Re: [next] db410c: WARNING: CPU: 3 PID: 57 at kernel/locking/mutex.c:582 __mutex_lock

[Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx>]

On 04/05/2022 11:22, Arnd Bergmann wrote:
> On Wed, May 4, 2022 at 11:09 AM Naresh Kamboju
> <naresh.kamboju@xxxxxxxxxx> wrote:
>>
>> Following kernel DEBUG_LOCKS_WARN_ON(lock->magic != lock) noticed on arm64
>> dragonboard 410c device while booting Linux next-20220502 tag kernel.
>>
>> warning:
>> ---------
>> [    6.052275] ------------[ cut here ]------------
>> [    6.052289] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
>> [    6.052314] WARNING: CPU: 3 PID: 57 at kernel/locking/mutex.c:582
>> __mutex_lock+0x1dc/0x420
>> [    6.052345] Modules linked in:
>> [    6.052361] CPU: 3 PID: 57 Comm: kworker/u8:2 Not tainted
>> 5.18.0-rc5-next-20220502 #1
>> [    6.052374] Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
>> [    6.052384] Workqueue: events_unbound deferred_probe_work_func
>> [    6.052408] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>> [    6.052421] pc : __mutex_lock+0x1dc/0x420
>> [    6.052434] lr : __mutex_lock+0x1dc/0x420
>> [    6.052446] sp : ffff80000c42b9a0
>> [    6.052453] x29: ffff80000c42b9a0 x28: ffff80000b314860 x27: ffff00000408810d
>> [    6.052481] x26: ffff80000adb4bb8 x25: ffff000005220a74 x24: 0000000000000000
>> [    6.052506] x23: 0000000000000000 x22: ffff800008bbef8c x21: 0000000000000002
>> [    6.052533] x20: 0000000000000000 x19: ffff00000c1a5110 x18: 0000000000000000
>> [    6.052558] x17: ffff800008bbd594 x16: ffff800008bc10f4 x15: ffff80000927b6c4
>> [    6.052585] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47
>> [    6.052611] x11: 656820747563205b x10: 0000000000000029 x9 : ffff8000081cc7b8
>> [    6.052637] x8 : 0000000000000029 x7 : 0000000000000013 x6 : 0000000000000001
>> [    6.267204] x5 : ffff80000adb5000 x4 : ffff80000adb54f0 x3 : 0000000000000000
>> [    6.274321] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000005265080
>> [    6.281439] Call trace:
>> [    6.288524]  __mutex_lock+0x1dc/0x420
>> [    6.290789]  mutex_lock_nested+0x4c/0x90
>> [    6.294610]  driver_set_override+0x12c/0x160
>> [    6.298605]  qcom_smd_register_edge+0x2d8/0x52c
> 
> The problem is in
> 
> static int qcom_smd_create_chrdev(struct qcom_smd_edge *edge)
> {
>         struct qcom_smd_device *qsdev;
> 
>         qsdev = kzalloc(sizeof(*qsdev), GFP_KERNEL);
>         if (!qsdev)
>                 return -ENOMEM;
> 
>         qsdev->edge = edge;
>         qsdev->rpdev.ops = &qcom_smd_device_ops;
>         qsdev->rpdev.dev.parent = &edge->dev;
>         qsdev->rpdev.dev.release = qcom_smd_release_device;
> 
>         return rpmsg_ctrldev_register_device(&qsdev->rpdev);
> }
> 
>  static inline int rpmsg_ctrldev_register_device(struct rpmsg_device *rpdev)
>  {
>        int ret;
> 
>         strcpy(rpdev->id.name, "rpmsg_ctrl");
>        ret = driver_set_override(&rpdev->dev, &rpdev->driver_override,
>                                  rpdev->id.name, strlen(rpdev->id.name));
>        if (ret)
>                return ret;
> 
>        ret = rpmsg_register_device(rpdev);
>        if (ret)
>                kfree(rpdev->driver_override);
> 
>        return ret;
>  }
> 
> This allocates an uninitialized device structure that is then passed
> driver_set_override() before calling device_register(), so the
> mutex is not initialized yet.

Folks, this was already reported by Marek and fixed:

https://lore.kernel.org/all/20220429195946.1061725-1-krzysztof.kozlowski@xxxxxxxxxx/

This has to go via Greg's tree.

Best regards,
Krzysztof