Re: rb tree hrtimer lockup bug (found by perf_fuzzer)
From: Thomas Gleixner
Date: Fri Mar 21 2014 - 05:02:58 EST
On Thu, 20 Mar 2014, Vince Weaver wrote:
> On Thu, 20 Mar 2014, Thomas Gleixner wrote:
> >
> > Yeah, it causes the explosion in the debug object code. This should
> > have been:
> >
> > + trace_printk("Tracking Object free: %s %p %pS\n",
> > + descr->name, obj->object, obj->hint);
>
> attached are the results with the corrected patch.
I'm a complete idiot. I was staring at oaddr and did not notice that
descr->name is the real culprit. Sorry. Delta patch below.
Thanks,
tglx
Index: linux-2.6/lib/debugobjects.c
===================================================================
--- linux-2.6.orig/lib/debugobjects.c
+++ linux-2.6/lib/debugobjects.c
@@ -769,6 +769,7 @@ repeat:
/* Now free them */
hlist_for_each_entry_safe(obj, tmp, &freelist, node) {
hlist_del(&obj->node);
+ descr = obj->descr;
trace_printk("Tracking Object free: %s %p %pS\n",
descr->name, obj->object, obj->hint);
free_object(obj);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/