I am looking into a bug that results in umount failures ( since there is a mount ref from the leaked file that is never freed on the mount )
The issue seems to be a result of the following callstack
39.958104: <6> Call trace:
39.958108: <2> [<ffffffc0001baa58>] fput+0x1e0/0x1f8
39.958113: <2> [<ffffffc0001b6ce8>] filp_close+0xa0/0xb8
39.958119: <2> [<ffffffc0001d3ca8>] put_files_struct+0x88/0xf0
39.958123: <2> [<ffffffc000973c40>] binder_deferred_func+0x6a8/0x704
39.958129: <2> [<ffffffc0000ba32c>] process_one_work+0x238/0x3f0
39.958133: <2> [<ffffffc0000bb160>] worker_thread+0x2f8/0x418
What seems to occur is that once in a while a file ( say a.txt) is fput in the above stack
right as the task is being killed
And then we see that the fput schedules a delayed_fput_work on this file
But when the function delayed_fput() is actually run :
the file that was put i.e this a.txt is not in the delayed_fput_list
Any chance you can help me get to the bottom of this leak?
I dont understand why the delayed_fput_list is missing the file.
Is there some sort of race condition?