All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <greg@kroah.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>,
	LKML <linux-kernel@vger.kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>
Subject: Re: rb tree hrtimer lockup bug (found by perf_fuzzer)
Date: Thu, 24 Apr 2014 12:37:50 -0700	[thread overview]
Message-ID: <20140424193750.GB26081@kroah.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1404170951080.22697@ionos.tec.linutronix.de>

On Thu, Apr 17, 2014 at 09:59:01AM +0200, Thomas Gleixner wrote:
> On Wed, 16 Apr 2014, Greg KH wrote:
> > On Thu, Apr 17, 2014 at 01:00:53AM +0200, Thomas Gleixner wrote:
> > > And cdevs is an array of  struct cdev:
> > > 
> > > struct cdev {
> > > 	struct kobject kobj;
> > 
> > Those are not "real" kobjects, and are never registered with the kobject
> > core.
> > 
> > I really need to go rename those one of these days, and just make them a
> > separate object, as they have nothing to do with a "normal" kobject
> > other than the reference count and the use of the kobject map stuff.
> > 
> > So if this is showing up as a problem, something else is going on here,
> > as this should not be an issue at all.
> 
> As far as I decoded it from Vince traces the issue is only with
> DEBUG_KOBJECT_RELEASE=y. That deferres the release to a workqueue.
> 
> Now the cdevs in tty are allocated ahead and not freed on
> release. They stay in the cdevs[] array of the tty drivers.
> 
> Now if a cdev is released the kobject debug stuff schedules the
> delayed work, but the tty core can reuse the cdev.before the delayed
> work has been executed and first thing it does is calling cdev_init()
> which does a
> 
>      memset(cdev, 0, sizeof *cdev);
> 
> which of course includes the enqueued timer and the scheduled work. Go
> figure how well that goes.

Ugh, the kobject isn't "real", but it seems like it has changed over
time to be more real than I imagined.

I'll work to rip the kobject code out of the cdev soon, which should
resolve this issue, thanks.

greg k-h

      reply	other threads:[~2014-04-24 19:35 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-03 20:34 perf_fuzzer: lockup/reboot bug Vince Weaver
2014-03-04 21:32 ` Vince Weaver
2014-03-18 16:56   ` rb tree hrtimer lockup bug (found by perf_fuzzer) Vince Weaver
2014-03-18 18:21     ` Thomas Gleixner
2014-03-18 19:25       ` Vince Weaver
2014-03-18 20:52         ` Thomas Gleixner
2014-03-18 21:10           ` Vince Weaver
2014-03-18 21:45             ` Thomas Gleixner
2014-03-19 13:46               ` Vince Weaver
2014-03-19 13:58                 ` Thomas Gleixner
2014-03-19 14:42                   ` Vince Weaver
2014-03-19 15:05                     ` Thomas Gleixner
2014-03-19 17:04                       ` Vince Weaver
2014-03-20 10:47                         ` Thomas Gleixner
2014-03-20 14:47                           ` Vince Weaver
2014-03-20 15:12                             ` Thomas Gleixner
2014-03-20 21:25                               ` Vince Weaver
2014-03-21  9:02                                 ` Thomas Gleixner
2014-03-21 20:11                                   ` Vince Weaver
2014-03-22 10:24                                     ` Thomas Gleixner
2014-03-22 20:22                                       ` Thomas Gleixner
2014-03-23 15:14                                         ` Thomas Gleixner
2014-03-23 23:25                                           ` Thomas Gleixner
2014-03-25 21:06                                             ` Vince Weaver
2014-03-25 21:52                                               ` Thomas Gleixner
2014-03-26 21:33                                                 ` Vince Weaver
2014-03-26 22:00                                                   ` Thomas Gleixner
2014-03-27 13:41                                                     ` Vince Weaver
2014-03-31 11:18                                                       ` Thomas Gleixner
2014-03-31 11:46                                                         ` Ingo Molnar
2014-03-31 13:30                                                         ` Vince Weaver
2014-03-31 13:48                                                           ` Thomas Gleixner
2014-04-06  3:47                                                         ` Greg KH
2014-04-16 23:00                                                           ` Thomas Gleixner
2014-04-17  2:38                                                             ` Greg KH
2014-04-17  7:59                                                               ` Thomas Gleixner
2014-04-24 19:37                                                                 ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140424193750.GB26081@kroah.com \
    --to=greg@kroah.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=vincent.weaver@maine.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.