Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp1763314pxt; Sun, 8 Aug 2021 00:25:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwj1K+LPNZ2yw542yL6IwnZjpX+quzzqVIGSCrmIeQQMHr2QQyEDIpErfeVp3DKKgv2evZA X-Received: by 2002:a92:ad12:: with SMTP id w18mr44669ilh.3.1628407503288; Sun, 08 Aug 2021 00:25:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628407503; cv=none; d=google.com; s=arc-20160816; b=JhMkq42+tmH3t0/lsb7+8OTd1fepj1v6jxkFosk6CALRrqesNRR6KEfa4tAGiEMIJ4 TIncyQKIuxZY1gSasyXAUhtcK52W7sej3L4NaoUGa3H0Lx6iVHh4eYPEElIEdwPUFHnb grZu47u1bI7imZRCOBLfHaLD3Aop0FwVLJ+GHdgv1QDkZWE2ciRzVPsqMVZQbFjAVIGh kT6OxxlK74dugvmzW46VxE7k6jshRg2EaHbfFf3mFTOcQ7kKj+uDNKP5Ex3ZVWNNEroj RGLowWzlIUysTaN+Mpcep0y5KgdOh4Eq9TMBSs4MwujZ5rirqyMjeeAN7bZsHtpZUawr LuXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qZaMOEwpXX8z5EGmQapYaCTBjRAtvwq/0bKvd3BEKo0=; b=hydBjVjOJmrwhLmiCp6t6NKKm52UVryHXuzHJknicGNpouoObt/oQE560N73k0BOOh foHjJOpiRh3+Shch3jJneKE0pAmEbo1HFFjMIV2jtWV8o2xKUKUNufl9cnS9bu78GW73 gKUvwos3Z19Wh2Aa1iRjtO/wyxS7c26+sv4e7bO2wY5/mu8QzBxaUZiG4t5bEJq2KGbh 6s3mJofsB5HCbL26Si9VeVNYPCqECQq3Jvg9/7EcNYNojsGbec2fch4cF9iVnBkI7vik RFtyZKRjZXa7DR6EPCbphWsO4/7cuTVDrPinKhGHSTGQ6D3kwxhiDP7K9HyUxFthYxsU Hhfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=f2bwoahe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w21si4275387ior.60.2021.08.08.00.24.52; Sun, 08 Aug 2021 00:25:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=f2bwoahe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231576AbhHHHYZ (ORCPT + 99 others); Sun, 8 Aug 2021 03:24:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:55550 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231444AbhHHHXk (ORCPT ); Sun, 8 Aug 2021 03:23:40 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7631561078; Sun, 8 Aug 2021 07:23:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1628407399; bh=KN7RioHkbUYpen5v2+u3FXY+CFPQSgLiPsGCX2wQpn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f2bwoaheQYc/ca8hYJV/y8u70ypXHomGXT0RMn/qAAAOogS6dAd7Or/mzpzh1rzNk qam36JFoi39ARudWG/XYKnhDpx0S+5SkZt09eZU4vlp7AhtxisaJhlyL3TafbjYTLH W6lWSatnOcpeAUMZxRMSKmuJ81cM3rtgAMbH5I5M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Levin , Thomas Gleixner , "Peter Zijlstra (Intel)" , Linus Torvalds , Ingo Molnar , Zhen Lei , Joe Korty Subject: [PATCH 4.4 09/11] futex: Avoid freeing an active timer Date: Sun, 8 Aug 2021 09:22:44 +0200 Message-Id: <20210808072217.637655944@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210808072217.322468704@linuxfoundation.org> References: <20210808072217.322468704@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Gleixner [ Upstream commit 97181f9bd57405b879403763284537e27d46963d ] Alexander reported a hrtimer debug_object splat: ODEBUG: free active (active state 0) object type: hrtimer hint: hrtimer_wakeup (kernel/time/hrtimer.c:1423) debug_object_free (lib/debugobjects.c:603) destroy_hrtimer_on_stack (kernel/time/hrtimer.c:427) futex_lock_pi (kernel/futex.c:2740) do_futex (kernel/futex.c:3399) SyS_futex (kernel/futex.c:3447 kernel/futex.c:3415) do_syscall_64 (arch/x86/entry/common.c:284) entry_SYSCALL64_slow_path (arch/x86/entry/entry_64.S:249) Which was caused by commit: cfafcd117da0 ("futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()") ... losing the hrtimer_cancel() in the shuffle. Where previously the hrtimer_cancel() was done by rt_mutex_slowlock() we now need to do it manually. Reported-by: Alexander Levin Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Fixes: cfafcd117da0 ("futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()") Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1704101802370.2906@nanos Signed-off-by: Ingo Molnar Signed-off-by: Zhen Lei Acked-by: Joe Korty Signed-off-by: Greg Kroah-Hartman --- kernel/futex.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2960,8 +2960,10 @@ out_unlock_put_key: out_put_key: put_futex_key(&q.key); out: - if (to) + if (to) { + hrtimer_cancel(&to->timer); destroy_hrtimer_on_stack(&to->timer); + } return ret != -EINTR ? ret : -ERESTARTNOINTR; uaddr_faulted: