Pull ARM SoC fixes from Arnd Bergmann:
 "These bug fixes are for the largest part for mvebu/kirkwood, which saw
  a few regressions after the clock infrastructure was enabled, and for
  OMAP, which showed a few more preexisting bugs with the new
  multiplatform support.

  Other small fixes are for imx, mxs, tegra, spear and socfpga"

* tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits)
  ARM: spear3xx: Use correct pl080 header file
  Arm: socfpga: pl330: Add #dma-cells for generic dma binding support
  ARM: multiplatform: Sort the max gpio numbers.
  ARM: imx: fix typo "DEBUG_IMX50_IMX53_UART"
  ARM: imx: pll1_sys should be an initial on clk
  arm: mach-orion5x: fix typo in compatible string of a .dts file
  arm: mvebu: fix address-cells in mpic DT node
  arm: plat-orion: fix address decoding when > 4GB is used
  arm: mvebu: Reduce reg-io-width with UARTs
  ARM: Dove: add RTC device node
  arm: mvebu: enable the USB ports on Armada 370 Reference Design board
  ARM: dove: drop "select COMMON_CLK_DOVE"
  rtc: rtc-mv: Add support for clk to avoid lockups
  gpio: mvebu: Add clk support to prevent lockup
  ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels
  ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency
  ARM: mxs: cfa10049: Fix fb initialisation function
  ARM: SPEAr13xx: Fix typo "ARCH_HAVE_CPUFREQ"
  ARM: OMAP: RX-51: add missing USB phy binding
  clk: Tegra: Remove duplicate smp_twd clock
  ...

Pull m68knommu fixes from Greg Ungerer:
 "It contains a few small fixes for the non-MMU m68k platforms.  Fixes
  some compilation problems, some broken header definitions, removes an
  unused config option and adds a name for the old 68000 CPU support."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: drop "select EMAC_INC"
  m68knommu: fix misnamed GPIO pin definition for ColdFire 528x CPU
  m68knommu: fix MC68328.h defines
  m68knommu: fix build when CPU is not coldfire
  m68knommu: add CPU_NAME for 68000

Pull key management race fix from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  keys: fix race with concurrent install_user_keyrings()

Pull Ceph fix from Sage Weil:
 "This fixes a bug in the new message decoding that just went in during
  the last window."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: fix decoding of pgids

Pull nfsd bugfixes from Bruce Fields:
 "Some minor fallout from the user-namespace work broke most krb5 mounts
  to nfsd, and I screwed up a change to the AF_LOCAL rpc code."

* 'for-3.9' of git://linux-nfs.org/~bfields/linux:
  sunrpc: don't attempt to cancel unitialized work
  nfsd: fix krb5 handling of anonymous principals

If you open a pipe for neither read nor write, the pipe code will not
add any usage counters to the pipe, causing the 'struct pipe_inode_info"
to be potentially released early.

That doesn't normally matter, since you cannot actually use the pipe,
but the pipe release code - particularly fasync handling - still expects
the actual pipe infrastructure to all be there.  And rather than adding
NULL pointer checks, let's just disallow this case, the same way we
already do for the named pipe ("fifo") case.

This is ancient going back to pre-2.4 days, and until trinity, nobody
naver noticed.
Reported-by: NDave Jones <davej@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The definitions have move around recently, causing build errors
in spear3xx for all configurations:

spear3xx.c:47:5: error: 'PL080_BSIZE_16' undeclared here (not in a function)
spear3xx.c:47:23: error: 'PL080_CONTROL_SB_SIZE_SHIFT' undeclared here (not in a function)
spear3xx.c:48:22: error: 'PL080_CONTROL_DB_SIZE_SHIFT' undeclared here (not in a function)
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Cc: Alessandro Rubini <rubini@gnudd.com>
Cc: Viresh Kumar <viresh.kumar@linaro.org>

This fixes CVE-2013-1792.

There is a race in install_user_keyrings() that can cause a NULL pointer
dereference when called concurrently for the same user if the uid and
uid-session keyrings are not yet created.  It might be possible for an
unprivileged user to trigger this by calling keyctl() from userspace in
parallel immediately after logging in.

Assume that we have two threads both executing lookup_user_key(), both
looking for KEY_SPEC_USER_SESSION_KEYRING.

	THREAD A			THREAD B
	===============================	===============================
					==>call install_user_keyrings();
	if (!cred->user->session_keyring)
	==>call install_user_keyrings()
					...
					user->uid_keyring = uid_keyring;
	if (user->uid_keyring)
		return 0;
	<==
	key = cred->user->session_keyring [== NULL]
					user->session_keyring = session_keyring;
	atomic_inc(&key->usage); [oops]

At the point thread A dereferences cred->user->session_keyring, thread B
hasn't updated user->session_keyring yet, but thread A assumes it is
populated because install_user_keyrings() returned ok.

The race window is really small but can be exploited if, for example,
thread B is interrupted or preempted after initializing uid_keyring, but
before doing setting session_keyring.

This couldn't be reproduced on a stock kernel.  However, after placing
systemtap probe on 'user->session_keyring = session_keyring;' that
introduced some delay, the kernel could be crashed reliably.

Fix this by checking both pointers before deciding whether to return.
Alternatively, the test could be done away with entirely as it is checked
inside the mutex - but since the mutex is global, that may not be the best
way.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Reported-by: NMateusz Guzik <mguzik@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NJames Morris <james.l.morris@oracle.com>

In 4f6a7e5e we effectively dropped support
for the legacy encoding for the OSDMap and incremental.  However, we didn't
fix the decoding for the pgid.
Signed-off-by: NSage Weil <sage@inktank.com>
Reviewed-by: NYehuda Sadeh <yehuda@inktank.com>

This patch adds #dma-cells property to PL330 DMA controller nodes for
supporting generic dma dt bindings on SOCFPGA platform. #dma-channels
and #dma-requests are not required now but added in advance.
Signed-off-by: NPadmavathi Venna <padma.v@samsung.com>
Signed-off-by: NArnd Bergmann <arnd@arndb.de>

mvebu fixes for v3.9 from Jason Cooper <jason@lakedaemon.net>:

The first four patches:

  89c58c19 rtc: rtc-mv: Add support for clk to avoid lockups
  de88747f gpio: mvebu: Add clk support to prevent lockup
  7bf5b408 ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels
  93fff4ce ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency

are Cc'd to stable since they were held over from the previous merge window.

The rest are a small collection of fixes and a couple of devicetree conversion
catchups.

* tag 'mvebu_fixes_for_v3.9' of git://git.infradead.org/users/jcooper/linux:
  arm: mach-orion5x: fix typo in compatible string of a .dts file
  arm: mvebu: fix address-cells in mpic DT node
  arm: plat-orion: fix address decoding when > 4GB is used
  arm: mvebu: Reduce reg-io-width with UARTs
  ARM: Dove: add RTC device node
  arm: mvebu: enable the USB ports on Armada 370 Reference Design board
  ARM: dove: drop "select COMMON_CLK_DOVE"
  rtc: rtc-mv: Add support for clk to avoid lockups
  gpio: mvebu: Add clk support to prevent lockup
  ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels
  ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency
Signed-off-by: NArnd Bergmann <arnd@arndb.de>

From Shawn Guo <shawn.guo@linaro.org>:

The 2nd take of imx fixes for 3.9:
 - Fix pll1_sys clk initial status
 - Fix a typo in imx DEBUG_LL Kconfig

* tag 'imx-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6:
  ARM: imx: fix typo "DEBUG_IMX50_IMX53_UART"
  ARM: imx: pll1_sys should be an initial on clk
Signed-off-by: NArnd Bergmann <arnd@arndb.de>

From Shawn Guo <shawn.guo@linaro.org>:

The 2nd mxs fixes for 3.9:
 - Fix an error caused by incorrect conflict resolution when
   applying the patch

* tag 'mxs-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6:
  ARM: mxs: cfa10049: Fix fb initialisation function
Signed-off-by: NArnd Bergmann <arnd@arndb.de>

When building a multiplatform kernel, we could end up with a smaller
number of GPIOs than the one required by the platform the kernel was
running on.

Sort the max GPIO number by descending order so that we always take the
highest number required.
Signed-off-by: NMaxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: NArnd Bergmann <arnd@arndb.de>

Pull perf fixes from Ingo Molnar:
 "Misc minor fixes mostly related to tracing"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  s390: Fix a header dependencies related build error
  tracing: update documentation of snapshot utility
  tracing: Do not return EINVAL in snapshot when not allocated
  tracing: Add help of snapshot feature when snapshot is empty
  ftrace: Update the kconfig for DYNAMIC_FTRACE

Pull networking fixes from David Miller:

 1) Missing cancel of work items in mac80211 MLME, from Ben Greear.

 2) Fix DMA mapping handling in iwlwifi by using coherent DMA for
    command headers, from Johannes Berg.

 3) Decrease the amount of pressure on the page allocator by using order
    1 pages less in iwlwifi, from Emmanuel Grumbach.

 4) Fix mesh PS broadcast OOPS in mac80211, from Marco Porsch.

 5) Don't forget to recalculate idle state in mac80211 monitor
    interface, from Felix Fietkau.

 6) Fix varargs in netfilter conntrack handler, from Joe Perches.

 7) Need to reset entire chip when command queue fills up in iwlwifi,
    from Emmanuel Grumbach.

 8) The TX antenna value must be valid when calibrations are performed
    in iwlwifi, fix from Dor Shaish.

 9) Don't generate netfilter audit log entries when audit is disabled,
    from Gao Feng.

10) Deal with DMA unit hang on e1000e during power state transitions,
    from Bruce Allan.

11) Remove BUILD_BUG_ON check from igb driver, from Alexander Duyck.

12) Fix lockdep warning on i2c handling of igb driver, from Carolyn
    Wyborny.

13) Fix several TTY handling issues in IRDA ircomm tty driver, from
    Peter Hurley.

14) Several QFQ packet scheduler fixes from Paolo Valente.

15) When VXLAN encapsulates on transmit, we have to reset the netfilter
    state.  From Zang MingJie.

16) Fix jiffie check in net_rx_action() so that we really cap the
    processing at 2HZ.  From Eric Dumazet.

17) Fix erroneous trigger of IP option space exhaustion, when routers
    are pre-specified and we are looking to see if we can insert a
    timestamp, we will have the space.  From David Ward.

18) Fix various issues in benet driver wrt waiting for firmware to
    finish POST after resets or errors.  From Gavin Shan and Sathya
    Perla.

19) Fix TX locking in SFC driver, from Ben Hutchings.

20) Like the VXLAN fix above, when we encap in a TUN device we have to
    reset the netfilter state.  This should fix several strange crashes
    reported by Dave Jones and others.  From Eric Dumazet.

21) Don't forget to clean up MAC address resources when shutting down a
    port in mlx4 driver, from Yan Burman.

22) Fix divide by zero in vmxnet3 driver, from Bhavesh Davda.

23) Fix device statistic regression in tg3 when the driver is using
    phylib, from Nithin Sujir.

24) Fix info leak in several netlink handlers, from Mathias Krause.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (79 commits)
  6lowpan: Fix endianness issue in is_addr_link_local().
  rrunner.c: fix possible memory leak in rr_init_one()
  dcbnl: fix various netlink info leaks
  rtnl: fix info leak on RTM_GETLINK request for VF devices
  bridge: fix mdb info leaks
  tg3: Update link_up flag for phylib devices
  ipv6: stop multicast forwarding to process interface scoped addresses
  bridging: fix rx_handlers return code
  netlabel: fix build problems when CONFIG_IPV6=n
  drivers/isdn: checkng length to be sure not memory overflow
  net/rds: zero last byte for strncpy
  bnx2x: Fix SFP+ misconfiguration in iSCSI boot scenario
  bnx2x: Fix intermittent long KR2 link up time
  macvlan: Set IFF_UNICAST_FLT flag to prevent unnecessary promisc mode.
  team: unsyc the devices addresses when port is removed
  bridge: add missing vid to br_mdb_get()
  Fix: sparse warning in inet_csk_prepare_forced_close
  afkey: fix a typo
  MAINTAINERS: Update qlcnic maintainers list
  netlabel: correctly list all the static label mappings
  ...

Pull UML fixes from Richard Weinberger:
 "This update brings various fixes.
  Nothing special...

  In my local queue I have some more fixes which will be sent later to
  you.  3.9 uncovered strange UML issues.  :("

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: Use tty_port in SIGWINCH handler
  um: Use tty_port_operations->destruct
  um: fix build failure due to mess-up of sig_info protorype
  um: add missing declaration of 'getrlimit()' and friends
  net : enable tx time stamping in the vde driver.
  hostfs: fix a not needed double check

Pull input updates from Dmitry Torokhov:
 "Except for the largish change to the ALPS driver adding "Dolphin V1"
  support and Wacom getting a new signature of yet another device, the
  rest are straightforward driver fixes."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: mms114 - Fix regulator enable and disable paths
  Input: ads7864 - check return value of regulator enable
  Input: tc3589x-keypad - fix keymap size
  Input: wacom - add support for 0x10d
  Input: ALPS - update documentation for recent touchpad driver mods
  Input: ALPS - add "Dolphin V1" touchpad support
  Input: ALPS - remove unused argument to alps_enter_command_mode()
  Input: cypress_ps2 - fix trackpadi found in Dell XPS12

Commit f8c95fe6 (ARM: imx: support DEBUG_LL uart port selection for all
i.MX SoCs) had a typo that DEBUG_IMX50_IMX53_UART should be
DEBUG_IMX53_UART.
Signed-off-by: NPaul Bolle <pebolle@tiscali.nl>
Signed-off-by: NShawn Guo <shawn.guo@linaro.org>

Commit 877c6856
("perf: Remove include of cgroup.h from perf_event.h") caused
this build failure if PERF_EVENTS is enabled:

   In file included from arch/s390/include/asm/perf_event.h:9:0,
                    from include/linux/perf_event.h:24,
                    from kernel/events/ring_buffer.c:12:
   arch/s390/include/asm/cpu_mf.h: In function 'qctri':
   arch/s390/include/asm/cpu_mf.h:61:12: error: 'EINVAL' undeclared (first use in this function)

cpu_mf.h had an implicit errno.h dependency, which was added
indirectly via cgroups.h but not anymore. Add it explicitly.
Reported-by: NFengguang Wu <fengguang.wu@intel.com>
Tested-by: NFengguang Wu <fengguang.wu@intel.com>
Signed-off-by: NLi Zefan <lizefan@huawei.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Link: http://lkml.kernel.org/r/51385F79.7000106@huawei.comSigned-off-by: NIngo Molnar <mingo@kernel.org>

The tty below tty_port might get destroyed by the tty layer
while we hold a reference to it.
So we have to carry tty_port around...
Signed-off-by: NRichard Weinberger <richard@nod.at>

As we setup the SIGWINCH handler in tty_port_operations->activate
it makes sense to tear down it in ->destruct.
Signed-off-by: NRichard Weinberger <richard@nod.at>

arch/um/os-Linux/signal.c:18:8: error: conflicting types for 'sig_info'
In file included from /home/slyfox/linux-2.6/arch/um/os-Linux/signal.c:12:0:
arch/um/include/shared/as-layout.h:64:15: note: previous declaration of 'sig_info' was here
Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org>
CC: Jeff Dike <jdike@addtoit.com>
CC: Richard Weinberger <richard@nod.at>
CC: "Martin Pärtel" <martin.partel@gmail.com>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: user-mode-linux-devel@lists.sourceforge.net
CC: user-mode-linux-user@lists.sourceforge.net
CC: linux-kernel@vger.kernel.org
Signed-off-by: NRichard Weinberger <richard@nod.at>

arch/um/os-Linux/start_up.c: In function 'check_coredump_limit':
arch/um/os-Linux/start_up.c:338:16: error: storage size of 'lim' isn't known
arch/um/os-Linux/start_up.c:339:2: error: implicit declaration of function 'getrlimit' [-Werror=implicit-function-declaration]
Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org>
CC: Jeff Dike <jdike@addtoit.com>
CC: Richard Weinberger <richard@nod.at>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: user-mode-linux-devel@lists.sourceforge.net
CC: user-mode-linux-user@lists.sourceforge.net
CC: linux-kernel@vger.kernel.org
Signed-off-by: NRichard Weinberger <richard@nod.at>

This new version moves the skb_tx_timestamp in the main uml
driver. This should avoid the need to call this function in each
transport (vde, slirp, tuntap, ...). It also add support for ethtool
get_ts_info.
Signed-off-by: NPaul Chavent <paul.chavent@onera.fr>
Acked-by: NRichard Cochran <richardcochran@gmail.com>
Signed-off-by: NRichard Weinberger <richard@nod.at>

With the commit 3be2be0a we removed vmtruncate,
but actaully there is no need to call inode_newsize_ok() because the checks are
already done in inode_change_ok() at the begin of the function.
Signed-off-by: NMarco Stornelli <marco.stornelli@gmail.com>
Signed-off-by: NRichard Weinberger <richard@nod.at>

We always boot from PLL1, so let's have pll1_sys in the clks_init_on
list to have clk prepare/enable use count match the hardware status,
so that drivers managing pll1_sys like cpufreq can get the use count
right from the start.
Reported-by: NDirk Behme <dirk.behme@de.bosch.com>
Signed-off-by: NShawn Guo <shawn.guo@linaro.org>

When it uses regulators the mms114 driver checks to see if it managed to
acquire regulators and ignores errors. This is not the intended usage and
not great style in general.

Since the driver already refuses to probe if it fails to allocate the
regulators simply make the enable and disable calls unconditional and
add appropriate error handling, including adding cleanup of the
regulators if setup_reg() fails.
Signed-off-by: NMark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: NJoonyoung Shim <jy0922.shim@samsung.com>
Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>

At least print a warning if we can't power the device up.
Signed-off-by: NMark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>

The keymap size used by tc3589x is too low, leading to the driver
overwriting other people's memory.  Fix this by making the driver
use the automatically allocated keymap provided by
matrix_keypad_build_keymap() instead of allocating one on its own.
Signed-off-by: NRabin Vincent <rabin.vincent@stericsson.com>
Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>

Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

In the event that register_netdev() failed, the rrpriv->evt_ring
allocation would have not been freed.
Signed-off-by: NDavid Oostdyk <daveo@ll.mit.edu>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The dcb netlink interface leaks stack memory in various places:
* perm_addr[] buffer is only filled at max with 12 of the 32 bytes but
  copied completely,
* no in-kernel driver fills all fields of an IEEE 802.1Qaz subcommand,
  so we're leaking up to 58 bytes for ieee_ets structs, up to 136 bytes
  for ieee_pfc structs, etc.,
* the same is true for CEE -- no in-kernel driver fills the whole
  struct,

Prevent all of the above stack info leaks by properly initializing the
buffers/structures involved.
Signed-off-by: NMathias Krause <minipli@googlemail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Initialize the mac address buffer with 0 as the driver specific function
will probably not fill the whole buffer. In fact, all in-kernel drivers
fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
bytes. Therefore we currently leak 26 bytes of stack memory to userland
via the netlink interface.
Signed-off-by: NMathias Krause <minipli@googlemail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The bridging code discloses heap and stack bytes via the RTM_GETMDB
netlink interface and via the notify messages send to group RTNLGRP_MDB
afer a successful add/del.

Fix both cases by initializing all unset members/padding bytes with
memset(0).

Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: NMathias Krause <minipli@googlemail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Pull namespace bugfixes from Eric Biederman:
 "This is three simple fixes against 3.9-rc1.  I have tested each of
  these fixes and verified they work correctly.

  The userns oops in key_change_session_keyring and the BUG_ON triggered
  by proc_ns_follow_link were found by Dave Jones.

  I am including the enhancement for mount to only trigger requests of
  filesystem modules here instead of delaying this for the 3.10 merge
  window because it is both trivial and the kind of change that tends to
  bit-rot if left untouched for two months."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  proc: Use nd_jump_link in proc_ns_follow_link
  fs: Limit sys_mount to only request filesystem modules (Part 2).
  fs: Limit sys_mount to only request filesystem modules.
  userns: Stop oopsing in key_change_session_keyring

It is a Wacom device found in Fujitsu Lifebook T902.
Signed-off-by: NStephan Frank <sfrank@cs.tu-berlin.de>
Acked-by: NPing Cheng <pingc@wacom.com>
Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>

There is a more complete atmel patch-series out by Nick Dyer that fixes
this and other things, but in the meantime this is the minimal thing to
get the touchscreen going on (at least my) Pixel Chromebook.

Not that I want my dirty fingers near that beautiful screen, but it
seems that a non-initialized touchscreen will also end up being a
constant wakeup source, so you have to disable it to go to sleep.  And
it's easier to just fix the initialization sequence.
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

As of dc107402 "SUNRPC: make AF_LOCAL connect synchronous", we no longer initialize connect_worker in the
AF_LOCAL case, resulting in warnings like:

    WARNING: at lib/debugobjects.c:261 debug_print_object+0x8c/0xb0() Hardware name: Bochs
    ODEBUG: assert_init not available (active state 0) object type: timer_list hint: stub_timer+0x0/0x20
    Modules linked in: iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd auth_rpcgss nfs_acl lockd sunrpc
    Pid: 4816, comm: nfsd Tainted: G        W    3.8.0-rc2-00049-gdc107402 #801
    Call Trace:
     [<ffffffff8156ec00>] ? free_obj_work+0x60/0xa0
     [<ffffffff81046aaf>] warn_slowpath_common+0x7f/0xc0
     [<ffffffff81046ba6>] warn_slowpath_fmt+0x46/0x50
     [<ffffffff8156eccc>] debug_print_object+0x8c/0xb0
     [<ffffffff81055030>] ? timer_debug_hint+0x10/0x10
     [<ffffffff8156f7e3>] debug_object_assert_init+0xe3/0x120
     [<ffffffff81057ebb>] del_timer+0x2b/0x80
     [<ffffffff8109c4e6>] ? mark_held_locks+0x86/0x110
     [<ffffffff81065a29>] try_to_grab_pending+0xd9/0x150
     [<ffffffff81065b57>] __cancel_work_timer+0x27/0xc0
     [<ffffffff81065c03>] cancel_delayed_work_sync+0x13/0x20
     [<ffffffffa0007067>] xs_destroy+0x27/0x80 [sunrpc]
     [<ffffffffa00040d8>] xprt_destroy+0x78/0xa0 [sunrpc]
     [<ffffffffa0006241>] xprt_put+0x21/0x30 [sunrpc]
     [<ffffffffa00030cf>] rpc_free_client+0x10f/0x1a0 [sunrpc]
     [<ffffffffa0002ff3>] ? rpc_free_client+0x33/0x1a0 [sunrpc]
     [<ffffffffa0002f7e>] rpc_release_client+0x6e/0xb0 [sunrpc]
     [<ffffffffa000325d>] rpc_shutdown_client+0xfd/0x1b0 [sunrpc]
     [<ffffffffa0017196>] rpcb_put_local+0x106/0x130 [sunrpc]
    ...
Acked-by: N"Myklebust, Trond" <Trond.Myklebust@netapp.com>
Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>