Date: Sun, 27 Jul 2003 17:57:54 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Kris Kennaway <kris@obsecurity.org> Cc: current@FreeBSD.org Subject: Re: LOR with filedesc structure and Giant Message-ID: <20030728005754.GA23650@rot13.obsecurity.org> In-Reply-To: <20030727233351.GB80934@rot13.obsecurity.org> References: <20030727233351.GB80934@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jul 27, 2003 at 04:33:51PM -0700, Kris Kennaway wrote:
> After upgrading last night, one of the package machines found this:
>=20
> lock order reversal
> 1st 0xc6c1c334 filedesc structure (filedesc structure) @ /a/asami/portbu=
ild/i386/src-client/sys/kern/sys_generic.c:902
> 2nd 0xc04aa120 Giant (Giant) @ /a/asami/portbuild/i386/src-client/sys/fs=
/specfs/spec_vnops.c:372
> Stack backtrace:
> backtrace(c043d4af,c04aa120,c0439aa4,c0439aa4,c0434e3d) at backtrace+0x17
> witness_lock(c04aa120,8,c0434e3d,174,1bc) at witness_lock+0x672
> _mtx_lock_flags(c04aa120,0,c0434e3d,174,c043daba) at _mtx_lock_flags+0xba
> spec_poll(d8dddaf8,d8dddb18,c02d119c,d8dddaf8,c04939a0) at spec_poll+0x134
> spec_vnoperate(d8dddaf8,c04939a0,c520b124,40,c675e300) at spec_vnoperate+=
0x18
> vn_poll(c44c5e14,40,c675e300,c6222d10,c675e300) at vn_poll+0x3c
> selscan(c6222d10,d8dddb98,d8dddb88,6,4) at selscan+0x13e
> kern_select(c6222d10,6,bfbff5c0,0,0) at kern_select+0x36f
> select(c6222d10,d8dddd10,c0455899,3ee,5) at select+0x66
> syscall(2f,2f,2f,8055050,bfbff5b8) at syscall+0x273
> Xint0x80_syscall() at Xint0x80_syscall+0x1d
> --- syscall (93), eip =3D 0x280ccacc, esp =3D 0x2832eb68, ebp =3D 0x2832e=
bc0 ---
> Debugger("witness_lock")
> Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0
#8 0xc0290ed7 in witness_lock (lock=3D0xc04aa120, flags=3D8,
file=3D0xc0434e3d "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spe=
c_vnops.c", line=3D372)
at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838
#9 0xc0261f4a in _mtx_lock_flags (m=3D0x0, opts=3D0, file=3D0xc04d17a8 "",=
line=3D-1068850912)
at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:334
#10 0xc0231154 in spec_poll (ap=3D0xd8dddaf8)
at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
#11 0xc0230648 in spec_vnoperate (ap=3D0x0)
at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122
#12 0xc02d119c in vn_poll (fp=3D0x0, events=3D0, active_cred=3D0xc675e300, =
td=3D0x0) at vnode_if.h:537
#13 0xc02945ae in selscan (td=3D0xc6222d10, ibits=3D0xd8dddb98, obits=3D0xd=
8dddb88, nfd=3D6)
at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272
#14 0xc029412f in kern_select (td=3D0xc6222d10, nd=3D6, fd_in=3D0xbfbff5c0,=
fd_ou=3D0x0, fd_ex=3D0x0, tvp=3D0xd8dddcd4)
at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822
#15 0xc0293da6 in select (td=3D0x0, uap=3D0xd8dddd10)
at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726
#16 0xc03ef9b3 in syscall (frame=3D
{tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D 134565968, tf_e=
si =3D -1077938760, tf_ebp =3D 674425792, tf_isp =3D -656548492, tf_ebx =3D=
0, tf_edx =3D -1077938752, tf_ecx =3D 0, tf_eax =3D 93, tf_trapno =3D 12, =
tf_err =3D 2, tf_eip =3D 671926988, tf_cs =3D 31, tf_eflags =3D 534, tf_esp=
=3D 674425704, tf_ss =3D 47})
at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008
#17 0xc03dfbed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb)
--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/JHUQWry0BWjoQKURApi/AKDmLpFPJ5TkMWWGY1qxPnk6KuWBvQCg/Zat
czAJ+6dctwTGUo/gdcwhxxs=
=0iNn
-----END PGP SIGNATURE-----
--uAKRQypu60I7Lcqm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030728005754.GA23650>