8.2-stable, repeatable panic - nessus, bpf
Chris Timmons
cwt at networks.cwu.edu
Wed Jan 18 18:44:32 UTC 2012
When I start a large scan with Nessus, I get an immediate, repeatable
panic "sleeping thread owns a non-sleepable lock". I'd been seeing this
occasionally with 8.2-stable over the last year, but now it happens every
time. Server hardware is a dual quad Xeon ProLiant G5 w/16GB.
I've compiled a debugging kernel with WITNESS and have the following
output.
I've seen /usr/src/sys/net/bpf.c:2148 with WITNESS every time;
/usr/src/sys/dev/usb/input/ukbd.c:2018 only appeared after I added DDB to
the kernel options and began seeing more copious output.
Comments/Suggestions?
lock order reversal: (Giant after non-sleepable)
1st 0xffffffff80e28920 bpf global lock (bpf global lock) @
/usr/src/sys/net/bpf.c:2148
2nd 0xffffffff80c65360 Giant (Giant) @
/usr/src/sys/dev/usb/input/ukbd.c:2018
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
kdb_backtrace() at kdb_backtrace+0x37
_witness_debugger() at _witness_debugger+0x2c
witness_checkorder() at witness_checkorder+0x651
_mtx_lock_flags() at _mtx_lock_flags+0x3c
ukbd_poll() at ukbd_poll+0x44
kbdmux_poll() at kbdmux_poll+0x3f
sc_cngetc() at sc_cngetc+0xed
cncheckc() at cncheckc+0x65
cngetc() at cngetc+0x1c
db_readline() at db_readline+0x77
db_read_line() at db_read_line+0x15
db_command_loop() at db_command_loop+0x38
db_trap() at db_trap+0x89
kdb_trap() at kdb_trap+0xc1
trap() at trap+0x176
calltrap() at calltrap+0x8
--- trap 0x3, rip = 0xffffffff805f600b, rsp = 0xffffff8485c08630, rbp =
0xffffff8485c08650 ---
kdb_enter() at kdb_enter+0x3b
witness_warn() at witness_warn+0x2c4
trap() at trap+0x286
calltrap() at calltrap+0x8
--- trap 0xc, rip = 0xffffffff80888093, rsp = 0xffffff8485c08930, rbp =
0xffffff8485c08980 ---
copyout() at copyout+0x43
bpfioctl() at bpfioctl+0xaf0
devfs_ioctl_f() at devfs_ioctl_f+0x7a
kern_ioctl() at kern_ioctl+0xfe
ioctl() at ioctl+0xfd
amd64_syscall() at amd64_syscall+0xf9
Xfast_syscall() at Xfast_syscall+0xfc
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x8010fc0dc, rsp =
0x7fffe351a598, rbp = 0x23 ---
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x805aee428
fault code = supervisor write data, protection violation
instruction pointer = 0x20:0xffffffff80888093
stack pointer = 0x28:0xffffff8485c08930
frame pointer = 0x28:0xffffff8485c08980
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2337 (nessusd)
[thread pid 2337 tid 100175 ]
Stopped at copyout+0x43: repe movsb (%rsi),%es:(%rdi)
Tracing pid 2337 tid 100175 td 0xffffff0128e47460
copyout() at copyout+0x43
bpfioctl() at bpfioctl+0xaf0
devfs_ioctl_f() at devfs_ioctl_f+0x7a
kern_ioctl() at kern_ioctl+0xfe
ioctl() at ioctl+0xfd
amd64_syscall() at amd64_syscall+0xf9
Xfast_syscall() at Xfast_syscall+0xfc
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x8010fc0dc, rsp =
0x7fffe351a598, rbp = 0x23 ---
db>
More information about the freebsd-amd64
mailing list