Re: LOR with filedesc structure and Giant

From: Kris Kennaway <kris_at_obsecurity.org>
Date: Mon, 11 Aug 2003 15:47:02 -0700
On Mon, Aug 11, 2003 at 03:09:32PM -0700, Kris Kennaway wrote:
> On Fri, Aug 08, 2003 at 11:11:12PM -0700, Kris Kennaway wrote:
> > Aug  9 11:29:50 dosirak kernel: lock order reversal
> > Aug  9 11:29:50 dosirak kernel: 1st 0xcf3fa334 filedesc structure (filedesc structure) _at_ kern/sys_generic.c:895
> > Aug  9 11:29:50 dosirak kernel: 2nd 0xc070a8e0 Giant (Giant) _at_ fs/specfs/spec_vnops.c:372
> > Aug  9 11:29:50 dosirak kernel: Stack backtrace:
> > 
> > And that's it (i.e. no backtrace is recorded).
> 
> I got this on another machine:
> 
> lock order reversal
>  1st 0xc3d25134 filedesc structure (filedesc structure) _at_ /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:902
>  2nd 0xc04aa500 Giant (Giant) _at_ /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
> Stack backtrace:
> backtrace(c043db3b,c04aa500,c043a130,c043a130,c04354a7) at backtrace+0x17
> witness_lock(c04aa500,8,c04354a7,174,1be) at witness_lock+0x672
> _mtx_lock_flags(c04aa500,0,c04354a7,174,c043e146) at _mtx_lock_flags+0xba
> spec_poll(ce655af8,ce655b18,c02d152c,ce655af8,c0493d80) at spec_poll+0x134
> spec_vnoperate(ce655af8,c0493d80,c35485b4,40,c42f6800) at spec_vnoperate+0x18
> vn_poll(c26abe58,40,c42f6800,c3087720,c42f6800) at vn_poll+0x3c
> selscan(c3087720,ce655b98,ce655b88,6,4) at selscan+0x13e
> kern_select(c3087720,6,bfbff5b0,0,0) at kern_select+0x36f
> select(c3087720,ce655d10,c0455f34,3ee,5) at select+0x66
> syscall(2f,2f,2f,8055050,bfbff5a8) at syscall+0x273
> Xint0x80_syscall() at Xint0x80_syscall+0x1d

#0  doadump () at /a/asami/portbuild/i386/src-client/sys/kern/kern_shutdown.c:240
#1  0xc0168345 in db_fncall (dummy1=1016, dummy2=0, dummy3=1016, dummy4=0xce65589c "")
    at /a/asami/portbuild/i386/src-client/sys/ddb/db_command.c:548
#2  0xc0168092 in db_command (last_cmdp=0xc0495800, cmd_table=0x0, aux_cmd_tablep=0xc045acd0,
    aux_cmd_tablep_end=0xc045acd4) at /a/asami/portbuild/i386/src-client/sys/ddb/db_command.c:346
#3  0xc01681d5 in db_command_loop () at /a/asami/portbuild/i386/src-client/sys/ddb/db_command.c:472
#4  0xc016b1d5 in db_trap (type=3, code=0) at /a/asami/portbuild/i386/src-client/sys/ddb/db_trap.c:73
#5  0xc03de71c in kdb_trap (type=3, code=0, regs=0xce6559f0)
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/db_interface.c:172
#6  0xc03ef91a in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1068688392, tf_esi = -1068849920, tf_ebp = -832218564, tf_isp = -832218596, tf_ebx = 0, tf_edx = 0, tf_ecx = 1, tf_eax = 25, tf_trapno = 3, tf_err = 0, tf_eip = -1069684268, tf_cs = 8, tf_eflags = 662, tf_esp = -1069202262, tf_ss = -1069472723})
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:580
#7  0xc03e00c8 in calltrap () at {standard input}:102
#8  0xc02911e7 in witness_lock (lock=0xc04aa500, flags=8,
    file=0xc04354a7 "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c", line=372)
    at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838
#9  0xc02621ca in _mtx_lock_flags (m=0x0, opts=0, file=0xc04d1bf8 "", line=-1068849920)
    at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:336
#10 0xc02313e4 in spec_poll (ap=0xce655af8)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
#11 0xc02308d8 in spec_vnoperate (ap=0x0)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122
#12 0xc02d152c in vn_poll (fp=0x0, events=0, active_cred=0xc42f6800, td=0x0) at vnode_if.h:537
#13 0xc029491e in selscan (td=0xc3087720, ibits=0xce655b98, obits=0xce655b88, nfd=6)
    at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272
#14 0xc029449f in kern_select (td=0xc3087720, nd=6, fd_in=0xbfbff5b0, fd_ou=0x0, fd_ex=0x0, tvp=0xce655cd4)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822
#15 0xc0294116 in select (td=0x0, uap=0xce655d10)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726
#16 0xc03f0233 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134565968, tf_esi = -1077938776, tf_ebp = 674425792, tf_isp = -832217740, tf_ebx = 0, tf_edx = -1077938768, tf_ecx = 0, tf_eax = 93, tf_trapno = 12, tf_err = 2, tf_eip = 671926988, tf_cs = 31, tf_eflags = 534, tf_esp = 674425704, tf_ss = 47})
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008
#17 0xc03e011d in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
Received on Mon Aug 11 2003 - 13:47:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:18 UTC