Re: Freeing active kobject in pps_device_destruct
From: Thomas Gleixner
Date: Mon Jun 27 2016 - 09:15:22 EST
On Sat, 25 Jun 2016, Vegard Nossum wrote:
> On 27 November 2015 at 05:30, Sasha Levin <sasha.levin@xxxxxxxxxx> wrote:
> > (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
> > [ 1167.394563] Workqueue: events kobject_delayed_cleanup
> > [ 1167.410301] [<ffffffffab7aac4c>] kfree+0x1fc/0x2f0
> > [ 1167.410734] [<ffffffffb1f7a447>] pps_device_destruct+0x107/0x110
> > [ 1167.413495] [<fffffffface715ad>] kobject_delayed_cleanup+0x34d/0x3b0
> > [ 1167.414049] [<ffffffffab39fa37>] process_one_work+0xab7/0x13b0
> > [ 1167.417188] [<ffffffffab3a0c6d>] worker_thread+0x93d/0xd20
> > [ 1167.418782] [<ffffffffab3b34a0>] kthread+0x290/0x2b0
> > [ 1167.422467] [<ffffffffb4a1290f>] ret_from_fork+0x3f/0x70
> ODEBUG: free active (active state 0) object type: timer_list hint:
> delayed_work_timer_fn+0x0/0x50
> [<ffffffff8132c563>] kfree+0x103/0x2f0
> [<ffffffff8163af91>] disk_release+0x141/0x180
> [<ffffffff818bcc5a>] device_release+0x4a/0x100
> [<ffffffff816763ac>] kobject_delayed_cleanup+0x6c/0xb0
> [<ffffffff810f698d>] process_one_work+0x46d/0xa60
> [<ffffffff810f700b>] worker_thread+0x8b/0x730
> [<ffffffff81100fe2>] kthread+0x192/0x1b0
> [<ffffffff81d6240f>] ret_from_fork+0x1f/0x40
> As far as I can tell, it seems like a general problem with
> kobject_delayed_cleanup() OR delayed work handling. debugobjects is
> complaining about the timer used to delay the work is still "active"
> (not as in hasn't fired but as in not destroyed) when disk_release()
State active means: The timer is queued and has not yet fired.
Which is completely confusing because the delayed work will only be processed
after the timer has fired. And when the timer fires it is deactivated in debug
objects before the callback function is invoked.
So it's really puzzling why the debug objects state of the timer would be
ODEBUG_STATE_ACTIVE, which is the only way that the debug objects free check
can trigger.
Confused!
tglx