út 27. 4. 2021 v 22:02 odesílatel Martin Wilck <mwilck@xxxxxxxx> napsal: > The code doesn't use add_timer(), only mod_timer() and > del_timer_sync(). And we didn't observe a crash upon add_timer(). What > we observed was that a timer had been enqueued multiple times, and the > kernel crashes in expire_timers()->detach_timer(), when it encounters > an already detached entry in the timer list. How can a timer end up enqueued multiple times? It's safe to call mod_timer() against both an active or an inactive timer and mod_timer() is thread-safe also. IMO the problem is due to the fact that timer_setup() could end up being called against an active, pending timer. timer_setup() doesn't take any lock and modifies the pprev pointer and the timer's flags Maurizio
