timer定时器删除时候出现的问题
本帖最后由 super皮波 于 2014-12-31 17:49 编辑最近遇到过这样的问题,麻烦大家帮着看看,内核版本3.10.17,arm架构
直接上log了
Unable to handle kernel NULL pointer dereference at virtual address 00000004
c0 pgd = c3d40000
c0 *pgd=00000000
c0 Internal error: Oops: 805 [#1] PREEMPT SMP ARM
c0 Modules linked in: bcmdhd mali(O)
c0 CPU: 0 PID: 17876 Comm: droid.gallery3d Tainted: G WO 3.10.17-00019-g0295d2b #1
c0 task: dd3c4800 ti: c1c54000 task.ti: c1c54000
c0 PC is at run_timer_softirq+0x178/0x250
c0 LR is at run_timer_softirq+0x1c0/0x250
c0 pc : [<c004773c>] lr : [<c0047784>] psr: 600d0193
sp : c1c55ef8ip : 00000000fp : c1c55f00
c0 r10: c0f4e254r9 : 00000002r8 : c0051ed8
c0 r7 : c0f4e268r6 : c1c54000r5 : c0f4e270r4 : c0955b00
c0 r3 : 00200200r2 : 00000000r1 : 00000000r0 : c0955b00
c0 Flags: nZCvIRQs offFIQs onMode SVC_32ISA ARMSegment user
c0 Control: 10c53c7dTable: 83d4006aDAC: 00000015
c0
PC: 0xc00476bc:
c0 76bce5812014 e5822004 ea000036 e59f313c e2457008 e595900c e9150500 e5847004
c0 76dce2099002 e5932004 e3520000 0a000010 ea00003a e5132008 e1a01007 e5130004
c0 76fce58d3004 e12fff32 e59d3004 e4932008 e3520000 1afffff6 e5963004 e2433001
c0 771ce5863004 e5963000 e3130002 0a000000 eb158426 e895000c e3a01000 e1a00004
c0 773ce5823004 e5832000 e59f30c4 e885000a e595300c e3130001 05943010 02433001
c0 775c05843010 e3590000 0a000007 eb1588a2 e1a00007 e1a01008 e1a0200a ebfffce5
c0 777ce1a00004 eb1587c8 ea000006 eb1588bb e1a00007 e1a01008 e1a0200a ebfffcdd
c0 779ce1a00004 eb1587eb e59d5008 e155000b 1affffc5 e59f3050 e5942008 e5933000
c0
LR: 0xc0047704:
c0 7704e59d3004 e4932008 e3520000 1afffff6 e5963004 e2433001 e5863004 e5963000
c0 7724e3130002 0a000000 eb158426 e895000c e3a01000 e1a00004 e5823004 e5832000
c0 7744e59f30c4 e885000a e595300c e3130001 05943010 02433001 05843010 e3590000
c0 77640a000007 eb1588a2 e1a00007 e1a01008 e1a0200a ebfffce5 e1a00004 eb1587c8
c0 7784ea000006 eb1588bb e1a00007 e1a01008 e1a0200a ebfffcdd e1a00004 eb1587eb
c0 77a4e59d5008 e155000b 1affffc5 e59f3050 e5942008 e5933000 e0623003 e3530000
c0 77c4aaffff90 e3a03000 e1a00004 e5843004 eb1588a8 ea000007 e5962004 e2822001
c0 77e4e5862004 e5933010 e3530000 12833008 1affffbd eaffffc5 e28dd014 e8bd8ff0
c0
SP: 0xc1c55e78:
c0 5e78c1c55ea4 c0064ea8 d2844d80 c0f52200 df414c00 c0f4e254 00000000 c1c54000
c0 5e9800000000 c004773c 600d0193 ffffffff c1c55ee4 c000efd8 c0955b00 00000000
c0 5eb800000000 00200200 c0955b00 c0f4e270 c1c54000 c0f4e268 c0051ed8 00000002
c0 5ed8c0f4e254 c1c55f00 00000000 c1c55ef8 c0047784 c004773c 600d0193 ffffffff
c0 5ef8415316b8 00000000 c0f4e270 def16e9c 00000000 00000101 c08b8388 00000001
c0 5f1800000100 0000000a 00400140 3f747c7c c08b8384 c003fff0 00010000 c08bb180
c0 5f38c08bb1d0 df4279c0 00230ed5 00000000 e084c000 600d0193 00000000 c1c55fb0
c0 5f58c08d5bf4 c08b83c0 e084c000 e080200c 00000000 c004022c c1c54000 c00404a8
c0
FP: 0xc1c55e80:
c0 5e80d2844d80 c0f52200 df414c00 c0f4e254 00000000 c1c54000 00000000 c004773c
c0 5ea0600d0193 ffffffff c1c55ee4 c000efd8 c0955b00 00000000 00000000 00200200
c0 5ec0c0955b00 c0f4e270 c1c54000 c0f4e268 c0051ed8 00000002 c0f4e254 c1c55f00
c0 5ee000000000 c1c55ef8 c0047784 c004773c 600d0193 ffffffff 415316b8 00000000
c0 5f00c0f4e270 def16e9c 00000000 00000101 c08b8388 00000001 00000100 0000000a
c0 5f2000400140 3f747c7c c08b8384 c003fff0 00010000 c08bb180 c08bb1d0 df4279c0
c0 5f4000230ed5 00000000 e084c000 600d0193 00000000 c1c55fb0 c08d5bf4 c08b83c0
c0 5f60e084c000 e080200c 00000000 c004022c c1c54000 c00404a8 0000003c c000fd60
c0
R0: 0xc0955a80:
c0 5a8000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5aa000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5ac000000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5ae000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5b00aafcaaf9 c0f4e268 00230ed5 00230ae5 00000016 c0f4e010 c0f4e010 c0955b1c
c0 5b20c0955b1c c0955b24 c0955b24 c0955b2c c0955b2c c0955b34 c0955b34 c0955b3c
c0 5b40c0955b3c c0955b44 c0955b44 c0955b4c c0955b4c c0955b54 c0955b54 c0955b5c
c0 5b60c0955b5c c0955b64 c0955b64 c0955b6c c0955b6c c0955b74 c0955b74 c0955b7c
c0
R4: 0xc0955a80:
c0 5a8000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5aa000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5ac000000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5ae000000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0 5b00aafcaaf9 c0f4e268 00230ed5 00230ae5 00000016 c0f4e010 c0f4e010 c0955b1c
c0 5b20c0955b1c c0955b24 c0955b24 c0955b2c c0955b2c c0955b34 c0955b34 c0955b3c
c0 5b40c0955b3c c0955b44 c0955b44 c0955b4c c0955b4c c0955b54 c0955b54 c0955b5c
c0 5b60c0955b5c c0955b64 c0955b64 c0955b6c c0955b6c c0955b74 c0955b74 c0955b7c
c0
R5: 0xc0f4e1f0:
c0 e1f0de8d09c0 00000000 00000000 2f842f84 c0f4e200 c0f4e200 00000000 00000000
c0 e21000000000 00000000 deb85540 00000000 00000000 00000000 00000000 00000000
c0 e23000000000 00000000 e56f94d5 00000002 6b54dcdb 00000005 00000000 00000000
c0 e250de8d09c0 00000001 c0f4e258 c0f4e258 c038b790 00000000 c0051ed8 c0f4e254
c0 e27000000000 00200200 00230ed7 c0955b03 ffffffff df414c00 00000000 ffffffff
c0 e29000010001 da201eb4 da201eb4 c2e1c800 00000000 00000000 437eb794 0000152b
c0 e2b0c08e09c4 00000000 00000000 00000000 00000001 00000000 00000000 ffffffe0
c0 e2d0c0f4e2d0 c0f4e2d0 c038ac78 00000000 c0051ed8 c0f4e2cc 00000000 00000000
c0
R6: 0xc1c53f80:
c0 3f80163213eb 00012b7b 134213eb 00013294 24f413ec 00000ac5 24f513ec 00000ac5
c0 3fa0025113ec 0000abea 02bb13ec 0000abea 160213ed 00000ab7 1a3613ed 00000ac5
c0 3fc01aaa13ed 00000ac5 1aab13ed 00000ac5 235d13ed 000099f0 24f313ed 0000a119
c0 3fe024f213ed 0000a12f 235e13ed 0000a7e4 235e13ed 0000a7e6 2b9813ed 0000a8a4
c0 400000000002 00000102 00000000 dd3c4800 c08e1938 00000000 00000015 dd3c4800
c0 4020c0f57f40 c1c54000 ddc8dc00 de3636c0 de179a40 c08d5a20 c1c55e5c c1c55dd0
c0 4040c05a8590 00000000 00000000 00000000 00000000 00000000 01010000 00000000
c0 406040081f24 00000000 00000000 00000000 00000000 00000000 00000000 00000000
c0
R7: 0xc0f4e1e8:
c0 e1e80054fa70 c0f4c048 de8d09c0 00000000 00000000 2f842f84 c0f4e200 c0f4e200
c0 e20800000000 00000000 00000000 00000000 deb85540 00000000 00000000 00000000
c0 e22800000000 00000000 00000000 00000000 e56f94d5 00000002 6b54dcdb 00000005
c0 e24800000000 00000000 de8d09c0 00000001 c0f4e258 c0f4e258 c038b790 00000000
c0 e268c0051ed8 c0f4e254 00000000 00200200 00230ed7 c0955b03 ffffffff df414c00
c0 e28800000000 ffffffff 00010001 da201eb4 da201eb4 c2e1c800 00000000 00000000
c0 e2a8437eb794 0000152b c08e09c4 00000000 00000000 00000000 00000001 00000000
c0 e2c800000000 ffffffe0 c0f4e2d0 c0f4e2d0 c038ac78 00000000 c0051ed8 c0f4e2cc
c0
R8: 0xc0051e58:
c0 1e5812855008 1affffb4 eaffffbc e5947008 e0843107 e1a07207 e5932014 e2822001
c0 1e78e5832014 e5942050 e5943054 e1520003 baffffc4 eaffffdf e1a0100d e3c12d7f
c0 1e98e3c2203f e5921004 e2811001 e5821004 e5935010 e3550000 12855008 1affffbe
c0 1eb8eaffffc4 e28dd00c e8bd8ff0 c091d00c c071cea1 c08d5a20 c07206ba c091d374
c0 1ed8e1a02000 e5900034 e5921030 eaffff22 e92d40f8 e1a07000 e1a06001 e1a05002
c0 1ef8e10f4000 f10c0080 e3a00000 e1a01002 eb071680 e3500000 13a00000 1a000005
c0 1f18e1a00007 e1a01006 e1a02005 ebffff12 e3a00001 eaffffff e121f004 e8bd80f8
c0 1f38e92d4010 e1a02001 e1a0100d e3c13d7f e3c3303f e1a0c000 e5930004 e3c0033e
c0
R10: 0xc0f4e1d4:
c0 e1d46da92be9 a10e654f cbaa2d3f c678c057 00230eca 0054fa70 c0f4c048 de8d09c0
c0 e1f400000000 00000000 2f842f84 c0f4e200 c0f4e200 00000000 00000000 00000000
c0 e21400000000 deb85540 00000000 00000000 00000000 00000000 00000000 00000000
c0 e23400000000 e56f94d5 00000002 6b54dcdb 00000005 00000000 00000000 de8d09c0
c0 e25400000001 c0f4e258 c0f4e258 c038b790 00000000 c0051ed8 c0f4e254 00000000
c0 e27400200200 00230ed7 c0955b03 ffffffff df414c00 00000000 ffffffff 00010001
c0 e294da201eb4 da201eb4 c2e1c800 00000000 00000000 437eb794 0000152b c08e09c4
c0 e2b400000000 00000000 00000000 00000001 00000000 00000000 ffffffe0 c0f4e2d0
c0 Process droid.gallery3d (pid: 17876, stack limit = 0xc1c54238)
c0 Stack: (0xc1c55ef8 to 0xc1c56000)
c0 5ee0: 415316b8 00000000
c0 5f00: c0f4e270 def16e9c 00000000 00000101 c08b8388 00000001 00000100 0000000a
c0 5f20: 00400140 3f747c7c c08b8384 c003fff0 00010000 c08bb180 c08bb1d0 df4279c0
c0 5f40: 00230ed5 00000000 e084c000 600d0193 00000000 c1c55fb0 c08d5bf4 c08b83c0
c0 5f60: e084c000 e080200c 00000000 c004022c c1c54000 c00404a8 0000003c c000fd60
c0 5f80: 0000003c e0802000 c09345a8 c0009344 415316b8 200d0010 ffffffff 0000080f
c0 5fa0: 41528380 4e19d628 422da890 c000f1fc 41ae25c4 00000011 4cd062e8 f4a00000
c0 5fc0: 4df110b4 41ae2610 41f8b5b8 0000080f 41528380 4e19d628 422da890 00000000
c0 5fe0: 0000000f bec701e0 00000000 415316b8 200d0010 ffffffff 92b42602 06000000
c0 [<c004773c>] (run_timer_softirq+0x178/0x250) from [<c003fff0>] (__do_softirq+0x13c/0x2e4)
c0 [<c003fff0>] (__do_softirq+0x13c/0x2e4) from [<c004022c>] (do_softirq+0x44/0x50)
c0 [<c004022c>] (do_softirq+0x44/0x50) from [<c00404a8>] (irq_exit+0x74/0xbc)
c0 [<c00404a8>] (irq_exit+0x74/0xbc) from [<c000fd60>] (handle_IRQ+0x68/0x8c)
c0 [<c000fd60>] (handle_IRQ+0x68/0x8c) from [<c0009344>] (gic_handle_irq+0xbc/0x164)
c0 [<c0009344>] (gic_handle_irq+0xbc/0x164) from [<c000f1fc>] (__irq_usr+0x3c/0x60)
c0 Exception stack(0xc1c55fb0 to 0xc1c55ff8)
c0 5fa0: 41ae25c4 00000011 4cd062e8 f4a00000
c0 5fc0: 4df110b4 41ae2610 41f8b5b8 0000080f 41528380 4e19d628 422da890 00000000
c0 5fe0: 0000000f bec701e0 00000000 415316b8 200d0010 ffffffff
c0 Code: eb158426 e895000c e3a01000 e1a00004 (e5823004)
c0 (sprd_debug_save_context) context saved(CPU:0)
c1 (sprd_debug_save_context) context saved(CPU:1) 空指针了,定位一下run_timer_softirq+0x178/0x250 crash发生在detach_timer中的__list_del(entry->prev, entry->next)
当前正在拖链的timer如下,从内存中的信息可以看到这个timer中的next为NULL,prev为0x200200说明之前已经被拖链了,为什么这里会有重复的拖链动作
怀疑是并发的问题,但是没有找到具体的原因,都是内核的代码,有人遇到过这样的问题吗,或者给一些继续解决这个问题的思路或者方向,多谢!
struct timer_list {
function = 0xc0051ed8 <delayed_work_timer_fn>,
data = 0xc0f4e254,
entry = {
next = 0x0,
prev = 0x200200
},
expires = 0x230ed7,
base = 0xc0955b03 <boot_tvec_bases+3>,
slack = 0xffffffff
}
查看这个timer对应的tvec_base,这个tvec_base中的自旋锁当前是处于竞争的状态,next=aafc,ower=aaf9
crash> struct tvec_base c0955b00 -x
struct tvec_base {
lock = {
{
rlock = {
raw_lock = {
{
slock = 0xaafcaaf9,
tickets = {
owner = 0xaaf9,
next = 0xaafc 首先确保你不会把同一个定时器删除2次,如果还有问题,使用del_timer_sync看看。 这已经是案发后的现场了,很难确认原因的~
如果能复现的话,可以考虑打点观察。 回复 5# humjb_1983
恩,我感觉是同步的问题,还没找到具体的原因,都是内核代码,没有改动过
回复 2# yangPSO
我看出来是空指针了,我问的是为啥能导致这样的问题:em17:
页:
[1]