Date: Mon, 11 Aug 2003 15:47:02 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Kris Kennaway <kris@obsecurity.org> Cc: phk@FreeBSD.org Subject: Re: LOR with filedesc structure and Giant Message-ID: <20030811224702.GA44119@rot13.obsecurity.org> In-Reply-To: <20030811220932.GA43465@rot13.obsecurity.org> References: <20030809061112.GA4044@rot13.obsecurity.org> <20030811220932.GA43465@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 11, 2003 at 03:09:32PM -0700, Kris Kennaway wrote: > On Fri, Aug 08, 2003 at 11:11:12PM -0700, Kris Kennaway wrote: > > Aug 9 11:29:50 dosirak kernel: lock order reversal > > Aug 9 11:29:50 dosirak kernel: 1st 0xcf3fa334 filedesc structure (file= desc structure) @ kern/sys_generic.c:895 > > Aug 9 11:29:50 dosirak kernel: 2nd 0xc070a8e0 Giant (Giant) @ fs/specf= s/spec_vnops.c:372 > > Aug 9 11:29:50 dosirak kernel: Stack backtrace: > >=20 > > And that's it (i.e. no backtrace is recorded). >=20 > I got this on another machine: >=20 > lock order reversal > 1st 0xc3d25134 filedesc structure (filedesc structure) @ /a/asami/portbu= ild/i386/src-client/sys/kern/sys_generic.c:902 > 2nd 0xc04aa500 Giant (Giant) @ /a/asami/portbuild/i386/src-client/sys/fs= /specfs/spec_vnops.c:372 > Stack backtrace: > backtrace(c043db3b,c04aa500,c043a130,c043a130,c04354a7) at backtrace+0x17 > witness_lock(c04aa500,8,c04354a7,174,1be) at witness_lock+0x672 > _mtx_lock_flags(c04aa500,0,c04354a7,174,c043e146) at _mtx_lock_flags+0xba > spec_poll(ce655af8,ce655b18,c02d152c,ce655af8,c0493d80) at spec_poll+0x134 > spec_vnoperate(ce655af8,c0493d80,c35485b4,40,c42f6800) at spec_vnoperate+= 0x18 > vn_poll(c26abe58,40,c42f6800,c3087720,c42f6800) at vn_poll+0x3c > selscan(c3087720,ce655b98,ce655b88,6,4) at selscan+0x13e > kern_select(c3087720,6,bfbff5b0,0,0) at kern_select+0x36f > select(c3087720,ce655d10,c0455f34,3ee,5) at select+0x66 > syscall(2f,2f,2f,8055050,bfbff5a8) at syscall+0x273 > Xint0x80_syscall() at Xint0x80_syscall+0x1d #0 doadump () at /a/asami/portbuild/i386/src-client/sys/kern/kern_shutdown= .c:240 #1 0xc0168345 in db_fncall (dummy1=3D1016, dummy2=3D0, dummy3=3D1016, dumm= y4=3D0xce65589c "") at /a/asami/portbuild/i386/src-client/sys/ddb/db_command.c:548 #2 0xc0168092 in db_command (last_cmdp=3D0xc0495800, cmd_table=3D0x0, aux_= cmd_tablep=3D0xc045acd0, aux_cmd_tablep_end=3D0xc045acd4) at /a/asami/portbuild/i386/src-client/= sys/ddb/db_command.c:346 #3 0xc01681d5 in db_command_loop () at /a/asami/portbuild/i386/src-client/= sys/ddb/db_command.c:472 #4 0xc016b1d5 in db_trap (type=3D3, code=3D0) at /a/asami/portbuild/i386/s= rc-client/sys/ddb/db_trap.c:73 #5 0xc03de71c in kdb_trap (type=3D3, code=3D0, regs=3D0xce6559f0) at /a/asami/portbuild/i386/src-client/sys/i386/i386/db_interface.c:172 #6 0xc03ef91a in trap (frame=3D {tf_fs =3D 24, tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -1068688392, tf= _esi =3D -1068849920, tf_ebp =3D -832218564, tf_isp =3D -832218596, tf_ebx = =3D 0, tf_edx =3D 0, tf_ecx =3D 1, tf_eax =3D 25, tf_trapno =3D 3, tf_err = =3D 0, tf_eip =3D -1069684268, tf_cs =3D 8, tf_eflags =3D 662, tf_esp =3D -= 1069202262, tf_ss =3D -1069472723}) at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:580 #7 0xc03e00c8 in calltrap () at {standard input}:102 #8 0xc02911e7 in witness_lock (lock=3D0xc04aa500, flags=3D8, file=3D0xc04354a7 "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spe= c_vnops.c", line=3D372) at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838 #9 0xc02621ca in _mtx_lock_flags (m=3D0x0, opts=3D0, file=3D0xc04d1bf8 "",= line=3D-1068849920) at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:336 #10 0xc02313e4 in spec_poll (ap=3D0xce655af8) at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372 #11 0xc02308d8 in spec_vnoperate (ap=3D0x0) at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122 #12 0xc02d152c in vn_poll (fp=3D0x0, events=3D0, active_cred=3D0xc42f6800, = td=3D0x0) at vnode_if.h:537 #13 0xc029491e in selscan (td=3D0xc3087720, ibits=3D0xce655b98, obits=3D0xc= e655b88, nfd=3D6) at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272 #14 0xc029449f in kern_select (td=3D0xc3087720, nd=3D6, fd_in=3D0xbfbff5b0,= fd_ou=3D0x0, fd_ex=3D0x0, tvp=3D0xce655cd4) at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822 #15 0xc0294116 in select (td=3D0x0, uap=3D0xce655d10) at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726 #16 0xc03f0233 in syscall (frame=3D {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D 47, tf_edi =3D 134565968, tf_e= si =3D -1077938776, tf_ebp =3D 674425792, tf_isp =3D -832217740, tf_ebx =3D= 0, tf_edx =3D -1077938768, tf_ecx =3D 0, tf_eax =3D 93, tf_trapno =3D 12, = tf_err =3D 2, tf_eip =3D 671926988, tf_cs =3D 31, tf_eflags =3D 534, tf_esp= =3D 674425704, tf_ss =3D 47}) at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008 #17 0xc03e011d in Xint0x80_syscall () at {standard input}:144 ---Can't read userspace from dump, or kernel process--- --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/OBzmWry0BWjoQKURAs0IAJ9hXF8+F526wBM3MSaxhBOFEysS7QCg1g5f OoAiujMtKZ4tnUA2UcgIGxg= =JMuG -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030811224702.GA44119>