Hi, I am working on donut/2.6.29 kernel release and getting the following crash while disconnecting the data call.
<6>[ 253.744488] rmnet_stop() <0>[ 262.856377] BUG: spinlock lockup on CPU#0, er.ServerThread/1006, cc9f7b04 <4>[ 262.856443] [<c003015c>] (dump_stack+0x0/0x14) from [<c017f1ec>] (_raw_spin_lock+0xf4/0x130) <4>[ 262.856605] [<c017f0f8>] (_raw_spin_lock+0x0/0x130) from [<c0302874>] (_spin_lock_bh+0x54/0x5c) <4>[ 262.856742] [<c0302820>] (_spin_lock_bh+0x0/0x5c) from [<c029dda8>] (inet_unhash+0x68/0xac) <4>[ 262.856872] r5:cc9f7b04 r4:cbb9e5c0 <4>[ 262.856935] [<c029dd40>] (inet_unhash+0x0/0xac) from [<c02a0c60>] (tcp_set_state+0xe8/0x170) <4>[ 262.857063] r5:cbb9e5c0 r4:cbcf0000 <4>[ 262.857125] [<c02a0b78>] (tcp_set_state+0x0/0x170) from [<c02a0d34>] (tcp_done+0x4c/0x8c) <4>[ 262.857247] r7:c08ffb04 r6:000006f7 r5:cbb9e5c8 r4:cbb9e5c0 <4>[ 262.857350] [<c02a0ce8>] (tcp_done+0x0/0x8c) from [<c02b2344>] (tcp_v4_nuke_addr+0x8c/0xd0) <4>[ 262.857472] r4:cbb9e5c0 <4>[ 262.857513] [<c02b22b8>] (tcp_v4_nuke_addr+0x0/0xd0) from [<c02be234>] (devinet_ioctl+0x6d8/0x788) <4>[ 262.857655] [<c02bdb5c>] (devinet_ioctl+0x0/0x788) from [<c02becb0>] (inet_ioctl+0xcc/0xfc) <4>[ 262.857782] [<c02bebe4>] (inet_ioctl+0x0/0xfc) from [<c026e2fc>] (sock_ioctl+0x1e8/0x248) <4>[ 262.857935] [<c026e114>] (sock_ioctl+0x0/0x248) from [<c00e1800>] (vfs_ioctl+0x38/0x98) <4>[ 262.858075] r6:45583d4c r5:00008939 r4:c91f8c80 <4>[ 262.858158] [<c00e17c8>] (vfs_ioctl+0x0/0x98) from [<c00e1e6c>] (do_vfs_ioctl+0x514/0x568) <4>[ 262.858283] r6:45583d4c r5:cc247120 r4:c91f8c80 <4>[ 262.858368] [<c00e1958>] (do_vfs_ioctl+0x0/0x568) from [<c00e1f00>] (sys_ioctl+0x40/0x64) <4>[ 262.858492] r9:cbcf0000 r8:c002bfa8 r7:c91f8c80 r6:00008939 r5:45583d4c <4>[ 262.858607] r4:00000045 <4>[ 262.858650] [<c00e1ec0>] (sys_ioctl+0x0/0x64) from [<c002be00>] (ret_fast_syscall+0x0/0x2c) <4>[ 262.858773] r7:00000036 r6:45583d4c r5:45583d5c r4:adb040c8 Following is my analysis :- While disabling the data call, android frameworks calls the function ifc_reset_connections() i.e SIOCKILLADDR ioctl. The crash occurs while processing the SIOCKILLADDR ioctl in kernel because it tries to take the same lock two times without releasing the earlier, one at tcp_v4_nuke_addr() and second at inet_unhash() function (when sk_state != TCP_LISTEN). This seems to be spin lock recursion problem. There are changes done in the locking mechanism as part of the 2.6.29. earlier it used to take the read/write lock in 2.6.27 but those are replaced by spin locks in 2.6.29. tcp_v4_nuke_addr() function in the kernel/net/ipv4/tcp_ipv4.c inet_unhash function in the kernel/net/ipv4/inet_hashtables.c I have printed the lock address at both of the above function. <6>[ 92.246526] rmnet_stop() <0>[ 92.301602] ----- in tcp_v4_nuke_addr, lock=CBE12658 <0>[ 92.301602] ----- in inet_unhash, lock=CBE12658 It seems to be bug in the 2.6.29 kernel implementation of SIOCKILLADDR ioctl. Does someone aware of this issue? Thanks, -Shirish --~--~---------~--~----~------------~-------~--~----~ unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel -~----------~----~----~----~------~----~------~--~---
