On Thu, Sep 05, 2019 at 02:03:40PM +0200, Thomas Gleixner wrote:
> The head pointer in struct cpu_timer is checked to be NULL in
> posix_cpu_timer_del() when the delete raced with the exit cleanup. The
> works correctly as long as the timer is actually dequeued via
> posix_cpu_timers_exit*().
>
> But if the timer was dequeued due to expiry the head pointer is still set
> and triggers the warning.
>
> In fact keeping the head pointer around after any dequeue is pointless as
> is has no meaning at all after that.
>
> Clear the head pointer always on dequeue and remove the unused requeue
> function while at it.
>
> Fixes: 60bda037f1dd ("posix-cpu-timers: Utilize timerqueue for storage")
> Reported-by: syzbot+55acd54b57bb4b384...@syzkaller.appspotmail.com
> Signed-off-by: Thomas Gleixner <t...@linutronix.de>
Reviewed-by: Frederic Weisbecker <frede...@kernel.org>
