linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dave Jones <davej@codemonkey.org.uk>
To: Tejun Heo <tj@kernel.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
	Ursula Braun <ubraun@linux.vnet.ibm.com>
Subject: Re: __queue_work oops.
Date: Mon, 27 Feb 2017 14:57:56 -0500	[thread overview]
Message-ID: <20170227195756.apbhfr2lcygpevaj@codemonkey.org.uk> (raw)
In-Reply-To: <20170227183925.GA8707@htj.duckdns.org>

On Mon, Feb 27, 2017 at 01:39:25PM -0500, Tejun Heo wrote:

 > On Mon, Feb 27, 2017 at 12:14:39PM -0500, Dave Jones wrote:
 > > Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
 > > CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.10.0-think+ #9 
 > > task: ffff88017f105440 task.stack: ffffc90000094000
 > > RIP: 0010:__queue_work+0x2d/0x700
 > > RSP: 0018:ffff880507c03df8 EFLAGS: 00010046
 > > RAX: 0000000000000082 RBX: 0000000000000101 RCX: 0000000000000002
 > > RDX: ffff88047bf07c98 RSI: 0000000000000000 RDI: 0000000000000000
 > > RBP: ffff880507c03e30 R08: 0000000000000001 R09: ffffffff8294bf68
 > > R10: ffff880507c03e58 R11: 0000000000000000 R12: ffff88047bf07ce8
 > > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88047bf07c98
 > > FS:  0000000000000000(0000) GS:ffff880507c00000(0000) knlGS:0000000000000000
 > > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 > > CR2: 00000000000001c2 CR3: 0000000004e11000 CR4: 00000000001406e0
 > > Call Trace:
 > >  <IRQ>
 > >  ? work_on_cpu+0xb0/0xb0
 > >  delayed_work_timer_fn+0x1e/0x20
 > >  call_timer_fn+0xbd/0x480
 > ...
 > > Code starting with the faulting instruction
 > > ===========================================
 > >    0:	41 f6 85 c2 01 00 00 	testb  $0x1,0x1c2(%r13)
 > >    7:	01 
 > >    8:	0f 85 22 04 00 00    	jne    0x430
 > >    e:	49                   	rex.WB
 > >    f:	bc eb 83 b5 80       	mov    $0x80b583eb,%esp
 > >   14:	46                   	rex.RX
 > > 
 > > 0000000000003cf0 <__queue_work>:
 > > {
 > >     3cf0:       e8 00 00 00 00          callq  3cf5 <__queue_work+0x5>
 > >     3cf5:       55                      push   %rbp
 > >     3cf6:       48 89 e5                mov    %rsp,%rbp
 > >     3cf9:       41 57                   push   %r15
 > >     3cfb:       49 89 d7                mov    %rdx,%r15
 > >     3cfe:       41 56                   push   %r14
 > >         unsigned int req_cpu = cpu;
 > >     3d00:       41 89 fe                mov    %edi,%r14d
 > > {
 > >     3d03:       41 55                   push   %r13
 > >     3d05:       49 89 f5                mov    %rsi,%r13
 > >     3d08:       41 54                   push   %r12
 > >     3d0a:       53                      push   %rbx
 > >     3d0b:       48 83 ec 10             sub    $0x10,%rsp
 > >     3d0f:       89 7d d4                mov    %edi,-0x2c(%rbp)
 > >         asm volatile("# __raw_save_flags\n\t"
 > >     3d12:       9c                      pushfq 
 > >     3d13:       58                      pop    %rax
 > >         WARN_ON_ONCE(!irqs_disabled());
 > >     3d14:       f6 c4 02                test   $0x2,%ah
 > >     3d17:       0f 85 06 04 00 00       jne    4123 <__queue_work+0x433>
 > >         if (unlikely(wq->flags & __WQ_DRAINING) &&
 > >     3d1d:       41 f6 85 c2 01 00 00    testb  $0x1,0x1c2(%r13)
 > > 
 > > 
 > > So we called __queue_work with a null wq.
 > 
 > So, that's somebody calling queue_delayed_work[_on]() with a NULL wq
 > and when the timeout expires the timer callback trying to queue
 > against NULL.  Hmm... the work function would be able to tell us who
 > queued it but it isn't part of the information dumped here (would be
 > 0x18(%rdx)).
 > 
 > I'll add a sanity check on queue_delayed_work_on() so that we can
 > catch it synchronously when it happens.

I dumped work->func, and found it pointed to smc_close_sock_put_work

<smc maintainer cc'd>

	Dave
 

  reply	other threads:[~2017-02-27 22:09 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-27 17:14 __queue_work oops Dave Jones
2017-02-27 18:39 ` Tejun Heo
2017-02-27 19:57   ` Dave Jones [this message]
2017-03-06 20:39   ` Tejun Heo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170227195756.apbhfr2lcygpevaj@codemonkey.org.uk \
    --to=davej@codemonkey.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tj@kernel.org \
    --cc=ubraun@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).