Re: rmmod xhci-pci leads to debugfs_remove_recursive NULL pointer dereference crash / OOPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Feb 17, 2018 at 03:04:15PM +0200, Yuri Shishenko wrote:
> I have a USB 3.0 PCI-E card and a USB 3.0 hub which is connected to it.
> This OOPS appears when unloading xhci-pci module.
> It appears even if no USB devices are connected.
> 
> [  134.399016] BUG: unable to handle kernel NULL pointer dereference
> at 00000000000000a8
> [  134.399138] IP: down_write+0x12/0x30
> [  134.399242] PGD 0 P4D 0
> [  134.399350] Oops: 0002 [#1] PREEMPT SMP PTI
> [  134.399498] Modules linked in: fuse af_packet xt_tcpudp
> ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4
> xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp
> llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6
> ip6table_mangle ip6table_raw ip6table_security iptable_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
> libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter
> ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables
> msr snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic
> snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep intel_rapl snd_pcm
> x86_pkg_temp_thermal intel_powerclamp snd_timer coretemp eeepc_wmi snd
> asus_wmi kvm_intel joydev ppdev sparse_keymap mei_me iTCO_wdt
> soundcore rfkill kvm
> [  134.400365]  mei iTCO_vendor_support parport_pc irqbypass shpchp
> wmi_bmof lpc_ich i2c_i801 parport pcspkr ie31200_edac thermal fan
> overlay nls_utf8 isofs squashfs uas usb_storage hid_generic usbhid
> rndis_host cdc_ether usbnet btrfs zstd_compress zstd_decompress xxhash
> xor crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel
> pcbc scsi_transport_iscsi raid6_pq aesni_intel nouveau mxm_wmi
> aes_x86_64 i2c_algo_bit crypto_simd glue_helper cryptd drm_kms_helper
> syscopyarea xhci_pci(-) sysfillrect sysimgblt r8169 fb_sys_fops
> ehci_pci ttm sr_mod cdrom xhci_hcd mii ehci_hcd drm usbcore wmi video
> button sunrpc dm_mirror dm_region_hash dm_log dm_mod loop sg efivarfs
> [  134.401221] CPU: 0 PID: 3233 Comm: rmmod Not tainted 4.15.3-1-default #1
> [  134.401519] Hardware name: System manufacturer System Product
> Name/H61M-G, BIOS 0310 11/29/2013
> [  134.401824] RIP: 0010:down_write+0x12/0x30
> [  134.402128] RSP: 0018:ffffad82839c3cf8 EFLAGS: 00010286
> [  134.402437] RAX: 00000000000000a8 RBX: ffff9c7443518a28 RCX: 0000000000000002
> [  134.402748] RDX: ffffffff00000001 RSI: 0000000000000002 RDI: 00000000000000a8
> [  134.403064] RBP: ffff9c744251b298 R08: ffff9c7442e80ab8 R09: 0000000000000810
> [  134.403383] R10: 0000000000000810 R11: ffff9c745efe2000 R12: ffff9c744251b240
> [  134.403705] R13: ffff9c744251b2e0 R14: ffffffffa27d278c R15: 000055d3dc4207f0
> [  134.404030] FS:  00007f893d3b9b80(0000) GS:ffff9c745ec00000(0000)
> knlGS:0000000000000000
> [  134.404360] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  134.404692] CR2: 00000000000000a8 CR3: 00000003078f6002 CR4: 00000000001606f0
> [  134.405028] Call Trace:
> [  134.405368]  debugfs_remove_recursive+0x54/0x1b0
> [  134.405713]  xhci_debugfs_remove_slot+0x3c/0x70 [xhci_hcd]
> [  134.406045]  xhci_free_virt_devices_depth_first+0x42/0x120 [xhci_hcd]
> [  134.406384]  xhci_mem_cleanup+0x1c7/0x5b0 [xhci_hcd]
> [  134.406722]  xhci_stop+0x12e/0x1c0 [xhci_hcd]
> [  134.407070]  usb_remove_hcd+0xe7/0x220 [usbcore]
> [  134.407409]  usb_hcd_pci_remove+0x75/0x130 [usbcore]
> [  134.407751]  pci_device_remove+0x3b/0xb0
> [  134.408095]  device_release_driver_internal+0x15a/0x220
> [  134.408440]  driver_detach+0x37/0x70
> [  134.408789]  bus_remove_driver+0x51/0xd0
> [  134.409139]  pci_unregister_driver+0x29/0x90
> [  134.409491]  SyS_delete_module+0x1a2/0x240
> [  134.409840]  ? trace_hardirqs_off_thunk+0x1a/0x1c
> [  134.410191]  do_syscall_64+0x79/0x140
> [  134.410548]  entry_SYSCALL_64_after_hwframe+0x26/0x9b
> [  134.410904] RIP: 0033:0x7f893ca99e87
> [  134.411266] RSP: 002b:00007ffdfd243d18 EFLAGS: 00000206 ORIG_RAX:
> 00000000000000b0
> [  134.411623] RAX: ffffffffffffffda RBX: 00007ffdfd243d78 RCX: 00007f893ca99e87
> [  134.411982] RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055d3dc420858
> [  134.412335] RBP: 000055d3dc4207f0 R08: 00007ffdfd242c91 R09: 0000000000000000
> [  134.412695] R10: 00007f893cb090c0 R11: 0000000000000206 R12: 00007ffdfd243f40
> [  134.413053] R13: 00007ffdfd244ede R14: 000055d3dc420260 R15: 000055d3dc4207f0
> [  134.413414] Code: 01 74 08 48 c7 47 20 01 00 00 00 f3 c3 66 90 66
> 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 ba 01 00 00 00 ff ff ff
> ff 48 89 f8 <f0> 48 0f c1 10 85 d2 74 05 e8 30 29 ff ff 65 48 8b 04 25
> c0 5b
> [  134.413799] RIP: down_write+0x12/0x30 RSP: ffffad82839c3cf8
> [  134.414187] CR2: 00000000000000a8
> [  134.417102] ---[ end trace b9e71c1b3c4067f1 ]---
> 
> After that USB hub becomes unusable and PC hangs during shutdown.
> 
> I'm using openSUSE Tumbleweed, x86_64.

Ah, this is a known issue, there's patches in linux-next for it and
should make it to Linus's tree soon, and then to the 4.15.y stable tree
if you wait about a week.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux