lang: en

FreeBSD lock order reversal (LOR) #68

ID 68
state patched
responsible
reported first
reported last
do you know more? submit update by email
LOR
lock order reversal
 1st 0xc1dde8a0 rtentry (rtentry) @ sys/netinet/if_ether.c:445
 2nd 0xc1be1364 bfe0 (network driver) @ sys/dev/bfe/if_bfe.c:1341
		
KDB: stack backtrace:
kdb_backtrace(c09039ec,c1be1364,c1afc560,c08d6492,c08d97ad) at kdb_backtrace+0x2e
witness_checkorder(c1be1364,9,c08d97ad,53d,e5926978) at witness_checkorder+0x6aa
_mtx_lock_flags(c1be1364,0,c08d97ad,53d,c1bdf000) at _mtx_lock_flags+0x8a
bfe_start(c1bdf000,12b,0,c1bdf000) at bfe_start+0x31
if_start(c1bdf000,0,c0909620,184,202) at if_start+0x99
ether_output_frame(c1bdf000,c1ce3700,6,12b,c103e9d8) at ether_output_frame+0x218
ether_output(c1bdf000,c1ce3700,e5926a3c,0,2,c1dd0001,2302,c090c3e0,1bd,516) at ether_output+0x44e
arprequest(c1bdf000,c1dd25c8,c1d2a194,c1adb8ac,7) at arprequest+0x109
arpresolve(c1bdf000,c1dde8c4,c1ce3800,c1d2a190,e5926aa8) at arpresolve+0x32d
ether_output(c1bdf000,c1ce3800,c1d2a190,c1dde8c4,c06aad17) at ether_output+0x7c
ip_output(c1ce3800,0,e5926b08,0,0) at ip_output+0x7c7
udp_output(c1ddc168,c1ce3800,0,0,c1c14000) at udp_output+0x556
udp_send(c1ddabac,0,c1ce3800,0,0) at udp_send+0x30
sosend(c1ddabac,0,e5926c44,c1ce3800,0) at sosend+0x701
kern_sendit(c1c14000,4,e5926cc4,0,0) at kern_sendit+0x13f
sendit(c1c14000,4,e5926cc4,0,bfbfc0b1) at sendit+0x1a9
sendto(c1c14000,e5926d14,18,3ff,6) at sendto+0x5b
syscall(2f,2f,2f,2,0) at syscall+0x2a0
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (133, FreeBSD ELF32, sendto), eip = 0x282a477f, esp = 0xbfbfb89c, ebp = 0xbfbfb8c8 ---
		
comments/references