Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers

From: Guenter Roeck
Date: Thu Oct 27 2022 - 15:38:25 EST

Next message: Guenter Roeck: "Re: [PATCH 5.10 00/79] 5.10.151-rc1 review"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v3 1/5] dt-bindings: clock: Add QDU1000 and QRU1000 GCC clock bindings"
In reply to: Steven Rostedt: "Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers"
Next in thread: Guenter Roeck: "Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/27/22 12:27, Steven Rostedt wrote:

On Thu, 27 Oct 2022 15:20:58 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

(many more of those)
...
[ 16.329989] timer_fixup_free+0x40/0x54

Ah, I see the issue here. Looks like the timer_fixup_free() is calling
itself and crashing.

Let me take a look into that. I didn't touch the fixup code, and there
could be an assumption there that it's behaving with the old approach.

Can you add this and see if it makes this issue go away?

Yes, that fixes the crash. However, it still reports

[ 12.235054] ------------[ cut here ]------------
[ 12.235240] ODEBUG: free active (active state 0) object type: timer_list hint: tcp_write_timer+0x0/0x190
[ 12.237331] WARNING: CPU: 0 PID: 310 at lib/debugobjects.c:502 debug_print_object+0xb8/0x100
...
[ 12.255251] Call trace:
[ 12.255305] debug_print_object+0xb8/0x100
[ 12.255385] __debug_check_no_obj_freed+0x1d0/0x25c
[ 12.255474] debug_check_no_obj_freed+0x20/0x90
[ 12.255555] slab_free_freelist_hook.constprop.0+0xac/0x1b0
[ 12.255650] kmem_cache_free+0x1ac/0x500
[ 12.255728] __sk_destruct+0x140/0x2a0
[ 12.255805] sk_destruct+0x54/0x64
[ 12.255877] __sk_free+0x74/0x120
[ 12.255944] sk_free+0x64/0x8c
[ 12.256009] tcp_close+0x94/0xc0
[ 12.256076] inet_release+0x50/0xb0
[ 12.256145] __sock_release+0x44/0xbc
[ 12.256219] sock_close+0x18/0x30
[ 12.256292] __fput+0x84/0x270
[ 12.256361] ____fput+0x10/0x20
[ 12.256426] task_work_run+0x88/0xf0
[ 12.256499] do_exit+0x334/0xafc
[ 12.256566] do_group_exit+0x34/0x90
[ 12.256634] __arm64_sys_exit_group+0x18/0x20
[ 12.256713] invoke_syscall+0x48/0x114
[ 12.256789] el0_svc_common.constprop.0+0x60/0x11c
[ 12.256874] do_el0_svc+0x30/0xd0
[ 12.256943] el0_svc+0x48/0xc0
[ 12.257008] el0t_64_sync_handler+0xbc/0x13c
[ 12.257086] el0t_64_sync+0x18c/0x190

Is that a real problem or a false positive ? I didn't see that
without your patch series (which of course might be the whole point
of the series).

Thanks,
Guenter

Next message: Guenter Roeck: "Re: [PATCH 5.10 00/79] 5.10.151-rc1 review"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v3 1/5] dt-bindings: clock: Add QDU1000 and QRU1000 GCC clock bindings"
In reply to: Steven Rostedt: "Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers"
Next in thread: Guenter Roeck: "Re: [RFC][PATCH v2 00/31] timers: Use del_timer_shutdown() before freeing timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]