* [BUG] af_unix race in close?
@ 2009-09-23 23:54 Stephen Hemminger
2009-09-24 4:35 ` Eric Dumazet
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2009-09-23 23:54 UTC (permalink / raw)
To: David Miller; +Cc: netdev
This oops seems to show lots of times:
http://www.kerneloops.org/guilty.php?guilty=unix_write_space&version=2.6.31-release&start=2064384&end=2097151&class=oops
Looks like race in unix domain socket close with data outstanding.
BUG: unable to handle kernel paging request at 6b6b6b8f
IP: [] unix_write_space+0x45/0x87
*pde = 00000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0C0A:00/power_supply/BAT1/charge_full
Modules linked in: ext2 fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput uvcvideo videodev v4l1_compat arc4 snd_hda_codec_realtek iTCO_wdt iTCO_vendor_support ecb serio_raw i2c_i801 snd_hda_intel joydev snd_hda_codec snd_hwdep snd_pcm snd_timer ath5k r8169 snd mac80211 mii soundcore ath snd_page_alloc jmb38x_ms cfg80211 memstick rfkill wmi squashfs vfat fat mmc_block i915 sdhci_pci ata_generic pata_acpi sdhci mmc_core drm i2c_algo_bit i2c_core usb_storage video output [last unloaded: microcode]
Pid: 6809, comm: metacity Not tainted (2.6.31-0.125.4.2.rc5.git2.fc12.i686 #1) AOA110
EIP: 0060:[] EFLAGS: 00010202 CPU: 0
EIP is at unix_write_space+0x45/0x87
EAX: 6b6b6b6b EBX: ec988780 ECX: 00000000 EDX: 6b6b6b8f
ESI: ec988950 EDI: ffffff20 EBP: ec941e28 ESP: ec941e1c
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process metacity (pid: 6809, ti=ec940000 task=e63095c0 task.ti=ec940000)
Stack:
37dc7803 ec988780 000000e1 ec941e40 c0772142 37dc7803 dcc1c900 dcc1c900
<0> c07f6a02 ec941e50 c0775766 37dc7803 dcc1c900 ec941e60 c07754ae 37dc7803
<0> dcc1c900 ec941e78 c07755db 37dc7803 ec98b0c0 dcc1c900 00000000 ec941ea0
Call Trace:
[] ? sock_wfree+0x44/0x68
[] ? unix_release_sock+0x182/0x1e0
[] ? skb_release_head_state+0x6c/0xcb
[] ? __kfree_skb+0x20/0x94
[] ? kfree_skb+0x68/0x7f
[] ? unix_release_sock+0x182/0x1e0
[] ? unix_release+0x2f/0x42
[] ? sock_release+0x29/0x7f
[] ? sock_close+0x30/0x45
[] ? __fput+0x101/0x1a2
[] ? fput+0x27/0x3a
[] ? filp_close+0x64/0x7f
[] ? put_files_struct+0x68/0xbd
[] ? exit_files+0x43/0x59
[] ? do_exit+0x1d6/0x648
[] ? audit_syscall_entry+0x134/0x167
[] ? do_group_exit+0x72/0x99
[] ? sys_exit_group+0x27/0x3c
[] ? syscall_call+0x7/0xb
Code: 00 89 45 f4 31 c0 89 f0 e8 9a 76 02 00 8b 83 dc 00 00 00 c1 e0 02 3b 83 e4 00 00 00 7f 32 8b 83 a4 00 00 00 85 c0 74 17 8d 50 24 <39> 50 24 74 0f b9 01 00 00 00 ba 01 00 00 00 e8 bb cf c3 ff b9
EIP: [] unix_write_space+0x45/0x87 SS:ESP 0068:ec941e1c
CR2: 000000006b6b6b8f
---[ end trace 4a36bd1eb2fc9896 ]---
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG] af_unix race in close?
2009-09-23 23:54 [BUG] af_unix race in close? Stephen Hemminger
@ 2009-09-24 4:35 ` Eric Dumazet
2009-09-24 5:56 ` Stephen Hemminger
0 siblings, 1 reply; 3+ messages in thread
From: Eric Dumazet @ 2009-09-24 4:35 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: David Miller, netdev, Jike Song
Stephen Hemminger a écrit :
> This oops seems to show lots of times:
> http://www.kerneloops.org/guilty.php?guilty=unix_write_space&version=2.6.31-release&start=2064384&end=2097151&class=oops
> Looks like race in unix domain socket close with data outstanding.
>
> BUG: unable to handle kernel paging request at 6b6b6b8f
> IP: [] unix_write_space+0x45/0x87
> *pde = 00000000
> Oops: 0000 [#1] SMP
> last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0C0A:00/power_supply/BAT1/charge_full
> Modules linked in: ext2 fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput uvcvideo videodev v4l1_compat arc4 snd_hda_codec_realtek iTCO_wdt iTCO_vendor_support ecb serio_raw i2c_i801 snd_hda_intel joydev snd_hda_codec snd_hwdep snd_pcm snd_timer ath5k r8169 snd mac80211 mii soundcore ath snd_page_alloc jmb38x_ms cfg80211 memstick rfkill wmi squashfs vfat fat mmc_block i915 sdhci_pci ata_generic pata_acpi sdhci mmc_core drm i2c_algo_bit i2c_core usb_storage video output [last unloaded: microcode]
>
> Pid: 6809, comm: metacity Not tainted (2.6.31-0.125.4.2.rc5.git2.fc12.i686 #1) AOA110
> EIP: 0060:[] EFLAGS: 00010202 CPU: 0
> EIP is at unix_write_space+0x45/0x87
> EAX: 6b6b6b6b EBX: ec988780 ECX: 00000000 EDX: 6b6b6b8f
> ESI: ec988950 EDI: ffffff20 EBP: ec941e28 ESP: ec941e1c
> DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> Process metacity (pid: 6809, ti=ec940000 task=e63095c0 task.ti=ec940000)
> Stack:
> 37dc7803 ec988780 000000e1 ec941e40 c0772142 37dc7803 dcc1c900 dcc1c900
> <0> c07f6a02 ec941e50 c0775766 37dc7803 dcc1c900 ec941e60 c07754ae 37dc7803
> <0> dcc1c900 ec941e78 c07755db 37dc7803 ec98b0c0 dcc1c900 00000000 ec941ea0
> Call Trace:
> [] ? sock_wfree+0x44/0x68
> [] ? unix_release_sock+0x182/0x1e0
> [] ? skb_release_head_state+0x6c/0xcb
> [] ? __kfree_skb+0x20/0x94
> [] ? kfree_skb+0x68/0x7f
> [] ? unix_release_sock+0x182/0x1e0
> [] ? unix_release+0x2f/0x42
> [] ? sock_release+0x29/0x7f
> [] ? sock_close+0x30/0x45
> [] ? __fput+0x101/0x1a2
> [] ? fput+0x27/0x3a
> [] ? filp_close+0x64/0x7f
> [] ? put_files_struct+0x68/0xbd
> [] ? exit_files+0x43/0x59
> [] ? do_exit+0x1d6/0x648
> [] ? audit_syscall_entry+0x134/0x167
> [] ? do_group_exit+0x72/0x99
> [] ? sys_exit_group+0x27/0x3c
> [] ? syscall_call+0x7/0xb
> Code: 00 89 45 f4 31 c0 89 f0 e8 9a 76 02 00 8b 83 dc 00 00 00 c1 e0 02 3b 83 e4 00 00 00 7f 32 8b 83 a4 00 00 00 85 c0 74 17 8d 50 24 <39> 50 24 74 0f b9 01 00 00 00 ba 01 00 00 00 e8 bb cf c3 ff b9
> EIP: [] unix_write_space+0x45/0x87 SS:ESP 0068:ec941e1c
> CR2: 000000006b6b6b8f
> ---[ end trace 4a36bd1eb2fc9896 ]---
>
Hello Stephen
I already took a look at the problem, and I re-sent possible fix for this yesterday
http://patchwork.ozlabs.org/patch/34162/
First reporter I am aware of was Jike Song
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG] af_unix race in close?
2009-09-24 4:35 ` Eric Dumazet
@ 2009-09-24 5:56 ` Stephen Hemminger
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Hemminger @ 2009-09-24 5:56 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David Miller, netdev, Jike Song
On Thu, 24 Sep 2009 06:35:51 +0200
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> inted (2.6.31-0.125.4.2.rc5.git2.fc12.i686 #1) AOA110
> > EIP: 0060:[] EFLAGS: 00010202 CPU: 0
> > EIP is at unix_write_space+0x45/0x87
> > EAX: 6b6b6b6b EBX: ec988780 ECX: 00000000 EDX: 6b6b6b8f
> > ESI: ec988950 EDI: ffffff20 EBP: ec941e28 ESP: ec941e1c
> > DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> > Process metacity (pid: 6809, ti=ec940000 task=e63095c0 task.ti=ec940000)
> > Stack:
> > 37dc7803 ec988780 000000e1 ec941e40 c0772142 37dc7803 dcc1c900 dcc1c900
> > <0> c07f6a02 ec941e50 c0775766 37dc7803 dcc1c900 ec941e60 c07754ae 37dc7803
> > <0> dcc1c900 ec941e78 c07755db 37dc7803 ec98b0c0 dcc1c900 00000000 ec941ea0
> > Call Trace:
> > [] ? sock_wfree+0x44/0x68
> > [] ? unix_release_sock+0x182/0x1e0
> > [] ? skb_release_head_state+0x6c/0xcb
> > [] ? __kfree_skb+0x20/0x94
> > [] ? kfree_skb+0x68/0x7f
> > [] ? unix_release_sock+0x182/0x1e0
> > [] ? unix_release+0x2f/0x42
> > [] ? sock_release+0x29/0x7f
> > [] ? sock_close+0x30/0x45
> > [] ? __fput+0x101/0x1a2
Good thanks. It should probably go up to stable as well.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-09-24 5:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-23 23:54 [BUG] af_unix race in close? Stephen Hemminger
2009-09-24 4:35 ` Eric Dumazet
2009-09-24 5:56 ` Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).