Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WARNING: CPU: 1 PID: 1920 at kernel/time/hrtimer.c:928 hrtimer_forward+0x88/0xd0 #17

Open
hyphop opened this issue Apr 3, 2020 · 0 comments
Open

WARNING: CPU: 1 PID: 1920 at kernel/time/hrtimer.c:928 hrtimer_forward+0x88/0xd0 #17

hyphop opened this issue Apr 3, 2020 · 0 comments

Comments

@hyphop
Copy link
Member

hyphop commented Apr 3, 2020 

root@Khadas:~# uname -a
Linux Khadas 5.5.0-rc2 #0.8.3 SMP PREEMPT Thu Apr 2 12:57:12 +09 2020 aarch64 GNU/Linux


root@Khadas:~# [ 1500.861948] ------------[ cut here ]------------
[ 1500.862030] WARNING: CPU: 1 PID: 1920 at kernel/time/hrtimer.c:928 hrtimer_forward+0x88/0xd0
[ 1500.869323] Modules linked in: nft_reject nft_redir nft_queue nft_masq nf_nat nft_hash nft_flow_offload nf_flow_table nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nft_compat nft_log nf_tables nfnetlink bnep zram dw_hdmi_i2s_audio dw_hdmi_cec hci_uart btqca btbcm btintel btsdio meson_dw_hdmi bluetooth meson_drm ir_nec_decoder dw_hdmi meson_rng rng_core drm_kms_helper ecdh_generic ecc meson_vdec(C) drm rc_khadas v4l2_mem2mem videobuf2_dma_contig drm_panel_orientation_quirks videobuf2_memops videobuf2_v4l2 meson_ir videobuf2_common rc_core videodev ao_cec mc cec meson_canvas leds_pwm brcmfmac brcmutil cfg80211 rfkill ip_tables x_tables
[ 1500.885920] thermal thermal_zone0: failed to read out thermal zone (-62)
[ 1500.926431] CPU: 1 PID: 1920 Comm: kworker/1:3 Tainted: G         C        5.5.0-rc2 #0.8.3
[ 1500.926437] Hardware name: Khadas VIM2 (DT)
[ 1500.926455] Workqueue: events dbs_work_handler
[ 1500.949890] pstate: 20000085 (nzCv daIf -PAN -UAO)
[ 1500.954635] pc : hrtimer_forward+0x88/0xd0
[ 1500.958686] lr : txdone_hrtimer+0xe8/0x108
....
numbqq pushed a commit that referenced this issue Nov 7, 2020
@gregkh
tools lib traceevent: Fix memory leak in process_dynamic_array_len
a710335 
[ Upstream commit e24c644 ]

I compiled with AddressSanitizer and I had these memory leaks while I
was using the tep_parse_format function:

    Direct leak of 28 byte(s) in 4 object(s) allocated from:
        #0 0x7fb07db49ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe)
        #1 0x7fb07a724228 in extend_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:985
        #2 0x7fb07a724c21 in __read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1140
        #3 0x7fb07a724f78 in read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1206
        #4 0x7fb07a725191 in __read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1291
        #5 0x7fb07a7251df in read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1299
        #6 0x7fb07a72e6c8 in process_dynamic_array_len /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:2849
        #7 0x7fb07a7304b8 in process_function /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3161
        #8 0x7fb07a730900 in process_arg_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3207
        #9 0x7fb07a727c0b in process_arg /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1786
        #10 0x7fb07a731080 in event_read_print_args /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3285
        #11 0x7fb07a731722 in event_read_print /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3369
        #12 0x7fb07a740054 in __tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6335
        #13 0x7fb07a74047a in __parse_event /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6389
        #14 0x7fb07a740536 in tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6431
        #15 0x7fb07a785acf in parse_event ../../../src/fs-src/fs.c:251
        #16 0x7fb07a785ccd in parse_systems ../../../src/fs-src/fs.c:284
        #17 0x7fb07a786fb3 in read_metadata ../../../src/fs-src/fs.c:593
        #18 0x7fb07a78760e in ftrace_fs_source_init ../../../src/fs-src/fs.c:727
        #19 0x7fb07d90c19c in add_component_with_init_method_data ../../../../src/lib/graph/graph.c:1048
        #20 0x7fb07d90c87b in add_source_component_with_initialize_method_data ../../../../src/lib/graph/graph.c:1127
        #21 0x7fb07d90c92a in bt_graph_add_source_component ../../../../src/lib/graph/graph.c:1152
        #22 0x55db11aa632e in cmd_run_ctx_create_components_from_config_components ../../../src/cli/babeltrace2.c:2252
        #23 0x55db11aa6fda in cmd_run_ctx_create_components ../../../src/cli/babeltrace2.c:2347
        #24 0x55db11aa780c in cmd_run ../../../src/cli/babeltrace2.c:2461
        #25 0x55db11aa8a7d in main ../../../src/cli/babeltrace2.c:2673
        #26 0x7fb07d5460b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

The token variable in the process_dynamic_array_len function is
allocated in the read_expect_type function, but is not freed before
calling the read_token function.

Free the token variable before calling read_token in order to plug the
leak.

Signed-off-by: Philippe Duplessis-Guindon <[email protected]>
Reviewed-by: Steven Rostedt (VMware) <[email protected]>
Link: https://lore.kernel.org/linux-trace-devel/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
JacobZang pushed a commit to JacobZang/linux that referenced this issue Jul 19, 2024
@jankara @akpm00
ocfs2: fix DIO failure due to insufficient transaction credits
be346c1 
The code in ocfs2_dio_end_io_write() estimates number of necessary
transaction credits using ocfs2_calc_extend_credits().  This however does
not take into account that the IO could be arbitrarily large and can
contain arbitrary number of extents.

Extent tree manipulations do often extend the current transaction but not
in all of the cases.  For example if we have only single block extents in
the tree, ocfs2_mark_extent_written() will end up calling
ocfs2_replace_extent_rec() all the time and we will never extend the
current transaction and eventually exhaust all the transaction credits if
the IO contains many single block extents.  Once that happens a
WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in
jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to
this error.  This was actually triggered by one of our customers on a
heavily fragmented OCFS2 filesystem.

To fix the issue make sure the transaction always has enough credits for
one extent insert before each call of ocfs2_mark_extent_written().

Heming Zhao said:

------
PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error"

PID: xxx  TASK: xxxx  CPU: 5  COMMAND: "SubmitThread-CA"
  #0 machine_kexec at ffffffff8c069932
  khadas#1 __crash_kexec at ffffffff8c1338fa
  khadas#2 panic at ffffffff8c1d69b9
  khadas#3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]
  khadas#4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]
  khadas#5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]
  khadas#6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]
  khadas#7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]
  khadas#8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]
  khadas#9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]
khadas#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]
khadas#11 dio_complete at ffffffff8c2b9fa7
khadas#12 do_blockdev_direct_IO at ffffffff8c2bc09f
khadas#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]
khadas#14 generic_file_direct_write at ffffffff8c1dcf14
khadas#15 __generic_file_write_iter at ffffffff8c1dd07b
khadas#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]
khadas#17 aio_write at ffffffff8c2cc72e
khadas#18 kmem_cache_alloc at ffffffff8c248dde
khadas#19 do_io_submit at ffffffff8c2ccada
khadas#20 do_syscall_64 at ffffffff8c004984
khadas#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba

Link: https://lkml.kernel.org/r/[email protected]
Link: https://lkml.kernel.org/r/[email protected]
Fixes: c15471f ("ocfs2: fix sparse file & data ordering issue in direct io")
Signed-off-by: Jan Kara <[email protected]>
Reviewed-by: Joseph Qi <[email protected]>
Reviewed-by: Heming Zhao <[email protected]>
Cc: Mark Fasheh <[email protected]>
Cc: Joel Becker <[email protected]>
Cc: Junxiao Bi <[email protected]>
Cc: Changwei Ge <[email protected]>
Cc: Gang He <[email protected]>
Cc: Jun Piao <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
123Xiong-Zhang pushed a commit that referenced this issue Nov 7, 2024
@suresh2514 @davem330
net-sysfs: add check for netdevice being present to speed_show
4224cfd 
When bringing down the netdevice or system shutdown, a panic can be
triggered while accessing the sysfs path because the device is already
removed.

    [  755.549084] mlx5_core 0000:12:00.1: Shutdown was called
    [  756.404455] mlx5_core 0000:12:00.0: Shutdown was called
    ...
    [  757.937260] BUG: unable to handle kernel NULL pointer dereference at           (null)
    [  758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280

    crash> bt
    ...
    PID: 12649  TASK: ffff8924108f2100  CPU: 1   COMMAND: "amsd"
    ...
     #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778
        [exception RIP: dma_pool_alloc+0x1ab]
        RIP: ffffffff8ee11acb  RSP: ffff89240e1a3968  RFLAGS: 00010046
        RAX: 0000000000000246  RBX: ffff89243d874100  RCX: 0000000000001000
        RDX: 0000000000000000  RSI: 0000000000000246  RDI: ffff89243d874090
        RBP: ffff89240e1a39c0   R8: 000000000001f080   R9: ffff8905ffc03c00
        R10: ffffffffc04680d4  R11: ffffffff8edde9fd  R12: 00000000000080d0
        R13: ffff89243d874090  R14: ffff89243d874080  R15: 0000000000000000
        ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
    #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]
    #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]
    #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]
    #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]
    #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]
    #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]
    #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]
    #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46
    #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208
    #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3
    #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf
    #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596
    #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10
    #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5
    #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff
    #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f
    #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92

    crash> net_device.state ffff89443b0c0000
      state = 0x5  (__LINK_STATE_START| __LINK_STATE_NOCARRIER)

To prevent this scenario, we also make sure that the netdevice is present.

Signed-off-by: suresh kumar <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hyphop