Site Navigation

Date:      Mon, 11 Aug 2003 15:47:02 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        phk@FreeBSD.org
Subject:   Re: LOR with filedesc structure and Giant
Message-ID:  <20030811224702.GA44119@rot13.obsecurity.org>
In-Reply-To: <20030811220932.GA43465@rot13.obsecurity.org>
References:  <20030809061112.GA4044@rot13.obsecurity.org> <20030811220932.GA43465@rot13.obsecurity.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 11, 2003 at 03:09:32PM -0700, Kris Kennaway wrote:
> On Fri, Aug 08, 2003 at 11:11:12PM -0700, Kris Kennaway wrote:
> > Aug  9 11:29:50 dosirak kernel: lock order reversal
> > Aug  9 11:29:50 dosirak kernel: 1st 0xcf3fa334 filedesc structure (file=
desc structure) @ kern/sys_generic.c:895
> > Aug  9 11:29:50 dosirak kernel: 2nd 0xc070a8e0 Giant (Giant) @ fs/specf=
s/spec_vnops.c:372
> > Aug  9 11:29:50 dosirak kernel: Stack backtrace:
> >=20
> > And that's it (i.e. no backtrace is recorded).
>=20
> I got this on another machine:
>=20
> lock order reversal
>  1st 0xc3d25134 filedesc structure (filedesc structure) @ /a/asami/portbu=
ild/i386/src-client/sys/kern/sys_generic.c:902
>  2nd 0xc04aa500 Giant (Giant) @ /a/asami/portbuild/i386/src-client/sys/fs=
/specfs/spec_vnops.c:372
> Stack backtrace:
> backtrace(c043db3b,c04aa500,c043a130,c043a130,c04354a7) at backtrace+0x17
> witness_lock(c04aa500,8,c04354a7,174,1be) at witness_lock+0x672
> _mtx_lock_flags(c04aa500,0,c04354a7,174,c043e146) at _mtx_lock_flags+0xba
> spec_poll(ce655af8,ce655b18,c02d152c,ce655af8,c0493d80) at spec_poll+0x134
> spec_vnoperate(ce655af8,c0493d80,c35485b4,40,c42f6800) at spec_vnoperate+=
0x18
> vn_poll(c26abe58,40,c42f6800,c3087720,c42f6800) at vn_poll+0x3c
> selscan(c3087720,ce655b98,ce655b88,6,4) at selscan+0x13e
> kern_select(c3087720,6,bfbff5b0,0,0) at kern_select+0x36f
> select(c3087720,ce655d10,c0455f34,3ee,5) at select+0x66
> syscall(2f,2f,2f,8055050,bfbff5a8) at syscall+0x273
> Xint0x80_syscall() at Xint0x80_syscall+0x1d

#0  doadump () at /a/asami/portbuild/i386/src-client/sys/kern/kern_shutdown=
.c:240
#1  0xc0168345 in db_fncall (dummy1=3D1016, dummy2=3D0, dummy3=3D1016, dumm=
y4=3D0xce65589c "")
    at /a/asami/portbuild/i386/src-client/sys/ddb/db_command.c:548
#2  0xc0168092 in db_command (last_cmdp=3D0xc0495800, cmd_table=3D0x0, aux_=
cmd_tablep=3D0xc045acd0,
    aux_cmd_tablep_end=3D0xc045acd4) at /a/asami/portbuild/i386/src-client/=
sys/ddb/db_command.c:346
#3  0xc01681d5 in db_command_loop () at /a/asami/portbuild/i386/src-client/=
sys/ddb/db_command.c:472
#4  0xc016b1d5 in db_trap (type=3D3, code=3D0) at /a/asami/portbuild/i386/s=
rc-client/sys/ddb/db_trap.c:73
#5  0xc03de71c in kdb_trap (type=3D3, code=3D0, regs=3D0xce6559f0)
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/db_interface.c:172
#6  0xc03ef91a in trap (frame=3D
      {tf_fs =3D 24, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -1068688392, tf=
_esi =3D -1068849920, tf_ebp =3D -832218564, tf_isp =3D -832218596, tf_ebx =
=3D 0, tf_edx =3D 0, tf_ecx =3D 1, tf_eax =3D 25, tf_trapno =3D 3, tf_err =
=3D 0, tf_eip =3D -1069684268, tf_cs =3D 8, tf_eflags =3D 662, tf_esp =3D -=
1069202262, tf_ss =3D -1069472723})
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:580
#7  0xc03e00c8 in calltrap () at {standard input}:102
#8  0xc02911e7 in witness_lock (lock=3D0xc04aa500, flags=3D8,
    file=3D0xc04354a7 "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spe=
c_vnops.c", line=3D372)
    at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838
#9  0xc02621ca in _mtx_lock_flags (m=3D0x0, opts=3D0, file=3D0xc04d1bf8 "",=
 line=3D-1068849920)
    at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:336
#10 0xc02313e4 in spec_poll (ap=3D0xce655af8)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
#11 0xc02308d8 in spec_vnoperate (ap=3D0x0)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122
#12 0xc02d152c in vn_poll (fp=3D0x0, events=3D0, active_cred=3D0xc42f6800, =
td=3D0x0) at vnode_if.h:537
#13 0xc029491e in selscan (td=3D0xc3087720, ibits=3D0xce655b98, obits=3D0xc=
e655b88, nfd=3D6)
    at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272
#14 0xc029449f in kern_select (td=3D0xc3087720, nd=3D6, fd_in=3D0xbfbff5b0,=
 fd_ou=3D0x0, fd_ex=3D0x0, tvp=3D0xce655cd4)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822
#15 0xc0294116 in select (td=3D0x0, uap=3D0xce655d10)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726
#16 0xc03f0233 in syscall (frame=3D
      {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D 134565968, tf_e=
si =3D -1077938776, tf_ebp =3D 674425792, tf_isp =3D -832217740, tf_ebx =3D=
 0, tf_edx =3D -1077938768, tf_ecx =3D 0, tf_eax =3D 93, tf_trapno =3D 12, =
tf_err =3D 2, tf_eip =3D 671926988, tf_cs =3D 31, tf_eflags =3D 534, tf_esp=
 =3D 674425704, tf_ss =3D 47})
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008
#17 0xc03e011d in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/OBzmWry0BWjoQKURAs0IAJ9hXF8+F526wBM3MSaxhBOFEysS7QCg1g5f
OoAiujMtKZ4tnUA2UcgIGxg=
=JMuG
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030811224702.GA44119>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact