Just hit this..
WARNING: at lib/debugobjects.c:261 debug_print_object+0x8c/0xb0()
ODEBUG: free active (active state 0) object type: work_struct hint: flush_to_ldisc+0x0/0x1a0
Modules linked in: fuse ipt_ULOG nfnetlink tun binfmt_misc nfc caif_socket caif phonet can llc2 pppoe pppox ppp_generic slhc irda crc_ccitt rds af_key decnet rose x25 atm netrom appletalk ipx p8023 psnap p8022 llc ax25 lockd sunrpc bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables kvm_intel usb_debug kvm crc32c_intel ghash_clmulni_intel microcode pcspkr i2c_i801 e1000e uinput i915 video i2c_algo_bit drm_kms_helper drm i2c_core
Pid: 23707, comm: kworker/3:0 Not tainted 3.6.0+ #26
Call Trace:
[<ffffffff8107005f>] warn_slowpath_common+0x7f/0xc0
[<ffffffff81070156>] warn_slowpath_fmt+0x46/0x50
[<ffffffff813728fc>] debug_print_object+0x8c/0xb0
[<ffffffff8141c200>] ? tty_insert_flip_string_fixed_flag+0x100/0x100
[<ffffffff81373699>] debug_check_no_obj_freed+0x119/0x210
[<ffffffff814122c6>] ? free_tty_struct+0x46/0x50
[<ffffffff811cd166>] kfree+0xe6/0x340
[<ffffffff814122c6>] free_tty_struct+0x46/0x50
[<ffffffff81412377>] release_one_tty+0xa7/0xc0
[<ffffffff81094bc7>] process_one_work+0x207/0x770
[<ffffffff81094b57>] ? process_one_work+0x197/0x770
[<ffffffff814122d0>] ? free_tty_struct+0x50/0x50
[<ffffffff8109550e>] worker_thread+0x15e/0x440
[<ffffffff810953b0>] ? rescuer_thread+0x240/0x240
[<ffffffff8109c25d>] kthread+0xed/0x100
[<ffffffff816bdcd9>] ? sub_preempt_count+0x79/0xd0
[<ffffffff816c34a4>] kernel_thread_helper+0x4/0x10
[<ffffffff810aa29c>] ? finish_task_switch+0x7c/0x120
[<ffffffff816b92bb>] ? _raw_spin_unlock_irq+0x4b/0x80
[<ffffffff816b9d37>] ? retint_restore_args+0x13/0x13
[<ffffffff8109c170>] ? kthread_create_on_node+0x160/0x160
[<ffffffff816c34a0>] ? gs_change+0x13/0x13
---[ end trace fbabf37a8756c1c9 ]---
On 10/10/2012 06:26 AM, Dave Jones wrote:
> Just hit this..
That'd be me perhaps. Do you have some serial device connected? Or is it
a pure terminals + ptys? Did you do something special? This very smells
like tty_port is being freed while flushing work_struct is still active.
> WARNING: at lib/debugobjects.c:261 debug_print_object+0x8c/0xb0()
> ODEBUG: free active (active state 0) object type: work_struct hint: flush_to_ldisc+0x0/0x1a0
> Modules linked in: fuse ipt_ULOG nfnetlink tun binfmt_misc nfc caif_socket caif phonet can llc2 pppoe pppox ppp_generic slhc irda crc_ccitt rds af_key decnet rose x25 atm netrom appletalk ipx p8023 psnap p8022 llc ax25 lockd sunrpc bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables kvm_intel usb_debug kvm crc32c_intel ghash_clmulni_intel microcode pcspkr i2c_i801 e1000e uinput i915 video i2c_algo_bit drm_kms_helper drm i2c_core
> Pid: 23707, comm: kworker/3:0 Not tainted 3.6.0+ #26
> Call Trace:
> [<ffffffff8107005f>] warn_slowpath_common+0x7f/0xc0
> [<ffffffff81070156>] warn_slowpath_fmt+0x46/0x50
> [<ffffffff813728fc>] debug_print_object+0x8c/0xb0
> [<ffffffff8141c200>] ? tty_insert_flip_string_fixed_flag+0x100/0x100
> [<ffffffff81373699>] debug_check_no_obj_freed+0x119/0x210
> [<ffffffff814122c6>] ? free_tty_struct+0x46/0x50
> [<ffffffff811cd166>] kfree+0xe6/0x340
> [<ffffffff814122c6>] free_tty_struct+0x46/0x50
> [<ffffffff81412377>] release_one_tty+0xa7/0xc0
> [<ffffffff81094bc7>] process_one_work+0x207/0x770
> [<ffffffff81094b57>] ? process_one_work+0x197/0x770
> [<ffffffff814122d0>] ? free_tty_struct+0x50/0x50
> [<ffffffff8109550e>] worker_thread+0x15e/0x440
> [<ffffffff810953b0>] ? rescuer_thread+0x240/0x240
> [<ffffffff8109c25d>] kthread+0xed/0x100
> [<ffffffff816bdcd9>] ? sub_preempt_count+0x79/0xd0
> [<ffffffff816c34a4>] kernel_thread_helper+0x4/0x10
> [<ffffffff810aa29c>] ? finish_task_switch+0x7c/0x120
> [<ffffffff816b92bb>] ? _raw_spin_unlock_irq+0x4b/0x80
> [<ffffffff816b9d37>] ? retint_restore_args+0x13/0x13
> [<ffffffff8109c170>] ? kthread_create_on_node+0x160/0x160
> [<ffffffff816c34a0>] ? gs_change+0x13/0x13
thanks,
--
js
suse labs
On Wed, Oct 10, 2012 at 10:11:44AM +0200, Jiri Slaby wrote:
> On 10/10/2012 06:26 AM, Dave Jones wrote:
> > Just hit this..
>
> That'd be me perhaps. Do you have some serial device connected? Or is it
> a pure terminals + ptys?
There's a usb serial tty connected. other than that, just regular ptys.
> Did you do something special? This very smells
Box had been running fuzz testing for ~9 hours.
Unfortunatly because of another bug that still isn't fixed, I can't narrow
down the window yet.
> like tty_port is being freed while flushing work_struct is still active.
The fuzzer forks multiple processes, so this sounds feasible.
Dave