Freeing active kobject in pps_device_destruct
From: Sasha Levin
Date: Thu Nov 26 2015 - 23:31:15 EST
Hi,
Fuzzing with syzkaller on the latest -next kernel produced this error:
[ 1167.390182] WARNING: CPU: 14 PID: 607 at lib/debugobjects.c:263 debug_print_object+0x1c4/0x1e0()
(active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
[ 1167.392644] Modules linked in:
[ 1167.393120] CPU: 14 PID: 607 Comm: kworker/14:1 Tainted: G W 4.4.0-rc2-next-20151126 sasha-00005-g00d303e-dirty #2651
[ 1167.394563] Workqueue: events kobject_delayed_cleanup
[ 1167.395226] 000000000000000e 000000006f32b107 ffff8806b83478b8 fffffffface6b5bb
[ 1167.396254] ffff8806b8347928 ffff8806b7b80000 ffffffffb515c7a0 ffff8806b83478f8
[ 1167.397403] ffffffffab3531d3 ffffffffaced0194 ffffed00d7068f21 ffffffffb515c7a0
[ 1167.398499] Call Trace:
[ 1167.398891] [<fffffffface6b5bb>] dump_stack+0x72/0xb7
[ 1167.399516] [<ffffffffab3531d3>] warn_slowpath_common+0x113/0x140
[ 1167.401705] [<ffffffffab3532cb>] warn_slowpath_fmt+0xcb/0x100
[ 1167.404799] [<ffffffffaced0194>] debug_print_object+0x1c4/0x1e0
[ 1167.406723] [<ffffffffaced1035>] __debug_check_no_obj_freed+0x215/0x7a0
[ 1167.409634] [<ffffffffaced2b6c>] debug_check_no_obj_freed+0x2c/0x40
[ 1167.410301] [<ffffffffab7aac4c>] kfree+0x1fc/0x2f0
[ 1167.410734] [<ffffffffb1f7a447>] pps_device_destruct+0x107/0x110
[ 1167.413495] [<fffffffface715ad>] kobject_delayed_cleanup+0x34d/0x3b0
[ 1167.414049] [<ffffffffab39fa37>] process_one_work+0xab7/0x13b0
[ 1167.417188] [<ffffffffab3a0c6d>] worker_thread+0x93d/0xd20
[ 1167.418782] [<ffffffffab3b34a0>] kthread+0x290/0x2b0
[ 1167.422467] [<ffffffffb4a1290f>] ret_from_fork+0x3f/0x70
Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/