Opened 10 years ago

Closed 9 years ago

#5210 closed bug (fixed)

PANIC: _mutex_lock(): double lock of 0x811f6b04 by thread 252

Reported by: kaliber Owned by: axeld
Priority: normal Milestone: R1
Component: Network & Internet/Stack Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

Using hrev34879.

PANIC: _mutex_lock(): double lock of 0x811f6b04 by thread 252
Welcome to Kernel Debugging Land...
Thread 252 "dolphin" running on CPU 0
kdebug> bt
stack trace for thread 252 "dolphin"
    kernel stack: 0x80de8000 to 0x80dec000
      user stack: 0x7efef000 to 0x7ffef000
frame               caller     <image>:function + offset
 0 80deb6b8 (+  32) 80069c1d   <kernel_x86> invoke_command_trampoline(void*: 0x80deb738) + 0x0015
 1 80deb6d8 (+  12) 800d5ecf   <kernel_x86>:arch_debug_call_with_fault_handler + 0x001b
 2 80deb6e4 (+  48) 80067afe   <kernel_x86>:debug_call_with_fault_handler + 0x0051
 3 80deb714 (+  64) 80069fc6   <kernel_x86>:invoke_debugger_command + 0x00bb
 4 80deb754 (+  48) 8006a0e3   <kernel_x86> invoke_pipe_segment(debugger_command_pipe*: 0x80128622, int32: 0, char*: NULL) + 0x0083
 5 80deb784 (+  32) 8006a1ab   <kernel_x86>:invoke_debugger_command_pipe + 0x008b
 6 80deb7a4 (+ 128) 8006df4a   <kernel_x86> ExpressionParser<0x80deb874>::_ParseCommandPipe(int&: 0x80deb870) + 0x0aae
 7 80deb824 (+  48) 80070713   <kernel_x86> ExpressionParser<0x80deb874>::EvaluateCommand(char const*: 0x80128620 "bt", int&: 0x80deb870) + 0x06df
 8 80deb854 (+ 192) 8007088c   <kernel_x86>:evaluate_debug_command + 0x0084
 9 80deb914 (+  96) 80068a4e   <kernel_x86> kernel_debugger_internal(char const*: 0x811f6b04 "�W�", int32: -2132887136) + 0x03a7
10 80deb974 (+  16) 80068baf   <kernel_x86>:kernel_debugger + 0x0019
11 80deb984 (+ 160) 80068c89   <kernel_x86>:panic + 0x002a
12 80deba24 (+  64) 80047520   <kernel_x86>:_mutex_lock + 0x00ae
13 80deba64 (+  48) 80569170   </boot/system/add-ons/kernel/network/stack> socket_notify(net_socket*: 0x811f6990, uint8: 0x1 (1), int32: -2147454948) + 0x0084
14 80deba94 (+  48) 80df09be   </boot/system/add-ons/kernel/network/protocols/unix> UnixEndpoint<0x8118a078>::_Disconnect() + 0x005c
15 80debac4 (+  48) 80df1cb1   </boot/system/add-ons/kernel/network/protocols/unix> UnixEndpoint<0x8118a078>::Close() + 0x0077
16 80debaf4 (+  48) 80df1d87   </boot/system/add-ons/kernel/network/protocols/unix> UnixEndpoint<0x8118a078>::Uninit() + 0x0061
17 80debb24 (+  32) 80deff44   </boot/system/add-ons/kernel/network/protocols/unix> unix_uninit_protocol(net_protocol*: 0x8118a084) + 0x002b
18 80debb44 (+  32) 8056ea35   </boot/system/add-ons/kernel/network/stack> uninit_domain_protocols(net_socket*: 0x80132120) + 0x0019
19 80debb64 (+  48) 8056f910   </boot/system/add-ons/kernel/network/stack> put_domain_protocols(net_socket*: 0x811f6990) + 0x008f
20 80debb94 (+  80) 805696db   </boot/system/add-ons/kernel/network/stack> net_socket_private::~net_socket_private() + 0x02cf
21 80debbe4 (+  32) 80569e99   </boot/system/add-ons/kernel/network/stack> net_socket_private<0x811f6990>::RemoveFromParent() + 0x014f
22 80debc04 (+  80) 805696c1   </boot/system/add-ons/kernel/network/stack> net_socket_private::~net_socket_private() + 0x02b5
23 80debc54 (+  32) 80569bde   </boot/system/add-ons/kernel/network/stack> socket_free(net_socket*: 0x811f6b28) + 0x004b
24 80debc74 (+  32) 8056fcbc   </boot/system/add-ons/kernel/network/stack> stack_interface_free(net_socket*: 0x811f6b28) + 0x001f
25 80debc94 (+  32) 8009c0e4   <kernel_x86> socket_free(file_descriptor*: 0x813700c8) + 0x0014
26 80debcb4 (+  32) 80095915   <kernel_x86>:put_fd + 0x0031
27 80debcd4 (+  48) 800a69fb   <kernel_x86>:vfs_put_io_context + 0x0088
28 80debd04 (+  80) 8005bf0b   <kernel_x86>:team_delete_team + 0x021f
29 80debd54 (+ 384) 80060966   <kernel_x86>:thread_exit + 0x041a
30 80debed4 (+  80) 80054396   <kernel_x86>:handle_signals + 0x0459
31 80debf24 (+  32) 8005f83d   <kernel_x86>:thread_at_kernel_exit + 0x0058
32 80debf44 (+ 100) 800d657b   <kernel_x86>:kernel_exit_handle_signals + 0x0006
user iframe at 0x80debfa8 (end = 0x80dec000)
 eax 0x8000000a     ebx 0x1cfe3e8       ecx 0x7ffee4cc   edx 0x206
 esi 0x2069218      edi 0x181f5100      ebp 0x7ffee4e8   esp 0x80debfdc
 eip 0xffff0114  eflags 0x206      user esp 0x7ffee4cc
 vector: 0x63, error code: 0x0
33 80debfa8 (+   0) ffff0114   <commpage>:commpage_syscall + 0x0004
34 7ffee4e8 (+   0) 007ee6a8   
35 18001938 (+   0) 00000001   

Change History (4)

comment:1 by anevilyak, 10 years ago

Component: System/KernelNetwork & Internet/Stack

comment:2 by kaliber, 10 years ago

I'm able to reproduce this bug, but it's complex to provide a simple test case. If you need more information from KDL please let me know.

comment:3 by bonefish, 10 years ago

The problem is easily understood: net_socket_private::~net_socket_private() locks the socket and further up the stack socket_notify() does it again. I guess Axel can tell us how this is supposed to work. Maybe the uninit_protocol() hook is not supposed to send any notifications?

comment:4 by axeld, 9 years ago

Resolution: fixed
Status: newclosed

Fixed in hrev37895 by not holding the lock when calling those functions.

However, if the socket is already closed, there shouldn't be anyone left to notify, so the code in the unix protocol looks a bit questionable to me (but maybe I just don't understand it :-)).

Note: See TracTickets for help on using tickets.