Roman Kurakin rik at cronyx.ru
Wed May 5 05:14:14 PDT 2004

    I have smth for you. According to your web page it is new LOR.
Was got on less than 48 hour old current.

Best regards,
                      Roman Kurakin

Bjoern A. Zeeb wrote:

>being one of the first persons who had asked for such a page some time
>back last year I - do not know why but sporadically - put up a web page
>with the last 6 LORs reported I could find (inluding the FAQ one ;-)
>The page is at
>	http://sources.zabbadoz.net/freebsd/lor.html
>and will be updated once in a while (see table footer for more info on
>this). You may link to it in mailing list posting etc but please do NOT
>put a link to it in the source code.
>If anyone feels that it's his job or want to integrate it
>into the official freebsd docs please take the data from the page,
>drop me a note and I will link to your site.
>PS: can someone please close PR kern/55175 - patch has been committed
>	by phk in
>	I think.

lock order reversal
1st 0xc2bbe360 rtentry (rtentry) @ /usr/src/sys/net/rtsock.c:389
2nd 0xc2bf147c radix node head (radix node head) @ /usr/src/sys/net/route.c:142
Stack backtrace:
backtrace(0,ffffffff,c088b4f0,c088b6f8,c081a91c) at backtrace+0x12
witness_checkorder(c2bf147c,9,c07c92d3,8e) at witness_checkorder+0x593
_mtx_lock_flags(c2bf147c,0,c07c92d3,8e,7) at _mtx_lock_flags+0x67
rtalloc1(c2e08a78,0,0,d1dd8b54,0) at rtalloc1+0x61
ifa_ifwithroute(801,c2e08a5c,c2e08a78,c2bbe360,c2bf1400) at ifa_ifwithroute+0x64
rt_getifa(d1dd8b54,0,c2bbe300,c2e08a00,3) at rt_getifa+0xaa
route_output(c150dd00,c2d033c0,a0,c150dd00,1f60) at route_output+0x595
raw_usend(c2d033c0,0,c150dd00,0,0,c2c8bdc0) at raw_usend+0x6c
rts_send(c2d033c0,0,c150dd00,0,0) at rts_send+0x1b
sosend(c2d033c0,0,d1dd8c88,c150dd00,0) at sosend+0x3fd
soo_write(c2cabae4,d1dd8c88,c2e21600,0,c2c8bdc0) at soo_write+0x46
dofilewrite(c2c8bdc0,c2cabae4,2,bfbfdce0,a0) at dofilewrite+0xbb
write(c2c8bdc0,d1dd8d14,3,16,296) at write+0x3e
syscall(2f,2f,2f,bfbfdd80,a0) at syscall+0x217
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (4), eip = 0x2824c4cb, esp = 0xbfbfdc9c, ebp = 0xbfbfdcc8 ---

