From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753924AbbK0EbJ (ORCPT <rfc822;w@1wt.eu>);
	Thu, 26 Nov 2015 23:31:09 -0500
Received: from userp1040.oracle.com ([156.151.31.81]:40679 "EHLO
	userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753809AbbK0EbH (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 26 Nov 2015 23:31:07 -0500
To: giometti@enneenne.com
Cc: LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>
From: Sasha Levin <sasha.levin@oracle.com>
Subject: Freeing active kobject in pps_device_destruct
Message-ID: <5657DC80.7030007@oracle.com>
Date: Thu, 26 Nov 2015 23:30:56 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Fuzzing with syzkaller on the latest -next kernel produced this error:

[ 1167.390182] WARNING: CPU: 14 PID: 607 at lib/debugobjects.c:263 debug_print_object+0x1c4/0x1e0()
(active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
[ 1167.392644] Modules linked in:
[ 1167.393120] CPU: 14 PID: 607 Comm: kworker/14:1 Tainted: G        W       4.4.0-rc2-next-20151126 sasha-00005-g00d303e-dirty #2651
[ 1167.394563] Workqueue: events kobject_delayed_cleanup
[ 1167.395226]  000000000000000e 000000006f32b107 ffff8806b83478b8 fffffffface6b5bb
[ 1167.396254]  ffff8806b8347928 ffff8806b7b80000 ffffffffb515c7a0 ffff8806b83478f8
[ 1167.397403]  ffffffffab3531d3 ffffffffaced0194 ffffed00d7068f21 ffffffffb515c7a0
[ 1167.398499] Call Trace:
[ 1167.398891]  [<fffffffface6b5bb>] dump_stack+0x72/0xb7
[ 1167.399516]  [<ffffffffab3531d3>] warn_slowpath_common+0x113/0x140
[ 1167.401705]  [<ffffffffab3532cb>] warn_slowpath_fmt+0xcb/0x100
[ 1167.404799]  [<ffffffffaced0194>] debug_print_object+0x1c4/0x1e0
[ 1167.406723]  [<ffffffffaced1035>] __debug_check_no_obj_freed+0x215/0x7a0
[ 1167.409634]  [<ffffffffaced2b6c>] debug_check_no_obj_freed+0x2c/0x40
[ 1167.410301]  [<ffffffffab7aac4c>] kfree+0x1fc/0x2f0
[ 1167.410734]  [<ffffffffb1f7a447>] pps_device_destruct+0x107/0x110
[ 1167.413495]  [<fffffffface715ad>] kobject_delayed_cleanup+0x34d/0x3b0
[ 1167.414049]  [<ffffffffab39fa37>] process_one_work+0xab7/0x13b0
[ 1167.417188]  [<ffffffffab3a0c6d>] worker_thread+0x93d/0xd20
[ 1167.418782]  [<ffffffffab3b34a0>] kthread+0x290/0x2b0
[ 1167.422467]  [<ffffffffb4a1290f>] ret_from_fork+0x3f/0x70


Thanks,
Sasha