Opened 6 months ago
Closed 4 months ago
#18927 closed bug (fixed)
Failed to acquire spinlock for a long time in UnixStreamEndpoint::Close
Reported by: | jmairboeck | Owned by: | nobody |
---|---|---|---|
Priority: | critical | Milestone: | R1/beta5 |
Component: | Network & Internet | Version: | R1/beta4 |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description (last modified by )
I just got this KDL when running the git tests with haikuporter (see https://github.com/haikuports/haikuports/pull/10649):
PANIC: acquire_spinlock(): Failed to acquire spinlock 0xffffffff82f0cd18 for a long time (last caller: 0x0000000000000000, value: deadbeef) Welcome to Kernel Debugging Land... Thread 68293 "pthread func" running on CPU 1 stack trace for thread 68293 "pthread func" kernel stack: 0xffffffff8a23c000 to 0xffffffff8a241000 user stack: 0x00007f6d48355000 to 0x00007f6d48395000 frame caller <image>:function + offset 0 ffffffff8a240c40 (+ 32) ffffffff8014ca60 <kernel_x86_64> arch_debug_call_with_fault_handler + 0x1a 1 ffffffff8a240c60 (+ 80) ffffffff800b48b8 <kernel_x86_64> debug_call_with_fault_handler + 0x78 2 ffffffff8a240cb0 (+ 96) ffffffff800b5f64 <kernel_x86_64> kernel_debugger_loop(char const*, char const*, __va_list_tag*, int) + 0xf4 3 ffffffff8a240d10 (+ 80) ffffffff800b62fe <kernel_x86_64> kernel_debugger_internal(char const*, char const*, __va_list_tag*, int) + 0x6e 4 ffffffff8a240d60 (+ 240) ffffffff800b6697 <kernel_x86_64> panic + 0xb7 5 ffffffff8a240e50 (+ 48) ffffffff80078755 <kernel_x86_64> acquire_spinlock + 0x105 6 ffffffff8a240e80 (+ 48) ffffffff8009ae57 <kernel_x86_64> _mutex_unlock + 0x27 7 ffffffff8a240eb0 (+ 64) ffffffff81f3c3e9 </boot/system/add-ons/kernel/network/protocols/unix> UnixStreamEndpoint::Close[clone .localalias] () + 0x149 8 ffffffff8a240ef0 (+ 48) ffffffff800ee8f9 <kernel_x86_64> close_fd_index + 0xa9 9 ffffffff8a240f20 (+ 16) ffffffff8014e63f <kernel_x86_64> x86_64_syscall_entry + 0xfb user iframe at 0xffffffff8a240f30 (end = 0xffffffff8a240ff8) rax 0x9e rbx 0x0 rcx 0x9f11267c79 rdx 0x1146ed9d4fe0 rsi 0x0 rdi 0xc rbp 0x7f6d483940d0 r8 0x1146eda5ab70 r9 0x1146eda5ab70 r10 0x1146eda644a0 r11 0x206 r12 0x1146ed9f1d00 r13 0x7f6d48394120 r14 0x1146ed9f1cc0 r15 0x1146ed9f1cc0 rip 0x9f11267c79 rsp 0x7f6d483940b8 rflags 0x206 vector: 0x63, error code: 0x0 10 ffffffff8a240f30 (+140109317222816) 0000009f11267c79 <libroot.so> _kern_close + 0x09 11 00007f6d483940d0 (+ 160) 00000134cbcf55aa <test-tool> ipc_server_stop_async (nearest) + 0x32a 12 00007f6d48394170 (+ 32) 0000009f11276538 <libroot.so> pthread_exit (nearest) + 0x38 13 00007f6d48394190 (+ 0) 00007fffffdf7258 <commpage> commpage_thread_exit + 0x00 kdebug>
The current running test was t0052-simple-ipc.sh
after ok 7 - sendbytes
.
The KDL is not contiuable (it just results in the same KDL again).
Running hrev57800 x86_64 in VirtualBox.
Is this maybe related to #18535?
Change History (5)
comment:1 by , 6 months ago
Description: | modified (diff) |
---|
comment:2 by , 6 months ago
Component: | Network & Internet/TCP → Network & Internet |
---|---|
Milestone: | Unscheduled → R1/beta5 |
Owner: | changed from | to
Priority: | normal → critical |
comment:4 by , 4 months ago
I ran the particular testcase in a loop and managed to reproduce this within not too many runs.
Note:
See TracTickets
for help on using tickets.
Yes, this is a use-after-free.