> <20060126102026.S97024@fledge.watson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060126102026.S97024@fledge.watson.org> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE-p6 i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html Cc: freebsd-current@FreeBSD.org Subject: Re: NULL pointer deference in UMA (was: Re: new LOR to report...) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John-Mark Gurney List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2006 18:04:30 -0000 Robert Watson wrote this message on Thu, Jan 26, 2006 at 10:21 +0000: > On Wed, 25 Jan 2006, John-Mark Gurney wrote: > > >Ok, just ran across a new LOR when trying to unload a module: > >lock order reversal: (sleepable after non-sleepable) > >1st 0xc106c708 mt_zone (UMA zone) @ vm/uma_core.c:2448 > >2nd 0xc3934044 user map (user map) @ vm/vm_map.c:2993 > > This isn't a lock order reversal, it's a page fault. However, you get a > report of a lock order reversal when the page fault handler grabs locks. > Ideally, this wouldn't be the case. > > To do anything useful, it would be helpful to have the line number in > uma_zfree_arg() and uma_zfree_internal(), and also to know what you were > kld unloading -- probably, it's a bug in the kld, which has torn down the > UMA zone before calling free on a member of the zone. Line numbers: (gdb) list *uma_zfree_internal+0xd0 0xc060ecc4 is in uma_zfree_internal (../../../vm/uma_core.c:2468). 2468 if (slab->us_freecount+1 == keg->uk_ipers) { (gdb) list *uma_zfree_arg+0x348 0xc060ebec is in uma_zfree_arg (../../../vm/uma_core.c:2420). 2420 } bash-2.05b$ ident ../../vm/uma_core.c ../../vm/uma_core.c: $FreeBSD: src/sys/vm/uma_core.c,v 1.134 2006/01/06 18:03:45 jhb Exp $ I'm quite puzzeled by the line numbers... as for the module I was unloading, it is the bktrau driver, the source is in p4 (//depot/user/jmg/bktrau/...), any other information you need? Unfortunately, I didn't get a dump: db> panic panic: from debugger cpuid = 0 Uptime: 4m50s Dumping 375 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 375MB (95984 pages) 359 343 327 311 295 279 263 247 231 215 199 183 1 67 151ad0: FAILURE - out of memory in start ... fail ** DUMP FAILED (ERROR 12) ** This is on an ata device... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."