kern/180098: [rm_rlock][mac_portacl][panic] recursed on non-recursive rmlock mac_policy_rm
Zverev Andrey
azverev at ozon.ru
Sat Sep 28 12:00:02 UTC 2013
The following reply was made to PR kern/180098; it has been noted by GNATS.
From: Zverev Andrey <azverev at ozon.ru>
To: <bug-followup at FreeBSD.org>, <peter at bsdenergy.net>
Cc:
Subject: Re: kern/180098: [rm_rlock][mac_portacl][panic] recursed on non-recursive rmlock mac_policy_rm
Date: Sat, 28 Sep 2013 15:55:46 +0400
I can repeat it on fresh -head (FreeBSD 10.0-ALPHA3 #12 r255906)
panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm @
/usr/src/sys/security/mac/mac_framework.c:198
cpuid =3D 1
KDB: stack backtrace:
db_trace_self_wrapper(c1116010,732f7273,732f6372,732f7379,72756365,...)
at db_trace_self_wrapper+0x2d/frame 0xeb36b9c0
kdb_backtrace(c12d2fc3,1,c1110d09,eb36ba94,c1110d09,...) at
kdb_backtrace+0x30/frame 0xeb36ba28
vpanic(c13f0778,100,c1110d09,eb36ba94,eb36ba94,...) at
vpanic+0x11f/frame 0xeb36ba64
kassert_panic(c1110d09,c1144ba7,c1144b2d,c6,c111a3a8,...) at
kassert_panic+0xea/frame 0xeb36ba88
_rm_rlock_debug(c156e764,eb36baf0,0,c1144b2d,c6) at
_rm_rlock_debug+0x187/frame 0xeb36bab4
mac_policy_slock_nosleep(eb36baf0,c114d9a2,246,c72cfd00,eb36bb18,...) at
mac_policy_slock_nosleep+0x3a/frame 0xeb36bad0
mac_priv_check(c6ece600,1ea,1a9,c0abaff4,c778c930,...) at
mac_priv_check+0x68/frame 0xeb36bb20
priv_check_cred(c6ece600,1ea,0,1a9,2,...) at priv_check_cred+0x25/frame
0xeb36bb4c
socket_check_bind(c6ece600,cf528d40,0,ce7246a0,2000000,...) at
socket_check_bind+0x1d0/frame 0xeb36bb78
mac_socket_check_bind(c6ece600,cf528d40,ce7246a0,0,eb36bc08,...) at
mac_socket_check_bind+0xb1/frame 0xeb36bbc8
kern_bindat(6,ce7246a0,1c,0,c778c930,...) at kern_bindat+0x121/frame
0xeb36bc20
sys_bind(c778c930,eb36bcc8,eb36bc5c,46,c1a25f60,...) at
sys_bind+0x74/frame 0xeb36bc40
syscall(eb36bd08) at syscall+0x2de/frame 0xeb36bcfc
Xint0x80_syscall() at Xint0x80_syscall+0x21/frame 0xeb36bcfc
--- syscall (104, FreeBSD ELF32, sys_bind), eip =3D 0x2813d403, esp =3D
0xbfbfccfc, ebp =3D 0xbfbfdc84 ---
KDB: enter: panic
Reading symbols from /boot/kernel/snd_uaudio.ko.symbols...done.
Loaded symbols for /boot/kernel/snd_uaudio.ko.symbols
Reading symbols from /boot/kernel/ums.ko.symbols...done.
Loaded symbols for /boot/kernel/ums.ko.symbols
Reading symbols from /boot/kernel/ng_ubt.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ubt.ko.symbols
Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
Loaded symbols for /boot/kernel/netgraph.ko.symbols
Reading symbols from /boot/kernel/ng_hci.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_hci.ko.symbols
Reading symbols from /boot/kernel/ng_bluetooth.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_bluetooth.ko.symbols
Reading symbols from /boot/kernel/ng_l2cap.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_l2cap.ko.symbols
Reading symbols from /boot/kernel/ng_btsocket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_btsocket.ko.symbols
Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_socket.ko.symbols
Reading symbols from /boot/kernel/linux.ko.symbols...done.
Loaded symbols for /boot/kernel/linux.ko.symbols
Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
Loaded symbols for /boot/kernel/nullfs.ko.symbols
Reading symbols from /boot/kernel/linprocfs.ko.symbols...done.
Loaded symbols for /boot/kernel/linprocfs.ko.symbols
Reading symbols from /boot/kernel/linsysfs.ko.symbols...done.
Loaded symbols for /boot/kernel/linsysfs.ko.symbols
Reading symbols from /boot/kernel/tmpfs.ko.symbols...done.
Loaded symbols for /boot/kernel/tmpfs.ko.symbols
Reading symbols from /boot/kernel/fdescfs.ko.symbols...done.
Loaded symbols for /boot/kernel/fdescfs.ko.symbols
Reading symbols from /boot/kernel/mac_portacl.ko.symbols...done.
Loaded symbols for /boot/kernel/mac_portacl.ko.symbols
#0 doadump (textdump=3D0) at pcpu.h:232
232 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) #0 doadump (textdump=3D0) at pcpu.h:232
#1 0xc0521fb1 in db_dump (dummy=3D-1062244387, dummy2=3D0, dummy3=3D-1,
dummy4=3D0xeb36b764 "") at /usr/src/sys/ddb/db_command.c:543
#2 0xc0521a77 in db_command (cmd_table=3D<value optimized out>)
at /usr/src/sys/ddb/db_command.c:449
#3 0xc0521790 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:502
#4 0xc0524020 in db_trap (type=3D<value optimized out>, code=3D2)
at /usr/src/sys/ddb/db_main.c:231
#5 0xc0af7738 in kdb_trap (type=3D<value optimized out>,
code=3D<value optimized out>, tf=3D<value optimized out>)
at /usr/src/sys/kern/subr_kdb.c:654
#6 0xc0fa6d3f in trap (frame=3D<value optimized out>)
at /usr/src/sys/i386/i386/trap.c:720
#7 0xc0f8fd5c in calltrap () at /usr/src/sys/i386/i386/exception.s:170
#8 0xc0af6fdd in kdb_enter (why=3D0xc1111a64 "panic",
msg=3D<value optimized out>) at cpufunc.h:71
#9 0xc0abe363 in vpanic (fmt=3D<value optimized out>, ap=3D<value =
optimized
out>)
at /usr/src/sys/kern/kern_shutdown.c:747
#10 0xc0abe21a in kassert_panic (fmt=3D<value optimized out>)
at /usr/src/sys/kern/kern_shutdown.c:642
#11 0xc0abb047 in _rm_rlock_debug (rm=3D0xc156e764,
tracker=3D<value optimized out>) at
/usr/src/sys/kern/kern_rmlock.c:640
#12 0xc0ceb0aa in mac_policy_slock_nosleep (tracker=3D<value optimized
out>)
at /usr/src/sys/security/mac/mac_framework.c:198
#13 0xc0cf22a8 in mac_priv_check (priv=3D490)
at /usr/src/sys/security/mac/mac_priv.c:75
#14 0xc0aacc15 in priv_check_cred (cred=3D0xc6ece600, priv=3D490, =
flags=3D0)
at /usr/src/sys/kern/kern_priv.c:88
#15 0xd010cdf0 in socket_check_bind (cred=3D0xc6ece600,
so=3D<value optimized out>, solabel=3D0x0, sa=3D<value optimized =
out>)
at
/usr/src/sys/modules/mac_portacl/../../security/mac_portacl/mac_portacl.
c:428
#16 0xc0cf4291 in mac_socket_check_bind (so=3D0xcf528d40)
at /usr/src/sys/security/mac/mac_socket.c:325
#17 0xc0b41091 in kern_bindat (td=3D0xc778c930, dirfd=3D-100,
fd=3D<value optimized out>, sa=3D0xffff)
at /usr/src/sys/kern/uipc_syscalls.c:279
#18 0xc0b40ea4 in sys_bind (td=3D0x80, uap=3D<value optimized out>)
at /usr/src/sys/kern/uipc_syscalls.c:297
#19 0xc0fa7a0e in syscall (frame=3D<value optimized out>) at
subr_syscall.c:134
#20 0xc0f8fdf1 in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:270
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
(kgdb)
It would be nice if someone can look at this before 10.0-RELEASE.
More information about the freebsd-bugs
mailing list