lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Oct 2022 12:38:16 -0700 From: Guenter Roeck <linux@...ck-us.net> To: Steven Rostedt <rostedt@...dmis.org> Cc: linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Stephen Boyd <sboyd@...nel.org> Subject: Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers On 10/27/22 12:27, Steven Rostedt wrote: > On Thu, 27 Oct 2022 15:20:58 -0400 > Steven Rostedt <rostedt@...dmis.org> wrote: > >>> (many more of those) >>> ... >>> [ 16.329989] timer_fixup_free+0x40/0x54 >> >> Ah, I see the issue here. Looks like the timer_fixup_free() is calling >> itself and crashing. >> >> Let me take a look into that. I didn't touch the fixup code, and there >> could be an assumption there that it's behaving with the old approach. > > Can you add this and see if it makes this issue go away? > Yes, that fixes the crash. However, it still reports [ 12.235054] ------------[ cut here ]------------ [ 12.235240] ODEBUG: free active (active state 0) object type: timer_list hint: tcp_write_timer+0x0/0x190 [ 12.237331] WARNING: CPU: 0 PID: 310 at lib/debugobjects.c:502 debug_print_object+0xb8/0x100 ... [ 12.255251] Call trace: [ 12.255305] debug_print_object+0xb8/0x100 [ 12.255385] __debug_check_no_obj_freed+0x1d0/0x25c [ 12.255474] debug_check_no_obj_freed+0x20/0x90 [ 12.255555] slab_free_freelist_hook.constprop.0+0xac/0x1b0 [ 12.255650] kmem_cache_free+0x1ac/0x500 [ 12.255728] __sk_destruct+0x140/0x2a0 [ 12.255805] sk_destruct+0x54/0x64 [ 12.255877] __sk_free+0x74/0x120 [ 12.255944] sk_free+0x64/0x8c [ 12.256009] tcp_close+0x94/0xc0 [ 12.256076] inet_release+0x50/0xb0 [ 12.256145] __sock_release+0x44/0xbc [ 12.256219] sock_close+0x18/0x30 [ 12.256292] __fput+0x84/0x270 [ 12.256361] ____fput+0x10/0x20 [ 12.256426] task_work_run+0x88/0xf0 [ 12.256499] do_exit+0x334/0xafc [ 12.256566] do_group_exit+0x34/0x90 [ 12.256634] __arm64_sys_exit_group+0x18/0x20 [ 12.256713] invoke_syscall+0x48/0x114 [ 12.256789] el0_svc_common.constprop.0+0x60/0x11c [ 12.256874] do_el0_svc+0x30/0xd0 [ 12.256943] el0_svc+0x48/0xc0 [ 12.257008] el0t_64_sync_handler+0xbc/0x13c [ 12.257086] el0t_64_sync+0x18c/0x190 Is that a real problem or a false positive ? I didn't see that without your patch series (which of course might be the whole point of the series). Thanks, Guenter
Powered by blists - more mailing lists