Re: LOR with filedesc structure and Giant

From: Kris Kennaway <kris_at_obsecurity.org> Date: Sun, 27 Jul 2003 17:57:54 -0700 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:16 UTC

On Sun, Jul 27, 2003 at 04:33:51PM -0700, Kris Kennaway wrote:
> After upgrading last night, one of the package machines found this:
> 
> lock order reversal
>  1st 0xc6c1c334 filedesc structure (filedesc structure) _at_ /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:902
>  2nd 0xc04aa120 Giant (Giant) _at_ /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
> Stack backtrace:
> backtrace(c043d4af,c04aa120,c0439aa4,c0439aa4,c0434e3d) at backtrace+0x17
> witness_lock(c04aa120,8,c0434e3d,174,1bc) at witness_lock+0x672
> _mtx_lock_flags(c04aa120,0,c0434e3d,174,c043daba) at _mtx_lock_flags+0xba
> spec_poll(d8dddaf8,d8dddb18,c02d119c,d8dddaf8,c04939a0) at spec_poll+0x134
> spec_vnoperate(d8dddaf8,c04939a0,c520b124,40,c675e300) at spec_vnoperate+0x18
> vn_poll(c44c5e14,40,c675e300,c6222d10,c675e300) at vn_poll+0x3c
> selscan(c6222d10,d8dddb98,d8dddb88,6,4) at selscan+0x13e
> kern_select(c6222d10,6,bfbff5c0,0,0) at kern_select+0x36f
> select(c6222d10,d8dddd10,c0455899,3ee,5) at select+0x66
> syscall(2f,2f,2f,8055050,bfbff5b8) at syscall+0x273
> Xint0x80_syscall() at Xint0x80_syscall+0x1d
> --- syscall (93), eip = 0x280ccacc, esp = 0x2832eb68, ebp = 0x2832ebc0 ---
> Debugger("witness_lock")
> Stopped at      Debugger+0x54:  xchgl   %ebx,in_Debugger.0

#8  0xc0290ed7 in witness_lock (lock=0xc04aa120, flags=8,
    file=0xc0434e3d "/a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c", line=372)
    at /a/asami/portbuild/i386/src-client/sys/kern/subr_witness.c:838
#9  0xc0261f4a in _mtx_lock_flags (m=0x0, opts=0, file=0xc04d17a8 "", line=-1068850912)
    at /a/asami/portbuild/i386/src-client/sys/kern/kern_mutex.c:334
#10 0xc0231154 in spec_poll (ap=0xd8dddaf8)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:372
#11 0xc0230648 in spec_vnoperate (ap=0x0)
    at /a/asami/portbuild/i386/src-client/sys/fs/specfs/spec_vnops.c:122
#12 0xc02d119c in vn_poll (fp=0x0, events=0, active_cred=0xc675e300, td=0x0) at vnode_if.h:537
#13 0xc02945ae in selscan (td=0xc6222d10, ibits=0xd8dddb98, obits=0xd8dddb88, nfd=6)
    at /a/asami/portbuild/i386/src-client/sys/sys/file.h:272
#14 0xc029412f in kern_select (td=0xc6222d10, nd=6, fd_in=0xbfbff5c0, fd_ou=0x0, fd_ex=0x0, tvp=0xd8dddcd4)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:822
#15 0xc0293da6 in select (td=0x0, uap=0xd8dddd10)
    at /a/asami/portbuild/i386/src-client/sys/kern/sys_generic.c:726
#16 0xc03ef9b3 in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 134565968, tf_esi = -1077938760, tf_ebp = 674425792, tf_isp = -656548492, tf_ebx = 0, tf_edx = -1077938752, tf_ecx = 0, tf_eax = 93, tf_trapno = 12, tf_err = 2, tf_eip = 671926988, tf_cs = 31, tf_eflags = 534, tf_esp = 674425704, tf_ss = 47})
    at /a/asami/portbuild/i386/src-client/sys/i386/i386/trap.c:1008
#17 0xc03dfbed in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---

(kgdb)