1. Patchew
  2. linux
  3. [PATCH v4 0/2] tracing: Preserve repeated boot-time parameters and drain deferred trigger frees
  4. View patch

[PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails

Wesley Atwell posted 2 patches 1 week, 2 days ago
[PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails
Posted by Wesley Atwell 1 week, 2 days ago 
Boot-time trigger registration can fail before the trigger-data cleanup
kthread exists. Deferring those frees until late init is fine, but the
post-boot fallback must still drain the deferred list if kthread
creation never succeeds.

Otherwise, boot-deferred nodes can accumulate on
trigger_data_free_list, later frees fall back to synchronously freeing
only the current object, and the older queued entries are leaked
forever.

Keep the deferred boot-time behavior, but when kthread creation fails,
drain the whole queued list synchronously. Do the same in the late-init
drain path so queued entries are not stranded there either.

Fixes: 61d445af0a7c ("tracing: Add bulk garbage collection of freeing event_trigger_data")
Signed-off-by: Wesley Atwell <atwellwea@gmail.com>
---
 kernel/trace/trace_events_trigger.c | 79 ++++++++++++++++++++++++-----
 1 file changed, 66 insertions(+), 13 deletions(-)

diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c
index d5230b759a2d..655db2e82513 100644
--- a/kernel/trace/trace_events_trigger.c
+++ b/kernel/trace/trace_events_trigger.c
@@ -22,6 +22,39 @@ static struct task_struct *trigger_kthread;
 static struct llist_head trigger_data_free_list;
 static DEFINE_MUTEX(trigger_data_kthread_mutex);
 
+static int trigger_kthread_fn(void *ignore);
+
+static void trigger_create_kthread_locked(void)
+{
+	lockdep_assert_held(&trigger_data_kthread_mutex);
+
+	if (!trigger_kthread) {
+		struct task_struct *kthread;
+
+		kthread = kthread_create(trigger_kthread_fn, NULL,
+					 "trigger_data_free");
+		if (!IS_ERR(kthread))
+			WRITE_ONCE(trigger_kthread, kthread);
+	}
+}
+
+static void trigger_data_free_queued_locked(void)
+{
+	struct event_trigger_data *data, *tmp;
+	struct llist_node *llnodes;
+
+	lockdep_assert_held(&trigger_data_kthread_mutex);
+
+	llnodes = llist_del_all(&trigger_data_free_list);
+	if (!llnodes)
+		return;
+
+	tracepoint_synchronize_unregister();
+
+	llist_for_each_entry_safe(data, tmp, llnodes, llist)
+		kfree(data);
+}
+
 /* Bulk garbage collection of event_trigger_data elements */
 static int trigger_kthread_fn(void *ignore)
 {
@@ -56,30 +89,50 @@ void trigger_data_free(struct event_trigger_data *data)
 	if (data->cmd_ops->set_filter)
 		data->cmd_ops->set_filter(NULL, data, NULL);
 
+	/*
+	 * Boot-time trigger registration can fail before kthread creation
+	 * works. Keep the deferred-free semantics during boot and let late
+	 * init start the kthread to drain the list.
+	 */
+	if (system_state == SYSTEM_BOOTING && !trigger_kthread) {
+		llist_add(&data->llist, &trigger_data_free_list);
+		return;
+	}
+
 	if (unlikely(!trigger_kthread)) {
 		guard(mutex)(&trigger_data_kthread_mutex);
+
+		trigger_create_kthread_locked();
 		/* Check again after taking mutex */
 		if (!trigger_kthread) {
-			struct task_struct *kthread;
-
-			kthread = kthread_create(trigger_kthread_fn, NULL,
-						 "trigger_data_free");
-			if (!IS_ERR(kthread))
-				WRITE_ONCE(trigger_kthread, kthread);
+			llist_add(&data->llist, &trigger_data_free_list);
+			/* Drain the queued frees synchronously if creation failed. */
+			trigger_data_free_queued_locked();
+			return;
 		}
 	}
 
-	if (!trigger_kthread) {
-		/* Do it the slow way */
-		tracepoint_synchronize_unregister();
-		kfree(data);
-		return;
-	}
-
 	llist_add(&data->llist, &trigger_data_free_list);
 	wake_up_process(trigger_kthread);
 }
 
+static int __init trigger_data_free_init(void)
+{
+	guard(mutex)(&trigger_data_kthread_mutex);
+
+	if (llist_empty(&trigger_data_free_list))
+		return 0;
+
+	trigger_create_kthread_locked();
+	if (trigger_kthread)
+		wake_up_process(trigger_kthread);
+	else
+		trigger_data_free_queued_locked();
+
+	return 0;
+}
+late_initcall(trigger_data_free_init);
+
 static inline void data_ops_trigger(struct event_trigger_data *data,
 				    struct trace_buffer *buffer,  void *rec,
 				    struct ring_buffer_event *event)
-- 
2.43.0
Re: [PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails
Posted by Steven Rostedt 6 days, 7 hours ago 
On Tue, 24 Mar 2026 16:13:26 -0600
Wesley Atwell <atwellwea@gmail.com> wrote:

> Boot-time trigger registration can fail before the trigger-data cleanup
> kthread exists. Deferring those frees until late init is fine, but the
> post-boot fallback must still drain the deferred list if kthread
> creation never succeeds.
> 
> Otherwise, boot-deferred nodes can accumulate on
> trigger_data_free_list, later frees fall back to synchronously freeing
> only the current object, and the older queued entries are leaked
> forever.
> 
> Keep the deferred boot-time behavior, but when kthread creation fails,
> drain the whole queued list synchronously. Do the same in the late-init
> drain path so queued entries are not stranded there either.
> 
> Fixes: 61d445af0a7c ("tracing: Add bulk garbage collection of freeing event_trigger_data")
> Signed-off-by: Wesley Atwell <atwellwea@gmail.com>
> ---

Do you have a test case (kernel command line) that will make
trigger_data_free() get called at boot up?

-- Steve
Re: [PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails
Posted by Wesley Atwell 6 days, 4 hours ago 
Yes,

This kernel command line reliably reaches trigger_data_free() during boot:

trace_event=sched:sched_switch
trace_trigger=sched_switch.traceon,sched_switch.traceon

On an unpatched tree, that crashes during early boot before userspace.
The call trace goes through:

trigger_data_free()
__kthread_create_on_node()
try_to_wake_up()

The stack also shows the boot-time trigger registration path:

event_trigger_parse()
trigger_process_regex()
__trace_early_add_events()

With v4 applied, the same command line boots successfully. The guest log shows:

Failed to register trigger 'traceon' on event sched_switch

And /sys/kernel/tracing/events/sched/sched_switch/trigger contains:

traceon:unlimited

I also verified patch 1 with repeated trace_trigger= parameters:
before the patch, only the last parameter was preserved; after the
patch, both triggers were installed.

Thanks,
Wesley Atwell
Re: [PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails
Posted by Steven Rostedt 6 days ago 
On Fri, 27 Mar 2026 16:41:52 -0600
Wesley Atwell <atwellwea@gmail.com> wrote:

> Yes,
> 
> This kernel command line reliably reaches trigger_data_free() during boot:
> 
> trace_event=sched:sched_switch
> trace_trigger=sched_switch.traceon,sched_switch.traceon
> 
> On an unpatched tree, that crashes during early boot before userspace.
> The call trace goes through:
> 
> trigger_data_free()
> __kthread_create_on_node()
> try_to_wake_up()
> 
> The stack also shows the boot-time trigger registration path:
> 
> event_trigger_parse()
> trigger_process_regex()
> __trace_early_add_events()

Thanks for this. I can reproduce the crash. I'm also going to add this
to the change log as it is useful (I'll even add it to one of my
regression tests). I'll take this patch separately (this didn't need to
be a patch series, as the two patches do not depend on each other).

-- Steve
Re: [PATCH v4 2/2] tracing: Drain deferred trigger frees if kthread creation fails
Posted by Wesley Atwell 5 days, 22 hours ago 
Hi Steve,

I'm glad the test case was helpful. I'll include similar testing
details in future commit messages and avoid grouping unrelated
patches.

Thanks,
Wesley Atwell

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.