[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c12e3c4d-b5a4-1f83-73a8-ff115e8bd369@roeck-us.net>
Date: Thu, 27 Oct 2022 12:38:16 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Stephen Boyd <sboyd@...nel.org>
Subject: Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before
freeing timers
On 10/27/22 12:27, Steven Rostedt wrote:
> On Thu, 27 Oct 2022 15:20:58 -0400
> Steven Rostedt <rostedt@...dmis.org> wrote:
>
>>> (many more of those)
>>> ...
>>> [ 16.329989] timer_fixup_free+0x40/0x54
>>
>> Ah, I see the issue here. Looks like the timer_fixup_free() is calling
>> itself and crashing.
>>
>> Let me take a look into that. I didn't touch the fixup code, and there
>> could be an assumption there that it's behaving with the old approach.
>
> Can you add this and see if it makes this issue go away?
>
Yes, that fixes the crash. However, it still reports
[ 12.235054] ------------[ cut here ]------------
[ 12.235240] ODEBUG: free active (active state 0) object type: timer_list hint: tcp_write_timer+0x0/0x190
[ 12.237331] WARNING: CPU: 0 PID: 310 at lib/debugobjects.c:502 debug_print_object+0xb8/0x100
...
[ 12.255251] Call trace:
[ 12.255305] debug_print_object+0xb8/0x100
[ 12.255385] __debug_check_no_obj_freed+0x1d0/0x25c
[ 12.255474] debug_check_no_obj_freed+0x20/0x90
[ 12.255555] slab_free_freelist_hook.constprop.0+0xac/0x1b0
[ 12.255650] kmem_cache_free+0x1ac/0x500
[ 12.255728] __sk_destruct+0x140/0x2a0
[ 12.255805] sk_destruct+0x54/0x64
[ 12.255877] __sk_free+0x74/0x120
[ 12.255944] sk_free+0x64/0x8c
[ 12.256009] tcp_close+0x94/0xc0
[ 12.256076] inet_release+0x50/0xb0
[ 12.256145] __sock_release+0x44/0xbc
[ 12.256219] sock_close+0x18/0x30
[ 12.256292] __fput+0x84/0x270
[ 12.256361] ____fput+0x10/0x20
[ 12.256426] task_work_run+0x88/0xf0
[ 12.256499] do_exit+0x334/0xafc
[ 12.256566] do_group_exit+0x34/0x90
[ 12.256634] __arm64_sys_exit_group+0x18/0x20
[ 12.256713] invoke_syscall+0x48/0x114
[ 12.256789] el0_svc_common.constprop.0+0x60/0x11c
[ 12.256874] do_el0_svc+0x30/0xd0
[ 12.256943] el0_svc+0x48/0xc0
[ 12.257008] el0t_64_sync_handler+0xbc/0x13c
[ 12.257086] el0t_64_sync+0x18c/0x190
Is that a real problem or a false positive ? I didn't see that
without your patch series (which of course might be the whole point
of the series).
Thanks,
Guenter
Powered by blists - more mailing lists