Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer

From: Guenter Roeck
Date: Mon Oct 31 2022 - 11:51:04 EST

Next message: Steen Hegelund: "Re: [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP"
Previous message: Mark Rutland: "Re: [PATCH 3/4] ftrace: abstract DYNAMIC_FTRACE_WITH_ARGS accesses"
In reply to: Steven Rostedt: "Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer"
Next in thread: Guenter Roeck: "Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 30, 2022 at 11:48:28AM -0400, Steven Rostedt wrote:
> On Sat, 29 Oct 2022 15:56:25 -0700
> Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
>
> > >> WARNING: CPU: 0 PID: 9 at lib/debugobjects.c:502 debug_print_object+0xd0/0x100
> > >> ODEBUG: free active (active state 0) object type: timer_list hint: neigh_timer_handler+0x0/0x480
> > >>
> > >> That happens with almost every test, so I may have missed some others
> > >> in the noise.
> > >
> > > Can you add this?
> > >
> >
> > It doesn't make a difference.
>
> Ah, it also requires this (I have other debugging in that file, so it may
> only apply with some fuzzing):
>

Almost good, except for the attached backtrace. That seems to happen
on shutdown after bootting from a usb drive, but not on all platforms.

The warning is in __mod_timer():

if (WARN_ON_ONCE(!timer->function))
return -EINVAL;

This may be due to the change in blk_sync_queue() which I suspect may
be called prior to the last mod_timer() call. I'll add some debug code
to verify.

Guenter

------------[ cut here ]------------
WARNING: CPU: 0 PID: 283 at kernel/time/timer.c:1046 mod_timer+0x294/0x34c
Modules linked in:
CPU: 0 PID: 283 Comm: init Tainted: G N 6.1.0-rc2-00397-g18ccc9f8a778 #1
Hardware name: Freescale i.MX25 (Device Tree Support)
unwind_backtrace from show_stack+0x10/0x18
show_stack from dump_stack_lvl+0x34/0x54
dump_stack_lvl from __warn+0xc0/0x1f0
__warn from warn_slowpath_fmt+0x5c/0xc4
warn_slowpath_fmt from mod_timer+0x294/0x34c
mod_timer from blk_add_timer+0xa4/0xb4
blk_add_timer from blk_mq_start_request+0x84/0x1f4
blk_mq_start_request from scsi_queue_rq+0x4a8/0xb84
scsi_queue_rq from blk_mq_dispatch_rq_list+0x320/0x9d0
blk_mq_dispatch_rq_list from __blk_mq_sched_dispatch_requests+0xb0/0x158
__blk_mq_sched_dispatch_requests from blk_mq_sched_dispatch_requests+0x34/0x64
blk_mq_sched_dispatch_requests from __blk_mq_run_hw_queue+0x8c/0x234
__blk_mq_run_hw_queue from blk_mq_sched_insert_request+0xe8/0x15c
blk_mq_sched_insert_request from blk_execute_rq+0xa4/0x1d0
blk_execute_rq from __scsi_execute+0xb4/0x19c
__scsi_execute from sd_sync_cache+0xac/0x1ec
sd_sync_cache from sd_shutdown+0x5c/0xc8
sd_shutdown from sd_remove+0x30/0x44
sd_remove from device_release_driver_internal+0xd0/0x16c
device_release_driver_internal from bus_remove_device+0xd0/0x100
bus_remove_device from device_del+0x190/0x464
device_del from __scsi_remove_device+0x130/0x184
__scsi_remove_device from scsi_forget_host+0x60/0x64
scsi_forget_host from scsi_remove_host+0x6c/0x188
scsi_remove_host from usb_stor_disconnect+0x40/0xf4
usb_stor_disconnect from usb_unbind_interface+0x68/0x230
usb_unbind_interface from device_release_driver_internal+0xd0/0x16c
device_release_driver_internal from bus_remove_device+0xd0/0x100
bus_remove_device from device_del+0x190/0x464
device_del from usb_disable_device+0x88/0x130
usb_disable_device from usb_disconnect+0xb4/0x234
usb_disconnect from usb_disconnect+0x9c/0x234
usb_disconnect from usb_remove_hcd+0xd0/0x16c
usb_remove_hcd from host_stop+0x38/0xa8
host_stop from ci_hdrc_remove+0x40/0x11c
ci_hdrc_remove from platform_remove+0x24/0x54
platform_remove from device_release_driver_internal+0xd0/0x16c
device_release_driver_internal from bus_remove_device+0xd0/0x100
bus_remove_device from device_del+0x190/0x464
device_del from platform_device_del.part.0+0x10/0x78
platform_device_del.part.0 from platform_device_unregister+0x18/0x28
platform_device_unregister from ci_hdrc_remove_device+0xc/0x24
ci_hdrc_remove_device from ci_hdrc_imx_remove+0x28/0xfc
ci_hdrc_imx_remove from device_shutdown+0x178/0x230
device_shutdown from kernel_restart_prepare+0x2c/0x3c
kernel_restart_prepare from kernel_restart+0xc/0x68
kernel_restart from __do_sys_reboot+0xc0/0x204
__do_sys_reboot from ret_fast_syscall+0x0/0x1c
Exception stack(0xc8ca1fa8 to 0xc8ca1ff0)
1fa0: 01234567 0000000f fee1dead 28121969 01234567 00000000
1fc0: 01234567 0000000f 00000001 00000058 000e05c0 00000000 00000000 00000000
1fe0: 000e0298 bea82de4 000994bc b6f6d2c0
irq event stamp: 3443
hardirqs last enabled at (3451): [<c0074590>] __up_console_sem+0x64/0x88
hardirqs last disabled at (3458): [<c007457c>] __up_console_sem+0x50/0x88
softirqs last enabled at (3438): [<c000988c>] __do_softirq+0x2fc/0x5d0
softirqs last disabled at (3433): [<c0022518>] __irq_exit_rcu+0x170/0x1ec
---[ end trace 0000000000000000 ]---
sd 0:0:0:0: [sda] Synchronize Cache(10) failed: Result: hostbyte=0x01 driverbyte=DRIVER_OK
ci_hdrc ci_hdrc.0: USB bus 1 deregistered
reboot: Restarting system
------------

Next message: Steen Hegelund: "Re: [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP"
Previous message: Mark Rutland: "Re: [PATCH 3/4] ftrace: abstract DYNAMIC_FTRACE_WITH_ARGS accesses"
In reply to: Steven Rostedt: "Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer"
Next in thread: Guenter Roeck: "Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]