Re: [RFC][PATCH v2 20/31] timers: usb: Use del_timer_shutdown() before freeing timer
From: Guenter Roeck
Date: Mon Oct 31 2022 - 16:14:52 EST
On Mon, Oct 31, 2022 at 08:50:58AM -0700, Guenter Roeck wrote:
> On Sun, Oct 30, 2022 at 11:48:28AM -0400, Steven Rostedt wrote:
> > On Sat, 29 Oct 2022 15:56:25 -0700
> > Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
> >
> > > >> WARNING: CPU: 0 PID: 9 at lib/debugobjects.c:502 debug_print_object+0xd0/0x100
> > > >> ODEBUG: free active (active state 0) object type: timer_list hint: neigh_timer_handler+0x0/0x480
> > > >>
> > > >> That happens with almost every test, so I may have missed some others
> > > >> in the noise.
> > > >
> > > > Can you add this?
> > > >
> > >
> > > It doesn't make a difference.
> >
> > Ah, it also requires this (I have other debugging in that file, so it may
> > only apply with some fuzzing):
> >
>
> Almost good, except for the attached backtrace. That seems to happen
> on shutdown after bootting from a usb drive, but not on all platforms.
>
> The warning is in __mod_timer():
>
> if (WARN_ON_ONCE(!timer->function))
> return -EINVAL;
>
> This may be due to the change in blk_sync_queue() which I suspect may
> be called prior to the last mod_timer() call. I'll add some debug code
> to verify.
>
I see that additional requests are sent to the scsi device after the call
to blk_sync_queue(). The description of this function suggests that this
may happen. Overall it does not seem to be appropriate to call
del_timer_shutdown() from blk_sync_queue(). I'll change my test code
accordingly.
Guenter