From: Alex Chiang <achiang@hp.com>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Greg KH <greg@kroah.com>,
kay.sievers@vrfy.org, rjw@sisk.pl, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org
Subject: Re: kobj refcounting weirdness
Date: Mon, 9 Mar 2009 11:21:23 -0600 [thread overview]
Message-ID: <20090309172123.GF32589@ldl.fc.hp.com> (raw)
In-Reply-To: <20090309165807.GU25995@parisc-linux.org>
* Matthew Wilcox <matthew@wil.cx>:
> On Mon, Mar 09, 2009 at 10:50:10AM -0600, Alex Chiang wrote:
> > I thought about the allocators returning a pointer to the same
> > location that maybe has some valid looking data hanging around,
> > but it's not wise for someone like me to go pointing fingers at
> > the allocator before I've proven the bug isn't in my code. ;)
>
> Slab poisoning would be the logical next thing to try to decide whether
> the allocator is wrong or you're using it wrong ;-)
Hey shiny!
Thanks, this is good -- I hopefully muddle my way through and
figure out what's going on.
[output of slab poisoning below]
/ac
[root@tahitifp1 pci]# echo 1 > devices/0000\:04\:00.0/remove
kobject: '0000:06:00.0' (e0000001818153f0): kobject_uevent_env
kobject: '0000:06:00.0' (e0000001818153f0): fill_kobj_path: path = '/devices/pci0000:03/0000:03:00.0/0000:04:00.0/0000:05:02.0/0000:06:00.0'
kobject: '0000:06:00.0' (e0000001818153f0): kobject_cleanup
kobject: '0000:06:00.0' (e0000001818153f0): calling ktype release
kobject: '0000:06:00.0': free name
kobject: '0000:06:00.1' (e000000181815c38): kobject_uevent_env
kobject: '0000:06:00.1' (e000000181815c38): fill_kobj_path: path = '/devices/pci
0000:03/0000:03:00.0/0000:04:00.0/0000:05:02.0/0000:06:00.1'
kobject: '0000:06:00.1' (e000000181815c38): kobject_cleanup
kobject: '0000:06:00.1' (e000000181815c38): calling ktype release
kobject: '0000:06:00.1': free name
kobject: '0000:06' (e000000180186430): kobject_uevent_env
kobject: '0000:06' (e000000180186430): fill_kobj_path: path = '/class/pci_bus/00
00:06'
kobject: '0000:05:02.0' (e000000181814360): fill_kobj_path: path = '/devices/pci
0000:03/0000:03:00.0/0000:04:00.0/0000:05:02.0'
kobject: '0000:06' (e000000180186430): kobject_cleanup
kobject: '0000:06' (e000000180186430): calling ktype release
kobject: '0000:06': free name
aer 0000:05:02.0:pcie22: unloading service driver aer
kobject: '0000:05:02.0:pcie22' (e000000183350788): kobject_uevent_env
kobject: '0000:05:02.0:pcie22' (e000000183350788): fill_kobj_path: path = '/devi
ces/pci0000:03/0000:03:00.0/0000:04:00.0/0000:05:02.0/0000:05:02.0:pcie22'
kobject: '0000:05:02.0:pcie22' (e000000183350788): kobject_cleanup
kobject: '0000:05:02.0:pcie22' (e000000183350788): calling ktype release
kobject: '0000:05:02.0:pcie22': free name
kobject: '0000:05:02.0:pcie28' (e0000001833509d0): kobject_uevent_env
kobject: '0000:05:02.0:pcie28' (e0000001833509d0): fill_kobj_path: path = '/devi
ces/pci0000:03/0000:03:00.0/0000:04:00.0/0000:05:02.0/0000:05:02.0:pcie28'
kobject: '0000:05:02.0:pcie28' (e0000001833509d0): kobject_cleanup
kobject: '0000:05:02.0:pcie28' (e0000001833509d0): calling ktype release
kobject: '0000:05:02.0:pcie28': free name
=============================================================================
BUG kmalloc-8: Object already free
-----------------------------------------------------------------------------
INFO: Allocated in pcie_port_device_register+0x60/0x920 age=56269 cpu=7 pid=1
INFO: Freed in pcie_port_device_remove+0xb0/0xe0 age=0 cpu=0 pid=28
INFO: Slab 0xa07fffffc81cb0f8 objects=819 used=812 fp=0xe000000183291770 flags=0
x10000000000083
INFO: Object 0xe000000183291770 @offset=6000 fp=0xe000000183291860
Bytes b4 0xe000000183291760: 3d ef ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a =�
....ZZZZZZZZ
Object 0xe000000183291770: 6b 6b 6b 6b 6b 6b 6b a5 kk
kkkkk�
Redzone 0xe000000183291778: bb bb bb bb bb bb bb bb ��
������
Padding 0xe0000001832917b8: 5a 5a 5a 5a 5a 5a 5a 5a ZZ
ZZZZZZ
Call Trace:
[<a0000001000146d0>] show_stack+0x50/0xa0
sp=e0000001813efc00 bsp=e0000001813e1308
[<a000000100014750>] dump_stack+0x30/0x60
sp=e0000001813efdd0 bsp=e0000001813e12f0
[<a000000100175fe0>] print_trailer+0x220/0x240
sp=e0000001813efdd0 bsp=e0000001813e12b0
[<a000000100176050>] object_err+0x50/0x80
sp=e0000001813efdd0 bsp=e0000001813e1278
[<a000000100179c70>] __slab_free+0x5b0/0x7a0
sp=e0000001813efdd0 bsp=e0000001813e1230
[<a00000010017b750>] kfree+0x250/0x2a0
sp=e0000001813efdd0 bsp=e0000001813e11e8
[<a0000001004226a0>] pcie_portdrv_remove+0x40/0x60
sp=e0000001813efdd0 bsp=e0000001813e11c8
[<a000000100417b20>] pci_device_remove+0x80/0x100
sp=e0000001813efdd0 bsp=e0000001813e11a0
[<a00000010050f920>] __device_release_driver+0x100/0x160
sp=e0000001813efdd0 bsp=e0000001813e1168
[<a00000010050f9b0>] device_release_driver+0x30/0x60
sp=e0000001813efdd0 bsp=e0000001813e1140
[<a00000010050d350>] bus_remove_device+0x1d0/0x220
sp=e0000001813efdd0 bsp=e0000001813e1100
[<a0000001005080e0>] device_del+0x2c0/0x3a0
sp=e0000001813efdd0 bsp=e0000001813e10c8
[<a000000100508290>] device_unregister+0xd0/0x100
sp=e0000001813efdd0 bsp=e0000001813e10a8
[<a00000010040d990>] pci_stop_dev+0x70/0x100
sp=e0000001813efdd0 bsp=e0000001813e1080
[<a00000010040dc00>] pci_remove_bus_device+0x80/0x180
sp=e0000001813efdd0 bsp=e0000001813e1050
[<a00000010040dd60>] pci_remove_behind_bridge+0x60/0xc0
sp=e0000001813efdd0 bsp=e0000001813e1028
[<a00000010040dbc0>] pci_remove_bus_device+0x40/0x180
sp=e0000001813efdd0 bsp=e0000001813e0ff0
[<a000000100419880>] remove_callback+0x40/0xa0
sp=e0000001813efdd0 bsp=e0000001813e0fc8
[<a000000100232970>] sysfs_schedule_callback_work+0x50/0xc0
sp=e0000001813efdd0 bsp=e0000001813e0fa0
[<a0000001000c12b0>] run_workqueue+0x1f0/0x340
sp=e0000001813efdd0 bsp=e0000001813e0f60
[<a0000001000c1540>] worker_thread+0x140/0x180
sp=e0000001813efdd0 bsp=e0000001813e0f38
[<a0000001000c9d00>] kthread+0xa0/0x120
sp=e0000001813efe30 bsp=e0000001813e0f08
[<a000000100016690>] kernel_thread_helper+0xd0/0x100
sp=e0000001813efe30 bsp=e0000001813e0ee0
[<a00000010000a4c0>] start_kernel_thread+0x20/0x40
sp=e0000001813efe30 bsp=e0000001813e0ee0
FIX kmalloc-8: Object at 0xe000000183291770 not freed
next prev parent reply other threads:[~2009-03-09 17:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-09 6:36 kobj refcounting weirdness Alex Chiang
2009-03-09 15:04 ` Greg KH
2009-03-09 15:05 ` Greg KH
2009-03-09 16:50 ` Alex Chiang
2009-03-09 16:58 ` Matthew Wilcox
2009-03-09 17:21 ` Alex Chiang [this message]
2009-03-09 18:01 ` Alex Chiang
2009-03-09 18:21 ` Vegard Nossum
2009-03-09 18:41 ` Alex Chiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090309172123.GF32589@ldl.fc.hp.com \
--to=achiang@hp.com \
--cc=greg@kroah.com \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.