Bug 12552 - held lock freed in tcp
held lock freed in tcp
Status: REJECTED INVALID
Product: Networking
Classification: Unclassified
Component: IPV4
All Linux
: P1 normal
Assigned To: Stephen Hemminger
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-27 09:59 UTC by Johannes Berg
Modified: 2009-01-27 10:19 UTC (History)
0 users

See Also:
Kernel Version: 2.6.29-rc2-wl-11979-gc32422d-dirty
Tree: Mainline
Regression: Yes


Attachments

Description Johannes Berg 2009-01-27 09:59:05 UTC
Latest working kernel version: ?
Earliest failing kernel version: ?
Distribution: debian/unstable
Hardware Environment: macbook5,1
Software Environment:
Problem Description:

Steps to reproduce:

Not always reproducible, I was running iperf against a peer that suddenly lost its link due to another bug...

[  598.850133] 
[  598.850136] =========================
[  598.850141] [ BUG: held lock freed! ]
[  598.850143] -------------------------
[  598.850147] swapper/0 is freeing memory ffff88007a389300-ffff88007a389c07, with a lock still held there!
[  598.850151]  (&icsk->icsk_retransmit_timer){-+..}, at: [<ffffffff80252080>] run_timer_softirq+0x110/0x290
[  598.850163] 1 lock held by swapper/0:
[  598.850165]  #0:  (&icsk->icsk_retransmit_timer){-+..}, at: [<ffffffff80252080>] run_timer_softirq+0x110/0x290
[  598.850173] 
[  598.850174] stack backtrace:
[  598.850178] Pid: 0, comm: swapper Not tainted 2.6.29-rc2-wl-11979-gc32422d-dirty #24
[  598.850180] Call Trace:
[  598.850183]  <IRQ>  [<ffffffff8027111f>] print_freed_lock_bug+0xbf/0xd0
[  598.850193]  [<ffffffff80272d34>] debug_check_no_locks_freed+0x74/0xc0
[  598.850199]  [<ffffffff802d78aa>] kmem_cache_free+0x7a/0xf0
[  598.850206]  [<ffffffff8053a4a0>] ? tcp_write_timer+0x0/0x220
[  598.850211]  [<ffffffff804e7206>] sk_free+0x86/0x100
[  598.850215]  [<ffffffff8053a550>] tcp_write_timer+0xb0/0x220
[  598.850219]  [<ffffffff8025210a>] run_timer_softirq+0x19a/0x290
[  598.850223]  [<ffffffff80252080>] ? run_timer_softirq+0x110/0x290
[  598.850228]  [<ffffffff8024d51d>] __do_softirq+0x9d/0x190
[  598.850234]  [<ffffffff8020cebc>] call_softirq+0x1c/0x40
[  598.850238]  [<ffffffff8020e1a5>] do_softirq+0x75/0xc0
[  598.850242]  [<ffffffff8024d025>] irq_exit+0x85/0xb0
[  598.850246]  [<ffffffff8020e441>] do_IRQ+0xa1/0x150
[  598.850250]  [<ffffffff8020c6d3>] ret_from_intr+0x0/0xf
Comment 1 Johannes Berg 2009-01-27 10:05:37 UTC
Oh, wait, this might be due to some debugging patch. I'll close for now, and reopen if I determine it is valid.
Comment 2 Anonymous Emailer 2009-01-27 10:19:37 UTC
Reply-To: akpm@linux-foundation.org


(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Tue, 27 Jan 2009 09:59:06 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=12552
> 
>            Summary: held lock freed in tcp
>            Product: Networking
>            Version: 2.5
>      KernelVersion: 2.6.29-rc2-wl-11979-gc32422d-dirty
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: IPV4
>         AssignedTo: shemminger@linux-foundation.org
>         ReportedBy: johannes@sipsolutions.net
> 
> 
> Latest working kernel version: ?
> Earliest failing kernel version: ?
> Distribution: debian/unstable
> Hardware Environment: macbook5,1
> Software Environment:
> Problem Description:
> 
> Steps to reproduce:
> 
> Not always reproducible, I was running iperf against a peer that suddenly lost
> its link due to another bug...
> 
> [  598.850133] 
> [  598.850136] =========================
> [  598.850141] [ BUG: held lock freed! ]
> [  598.850143] -------------------------
> [  598.850147] swapper/0 is freeing memory ffff88007a389300-ffff88007a389c07,
> with a lock still held there!
> [  598.850151]  (&icsk->icsk_retransmit_timer){-+..}, at: [<ffffffff80252080>]
> run_timer_softirq+0x110/0x290
> [  598.850163] 1 lock held by swapper/0:
> [  598.850165]  #0:  (&icsk->icsk_retransmit_timer){-+..}, at:
> [<ffffffff80252080>] run_timer_softirq+0x110/0x290
> [  598.850173] 
> [  598.850174] stack backtrace:
> [  598.850178] Pid: 0, comm: swapper Not tainted
> 2.6.29-rc2-wl-11979-gc32422d-dirty #24
> [  598.850180] Call Trace:
> [  598.850183]  <IRQ>  [<ffffffff8027111f>] print_freed_lock_bug+0xbf/0xd0
> [  598.850193]  [<ffffffff80272d34>] debug_check_no_locks_freed+0x74/0xc0
> [  598.850199]  [<ffffffff802d78aa>] kmem_cache_free+0x7a/0xf0
> [  598.850206]  [<ffffffff8053a4a0>] ? tcp_write_timer+0x0/0x220
> [  598.850211]  [<ffffffff804e7206>] sk_free+0x86/0x100
> [  598.850215]  [<ffffffff8053a550>] tcp_write_timer+0xb0/0x220
> [  598.850219]  [<ffffffff8025210a>] run_timer_softirq+0x19a/0x290
> [  598.850223]  [<ffffffff80252080>] ? run_timer_softirq+0x110/0x290
> [  598.850228]  [<ffffffff8024d51d>] __do_softirq+0x9d/0x190
> [  598.850234]  [<ffffffff8020cebc>] call_softirq+0x1c/0x40
> [  598.850238]  [<ffffffff8020e1a5>] do_softirq+0x75/0xc0
> [  598.850242]  [<ffffffff8024d025>] irq_exit+0x85/0xb0
> [  598.850246]  [<ffffffff8020e441>] do_IRQ+0xa1/0x150
> [  598.850250]  [<ffffffff8020c6d3>] ret_from_intr+0x0/0xf
> 
> 

Comment 3 Johannes Berg 2009-01-27 10:58:27 UTC
On Tue, 2009-01-27 at 10:19 -0800, Andrew Morton wrote:
> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
> 
> On Tue, 27 Jan 2009 09:59:06 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote:
> 
> > http://bugzilla.kernel.org/show_bug.cgi?id=12552
> > 
> >            Summary: held lock freed in tcp

> > [  598.850136] =========================
> > [  598.850141] [ BUG: held lock freed! ]
> > [  598.850143] -------------------------
> > [  598.850147] swapper/0 is freeing memory ffff88007a389300-ffff88007a389c07,
> > with a lock still held there!
> > [  598.850151]  (&icsk->icsk_retransmit_timer){-+..}, at: [<ffffffff80252080>]
> > run_timer_softirq+0x110/0x290
> > [  598.850163] 1 lock held by swapper/0:
> > [  598.850165]  #0:  (&icsk->icsk_retransmit_timer){-+..}, at:
> > [<ffffffff80252080>] run_timer_softirq+0x110/0x290

Disregard, it's my own timer debugging code gone wrong.

johannes

Note You need to log in before you can comment on or make changes to this bug.